One of the main benefits of using a card is that you don't have to be physically present.
Who wants to drag themselves into town to wait in a painfully long queue when you could get a 2 hour delivery from an online retailer?
This perk is the reason that online businesses are doing so well, and high street profits are dwindling.
However, there are a few things you should consider when accepting transactions without the customer being present.
We're going to run you through exactly what these transactions are. Also, we'll let you know what precautions you should take to maintain the security of both your business and your customers.
What's a customer-not-present transaction?
This transaction is (obviously) completed when the customer or cardholder isn't physically present - but there are a few ways of doing this that you probably haven't thought about. Here's a list of card-not-present and card-present transactions:
- Chip and PIN
- Contactless/NFC payments.
- Swipe and signature payments.
- Chip and Signature payments.
- Contactless Mobile Payments (Google Pay or Apple Pay, for instance).
- Online shopping.
- Payments where the card is on file.
- Mobile wallet (Google Pay or Apple Pay) in an app or on the internet.
- Over-the-phone or mail order payments using a virtual terminal.
- Manual card entry in an app or online.
- Recurring bills/subscriptions.
- Some biometric payments.
Card-not-present payments are also known as "keyed entry". Even if you technically have the card physically in front of you, it's still considered a customer/card-not-present (CNP) transaction.
You're probably wondering…
Why should I care about CNP transactions?
CNP transactions have a much higher risk of fraud, and this can result in your business facing heavy chargebacks. A chargeback is where the payment provider takes back the fee for you processing a fraudulent transaction - whether that be through credit or debit card.
If you or your business wants to know how to reduce chargebacks, you should check out our article for some top tips.
This is easy to see why. It's going to require a lot more effort for a criminal to steal your card, somehow learn your pin, and successfully pay for an item. If they hack your computer and find your credit card information saved, they can have a shopping spree instantly.
In just 2019 alone, customer-not-present fraud cost UK businesses a whopping £393.4 million! It's clear that this is a big issue and businesses need to be on guard.
As a business owner, it's your responsibility to have effective fraud detection and prevention software in place - to protect both your customers and your business.
What tools are used to prevent this?
Luckily, there are quite a few things that payment card providers can do to prevent card-not-present card payment fraud.
Here's a few of them:
External payment gateways:
Payment gateways ensure your business doesn't need to collect and hold on to sensitive card information. Instead, you pass this off to a huge corporation who have invested an incredible amount of money into anti-fraud measures.
For instance, one of the most popular is Verified by Visa, which helps the card issuer banks authenticate the identity of registered cardholders. If the customer's card is registered with the Verified by Visa service, they will have to enter a password known only to the owners. This is quite difficult for online fraudsters to find out.
This isn't exclusive to Visa - MasterCard has an almost identical system called MasterCard "SecureCode", while American Express has "SafeKey".
Card Security Code:
We're all familiar with flipping our debit dit card around trying to find our 3 digit security code (often known as CVV 2 for Visa and CVC2 for MasterCard).
This is useful as it helps to confirm that the cardholder is making a transaction with a genuine card, and not an old one. As this number isn't related to the magnetic stripe, it's harder for a cybercriminal to get a hold of.
This is a standard fraud prevention tool in the UK. Address Verification Service (AVS) means that a card issuer authorises a card transaction via telephone authorisation. They check part of the cardholder's billing address, to create a further obstacle for online fraudsters to try and get past.
How can I prevent chargeback?
Chargebacks cost your business money, so it's obviously in your best interest to avoid them as much as possible.
Thankfully, there are a few things you can do to prevent this. Basically, make your business as fraud-proof as possible!
Card service providers typically encourage businesses to verify crucial personal information about the cardholder during CNP transactions. For instance, you could ask the customer to verify:
- Their name precisely as it appears on the card.
- The card's expiration date.
- Their card account number.
- Their phone number and email address linked to the card.
- Their billing address.
- Their card's security code.
If you made this information a requirement to process an online payment, you make it far harder for a fraudster to use a stolen card.
Also, you must keep meticulous details of when the order was made, details about what was purchased, and any communication you had with the customer.
CNP frauds are a part of life. Not accepting CNP payments isn't an option in today's world.
Ultimately, there's only so much a business owner can do to prevent fraud.
Thankfully, the big names - Visa, Mastercard etc. - invest a serious amount of cash into fraud prevention.
So by far, your best option is to make sure you're utilising these external payment gateways. This lets you take advantage of state-of-the-art fraud-prevention infrastructure, without paying a fortune.