Home > Online Business Security > Prevent Cardholder Not Present Fraud in your Online Business

Prevent Cardholder Not Present Fraud in your Online Business

By: Dave Howell - Updated: 4 Oct 2010 | comments*Discuss
Data Protection Idenity Theft Security

The data protection your online business must provide for every visitor begins with the website your online business is built upon. Your web design agency will build into your website’s shopping trolley and checkout systems security features that protect the consumer from any attacks by hackers looking for personal details and credit card accounts.

Secure Internet Browsers

The foundation of security and data protection for your online business is SSL or Secure Socket Layer. If you visit any online business you will notice that the browser window usually displays a closed padlock or similar icon. This indicates that the website is secure for safe commercial transactions and has a high level of security and data protection.

The SSL security feature works by encrypting the flow of data from your customers browser and your website hosted by your ISP. This is achieved by using a recognised digital certificate that you can buy from a number of suppliers such as Thawte. Your customers will always know they have entered a secure part of your online business as the ‘http’ of your site’s URL will change to ‘https’ to denote that security is now active.

Credit Card Fraud

The most common form of fraud online is CNP or Cardholder Not Present. Paying for goods bought from your website will mean you cannot verify the identity of the person who has placed an order as you could if you operated a high street store using the chip and PIN system.

Data protection laws compel you to have secure systems to prevent identity theft, but when it comes to CNP fraud, it is your responsibility to ensure the identity of the cardholder is genuine. Luckily, the main credit card issuers have now developed system to help you identify a card holder using your website. MasterCard Secure Code and Verified by Visa should both be active on your website. Without these systems the card holder can’t be confirmed, which could mean your bank holds you responsible for any fraudulent payments that later come to light.

Fraud Prevention Checklist

Data protection and CNP transaction are a core component of your online business. You are, though, not powerless in the face of CNP fraud. As we have already seen, the main credit card providers now have systems you can use to minimise your exposure to CNP fraud. There are also a number of steps you can take to help ensure your website’s security is as robust as it can be:

  • Always ask for the exact name of the cardholder as it appears on the card. This should include any middle initials and any additional information if the card is associated with a business.
  • The full billing address of the cardholder should also be asked for. Again, this should be exactly as it appears on the card issuer’s records.
  • The card issuer and the usual information including: start date (if there is one), expiry date, and issue number for debit cards should also be requested.
  • The phone number of the cardholder. Ask for a landline and not a mobile phone number.
  • Use AVS (Address Verification Service) and CSC (Card Security Code) for additional security protection against CNP. Ask your card issuer and your bank about how you can use these services.

How to Spot a CNP Fraud

Criminals have become adept at perpetrating CNP fraud. With the rise of the Internet this kind of fraud has rapidly increased. As an online retailer you can develop skills that will enable you to spot when a CNP fraud is taking place. Look out for:
  • New customers that place orders for large amounts of goods. They could be using a stolen credit card or a cloned card they have created as the result of an identity theft.
  • High value goods - LCD TV’s have become a favourite with CNP fraudsters - that can be easily resold and are in high demand are a particular target if your store sells these.
  • Is the address given been used by another customer? This could indicate an identity theft. Also, if the customer is reluctant to give a landline phone number, the transaction could be suspicious.

Remember that if you do suspect a CNP fraud you have to decide whether to continue with the transaction. The onus is always with you as the business owner to prove that a fraud has taken place. If at a later date you discover that a fraud has taken place with an order you let proceed, you may have to repay the money that was taken from the card - this is the chargeback system.

You might also like...
Share Your Story, Join the Discussion or Seek Advice..
Why not be the first to leave a comment for discussion, ask for advice or share your story...

If you'd like to ask a question one of our experts (workload permitting) or a helpful reader hopefully can help you... We also love comments and interesting stories

(never shown)
(never shown)
(never shown)
(never shown)
Enter word: