Card not present fraud

Card-not-present fraud involves the unauthorized use of a credit or debit card number, the security code printed on the card, and/or the cardholder’s address to purchase products or services in a setting in which the customer and merchant are not interacting face-to-face.

Examples of card not present fraud

  • Making online purchases with stolen card information. Thieves use stolen cardholder names, card account numbers, and card expiration dates to fraudulently purchase items online.
  • Testing cards.  Fraudsters make several small transactions online using stolen credit card numbers, to see whether the numbers will work.
  • Intercepting packages. Thieves intercept packages containing products that they have purchased using stolen card information.
  • Online skimming. Hackers exploit unpatched weaknesses in the POS system, use malware to steal data, and then sell the data for fraudulent purposes.
  • Gift card fraud. Individuals looking to quickly turn stolen product into cash will often activate gift cards using stolen payment details, then sell these digitally delivered funds on an open marketplace within minutes.

Identify potential fraud

  1. Since fraudsters are always on the lookout for new victims, be wary of new customers.
  2. Limit the sale of digital items purchased in bulk and cap daily sales volume per cardholder. Fraudulent purchases might include several of the same product; for example, 10 of the same t-shirt, but each item in a different size or color.  If the first order goes through without a problem, the criminal might try another—and another. This will continue until the merchant or cardholder detects the strange behavior. Rather than process several fraudulent purchases, set a velocity limit.
  3. Obviously, the more expensive the original item, the higher the profit potential of a resale.  Criminals will naturally be drawn to big-ticket items.
  4. A fraudster might place several orders on different cards, but ship them all to the same address.
  5. On the other hand, a merchant should note if there are multiple orders made on one card, but shipped to several different addresses.
  6. Check the expiration date. Never accept expired cards.

Monitor suspicious activity

Like criminal fraud, there are several indicators of potential friendly fraud. Red flags include incongruities between the shipping and billing address, making duplicate orders, abnormally large purchases, and suspicious inquiries to check the order status.

Use delivery confirmation for big-ticket items

Many customers see delivery confirmation as a nuisance; however, it is a valid form of friendly fraud prevention. A customer can’t say the purchased items never arrived if the merchant has confirmation of delivery.

Verify the phone number and transaction information

Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.

Examine priority shipment requests

Costly priority shipments may indicate a fraudulent transaction, especially if a free shipping option has been ignored. Unlike the rest of us, criminals do not much care about shipping costs.

Validate orders from repeat customers that differ from the established pattern

If an order from a past customer deviates from the established pattern, contact the customer and validate the transaction.

Validate fraud

If your suspicions are raised, validate the order by calling the customer or sending a letter to the billing (not shipping) address.  Validate the order by calling the customer or sending a letter to the billing (not shipping) address.

Monitor repeat customers

Monitor repeat customers. The merchant should validate transactions with repeat customers when the current order deviates from the norm. Discrepancies could include anything from products ordered to new shipping details.

Create a blacklist

Work with your processor to create a blacklist. A blacklist bans known fraudsters from doing business with you. The blacklist can block criminals by something specific like an IP address or something generic like their country.

Create a whitelist

You can also create a white list. A whitelist is the opposite of a blacklist. Rather than ban a few, block everyone; then, let a few exceptions through. For example, only customers from the US or Canada can shop with the merchant.

Prevent chargebacks

Use chargeback alert networks

Merchants who enroll in chargeback alert networks are able to reduce their chargeback issuance rate by about 40%. When a cardholder disputes a transaction, the merchant will receive an alert. This enables the merchant to refund the customer before a chargeback is finalized. Alerts help prevent chargebacks, keep chargeback ratios low, and avoid chargeback fees.

Address Data Security

Protecting cardholder data is essential; both the customers and the Payment Card Industry expect it. Keeping information safe goes one step further, though; it helps prevent fraud-related chargebacks.

Maintain PCI-DSS compliance

The Payment Card Industry Data Security Standard is a framework designed to safeguard cardholders’ personal information and facilitate consistent data security measures globally. PCI-DSS helps protect sensitive information while it is being stored, processed and in transit. Merchants need to ensure their business is PCI-DSS complaint. While adhering to the PCI-DSS standards is both time-consuming and expensive, the benefits of compliance far outweigh any drawbacks.

Check your billing descriptors

A customer might accidentally engage in friendly fraud just because the billing descriptor isn’t easily recognized. When consumers look at their credit card statement, will they be able to easily identify your business by the name that’s listed?

