CNP fraud prevention: Tips to protect your business against chargebacks

July 27, 2021
Savannah CoplandMarketing Lead

The continuing rise of online shopping brings a whole new level of convenience to people’s lives, but it has a down side. Credit card fraud is a multi-billion dollar problem, and can be incredibly hard for online businesses to detect in real time.

Credit card fraud nearly doubled from 2018 - 2019 in the U.S., when there were nearly 750 reports of fraud per day. CNP fraud makes up a large proportion of those scams, meaning CNP fraud prevention is one of the leading actions you can take to keep yourself and your customers safe.

Payment fraud prevention comes in many different forms, allowing you to enjoy the benefits of online retail while minimizing the risks.

FingerprintJS can help to implement protection against CNP fraud, including the tips to come.

What is Card Not Present (CNP)?

CNP, or card not present, is a type of credit card fraud that literally means the card is not physically presented to the merchant at the time of its use. It generally occurs when scammers obtain credit card details illegally and use them to make purchases online or over the phone, and is precisely why credit card holders keep their card information to themselves.

It’s estimated that CNP fraud could be worth nearly US$35 billion globally in 2022.

CNP fraud is particularly hard to detect online when there are no extra measures in place to verify a purchase is legitimate. In saying that, there are a range of ecommerce fraud prevention techniques that can be implemented to identify and prevent CNP fraud from occurring.

How do fraudsters obtain credit card information with CNP fraud?

One of the first problems credit card holders have as victims of CNP fraud is realizing it’s happened in the first place. A victim will still have the CNP credit card with them, but its details will have been obtained. This often happens through skimming, hacking and phishing:

  • Skimming is when the card details have been obtained off the physical card itself, often when it’s been used legitimately. ATMs are a common place where this happens.
  • Hacking is when computer systems are illegally accessed and the stored details of credit cards are stolen. Those details can then be used by the hackers for CNP fraud, or they can be sold to other criminals.
  • Phishing happens when scammers present as legitimate companies or authority figures and convince credit card holders to give out their card details. It commonly occurs through email or phone scams.

Tips to prevent CNP fraud and prevent your business against chargebacks

As a business, CNP fraud prevention both protects your customers and yourself. By preventing CNP transactions in the first place, you can save yourself the embarrassment of having to tell your customers they need to cancel and renew their credit cards. You also don’t have to go through the process of issuing a chargeback.

These are the most effective techniques you can use to prevent CNP fraud:

1. Collect all your customer information

The more you know about your customers, the more information you can use to see if a purchase is legitimate. As well as being an effective security measure against CNP transactions, this information is also useful in your businesses marketing and sales.

Knowing your customers’ email, billing, and IP addresses, phone number, and information about the device they usually use to buy from you, is a good place to start. When you have that information, you can quickly see if their credit card is being used to perform a transaction from a different device, or if it’s shipping items to a different address.

For example, if a transaction uses a credit card number that’s familiar to you, but is coming from an IP address based in another part of the world to where you’ve seen it before, then that can be a red flag

2. Leverage data enrichment

If collecting customer information is the ‘what’, then data enrichment is the ‘how’. Collecting personal information can be intrusive, but data enrichment is how you use the basic information you have to build out your knowledge of your customers.

For example, you can use a phone number to identify someone’s home city or location, or use an email address to identify social media profiles.

There are some privacy guidelines you have to follow, but it’s well within the law to ascertain the type of information you need to identify and prevent potential card not present transactions.

3. Follow the best data protection practices

Well before CNP payments are processed, it all starts with scammers obtaining credit card information. As mentioned above, that can come through hacking.

As a business that regularly processes credit card payments, you could be a target for hackers looking to steal the details of those credit cards, among other things.

It’s important to use the latest data encryption and online security in order to protect both you and your customers. No business wants to be the victim of theft, and the private information you have about your customers is highly valuable to criminals.

By utilising basic tools such as SSL, particularly on payments pages, you can stop credit card information from falling into the wrong hands.

4. Be aware of unusual transaction behavior

Online shoppers generally follow similar processes as they work their way through their purchases. However, the online behavior of CNP fraudsters can be highly irregular, which makes them easier to spot if you know what to look for.

Unusual behavior can include:

  • A large number of login attempts on one account
  • Multiple settings or information changes on a user account in one session
  • Having multiple customers from the same IP address or device in a short space of time
  • A large number of requests to reset an account password
  • Making extremely large purchases
  • Receiving an unusually large number of requests for chargebacks

For example, if you have 35 account users all shopping on your website at the same time and they all are coming from the same IP address, then there’s a high chance there’s something fishy going on.

5. Watch out for smaller transactions too

While extremely large transactions can be a red flag for CNP fraud, very small purchases can also be a sign of something irregular.

Scammers will often start out using a stolen credit card on a small, seemingly innocuous purchase. Once the card not present transaction process has successfully been completed and they know the credit card works, they can go on to make much larger transactions.

Spotting CNP fraud from a small transaction alone can be incredibly difficult, but if you receive a much larger purchase from that same credit card soon after, that’s a sign of a potential CNP fraud.

6. Ask for extra authentication

When you know a few things about your customers, you can use that information to check that it’s really them who are buying things from you by asking them where they live, or what their phone number is.

You can also use sophisticated analytical tools to streamline the authentication process and identify when it is and isn’t necessary.

For example, if a customer is using their account from an IP address they’ve used before, they’re buying something they’ve previously bought, and they’re shipping their purchases to a physical address they’ve used before, then there probably isn’t a need to authenticate the purchase. This is a much smoother customer experience too.

However, if a customer is accessing their account from another country, has changed their billing address immediately before purchasing a high-value item, or has behaved in other ways that could suggest a CNP transaction, then it can be worth checking if it's really them.

7. Build risk scoreboards

A risk scorecard is what allows you to build a model of common behavior that can suggest either a potential CNP transaction or a low-risk customer. You can create these scorecards manually based on common behavior you see from scammers, or you can use an automated solution.

Creating these scorecards manually can be challenging without a high degree of expertise, but it is possible.

Once you have your scorecard, you’re able to group users together based on their risk profile and provide appropriate CNP fraud prevention for different groups. This is one of a handful of benefits to having reliable risk scorecards.

Conclusion

CNP fraud prevention is fast becoming a standard security measure for any business with an ecommerce function.

Businesses too are victims of fraud, and a customer whose credit card is used in a CNP scam can come to associate the businesses through which the scam occurs with that bad experience. Not only that, but for retail businesses the items that are purchased by CNP scammers are often never recovered.

Preventing these fraudulent purchases before they’re carried out is now much easier than ever, and it saves a whole lot of problems later on. As cybersecurity gains even more awareness, businesses who can differentiate themselves based on their ability to reduce scams and protect their customers’ information are increasingly likely to be seen in a positive light.


If you want help implementing CNP fraud prevention measures, talk to FingerprintJS to learn more.