Thanksgiving is just about here, so the time is right for the Security Turkey to make an appearance again. Last year the Security Turkey provided tips for combatting phishing. This year he takes on card-not-present (CNP) fraud, a growing concern for e-commerce merchants as well as any small business that accepts credit card payments online, over the phone, or in the mail.
According to an Aite Group report, card-not-present fraud will rise to $4 billion in 2016 (up from $3.2 billion in 2015), and is projected to be $7.2 billion in 2020. A different report by Javelin found that on average fraud costs online businesses 7.5% of their revenue.
While there are many variables in the fraud equation, most experts and studies agree that a major factor driving increased card-not-present fraud is the US EMV liability shift that occurred in October 2015. (The shift meant that any merchant that did not support EMV transactions at the point of sale would be liable for fraudulent transactions processed with a card equipped with an EMV chip. Read all about it in this tip post.) Even though the merchant EMV adoption rate has been slow—according to a Mastercard study only a third of US merchants currently utilize EMV readers at the point of sale—point of sale fraud has declined and card-not-present fraud has increased since the liability shift.
For example the Global Fraud Index found that the merchants hardest hit by this shift were those selling digital goods and services online—those merchants have seen a 304% increase in fraudulent transactions since the EMV liability shift.
However, there is some good new here—another reason the Javelin report found for the increase in fraudulent transactions is the increase in online shopping in general. And interestingly, the percentage of fraudulent transactions tends to go down during the holiday shopping season precisely because legitimate shopping jumps significantly.
Hopefully your small business is benefiting from the advantages of an e-commerce solution, whether you sell digital goods, tangible goods, or services. (If you don’t yet sell online, check out PaySimple’s online payments solution—we can help!) And, hopefully you have processes in place to catch fraudulent transactions wherever they originate—online, over the phone, via mail order, or in person.
To help you and your team stay security-focused and fraud aware this holiday season and all year long, print and hang this Security Turkey infographic to remind you of best practices for spotting and thwarting card-not-present fraud before it costs your small business time, frustration, and money . (Click the image to view a large version, or click here to download the infographic as a .pdf)
As the Security Turkey Reminds Us:
Take Advantage of CNP Fraud Detection Tools
Use CVV2 validation to ensure a CNP customer has access to the card, and use an AVS check to validate a card’s billing address. Also use IP address detection to block online purchases from non-US countries, and to block multiple online orders from the same IP address using different card numbers.
Use a PCI Compliant Payments Service Provider
Visa research shows that when merchants utilize a PCI compliant service provider for online payment processing, CNP fraud decreases. For example, a secure site with robust security controls such as duplicate transaction detection will deter a thief from testing a database of stolen card numbers on your payment forms.
Remember to Check Shipping & Billing Address
A shipping address outside the US with a US billing address is a giant CNP fraud red flag, as is a single order with multiple big ticket items shipped to multiple different addresses. A manual review of all such orders may delay shipping, but will save you heartache down the road.
Know Your Customers
Small businesses are in the best position to really get to know their customers; and this knowledge is the best defense against fraud of all types. Most thieves want to stay anonymous and ply their malfeasant trade in darkness.
Err On The Side of Caution
If a large order sounds too good to be true, it probably is. If the person you’re talking to on the phone sounds strangely eager to complete a sale or rush a shipment, proceed with caution. This may result in a few lost sales, but will serve you well in the long run.
You Are the First Line of Defense Against CNP Fraud
Many payment systems include mechanisms to detect and decline common fraudulent transaction patterns. But there is only so much technology can do. YOU are the best resource for spotting suspicious orders and thwarting attempts to defraud your company. Make sure you stay informed about the latest scams and the risks they pose to your small business.
For more information on combatting card-not-present fraud be sure to check out the Visa Merchant Resource Library. It contains documents, webinar recordings, and other resources designed to help merchants navigate acceptance, fraud, data security, authorization and more.
You may also want to catch the upcoming Visa webinar: Preventing Card-Not-Present Fraud on Thursday December 8, 2016 at 1PM Eastern Time.
Sign up for Small Business Smarts to get more small business tips like this one, delivered directly to you.