Card not present fraud
Card-not-present fraud involves the unauthorized use of a
credit or debit card number, the security code printed on the card, and/or the
cardholder’s address to purchase products or services in a setting in which the
customer and merchant are not interacting face-to-face.
Examples of card not present fraud
- Making online purchases with stolen card information. Thieves use stolen cardholder names, card account numbers, and card expiration dates to fraudulently purchase items online.
- Testing cards. Fraudsters make several small transactions online using stolen credit card numbers, to see whether the numbers will work.
- Intercepting packages. Thieves intercept packages containing products that they have purchased using stolen card information.
- Online skimming. Hackers exploit unpatched weaknesses in the POS system, use malware to steal data, and then sell the data for fraudulent purposes.
- Gift card fraud. Individuals looking to quickly turn stolen product into cash will often activate gift cards using stolen payment details, then sell these digitally delivered funds on an open marketplace within minutes.
Identify potential fraud
- Since fraudsters are always on the lookout for new
victims, be wary of new customers.
- Limit the sale of digital items purchased in bulk and cap
daily sales volume per cardholder. Fraudulent purchases might include several
of the same product; for example, 10 of the same t-shirt, but each item in a
different size or color. If the first
order goes through without a problem, the criminal might try another—and another.
This will continue until the merchant or cardholder detects the strange behavior.
Rather than process several fraudulent purchases, set a velocity limit.
- Obviously, the more expensive the original item, the
higher the profit potential of a resale.
Criminals will naturally be drawn to big-ticket items.
- A fraudster might place several orders on different
cards, but ship them all to the same address.
- On the other hand, a merchant should note if there are
multiple orders made on one card, but shipped to several different addresses.
- Check the expiration date. Never accept expired cards.
Monitor suspicious activity
Like criminal fraud, there are several indicators of
potential friendly fraud. Red flags include incongruities between the shipping
and billing address, making duplicate orders, abnormally large purchases, and
suspicious inquiries to check the order status.
Use delivery confirmation for big-ticket items
Many customers see delivery confirmation as a nuisance;
however, it is a valid form of friendly fraud prevention. A customer can’t say
the purchased items never arrived if the merchant has confirmation of delivery.
Verify the phone number and transaction information
Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.
Examine priority shipment requests
Costly priority shipments may indicate a fraudulent transaction, especially if a free shipping option has been ignored. Unlike the rest of us, criminals do not much care about shipping costs.
Validate orders from repeat customers that differ from the established pattern
If an order from a past customer deviates from the established pattern, contact the customer and validate the transaction.
If your suspicions are raised, validate the order by calling
the customer or sending a letter to the billing (not shipping) address. Validate the order by calling the customer or
sending a letter to the billing (not shipping) address.
Monitor repeat customers
Monitor repeat customers. The merchant should validate
transactions with repeat customers when the current order deviates from the
norm. Discrepancies could include anything from products ordered to new
Create a blacklist
Work with your processor to create a blacklist. A blacklist
bans known fraudsters from doing business with you. The blacklist can block
criminals by something specific like an IP address or something generic like
Create a whitelist
You can also create a white list. A whitelist is the
opposite of a blacklist. Rather than ban a few, block everyone; then, let a few
exceptions through. For example, only customers from the US or Canada can shop
with the merchant.
Use chargeback alert networks
Merchants who enroll in chargeback alert networks are able
to reduce their chargeback issuance rate by about 40%. When a cardholder
disputes a transaction, the merchant will receive an alert. This enables the
merchant to refund the customer before a chargeback is finalized. Alerts help
prevent chargebacks, keep chargeback ratios low, and avoid chargeback fees.
Address Data Security
Protecting cardholder data is essential; both the customers and
the Payment Card Industry expect it. Keeping information safe goes one step
further, though; it helps prevent fraud-related chargebacks.
Maintain PCI-DSS compliance
The Payment Card Industry Data Security Standard is a
framework designed to safeguard cardholders’ personal information and
facilitate consistent data security measures globally. PCI-DSS helps protect
sensitive information while it is being stored, processed and in transit.
Merchants need to ensure their business is PCI-DSS complaint. While adhering to
the PCI-DSS standards is both time-consuming and expensive, the benefits of
compliance far outweigh any drawbacks.
Check your billing descriptors
A customer might accidentally engage in friendly fraud just
because the billing descriptor isn’t easily recognized. When consumers look at
their credit card statement, will they be able to easily identify your business
by the name that’s listed?
