Cybercrime, in all forms, is growing. But the COVID-19 pandemic and ensuing rise in online shopping, has given rise to an increase in card-not-present (CNP) crime. To find out more—and learn how small business owners can better protect their companies, I talked to Rafael Lourenco, executive vice president and partner at ClearSale, a card-not-present fraud prevention operation.
You found that as card-not-present (CNP) transactions grew among online shoppers, so did the risk of CNP fraud. Can you explain what CNP is?
Rafael Lourenco: A card-not-present (CNP) transaction is when a customer makes a purchase online or by phone and does not physically present their credit card to the merchant. This payment method, while convenient, is also vulnerable to fraud.
Who is most impacted by CNP fraud? Small businesses? Big retailers? Consumers?
Lourenco: While CNP fraud causes headaches for cardholders, it’s an even bigger headache for retailers, big and small, as they are often liable for the losses associated with CNP fraud. This includes loss of product, shipping expenses, fees and penalties, and even damage to their brand reputation. In its 2020 report the True Cost of Fraud, LexisNexis estimated that every $1 in CNP fraud costs merchants $3.36.
Lourenco: How is CNP fraud usually perpetuated?
Cybercriminals typically steal consumer credit card information through methods like skimming, phishing, or purchasing data on the dark web, to then make fraudulent transactions.
You said steps online retailers can take to reduce card-not-present fraud for their ecommerce stores include using authentication/fraud prevention systems. How do they work? Are there other basic fraud prevention tools businesses should adopt?
Lourenco: Most fraud prevention solutions with rule-based fraud scoring programs verify customer information, card numbers and CVVs, any history of fraud associated with that data, and other factors to rate the likelihood of a fraudulent order.
Other best practices include limiting the number of times a customer can attempt to enter a matching card and CVV numbers, using geolocation to reduce mobile fraud, and manually reviewing orders.
How does monitoring your key performance indicators (KPIs) help you limit fraud?
Lourenco: By monitoring fraud KPIs such as order approval rates, chargeback rates, total decline rates etc., merchants can evaluate where their fraud prevention solution is falling short and what it’s doing well.
You say to look for fraud protection that combines artificial and human intelligence, etc. Can you name some systems and where business owners can learn more and find them?
Lourenco: While rules-based fraud-screening programs appear to be cost-effective, they can automatically reject all orders that have fraud flags. This is a problem because you could be rejecting good orders from legitimate customers, driving them away for good.
A fraud protection solution, such as ClearSale, that sends flagged orders for manual review helps reduce false declines and approve more good orders. Manual review also helps artificial intelligence-driven fraud-screening systems get smarter.
On the consumer side, you advise consumers to check that URLs are safe, not to directly click on email links with promotions, not to provide credit card information over the phone unless it’s an encrypted system, etc. But turning those around to the small business angle—How do you ensure your URLs are safe and how do you communicate that to consumers?
Lourenco: Small businesses should install an SSL to ensure the internet connection is secure and that they are safeguarding their customers’ sensitive data. [SSL stands for secure sockets layer and is a method used to secure and encrypt sensitive information like credit cards, usernames, passwords, and other private data sent over the internet, according to SSL.com.]
It prevents hackers from reading or altering information transferred between your e-commerce site and the clients’ browser.
After installing an SSL, merchants must make sure that all pages use a secure URL so that all pages start with HTTPS. URLs that start with http:// indicate to consumers that they are not secure, whereas websites that begin with https:// are secure.
In order for a web page to be considered secure, the images and videos on the page must also use secure URLs. Otherwise, popular browsers like Firefox, Chrome, etc. will not consider the web page secure.
In addition to protecting the privacy of your consumers, SSL improves the user experience, helps your website load faster, and provides SEO benefits.
What kinds of promotions should you send that consumers feel safe clicking on?
Lourenco: To create promotions that customers feel safe clicking on, businesses should consider these tips:
- Keep consistency on the branding elements
- Share customer reviews and testimonials
- Create an email series so people get used to your brand
- Use high quality images and video on your product pages
- Make your URL clear in the email, in case the client prefers to type it directly instead of clicking on a link
- Show icons of credit cards, PayPal, and other payment options as a visual signal that you use safe payment options
Are there enough consumers who order over the phone instead of online that it’s worth investing in an encrypted phone system?
Lourenco:If you are collecting CC data through the phone, you have to be PCI compliant, or partner with a payment solution certified in PCI.
According to Digital Commerce 360, retail sales in physical stores and through catalog/call center merchants increased by 3.8% last year. Businesses might want to consider partnering with a call center service not only to help fuel sales, but also to adhere to data security measures and protocols, and to provide customer support.