We’ve shared some of the futuristic and exciting developments aimed at reducing CNP fraud. As we discussed, these approaches are still being fine tuned to ensure that merchants can walk the fine line between mitigating CNP fraud and creating a seamless user experience. To date, attempts to implement some of these new approaches have led to false positives for an estimated 34 million consumers, costing businesses $118 billion in lost sales.1 This is steep price to pay when one considers that CNP fraud totaled $9 billion in 2015. In the meantime, there are things your campus can do today with most payment providers (including CASHNet) to make things harder for fraudsters. Here are a few of them.
Securing your online environment:
Address Verification Service (AVS).
Use the integrated AVS capability to compare the billing address provided by your customer with the billing address on file with the card issuer before processing a transaction.
Card Security Codes.
Enable the field form provided for customers to enter Card Security Codes that help verify that the customer is in physical possession of a valid card during a card-not-present transaction. They are the 3-digit numbers located on the back of Visa (CVV2), MasterCard (CVC 2), and Discover (CID) cards—or the 4-digit numbers located on the front of American Express (CID) cards.
Make sure whatever company you are using to process payments on the web has velocity checking. This looks at the payments attempted. If there are too many failed attempts over a designated period of time, action is taken to automatically prevent additional attempts. This type of defense is aimed at thwarting BOT attacks, automated means of testing stolen card information.
Requiring a user to authenticate against some pre-arranged credentials has been shown to have a positive impact on reducing fraud. While some may argue that this is more of an added step than a deterrent, for most fraudsters they are one in the same. Fraud is a numbers game, and any additional steps that would reduce efficiency are off-putting to fraudsters.
This is an obvious one, but it bears emphasis. Train your staff on PCI compliance standards. All merchants accepting card payments are now required to be compliant with the requirements of the Payment Card Security Data Security Standard (PCI DSS), which sets the rules for data security management, policies, procedures, network architecture, software design and other protective measures. If a merchant doesn’t follow the PCI DSS guidelines for processing online or over-the-phone credit card purchases, it could lose revenue from the sale or payment, shipping costs, and could receive fines, similar to the chargeback fines that banks charge for bounced checks.2,3
As we’ve previously stated, there are constantly new developments on this front. Please be sure to check back here for even more information and industry insights!
1 Javelin 2015 “Overcoming false positives”