In another post, we took at a look at the role of EMV technology in minimizing payment card fraud. EMV chip cards have been remarkably efficient at reducing fraudulent transactions for RETAILERS, but not in situations where payment cards are not present (CNP).
OLD MAGNETIC STRIPES
Before the introduction of EMV technology, payment cards typically had their users’ account information recorded on a magnetic strip, making them very easy to clone. Cards were easy to clone, and even online verification and manual inspection were not reliable means of detecting fraudulent transactions.
NEW CHIP CARDS
The EMV payment standard introduced smart payment cards with microchips built into them to store account data and calculate security algorithms. This made cards almost impossible to clone and significantly reduced fraud levels in card-present transactions at retail. These Card-Present transctions are now very unlikely to be fraudulent.
However, when EMV was intorduced, we saw a corresponding surge in fraudulent card-not-present transactions placed over the phone or online.
SHIFT OF FRAUD TO CNP
According to the USA Payments Forum in 2017, they said that 0.78% of online transactions in the US were fraudulent against a world average of 0.58%. This is a problem for merchants and banks in this country, and costs YOU money as a cardholder.
At Curbstone Corporation we fully support EMV transactions and strongly encourage all our merchants to adopt the technology. The industry (card brands) has also shifted the LIABILITY for fraudulent transactions to retailers who do NOT have EMV deployed. That means that ANY transaction, fraudulent or not, that is "charged-back" or protested for ANY reason, will result in the merchant losing the funds, and the goods or services, as well as paying a chargeback fee.We also talk regularly of other steps merchants can take to minimize fraud and the impact on their businesses.
One of the most important of these is to become PCI compliant to ensure customer information is secure on the merchant’s system so it can’t be used to make further purchases, which would be a loss to that merchant and others.
AVS and CVV SECURITY CODE
The second important tip is to use Address Verification (AVS) and Card Code Verification (CVV) services when accepting online payments. AVS will check the billing address entered is the same as that on file with the credit card issuer while the CVV ensures the person making the purchase has physical possession of the card.Many third-party credit card processing services offer an additional safeguard by checking that the purchaser’s IP address corresponds to the card billing address which, if available, can provide another level of security.
Watching out for suspiciously large orders or for buyers who do not fit the usual pattern and checking by phone can reduce fraud levels. Implementing procedures to manually review a percentage of transactions can also help.3-D Secure (3DS) technology provides another potential layer of security with slightly different implementations available from the major card companies. The technology has plusses and minuses but may be worth considering where high levels of fraud are experienced.
For the future, promising technologies are on the horizon which will reduce the rate of CNP fraud. Included are smartcards with biometric fingerprint sensors which will be capable of capturing and storing their owner’s fingerprint to use in transaction verification. They use the fingerprint reader on their smartphones when completing online transactions. The phone uses Near Field Communication (NFC) technology to match the fingerprint with the one on the card to verify the transaction.Smartcards which can generate a new CVV number for every transaction could replace printed CVV numbers which can also fall into the wrong hands. These sorts of measures, when used together with suggestions made above, could reduce CNP fraud to a large degree.Curbstone Corporation’s secure technology processes about $2.4 Billion per year for merchants on the IBM i (AS/400, iSeries) platform, for phone orders, e-commerce, and retail.