CNP FRAUD

 

What means CNP?

by early-warning.org
2006

 

The official figures make interesting reading

Credit Card fraud has been with us since the first credit cards started appearing back in the early 1950s. Five decades later and the problem now represents a fraud epidemic on a global scale. Card-not-present fraud in the UK has grown from £2.5 million in 1994 to £116.4 million in 2003. Whilst banking initiatives such as "Chip & Pin" have helped reduce fraud in card-present environments, where the liability is with the banks, the Card-not-present environment continues to see increasing fraud activity - it's now the single largest fraud type - and the full liability lies with your company.

Card - not - present (CNP)

CNP transactions are those where neither the card nor the cardholder are present at the point-of-sale, e.g. orders by mail, telephone, fax or the Internet.

These types of transactions are becoming increasingly popular with customers - unfortunately they are also appealing to criminals.
Because the retailer has no opportunity to physically check the card or the identity of the cardholder, there is always some risk.
The crime involves using fraudulently obtained card details to make a purchase. Usually the details are taken from discarded receipts or copied down without the cardholder's knowledge. As with counterfeit fraud, the legitimate cardholder may not be aware of the fraud until a statement is received showing transactions that the legitimate cardholder did not make.

Why is my business at risk by accepting CNP transactions?

CNP merchants are liable for charge backs, which is why it is important to undertake the necessary checks to confirm that the customer's details and the card are genuine. Merchants are at risk because:

"   the CNP environment provides anonymity for the fraudster
"   you cannot check the physical security features of the card or that the cardholder is genuine (e.g. by PIN or signature)
"   fraudsters use fictitious details that cannot be verified by the bank
"   you are unable to verify that the delivery address is genuine

Does authorisation mean that the payment is guaranteed?

Authorisation does not guarantee payment - it only confirms that:

"   the card has not been reported lost or stolen
"   there are sufficient funds in the account.

What additional checks can be made on the cardholder?

The banking industry has developed Address Verification Service (AVS) and Card Security Code (CSC) to help you prevent CNP fraud:

"   AVS checks the numerics in the cardholder's statement address with the card issuer
"   CSC provides additional security digits to confirm that the card number provided is a genuine one.
By checking the cardholder's statement address and card security details, AVS/CSC has helped many merchants reduce their CNP fraud and chargebacks; it provides a cost-effective fraud prevention tool. Contact your acquiring bank to discuss options for your business.

What about delivery?

Card-not-present merchants delivering goods should:

"   treat the sale as a CNP if a customer collects the goods in person
"   be wary of customers who do not question additional costs
"   treat all overseas transactions with caution; confirming details of customers abroad is difficult
"   consider secure delivery through a courier company for high-value items or for delivery addresses that seem suspicious.

What should I do if I suspect a transaction may be fraudulent?

You should only contact your acquirer's authorisation centre if any of the following apply:

"   cardholder information is inconsistent
"   AVS/CSC does not match
"   third party name and address checks do not match
"   items delivered were returned 'not known'
"   the cardholder disputes the transaction

Top 10 Tips

1)   Know your risks as these transactions are anonymous and physical security features of the card cannot be checked. You also have no way of knowing if the cardholder is genuine.

2)   Remember that authorisation for a card-not-present transaction is not a payment guarantee. It just confirms that the card is not reported stolen or lost, and there are sufficient funds in the account. Retailers are liable for chargebacks.

3)   You should use the time between the order and delivery to undertake further verification checks.

4)   Use verification services such as Address Verification Service (AVS) and Card Security Code (CSC) which are low cost and effective. They have helped some retailers cut CNP fraud and chargebacks by 80 per cent.

5)   Consider using the Verified by Visa and MasterCard SecureCode services for online payment security, which can also protect the retailer from chargebacks for certain fraudulent transactions.

6)   Take extra care to verify customer details, using local directories or commercial solutions available from acquiring banks.

7)   Try to get a card imprint or signature if the customer comes to collect; this turns the sale into a card present transaction.

8)   Use secure delivery courier companies for high value items, or to locations where fraud has occurred before.

9)   Be suspicious of customers who don't query high shipping costs, or who ask for delivery to hotels, guest houses etc.

10)   Treat orders for overseas delivery with extra caution. If you suspect fraud and have conducted the expected checks, contact your card acquirer.

AVS/CSC as a fraud prevention tool

The banking industry introduced AVS/CSC in 2001 to help merchants prevent CNP fraud.

AVS (Address Verification Service) gives CNP merchants assurance that the customer has provided the correct card billing address.

CSC (Card Security Code) is a three-digit code on the back of Visa, Master Card or Switch card s and appears as a four-digit code on the front of American Express cards. CSC provides NCP merchants with some assurance that the card number provided is a genuine one.

AVS/CSC details are captured electronically by the merchant´s point-of-sale (POS) system and compared with the details help by the card issuer.

LONDON: THE NATION'S NO.1 CREDIT CARD FRAUD HOTSPOT

London is the capital of credit card fraud - and that's official!
> The latest figures from Early Warning for Cardholder Not Present (CNP) fraud show that Greater London had the largest number of fraudulent transactions in the past year. It is followed by Manchester and Kilmarnock.


In each of these areas there were significantly higher numbers of fraudulent credit card purchases than anywhere else in the UK.


Early Warning (www.early-warning.org), the organisation that helps retailers, the Police and banks monitor and counter on-line credit card fraud, has produced a map that identifies the postcode areas from which the fraudsters operate. It is done by tracking the delivery addresses for fraudulently obtained goods - typically accommodation addresses and 'dead letter boxes'. This is the only reliable method of mapping credit card fraud.


While Greater London as a whole beats the rest of the UK for credit card fraud, the problem is particularly serious in certain postcode areas within London Thamesmead for example. In certain parts of Thamesmead there are instances where whole streets are involved in this crime. According to Early Warning, the areas with the biggest fraud problems are the Central London postcodes, together with Romford and Ilford in Essex, and Twickenham in Middlesex.


Outside London, cities and towns where CNP fraud is on the increase and which look set to make it into the top 10 hotspots next year include Bournemouth, Northampton, Portsmouth and Stockport. These are currently "Amber" areas on the Early Warning map that are rapidly "turning red".


With the growth of internet shopping and trading, the opportunities for CNP fraud are growing constantly. Nationwide, CNP fraud last year cost £183.2 million (APACS).


Early Warning is regularly consulted by retailers, the Police and banks. Using Early Warning's CardAware fraud detection systems, retailers and other on-line traders can instantly check credit card orders against a database of known frauds.


Andrew Goodwill, Managing Director of Early Warning, says: "We weren't surprised when we realised that London had come out on top of the fraudsters' league table, with several postcode areas showing a 'very high' incidence of fraudulent CNP purchases'.


"But what is surprising is the fact that some postcode areas both inside and outside the Capital that last year recorded only negligible numbers of frauds are now reporting 'low' or 'medium' numbers.


"No single area of the UK is untouched by this problem."


So much so Early Warning has developed a on-line postcode risk assessment tool, which is freely available on their online merchants page, for all companies to use which gives an indication as to the postcodes CNP fraud status. According to Early Warning's figures, CNP fraud has shot up by 38% in the past 12 months alone, and is set to grow "at an exponential rate" in the years ahead, Goodwill adds. "This is largely because the advent of 'chip and pin' makes it far more difficult for criminals to get away with using stolen credit cards in the shops, so they are turning to other methods, principally the internet. On-line fraud is so easy - the fraudster can operate from anywhere he likes, even abroad."

Sources:

-  www.early-warning.org  I
-  www.early-warning.org II
-  www.early-warning.org III

 More