CNP transactions – How to do them right

We all use credit cards on a daily basis but just how aware are we about the cyber threats that are connected with them? It has become easier than ever to use the cards in our day to day shopping. We don’t even have to insert them anymore in the card machine, just a “tap” and our purchase is paid.

The risk gets even higher with our growing online presence. The Internet has helped various companies to reach the customers all over the world and consequently increasing their revenue, but it also exposed them to a risk of fraudulent credit card transactions. This is why it has become imperative for all businesses and organizations to take all the necessary actions to improve transaction safety.

The biggest cyber threat ecommerce businesses are facing is the Card Not Present (CNP) transaction fraud. Luckily there are ways you can protect your business from cyber attacks.

What is a Card Not Present (CNP) Transaction?

A card-not-present transaction is exactly what its name says. It is any transaction in which there is no physical card present during the purchase, instead the merchant has received the  payment information remotely. This type of transactions use only the card information as card number, cardholder name, and security code to process the payment which makes the process easier for customers, but also for cyber criminals.

The most common example of card-not-present transaction is an online purchase. In this time and age, almost everyone has made an online purchase in the past but due to the pandemic that number is getting higher than ever. Since all non-essential shops had to close for the large parts of 2020 and some of 2021, shopping online has become a standard which resulted in significant e-commerce sales growth. It is predicted that total e-commerce sales in 2021 will be over $147 billion higher than they would have been expected to be if the pandemic didn’t happen.

What is Card Not Present (CNP) Fraud?

When a purchase is made with a physical card present it is easy to verify the transaction by comparing the card against a customer’s ID or checking their signature and of course by requiring a PIN. Unfortunately, this is not possible with card-not-present transactions.

During the CNP fraud cyber criminals use stolen credit card information for fraudulent transactions. In most of the cases cardholders are not even aware their details have been stolen through online data breaches, phishing or deep web transactions as they haven’t been taking necessary precautions to protect their credit data online. This type of fraud usually results in chargeback being filed against the merchant.

How to process CNP Transactions properly

In order to protect your businesses and your customers you need to make sure you process CNP transactions properly.

Gather all necessary information

First step you need to do to process CNP transactions properly is to gather right customer information including:

  • Name as it appears on the card
  • Expiration date
  • Credit card number
  • CVV security code
  • Phone number
  • Email address
  • Billing address
  • Shipping address

This is important for every aspect of your business, from marketing and sales to cyber security and it can help you dispute the chargebacks.

Implement Data Enrichment into your security protocol

Data enrichment allows you to collect additional information about your customer by enriching the raw data you have with data from internal and external databases. This way you can gather information about your customers that will help you detect any suspicious discrepancies like newly created email addresses with no connections to social media sites or users accessing your website from suspicious email addresses.

Keep an eye out for very small transactions

Cyber criminals might even use your website to test various stolen cards to see which ones are valid and haven’t yet been reported stolen. After they confirm the card is valid they can use that card to purchase more expensive items from your website, which will eventually result in chargeback. Cyber criminals will usually be testing a large number of cards and using the same IP address if not the same account. By looking out for small transactions you will be able to recognize and put an end to this type of fraud.

Any business that accepts card-not-present transactions needs to know what CNP fraud is, how to recognize it and what to do when you encounter it if they want to protect their business.