How to Protect Your Business from Card-Not-Present Fraud

How to Protect Your Business from Card-not-Present Fraud

How to Protect Your Business from Card-Not-Present Fraud

As EMV chip cards become more and more prominent throughout the US, fraudsters are turning their attention to more vulnerable targets: online businesses. This is a widespread issue, and one that can cut deeply into your bottom line. A new study released by projected that merchants will lose $130B to card-not-present (CNP) fraud by 2023.

Maybe your business has received a chargeback before. Perhaps you’ve even had to request a chargeback as a customer yourself. With fraud, no one wins. Your customer has to deal with the initial shock of seeing something they didn’t purchase show up on their account, then the inconvenience of disputing the charge. As the business owner, you’re stuck footing the bill. But what can you do?

Creating an effective fraud detection and prevention plan is the first step. Balance is important here. You want to scare off fraudsters, but not the rest of your client base. Not sure where to get started? Here are our top tips to protect your business from card-not-present fraud:


Utilize technology to protect your business

Buying stolen credit card numbers is easier than ever. We wish we were kidding, but unfortunately, even just typing “buy credit card numbers” in the search bar provides multiple options for unsavory characters. But if thieves can use technology to purchase stolen information, why can’t you utilize technology to protect your business?

Various tools exist to help you catch fraud before the sale. One thing your business can implement is CAPTCHA or a similar solution designed to distinguish between robot and human users. Fraudsters will often use automated programs to mass enter card information until they find a number that works.

You can also restrict the number of declined transactions on a purchase. This means that thieves testing out multiple cards will be unable to make a purchase after so many attempts. There’s little risk of this flagging an honest customer. It’s unlikely that someone will mis-key their own card number five times.

Lastly, Address Verification Service (AVS) can be used to verify that the billing address provided by the cardholder matches what is on file with the issuing bank. We don’t recommend using AVS as your only method of fraud prevention, as it can result in legitimate orders being declined. Think of AVS as just another hurdle that thieves will need to overcome before they’re able to defraud your business.


Do your own research & trust your instincts

Technology and automated systems are instrumental in protecting your business from CNP fraud but relying completely on those methods will still leave you at risk and might mean losing out on honest purchases. For example, maybe a sincere customer just moved and hasn’t updated their billing address with their credit card company. Do you want to miss out on that sale?

Reviewing questionable transactions with your own eyes can help you differentiate between an understandable mismatch and obvious fraud. So, how do you know when you need to do a little more digging?

Here are some situations that should arouse suspicion. If you run into any of these, it’s a good idea to review the purchase before approval:

-Billing and shipping addresses differ, and expedited shipping is requested
-Orders that contain multiple items that wouldn’t typically be purchased together (who buys 30 iPhone cases at a time?)
-Multiple purchases made on the same day
-Multiple purchases made with different cards, but coming from the same IP address
-A request for overnight shipping
-International orders from countries you typically don’t have customers in

If you’re curious about an IP address, you can even do some research on your own. An online IP lookup tool can quickly tell you where your customer is actually located. Here’s an example. A high-ticket item is purchased by Jane Doe with a billing address in Atlanta, GA. Since it’s an expensive item, you decide to review the order and look up Jane’s IP address:

If you typed that into the IP lookup tool, you’d discover that the purchase was made from Berlin, Germany. Now, maybe Jane is traveling or has recently moved abroad, but before you proceed with the sale, you know that you should investigate further.


Don’t overlook the mainstays

Many thieves turn to online credit card fraud for one reason: it’s easy. Even a simple deterrent will often send fraudsters running off in search of easier prey. One of the simplest ways to discourage online credit card fraud is to add a CVV filter to your site.

CVV stands for card verification value. You might also hear it referred to as the “CCV2” or a “security code.” Those three-digit numbers on the back of a credit card are more important than most would think. The vast majority of fraudsters don’t have the physical card—they’ve either purchased a list of card numbers or stolen the hacked information themselves. Either way, without actually being in possession of the card, they most likely don’t have the CVV code.

Requiring a CVV match at checkout won’t protect you from fraud 100%, but it’s a powerful tool in your arsenal and shouldn’t be ignored.


Final thoughts

Preventing CNP fraud might seem like a lot of work, but according to Roxanne Mihm, vice president of Florida Community Bank, it’s worth it. “It is very hard to stay out in front of the fraudsters,” Mihm says. “And some consumers view that extra layer of protection as an inconvenience. I’m just starting to see online merchants requesting and employing technologies to mitigate CNP fraud. They’re starting to ask, ‘What can I do to protect myself?’”

CNP fraud is on the rise, and it’s up to you to protect yourself and your business. There’s no such thing as too much security when it comes to accepting cards. For more tips, read about the Top 5 Security Risks in Credit Card Payments and 10 Ways to Stay Secure When Accepting Credit Cards Online.

BASYS Processing as a business partner

If your current credit card processing provider isn’t meeting your goals in terms of low fees and exceptional service, please call BASYS Processing at (800) 386-0711.  Let’s talk about creating a true business partnership that will help you meet and exceed your goals for accepting credit cards and other payments.  We make accepting debit cards and credit cards convenient, safe & affordable.

BASYS Processing features:

–  Live operator when you call support – no automated voice systems
–  Dedicated Relationship Manager for questions and concerns
–  Quick response time for your questions and concerns; you are a priority
–  Family owned since our founding in 2002
–  A+ BBB rating
–  90% + Customer Retention Rate
–  Proactive contact with every merchant to walk through the annual PCI process
–  In-house PCI Team to assist with questions and concerns
–  Solutions including terminals, virtual terminals, e-commerce, mobile, and point of sale
–  EMV compliant products
–  Reporting for customer, sales, and inventory management
–  Gift and loyalty card programs
–  Easy-to-read statements
–  Transparent pricing
–  Tremendous savings


About BASYS Processing

BASYS Processing provides credit card and debit card processing services, and solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banksassociations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personalized Payment Processing.

Learn more at, and connect with us online at: