A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected, such as for mail-order transactions by mail or fax, or over the telephone or Internet.
Card not present transactions are a major route for credit card fraud, because it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.
If a fraudulent CNP transaction is reported, the acquiring bank hosting the merchant account that received the money from the fraudulent transaction must make restitution; whereas with a swiped (card present) transaction, the issuer of the card is liable for restitution. Because of the greater risk, some card issuers charge a greater transaction fee to merchants who routinely handle card not present transactions.
The card security code system has been set up to reduce the incidence of credit card fraud arising from CNP.
Maps, Directions, and Place Reviews
Mail-order fraud
If a card is not physically present when a customer makes a purchase, the merchant must rely on the cardholder, or someone purporting to be so, presenting card information indirectly, whether by mail, telephone or over the Internet.
Shipping companies may guarantee delivery of goods to a location, but they are normally not required to check identification and they are usually not involved in processing payments for the merchandise. A common preventive measure for merchants is to allow shipment only to an address approved by the cardholder, and merchant banking systems offer simple methods of verifying this information. Before this and similar countermeasures were introduced, mail order carding was rampant as early as 1992. A carder would obtain the credit card information for a local resident and then intercept delivery of the illegitimately purchased merchandise at the shipping address, often by staking out the porch of the residence.
Small transactions generally undergo less scrutiny, and are less likely to be investigated by either the card issuer or the merchant. CNP merchants must take extra precaution against fraud exposure and associated losses, and they pay higher rates for the privilege of accepting cards. Fraudsters bet on the fact that many fraud prevention features are not used for small transactions.
Merchant associations have developed some prevention measures, such as single use card numbers, but these have not met with much success. Customers expect to be able to use their credit card without any hassles, and have little incentive to pursue additional security due to laws limiting customer liability in the event of fraud. Merchants can implement these prevention measures but risk losing business if the customer chooses not to use the measures.
How To Get A Credit Card Without A Bank Account Video
Fraud
The United States Federal Trade Commission uncovered an operation running from 2006 to 2010 that netted more than $10 million in fraudulent charges on credit and debit cards. The perpetrators used more than 100 merchant accounts that they had created to do the billing.
Each merchant account was attached to an Employer Identification Number belonging to a real merchant with a similar-sounding name.
Each merchant account was tied to an 800-number from CallMe800. Each account was also tied to a web site they had created. They also rented physical addresses from companies which rent virtual offices, such as formerly Regus, for each merchant account. These virtual office companies, which did not know of and were otherwise not involved in the scam, would then forward any mail received at the virtual office to Earth Class Mail, a digital mailroom service that scanned mail from the physical address of the merchant account and forwarded it as a PDF to email accounts that the scammers had established. The scammers also ensured that when they checked their online merchant accounts, that they used an IP address located near the billing address so as not to arouse suspicion.
A charge of $9 was processed on about one million credit cards over the four-year period. Each card was billed a single time. Credit card companies only investigate if the charge is more than $10, because it costs about that much to run an investigation. Then the money was moved to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus, and Kyrgyzstan where the money could not be traced or recovered. The perpetrators experimented with a 20-cent charge and that generated more suspicion than the $9 charge. Only about 10 percent of the fraudulent charges were ever reported or contested by the card owner that was billed.
Preventing fraud
With online spending on the rise, an increase in online transaction fraud is expected. Efforts have been made worldwide to combat online transaction fraud occurring with the use of card-not-present transactions. In 2001, Visa created an authentication standard for card-not-present eCommerce payments called 3 Domain Secure, commonly referred to as 3D Secure. 3D Secure provides for three-layer protection for added security for consumers.
The 3D Secure 2.0 system is not without criticism, as detractors of the method point to its deficiencies which include slowed down transactions and introducing complex legal concerns into the mix. Another concern is that 3D Secure authentication negatively impacts transaction conversion rates. The extra layers of authentication create more work for consumers, and as a result, some consumers may be turned off by the additional effort required to complete their transaction and may choose to abandon the transaction.
Some detractors of the system suggest an approach very similar to the chip technology recently enacted to combat the fraudulent technique of "carding." To commit credit card fraud by carding, criminals replicate stolen customer data onto blank cards to use for fraudulent purchases. This approach to reduce the prevalence of card-not-present transaction fraud would incorporate the same chip technology used to reduce carding by standardizing smart card payments on devices such as computers, tablets, and smartphones. This approach using hardware is viewed by some as a more secure method of reducing card-not-present transaction fraud.
An alternative method has recently been introduced through dynamic, or continually changing, CVV numbers. The CVV number effectively becomes similar to a 2 factor authentication in providing additional confirmation that the individual making the purchase really does have the card they appear to have. This makes the data stolen in the huge data breaches of the last few years less valuable since the CVV numbers stolen cease to be static: whatever CVV number is in the database is no longer relevant since the number changes dynamically. This addresses the challenge many retailers face in that CVV numbers have become far less useful due to the large scale data breaches which exposed many of them. In a presentation on a case study with online digital goods marketplace Fiverr, fraud prevention company Forter noted that the stolen data sold in online criminal marketplaces comes with CVV by default. For this reason, Fiverr found that removing the requirement for CVV on their site did not increase fraud. Dynamic CVVs would mean that CVV numbers could become useful once more in blocking fraudulent attempts.
Source of the article : Wikipedia
EmoticonEmoticon