With the rapid expansion of e-commerce new fraud practices have emerged, posing a great threat not only for customers and merchants but for the complete payment value chain (i.e. acquirers, processors, issuing banks, payment service provider (PSP), etc.). The internet has become the best channel to do business but also the best weapon to commit fraud. Therefore, card associations such as Visa, Master Card and American Express have developed different fraud prevention tools in order to make Cardholder Not Present (CNP) payment transactions safer. Visa in particular has been a pioneer in developing measures to combat fraud.
Fraud Risk Indicators
Some fraud risk indicators for CNP transactions can include: International shipping, express shipping, vulnerable identification mechanisms, multiple online transactions done with different cards (usually more than 2) and from the same IP address, etc.
Fraud Prevention Tools
There are four key fraud prevention tools in CNP transactions:
- Address Varification Service (AVS): It is the comparison of the address provided when submitting the purchase order against the billing address contained in the issuing bank’s data. Its purpose is to corroborate that the addresses coincide.
Card Security Code (CSC): Depending on the card company is where the code is to be found. For MasterCard and Visa cards it is a three digit code placed at the back of the card. For American Express cards it is a four digit code located on the front of the card.
- 3-D Secure: It is a security scheme that consists in providing a password before completing an online transaction. Its aim is to verify the card user’s identity to legitimate the purchase. The service is offered by the card brands under different names, e.g. Verified by Visa, MasterCard SecureCode and American Express SafeKey.
- Fraud Detection Software: Third parties offer many options of fraud screening technologies that enable merchants to assess orders and detect fraud in real time. However, these technologies can also be developed internally.
In addition to these fraud prevention tools, in the United Kingdom there is the Industry Hot Card File (IHCF) which is an electronic file where cards that have been reported lost or stolen are registered. Participating retailers in the IHCF program get a warning when a card that is compatible with the details contained in the file is being used to do a purchase.
Clearly, fraud prevention tools are not infallible. Therefore, it is highly recommendable that merchants implement a combination of measures to counteract fraudulent activities.
Companies have a very high price to pay if they are subject to a fraud attack, firstly the financial loss they face and secondly, the major hit to the company’s reputation. The latter can have further consequences as triggering sales reduction and consequently additional loss of money.
Merchants’ Obligations Against Fraud
Merchants have two main responsibilities for which they can be held liable:
- Safeguarding transactions are not deceitful.
- The loss caused by a fraudulent transaction.