Digital transformation has changed the way most businesses conduct their standard operating protocols. From schooling, through eCommerce to banking, everyone had to learn how to adapt to the new way of living and working.
Ecommerce has reaped various benefits from a digital transformation such as reaching more customers across the world while before they might have been limited to local customers only. Digital transformation of e-commerce has also introduced a rise in the number of CNP transactions which makes the entire process of payment easier for the customers. While the CNP transactions brought various benefits to the customer, the trouble with CNP is that it also makes things easier for the cybercriminals.
What is a CNP transaction?
CNP or card-not-present transaction is exactly what it sounds like: a transaction where the card was used for the payment without being physically present at the point of sale. The merchant remotely receives card payment information like cardholder’s name, card number, and security code in order to process a payment. This is a main payment process in the ecommerce businesses as neither the customer or merchant are physically present during the purchase but the payment still needs to be processed. By introducing CNP transactions, the purchase process became easier and more convenient for the customer and it helped merchants reduce the risk of abandoned cart due to user friction. According to the research 87% of polled consumers said that they will abandon their carts if the checkout process is too complicated while 55% of them also said they would never return to a retailers’ website. CNP transactions reduce this possibility but bring a new set of problems into the picture.
What are the risks of CNP transactions?
CNP transactions are one of the most common card frauds ecommerce businesses need to deal with as it is extremely hard for the merchant to prove that cardholders are who they claim to be and verify their identity.
In the traditional ecommerce business, customers are present and they can provide you with a PIN number, signature or even an ID during a transaction to confirm they are an actual cardholder. When it comes to CNP transactions that is not possible which is why it is so susceptible to fraud. In order to accomplish CNP fraud, cyber criminals will use credit card information that was stolen through different cyber attacks like phishing, skimming, hacking or through online data breach without cardholders even being aware their data was at risk.
How to reduce the risk of CNP fraud?
Eliminating card fraud is impossible, especially when cyber criminals keep trying to get one step ahead of you, but by implementing the following strategies you will be able to reduce it significantly.
1. Gather Customer Information
Gathering customer information is the first step because it can help you to verify the identity of the customer and confirm if the transaction is valid.
In order to fight against fraud attempts you need to collect their:
- Email address
- Credit card info including CVV code
- Billing address
- Information about the device used to log in
- IP address
- Phone number
You need to be careful not to ask for too much data and complicate the process as, according to some researches, 18% of people will abandon their shopping cart because of a long and complicated checkout process.
2. Implement data enrichment into your cybersecurity plan
Information is essential. By having as much information as you can about your customers, you can make more informed decisions. But, you can’t ask your customers for too many details as that would take a long time and result in unhappy customers. This is where data enrichment can help because it allows you to enrich the raw data you have with additional data from internal and external sources. Not only will it help you gather more information about your customers, but also to notice any discrepancies that might indicate fraudulent actions.
3. Stay vigilant
In order to prevent fraud, you need to be vigilant at all times and keep an eye on any red flags that might arise.
Be aware of:
- Large number of requested chargebacks
- Multiple login attempts or passwords reset request
- Multiple changes occurring to an account during a single session
- Multiple users having the same IP address or device fingerprint
- Unreasonably large purchase
- Very small transactions that might indicate testing of stolen cards
Businesses today face a number of risks and it is the end time for them to start being proactive rather than waiting for something to happen before reacting. Implement these strategies today, and take an active step in protecting your business.