7 Steps to Preventing Card-not-Present Fraud

Credit card fraud is much more difficult to prevent when neither the cardholder nor the card are present during the transaction. In a face-to-face setting the merchant can inspect the card to ensure that it is valid and can verify that the cardholder is an authorized user on the account by matching his or her signature on the transaction receipt to the one on the back of the card and request an ID when in doubt. None of these actions can be performed when the payment is submitted online or accepted by phone.

Yet, a combination of best practices and fraud prevention tools can provide card-not-present merchants with strong fraud prevention capabilities. If your business accepts payments online or by phone, you should implement the following safeguards:

• Verify the phone number and transaction information. Prior to shipping your products, call the phone number provided by the customer and verify the transaction information. Criminals may be unable to verify such information, because in their haste to max out the credit line before the fraud is discovered, they often order at random and do not keep records.
• Examine priority shipment requests. Costly priority shipments may indicate a fraudulent transaction, especially if a free shipping option has been ignored. Unlike the rest of us, criminals do not much care about shipping costs.
• Validate orders from repeat customers that differ from the established pattern. If an order from a past customer deviates from the established pattern, contact the customer and validate the transaction.

In addition to implementing the above procedures, you should take advantage of the available fraud prevention tools. Following is a short list of the most prominent among them:

• Address Verification Service (AVS). AVS enables you to compare the billing address (the address to which the card issuer sends its monthly statement for the account) provided by your customer with the billing address on the card issuer’s file before processing a transaction. These addresses should match.
• Card Security Codes. Card Security Codes are the 3-digit numbers located on the back of Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards, in or around the signature panel, and the 4-digit numbers located on the front of American Express (CID) cards, above the card account number. Card Security Codes help verify that the customer is in a physical possession of a valid card during a card-not-present transaction.
• Verified by Visa?áand?áMasterCard SecureCode. These fraud prevention services are offered by the two Credit Card Associations to?áe-commerce merchants and to online shoppers. MasterCard SecureCode and Verified by Visa enable cardholders to authenticate themselves to their card issuers through the use of personal passwords they create when they register their cards with the programs. These services protect merchants against fraudulent “unauthorized use”?áchargebacks.
• PCI compliance. All merchants accepting card payments are now required to be compliant with the requirements of the Payment Card Security Data Security Standard (PCI DSS), which sets the rules for data security management, policies, procedures, network architecture, software design and other protective measures.

Additionally, you should build and maintain an internal negative file that includes data from fraudulent transactions that you have not been able to prevent. Be sure to leave out of it information that relates to customer disputes or chargebacks, as these can be caused by reasons that are unrelated to fraud. Whenever a new order contains information that matches data in the file, your system should be designed to automatically identify the mismatch and trigger an examination.

Image credit: Esbjergbibliotek.dk.