No matter what type of business you run, there is always the possibility that you and/or your customers will encounter fraud. However, your jeopardy is magnified many times over when it comes to what is known in the industry as card-not-present (CNP) fraud. Understanding what defines card-not-present fraud and implementing strategies to reduce its likelihood will minimize its potential effects on your small business.
What is CNP fraud?
You might be wondering what the difference is between card-present vs. card-not-present transactions. In the former case, the actual credit card is available for the merchant to see and examine should that become necessary. Additionally, it is usually possible to request additional proof of identity from the customer, who is there in person at the time of purchase.
By contrast, CNP transactions do not give sellers direct access to the credit card. It is therefore much more difficult to verify the buyer’s identity. The following are the most common types of CNP fraud:
- Online purchases.
- In-app purchases.
- Payments made over the phone.
- Skimming and testing.
Fraud occurs when the criminal gets their hands on a customer’s payment information and uses it to make an illegitimate purchase. The result is stress for the cardholder who is the hapless victim and potential financial loss for you the merchant when the customer disputes the charges. Fortunately, there are firm actions you can take to reduce your chances of becoming a victim of CNP fraud.
1. Collect customer information.
While it is true that security regulations prohibit you from storing your customers’ sensitive credit card payment details, there are still many data points that you can and should gather. All of these can be used to help verify a buyer’s identity if you suspect potential fraud. Details to store include the following.
- Physical and email addresses.
- Login address.
- IP address.
- Phone number.
These can be gathered at the point the customer logs in, at account registration, or in the shopping cart software where you accept payments. The details can then be stored by your POS system for small businesses for later retrieval.
2. Employ data enrichment strategies.
This process is widely employed by numerous entities, including financial institutions, ecommerce companies, and charities and involves using a single point of data to learn more about a customer. The process involves piggybacking on this single detail to bring in other connected data from outside sources. For instance, knowing a simple 10-digit phone number can allow you to gather all manner of details about a customer’s location and the type of phone being used. The results can be harnessed to verify someone’s identity without the need to directly ask the customer any additional questions.
3. Use best practices to promote customer data security.
Do all you can from your end to ensure that the sensitive payment details your customer provides are safe from breach by cybercriminals. That means following the PCI DSS standards yourself, and ensuring that your third-party payment services provider does as well. Also, you should use online security tools like SSL, encrypt data whenever possible, and use address verification tools like AVS to verify customer identities.
In addition to these specialized tech tools, listen to your gut. If a purchase gives you a queasy feeling, investigate it further. Especially if your security protocols or policies are prominently displayed, your legitimate customers will appreciate your commitment to transparency and data safety.
Unfortunately, there is no way to find ironclad protection against CNP fraud. However, using modern security tools (combined with good old-fashioned human monitoring and investigation) can greatly reduce the chance that you and your customers will suffer the damaging effects of this criminal activity.