Over the past two years, consumers have made a massive shift towards increased online shopping. If there’s one thing we know, it's where the money goes, the criminals will follow. Unfortunately, the huge growth we’ve seen in e-commerce has also fueled an alarming rise in Card-Not-Present (CNP) fraud and chargebacks.
This shift happened rather quickly in retail terms, leaving many merchants unprepared. Merchants were not ready for the huge uptick in sales and growth. And they were definitely unprepared to deal with the significant rise in payment fraud and chargeback policy abuse that followed.
What’s a card-not-present transaction? And why are they risky?
Card-not-present transactions are exactly what they sound like. Payment transactions processed over the internet without a physical card being presented to the merchant. Processing card payments in a CNP environment presents complications for merchants that are not common in a card present retail environment.
The virtual nature of the transaction invites both fraud and chargeback filings largely because the card and the cardholder/buyer are not present. This anonymity makes it more difficult to verify the card and authenticate the cardholder and the purchase.
CNP transactions invite fraud and chargeback headaches for merchants.
During this recent Ecommerce explosion, merchants experienced a 69% surge YoY in online payment fraud attempts. On top of that, recent statistics show that 45% of all credit card fraud stems from CNP transactions.
In addition to being exposed to online fraud, the increased sales have also subject merchants to increased chargebacks and chargeback fraud. Estimates are expecting 2022 transaction volume to exceed 66 billion transactions. And that kind of volume is projected to result in approximately 33 million chargeback disputes.
Fraud and chargebacks represent a significant business risk for eCommerce businesses.
It's not just the cost and loss of sales from fraud and chargebacks that can affect a business' bottom line. Businesses that have high chargebacks also incur penalties, increased processing rates, and risk losing their merchant account. Fraud destroys consumer trust, increases customer dissatisfaction and leads to customer attrition.
For businesses in the CNP environment, practicing sound business policies and Best Practices for payments can help limit exposure to fraud and chargebacks.
By employing a combination of good business practices and online fraud screening tools, merchants can better assess the risk of eCommerce, CNP transactions. These will help merchants fight fraud, validate the transaction, and still provide a positive customer experience.
7 Best Practices for Safer CNP Transactions
Gather Sufficient Customer DataCard information: gather the basic payment card information-
Name “as it appears on the card”
Card type (Visa, MC, Amex, Discover, etc.)
Expiration date (a valid future date)
Customer information: expand on card information by asking for expanded customer contact information
Customer’s home and/or cell phone numbers
Email address for purchase confirmation and tracking
This information can be particularly helpful when shipping and billing addresses are different, and for
Require CCV Code/Number From Payment CardsAll payment cards have a security value code. These codes are referred to as the CVV/CVC (Card Verification Value/Code), CMID (Card Member ID), or CID (Card Identification Number). For Visa, MC, and Discover, it is the 3-digit code on the back of the card. American Express has a 4-digit code on the front of the card.
When the code is submitted and substantiated during the transaction, it helps to establish that the purchaser is in possession of the card. Often, in the case of stolen card numbers, the criminal will not be able to get the CVV code.
*Keep in mind: CVV Codes cannot be stored by merchants. They must be requested for each unique transaction. For this reason, CVV codes cannot be used for recurring transactions. Merchants can also expose themselves to fines for improperly stored codes.
Implement AVS - Address Verification ServicesAddress Verification Service (AVS) is an automated fraud prevention service.
It allows the processor to compare the address, along with other payment card information, to the information on file with the card issuing bank.
Once all information has been validated, the merchant receives an AVS Response Code. Along with the authorization, the AVS response code will indicate the accuracy of the information. There will either be a match, a partial match, or no match.
A. Match - indicates that all values entered match the information on file for the cardholder with the card issuing bank.
B. Partial Match - indicates that only one of the values in the billing address matches - either the numbers in the street address or the ZIP code, but not both.
C. No Match -this response means that neither the address number nor the ZIP code match the data on file.
Receiving a “no match” response code is a strong indicator that this could be a fraudulent transaction. However, there are situations where you could get a no-match code on a legitimate purchase.
Investigate: any form of match failure should require the order to be placed in an AVS Hold for special processing. Both situations will most likely require follow-up actions.
Follow up for a partial match: look for red flags that commonly indicate fraud.Expedited shipping
Larger than usual orders
Shipping address doesn't match billing address
Multiple units of the same items
Follow up for No match - don’t simply assume this is a fraudulent transaction.
While AVS failure can indicate a stolen card, there are situations where AVS failure is still a legitimate sale. For instance, this can happen if the customer moved and has yet to, or forgot, to update card information with their bank.
For this reason, it's a good idea for merchants to set up a protocol for further investigation before declining the order.
*Note: this is why it's important to ask for “billing address associated with card”. This way, even if the billing address and shipping address are different, the AVS will still confirm a match.
Follow up:Contact the card issuing bank to verify if all other information submitted (name, address, and telephone number) matches those on file.
Contact the customer to confirm that he or she initiated the transaction.
Using a combination of CVV and AVS, merchants can minimize fraud incidence from stolen card numbers and counterfeit cards.