Get professional help

Implementing these DIY prevention tips will reduce certain types of chargebacks. DIY efforts are usually able to successfully address the “low hanging fruit,” the easily preventable chargebacks caused by obvious mistakes and mismanagement. However, most types of chargebacks are only minimized with intensive management efforts that surpass DIY tactics.  Rather than spend the resources to try educating an in-house chargeback specialist, it is far more efficient to outsource the task.

Communicate with the merchant.

Many chargebacks can be easily avoided, or even rectified, if there is open communication between the consumer and the merchant.

Clearly describe your product or service.

As a merchant, make sure you give clear descriptions of your products and service policies so that liabilities fall upon the consumer in regards to dissatisfied purchases.

Have an easy refund policy.

If a consumer is truly unhappy with their purchase, have an easy return policy so the consumer does not feel the need to initiate a chargeback with their provider.

Provide your company contact info.

Card processing errors can easily be fixed by providing consumers with your contact information, whether on the receipt or on your website, so they can contact you directly and have the error fixed without initiating a chargeback.

Optimize your billing descriptor.

Often times chargebacks can be a matter of a misunderstanding, specifically because the consumer is unclear about the transaction details that appear on their credit card statement. Be sure to let the consumer know what business name will appear on their statement. If they cannot recognize the name of your business because of a DBA, the consumer may begin the chargeback process.

Keep clean records.

Of course there are those bad people out there filing fraudulent chargebacks in hopes of getting free stuff. Every year merchants lose billions of dollars to lost merchandise on top of transaction reversals and chargeback fees, all caused by criminal consumers who purchase items and then claim they never did. On many occasions these cases are lost by the merchant for lack of providing simple and clean records.

Additionally, make sure your sales receipts are complete and legible, so that they can be clearly understood by the consumer, as well as a valid piece of proof during a chargeback dispute. A clean receipt should be the first step in fighting a chargeback.

Save receipts.

The statute of limitations for issuing chargebacks vary from provider to provider, however it can be anywhere from 180 days to 3 years following a transaction. Thus it’s recommended merchants retain their receipts and records in an organized fashion, so they are able to thriftily and accurately provide information upon request.

Set shipping expectations.

Often a consumer will issue a chargeback when they pay for an item but have yet to receive it. As a merchant, make sure all merchandise has shipped before depositing a sales receipt. If a customer doesn’t have an item but sees it on their credit card statement, then they may want to issue a chargeback.

On the same note, let them know about expected shipping time and delays in delivery. A chargeback for “services not provided/merchandise not received” can smoothly be corrected with shipping details, carrier confirmation, and evidence of delivery such as a signed delivery receipt (often referred to as a POD, or “proof of delivery”). Or, if the shipping time frame has not yet surpassed, and you have clearly stated on your website or cash register “please allow X amount of days for shipping,” presenting that information to the investigating bank can stop the chargeback.

The same can be said in a reverse situation, in which the consumer claims they returned the items but never received a credit. In this case, let your merchant bank know that you haven’t received the returned merchandise, or the services have not been cancelled by the cardholder.

Be quick to respond.

Responding quickly to chargebacks is a merchant’s greatest tool, as there is a certain time limit in each step of the chargeback cycle, and a delayed reaction can result in a chargeback loss. In this way, consumer misunderstandings can easily be resolved as well; so if a customer says they never received a credit for a return, as the merchant you can quickly provide proof of the specific day the credit was issued and nip the situation in the bud before it manifests into an all out chargeback war.

Pick your battles.

As a merchant it’s also important to know when to pick your battles. It may be cheaper and easier to let certain chargebacks go if you know you cannot win them, saving yourself the useless time and expense of fighting.

Preventing fraud

E-commerce merchants looking to reduce fraud will benefit most from a holistic approach that includes multiple solutions such as:

Device Identification

  • Geolocation
  • 3D secure
  • Rules-based filters
  • Biometrics

Authorization Methods

  • CVV2 Verification - By requesting the three-digit code as part of the CNP process, merchants can be sure that the person placing the order has the card in his or her possession, adding another layer of security
  • AVS Authentication - Utilizing AVS allows merchants to verify the cardholder’s billing address with the data on file with the issuing bank.

Fraud Solutions

  • Digital fingerprinting
  • Shared device reputation
  • Proxy databases
  • Geolocation

Data Solutions

  • E-commerce account issuance
  • Customer validation
  • Identity verification
  • Knowledge-based authentication
  • 3D secure

Emerging Solutions

  • Biometrics
  • Email verification
  • Social media validation

Cost of Over Protection

When fraud-scoring tools are too sensitive, the result is an unnecessary amount of false positives. These false positives can result in card declines and cause significant sales losses, blocked accounts and an overall poor customer experience.