What is Card Not Present?
A remote purchase
card-not-present (CNP) transaction is one where the cardholder and the card are not present at the point-of-sale.
What is the risk?
Risk-mitigation technologies such as EMV chip cards have helped to significantly reduce card-present fraud rates.
As a result, criminals are increasingly looking to exploit CNP channels such as mail order/telephone order and e-commerce. Telephone-based payments represent an area of opportunity for fraud as this method of payment exposes account data in the clear and must be given full consideration in any security strategy and PCI DSS compliance program.
How does it affect my business or contact centre?
Simply put, without adequate protection your business is exposed to fraud.
Because the card and cardholder are not present, you are unable to physically check the card or the identity of the cardholder, therefore it is much easier for the fraudster to disguise their true identity.
Coupled with the fact that there are currently over 13.5 million compromised cards available to purchase on the dark web, you have never been more exposed.
You should be aware that a standard 'authorisation' from your payment service provider does not guarantee against fraud related chargebacks. This is because you may have not authenticated that it is the genuine cardholder who is completing the transaction.
It is your responsibility for ensuring that
CNP transactions are not fraudulent. If a fraudulent transaction is processed, then your business will be liable for the loss.
What procedures have you got in place to protect your business against fraud?
How can I protect my business?
There are two ways in which you can protect your business from CNP Fraud
Online/E-commerce
The first is to ensure that your payment gateway is fully prepared to embrace the
Payment Service Directive (PSD2)
with the ability to conduct
Strong Customer Authentication (SCA).
Our
payment gateway is PCI DSS Level 1 registered, as an approved service provider by Visa and Mastercard.
Our cloud environment is protected by DDoS mitigation tools. Within the gateway you can control built-in security options including AVS, CV2 checks, 3D Secure and velocity checking.
Mail Order/Telephone Order (MOTO)
To process traditional MOTO payments, the business would verbally obtain the sensitive card information from the cardholder. This would include the long card number, the expiry date and security code on the reserve.
This not only causes a PCI DSS issue, as you would now have card data within your environment, it also means that every transaction is at risk of being fraudulent.
Our multi-award winning solution,
SOTpay, enables merchants to process 'secure, authenticated, PCI compliant' transactions across numerous channels including Telephony, Email, SMS, Web Chat and Social Media Channels.
SOTpay simplifies PCI DSS compliance by removing all sensitive card data from your merchant environment, whilst facilitating additional authentication methods in the CNP MOTO channel, which shifts the liability and consequently eliminates fraud related chargebacks.