Get professional help
Implementing these DIY prevention tips will reduce certain
types of chargebacks. DIY efforts are usually able to successfully address the
“low hanging fruit,” the easily preventable chargebacks caused by obvious
mistakes and mismanagement. However, most types of chargebacks are only
minimized with intensive management efforts that surpass DIY tactics. Rather than spend the resources to try
educating an in-house chargeback specialist, it is far more efficient to
outsource the task.
Communicate with the merchant.
Many chargebacks can be easily avoided, or even rectified,
if there is open communication between the consumer and the merchant.
Clearly describe your product or service.
As a merchant, make sure you give clear descriptions of your
products and service policies so that liabilities fall upon the consumer in regards
to dissatisfied purchases.
Have an easy refund policy.
If a consumer is truly unhappy with their purchase, have an
easy return policy so the consumer does not feel the need to initiate a chargeback
with their provider.
Provide your company contact info.
Card processing errors can easily be fixed by providing
consumers with your contact information, whether on the receipt or on your
website, so they can contact you directly and have the error fixed without
initiating a chargeback.
Optimize your billing descriptor.
Often times chargebacks can be a matter of a
misunderstanding, specifically because the consumer is unclear about the
transaction details that appear on their credit card statement. Be sure to let
the consumer know what business name will appear on their statement. If they
cannot recognize the name of your business because of a DBA, the consumer may
begin the chargeback process.
Keep clean records.
Of course there are those bad people out there filing
fraudulent chargebacks in hopes of getting free stuff. Every year merchants
lose billions of dollars to lost merchandise on top of transaction reversals
and chargeback fees, all caused by criminal consumers who purchase items and
then claim they never did. On many occasions these cases are lost by the merchant
for lack of providing simple and clean records.
Additionally, make sure your sales receipts are complete and
legible, so that they can be clearly understood by the consumer, as well as a
valid piece of proof during a chargeback dispute. A clean receipt should be the
first step in fighting a chargeback.
The statute of limitations for issuing chargebacks vary from
provider to provider, however it can be anywhere from 180 days to 3 years
following a transaction. Thus it’s recommended merchants retain their receipts
and records in an organized fashion, so they are able to thriftily and
accurately provide information upon request.
Set shipping expectations.
Often a consumer will issue a chargeback when they pay for
an item but have yet to receive it. As a merchant, make sure all merchandise
has shipped before depositing a sales receipt. If a customer doesn’t have an
item but sees it on their credit card statement, then they may want to issue a
On the same note, let them know about expected shipping time
and delays in delivery. A chargeback for “services not provided/merchandise not
received” can smoothly be corrected with shipping details, carrier
confirmation, and evidence of delivery such as a signed delivery receipt (often
referred to as a POD, or “proof of delivery”). Or, if the shipping time frame
has not yet surpassed, and you have clearly stated on your website or cash
register “please allow X amount of days for shipping,” presenting that
information to the investigating bank can stop the chargeback.
The same can be said in a reverse situation, in which the
consumer claims they returned the items but never received a credit. In this
case, let your merchant bank know that you haven’t received the returned
merchandise, or the services have not been cancelled by the cardholder.
Be quick to respond.
Responding quickly to chargebacks is a merchant’s greatest
tool, as there is a certain time limit in each step of the chargeback cycle,
and a delayed reaction can result in a chargeback loss. In this way, consumer
misunderstandings can easily be resolved as well; so if a customer says they
never received a credit for a return, as the merchant you can quickly provide
proof of the specific day the credit was issued and nip the situation in the
bud before it manifests into an all out chargeback war.
Pick your battles.
As a merchant it’s also important to know when to pick your
battles. It may be cheaper and easier to let certain chargebacks go if you know
you cannot win them, saving yourself the useless time and expense of fighting.
E-commerce merchants looking to reduce fraud will benefit
most from a holistic approach that includes multiple solutions such as:
- 3D secure
- Rules-based filters
- CVV2 Verification - By requesting the three-digit code as
part of the CNP process, merchants can be sure that the person placing the
order has the card in his or her possession, adding another layer of security
- AVS Authentication - Utilizing AVS allows merchants to
verify the cardholder’s billing address with the data on file with the issuing
- Digital fingerprinting
- Shared device reputation
- Proxy databases
- E-commerce account issuance
- Customer validation
- Identity verification
- Knowledge-based authentication
- 3D secure
- Email verification
- Social media validation
Cost of Over
When fraud-scoring tools are too sensitive, the result is an
unnecessary amount of false positives. These false positives can result in card
declines and cause significant sales losses, blocked accounts and an overall
poor customer experience.