Definitive Guide to Card Not Present (CNP) Transactions

CNP Fraud

While the internet has certainly done wonders for small businesses – allowing them to reach customers all over the world – it also exposes business owners and merchants to additional risks. One such risk involves fraudulent credit card transactions, and Card Not Present (CNP) fraud in particular. As a business that accepts credit card transactions over the internet, it’s important that you understand what CNP fraud is, how to spot it, and what to do when you encounter it.

What are Card Not Present (CNP) Transactions?

"Card Not Present" simply means the merchant has received the consumer's card information remotely.

New call-to-actionCard Not Present fraud has another simple definition, yet involves a number of complex moving parts. CNP fraud essentially encompasses the unauthorized use of a debit or credit card number, the cardholder’s personal information, and the security code printed on the card to purchase products and services over the internet or through other remote transactional channels. In many instances, the victim retains possession of their card and is totally unaware of the fraud until the unauthorized activity is spotted on a monthly bill statement.

Years ago, most Card Not present fraud took place through call center operations and mail orders. Now, the large majority involves ecommerce websites and internet transactions. The term “card not present” describes the fact that the transaction is approved without the physical presence of the card. The merchant follows certain protocol that – if met – indicates the cardholder is authorized to make the purchase. Unfortunately, criminals and fraudsters frequently discover ways around these protocols.

Who Commonly Commits Card Not Present Fraud?

Card Not Present Fraud

While independent criminals do occasionally commit CNP fraud, it’s typically the work of a larger criminal enterprise. These enterprises may steal thousands or millions of dollars worth of goods and services before they’re discovered and their networks can stretch across international borders.

In many cases, these enterprises gain access to legitimate corporations through employment. After infiltrating the company, they can then access customer information and relay it to third-party sources that commit Card Not Present fraud. All it takes is a credit card number, the cardholder’s name and address, and applicable security codes.

Who’s Liable for the Loss in Card Not Present Fraud?

Common CNP Fraud Methods

In the United States, federal law clearly limits a consumer’s credit card fraud exposure to $50. The credit card company or the merchant then bears the risk for the remaining amount. When determining who is responsible, there are two important categories of transactions. The first involve situations in which the card is physically present – such as paying for a meal at a restaurant. The second involve purchases over the internet or phone.

In the first situation, the card is obviously present. Generally, this means the liability falls to the issuing financial institution and not the merchant. However, in the second case (CNP), the risk falls to the merchant. In other words, the merchant is required to reimburse the cardholder for the full amount. For merchants that rely on selling expensive products with small margins, too many Card Not Present transactions can ultimately result in a company death sentence.

What are the Most Common CNP Fraud Methods?

For merchants, it’s important to understand how criminals gain access to customer information and through which methods they use that information to commit Card Not Present fraud.

The most common methods of obtaining credit card information involve phishing and skimming.

Fight & Recover Chargebacks - Get The GuidePhishing takes place when criminals attempt to acquire sensitive customer information by contacting customers via electronic communication and posing as trustworthy companies or organizations. Email is the preferred channel, but savvy fraudsters will use phone contact.

Skimming occurs when employees actually lift customer information directly from the card. This typically happens in physical settings where an employee obtains the customer’s card and takes it out of sight (such as a restaurant). The individual then sells this card information to a criminal enterprise, or uses it themselves.

As a merchant, you always have to be on the lookout for signs of Card Not Present fraud. It can be difficult to spot, but you can’t afford to turn a blind eye. In most cases, the responsibility will fall on you.

What Should You Do if You Suspect CNP Fraud?

As the United States begins to adopt new chip-based cards, sources say Card Not Present fraud rates will dramatically increase for a period of time – that is until the 41 percent of stores without chip-capable systems in place begin to catch up. “There’s going to be nowhere else for fraudsters to go but online, says Sean Curran, an industry expert. “That’s where they’ll go. Online retailers have to be ready.”

As a business owner, it’s important to recognize the warning signs of CNP fraud and to have a pre-established plan in place for how you’ll handle fraudulent charges.

If you wait until you suspect Card Not Present fraud, it may be too late to avoid losing money and wasting time.

As a merchant, you should keep careful and meticulous records of all transactions. You need the cardholder name exactly as it appears on the card, the expiration date of the card, the billing and shipping addresses, and the CVV2 code. You should also record the cardholder’s contact information, the date of the order, and details regarding any conversations you’ve had with the buyer. It’s a good idea to keep copies of order forms and proof of delivery, too. The more information you have, the better protected you’ll be in the long run.

Why Should You Contact Chargeback Gurus?

The unfortunate reality of the current financial landscape is that credit card companies look out for their customers first and foremost. As such, customers rarely have to take the blame or accept responsibility for CNP fraud. It’s also rare for fraudsters and criminals to be discovered. That means it comes down to you or the credit card company – and they’ll try their hardest to place the blame on your shoulders.

At Chargeback Gurus, we fight for your business and help you recover lost revenue. You simply send us the information and we’ll serve as your liaison to the credit card companies. After helping you recover your lost revenue, we’ll also work closely with your team to identify weaknesses and optimize your review process to reduce Card Not Present  fraud risk and minimize chargebacks. 

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to:

Get the guide, Chargebacks 101: Understanding Chargebacks & Their Root Causes