For Added protection: Online merchants should consider using Verified by Visa or Mastercard’s SecureCode. Ask your processor if these enhanced anti-fraud programs are right for you.
Recurring Billing Best Practices* Install an "Accept" button on the checkout page. This helps to ensure that the purchaser acknowledges they are signing up for recurring billing.
* On the first transaction, use fraud protection tools, including AVS, CVV, to help ensure it is a valid card and legitimate purchase before continuing with auto shipments and recurring billing.
* Make sure to use a clear and recognizable business descriptor on customer statements.
* Provide cardholders with a toll-free phone number and include it on statement alongside your descriptor.
* Consider using an Account Updater- this is an automated service that can update card information in the case of payment card upgrades, new expiration dates, and other card changes.
Card updating services provide convenience for both merchants and customers. Customers appreciate uninterrupted service, while merchants avoid chasing down customers to update their accounts.
As you will see below, many of these practices will also help merchants reduce chargeback. That is because they address many of the common problems and issues that lead to consumers filing a chargeback.
Reduce Exposure To Chargebacks
Recognizable billing descriptor-
This is how your business name appears on the customer’s credit card statement. Make sure to use a brand or name your customer is familiar with.One of the leading reasons customers file a chargeback is due to not recognizing the business when it shows up on their monthly charge statement. Using a recognizable name will help you avoid chargebacks due to business name discrepancies.
Confirm your descriptor and phone with your processor. Sometimes processors will truncate or shorten a descriptor, causing the name or phone number to be incomplete. You may also want to test your descriptor by doing a test transaction and reviewing your description on your own statement.
Include your toll-free number with your descriptorYou want your customer to contact you before they contact their card issuer.
Remember, your customer might not recognize the purchase or remember they signed up for auto ship. They might assume the purchase was a fraudulent transaction on their card.
Providing a number right there on the statement will encourage them to reach out to you if there’s a problem.
This gives you another touchpoint for customer satisfaction and can greatly reduce your chargebacks.
Use AVS and CVV to reduce chargebacksAgain, these practices help merchants differentiate good transactions from fraudulent transactions. It can help you detect attempts using stolen cards, stolen numbers obtained through skimming techniques, and/or from the dark web.
When merchants can catch an attempted fraud transaction, they will save themselves and their customer from filing a chargeback for the purchase.
Communication, communication, communicationI can’t emphasize enough how important communication with your customer is in fighting fraud and chargebacks.
It helps merchants provide a better customer experience, avoid chargebacks, and possibly catch cybercrime in the act.
Notify customers, in writing, during each part of the order process.
Email the customer at the time of purchase with a purchase confirmation. Then follow that up with shipment confirmation and tracking information.
The same goes for returns, refunds, and cancellations.
Keeping customers in the loop helps build confidence that everything's going as planned. This way they will be less likely to get frustrated and turn to their card issuer for a chargeback.
Record all correspondenceKeep a record of your correspondence with customers regarding their purchase, shipment, tracking, order changes, and cancellations. Make sure to include notes on any phone calls to customer service. In the event of a chargeback, you’ll be able to quickly provide the supporting paperwork required.
Keep PCI Compliance Up To DateAccording to PCI Data Security Standards, merchants involved in payment card transactions must use strong encryption to protect cardholder information. These standards were created to ensure the protection of cardholder data while in possession or in use by merchants and other entities involved in the transaction.
Luckily, the payment processing hardware and software provided by your merchant account provider and/or gateway provider will already meet these requirements. Working with an experienced merchant account provider will greatly reduce your PCI DSS requirements.
Make sure to complete your Annual PCI Compliance Self-Assessment Questionnaire. Completing your annual PCI Compliance helps to ensure you're complying with the set of Data Security Standards set by the Payment Card Industry. It can also help to reveal any weakness in your security and show areas for improvement.
Enhance Current Data Security With Robust Fraud Tools
Enhanced fraud detection and prevention solutions can automate fraud management. The software can monitor and analyze multiple metrics at once, detecting anomalies as well as patterns.
AI and Machine Learning can expand on rules-based fraud detection by adapting to new fraud patterns. Built in Machine Learning modules can help make flagged transactions more accurate over time.
Partner with an experienced E-Commerce merchant account provider
Merchants must maintain a delicate balance between detecting and combating fraud and creating a frictionless checkout and pleasant customer experience.
However, as fraud economy continues to adapt and expand, payment environment security is critical. Even if increased security measures negatively impact the customer experience.
Friction at the checkout is a problem that impacts customer satisfaction, but so is fraud. In fact, 56% of consumers say fraud will cause them to abandon a brand.
Ecommerce merchants need a dependable high-risk merchant account and a variety of essential tools and resources to help secure CNP transactions and combat fraud.
Ecommerce merchants are at higher risk than normal retail sales. To ensure success, they need to partner with a payment processor that understands their challenges and can provide the solutions to address them.
Bankcard International Group provides merchants with a merchant account solution curated specifically for their business needs. We understand merchants want to couple a secure and powerful gateway with a suite of powerful fraud prevention tools. And we are ready to provide all of that with the sustainable rates you deserve.
To learn more about our E-commerce merchant account solutions, click the button below.