What is Card Not Present (CNP) Transaction?
In an earlier post, we reviewed the Card Present(CP) transaction. In the current post, we will review the Card Not Present(CNP) transaction.
If you have purchased an item online using your phone or desktop computer, you would have made a Card Not Present(CNP) transaction. In essence, at the time of purchase, the merchant cannot directly read the consumer card information (present in the chip or magnetic strip) as done in an in-store purchase.
CNP transactions have high risk and liability for the merchants and also tend to have higher processing fees compared to CP transactions.
What type of transactions is CNP?
(a) Making payments over the telephone (i.e., exchange credit card info over the phone)
(b) Purchase and payments online (website or apps)
(c) Manual card enter at checkout even when a physical card is present.
(d) Recurring payments or Subscriptions
So, how do CNP transactions work?
Step 1 customer completes the purchase online and lands at the merchant "checkout" page.
step2: Customer then enters card information manually at the merchant website.
Step 3: Merchant website would typically use a credit card payment gateway to complete the transaction.
What are the common methods to mitigate CNP fraud?
Since CNP transactions need information related to a card and not a physical credit card, they attract fraudsters more compared to CP type transactions.
Fraudsters obtain credit card number and associated information required to complete a CNP transaction by Hacking (through malware or other types of attacks carried out on the credit card owners computers), Phishing (sending out emails and forcing the credit card owner to reveal their info), skimming(obtaining credit information at restaurants or gas stations by employees).
A federal stud showed CNP type fraud increased from $3.4 billion in 2015 to $4.57 billion in 2016.
As mitigation efforts, for consumers, consumers most report their lost or stolen card immediately to the credit card company and proceed to get a new card. Also, monitoring fraudulent activities in billing statements and signing up with any free alerting services provided by the bank must be used.
Merchants have a high liability for CNP fraud chargebacks. Card networks and payment gateways issue best practices guidelines for the merchant. Merchants must carefully follow those guidelines. Some of the most common recommendations include,(a) Obtain detailed consumer information during checkouts such as Name, Billing address, shipping address, CVN(Credit card verification Number, three or four-digit codes on the credit card ).
(b) Enroll into credit card network-specific programs such as VBV(verified by visa),3D Secure (Master Card), etc. for an added layer of authentication during checkout.
(c) Merchant must ensure they are PCI compliant.
(d) Look for abnormal purchase patterns such as a large number of small transactions for the same item, unusually high quantity of orders, etc.
(e) Use the Adress verification system(AVS) to check if the address entered during the "checkout" process is the same as the one registered with the bank.
(f) Use geo-location checks. For example, use the IP address to check for simultaneous transactions.
(g) Use multifactor authentication to protect your e-commerce website.