With the rise in online selling and ecommerce, there has been an equal increase in what are often referred to as “card-not-present” (CNP) transactions. These payments are highly convenient for customer and merchant alike, but there is a trade-off. The security of online payments is a focus for anyone who wants to operate without the risk of fraud, and this guide is intended to help increase CNP security.
Understanding CNP transactions: The basics of CNP.
For clarity, here is a brief explanation of what constitutes a “card-not-present” transaction. As may seem obvious, this is a payment made where the card is not physically handed to sales staff or placed/swiped in a machine. A CNP transaction, in differentiation from a “card-present” transaction, involves someone inputting the information manually, or using previously-stored card details, whether these are read over the phone or input on a website.
There are several different situations for a CNP transaction, and the most common are as follows.
- Online shopping: The customer will typically enter the card details when prompted by the website. They may, additionally, have a card “on file,” which is simply activated for the payment.
- Phone orders: The customer reads the information from the card and this is input at the point of sale by a member of staff.
- Mail order: The details can be written on a printed form, which can then be read manually or electronically to complete the transaction.
- Recurring payments: Card details, stored by the merchant, will be used periodically to take a subscription payment or regular bill.
Why CNP transactions pose a fraud risk: Navigating the challenges of fraud.
For the convenience of paying remotely, there is a trade-off, and this is the inherent loss of the security that comes from paying with the card present. With card-present transactions, the machine reads a chip or a magnetic stripe that is found on the card. These contain unique information that can only be delivered if the cardholder hands over the card itself.
CNP fraud happens when someone uses stolen card details, obtained via “phishing” or data breaches, to make a transaction of the kinds mentioned above. As the cardholder does not need to be present to make these transactions, there is not the same kind of security that exists with card-present transactions. For a business, this can result in money being reclaimed via chargebacks if there’s fraud, which can significantly hurt the bottom line.
Enhancing CNP security: Building a secure payment process.
To avoid the risk of CNP fraud, it is essential to do everything in your power to gain as much information as possible about the customer. Detailed customer information, once verified, can be used to increase CNP security by insisting that some of this information is given when a payment is being taken. The use of mandatory fields when taking a payment will mean that card information taken fraudulently will not be enough to verify a payment. CVV codes, which are not generally subject to data breaches, are also a key element.
Ensuring secure non-digital CNP transactions,
If you accept payments over the phone or by mail, then there are industry requirements you must adhere to. The Payment Card Industry Data Security Standard (PCI DSS) may levy penalties if you fail to meet those requirements, which relate to POS software used by companies. They’re quite long-winded, and it is generally a good idea simply to ensure that when you purchase POS services, you get confirmation that they are compliant with the industry standard.
CNP transactions are a genie that is out of the bottle, for good and for bad, so it is essential to ensure that for your purposes, it’s good. This is something you can do by taking every opportunity to increase CNP security across all transactions. If there’s fraud, it doesn’t just hurt you financially; it will injure a customer’s trust in your business, too. So make sure you adopt best practices, keep up with industry news to increase your awareness of what can be done, and invest in the best tools.