How to Protect Your Business from Card-Not-Present Fraud

How to Protect Your Business from Card-not-Present Fraud

How to Protect Your Business from Card-Not-Present Fraud

As EMV chip cards become more and more prominent throughout the US, fraudsters are turning their attention to more vulnerable targets: online businesses. This is a widespread issue, and one that can cut deeply into your bottom line. A new study released by projected that merchants will lose $130B to card-not-present (CNP) fraud by 2023.

Maybe your business has received a chargeback before. Perhaps you’ve even had to request a chargeback as a customer yourself. With fraud, no one wins. Your customer has to deal with the initial shock of seeing something they didn’t purchase show up on their account, then the inconvenience of disputing the charge. As the business owner, you’re stuck footing the bill. But what can you do?

Creating an effective fraud detection and prevention plan is the first step. Balance is important here. You want to scare off fraudsters, but not the rest of your client base. Not sure where to get started? Here are our top tips to protect your business from card-not-present fraud:


Utilize technology to protect your business

Buying stolen credit card numbers is easier than ever. We wish we were kidding, but unfortunately, even just typing “buy credit card numbers” in the search bar provides multiple options for unsavory characters. But if thieves can use technology to purchase stolen information, why can’t you utilize technology to protect your business?

Various tools exist to help you catch fraud before the sale. One thing your business can implement is CAPTCHA or a similar solution designed to distinguish between robot and human users. Fraudsters will often use automated programs to mass enter card information until they find a number that works.

You can also restrict the number of declined transactions on a purchase. This means that thieves testing out multiple cards will be unable to make a purchase after so many attempts. There’s little risk of this flagging an honest customer. It’s unlikely that someone will mis-key their own card number five times.

Lastly, Address Verification Service (AVS) can be used to verify that the billing address provided by the cardholder matches what is on file with the issuing bank. We don’t recommend using AVS as your only method of fraud prevention, as it can result in legitimate orders being declined. Think of AVS as just another hurdle that thieves will need to overcome before they’re able to defraud your business.

Click image to enlarge

Do your own research & trust your instincts

Technology and automated systems are instrumental in protecting your business from CNP fraud but relying completely on those methods will still leave you at risk and might mean losing out on honest purchases. For example, maybe a sincere customer just moved and hasn’t updated their billing address with their credit card company. Do you want to miss out on that sale?

Reviewing questionable transactions with your own eyes can help you differentiate between an understandable mismatch and obvious fraud. So, how do you know when you need to do a little more digging?

Here are some situations that should arouse suspicion. If you run into any of these, it’s a good idea to review the purchase before approval:

-Billing and shipping addresses differ, and expedited shipping is requested
-Orders that contain multiple items that wouldn’t typically be purchased together (who buys 30 iPhone cases at a time?)
-Multiple purchases made on the same day
-Multiple purchases made with different cards, but coming from the same IP address
-A request for overnight shipping
-International orders from countries you typically don’t have customers in

If you’re curious about an IP address, you can even do some research on your own. An online IP lookup tool can quickly tell you where your customer is actually located. Here’s an example. A high-ticket item is purchased by Jane Doe with a billing address in Atlanta, GA. Since it’s an expensive item, you decide to review the order and look up Jane’s IP address:

If you typed that into the IP lookup tool, you’d discover that the purchase was made from Berlin, Germany. Now, maybe Jane is traveling or has recently moved abroad, but before you proceed with the sale, you know that you should investigate further.


Don’t overlook the mainstays

Many thieves turn to online credit card fraud for one reason: it’s easy. Even a simple deterrent will often send fraudsters running off in search of easier prey. One of the simplest ways to discourage online credit card fraud is to add a CVV filter to your site.

CVV stands for card verification value. You might also hear it referred to as the “CCV2” or a “security code.” Those three-digit numbers on the back of a credit card are more important than most would think. The vast majority of fraudsters don’t have the physical card—they’ve either purchased a list of card numbers or stolen the hacked information themselves. Either way, without actually being in possession of the card, they most likely don’t have the CVV code.

Requiring a CVV match at checkout won’t protect you from fraud 100%, but it’s a powerful tool in your arsenal and shouldn’t be ignored.


Final thoughts

Preventing CNP fraud might seem like a lot of work, but according to Roxanne Mihm, vice president of Florida Community Bank, it’s worth it. “It is very hard to stay out in front of the fraudsters,” Mihm says. “And some consumers view that extra layer of protection as an inconvenience. I’m just starting to see online merchants requesting and employing technologies to mitigate CNP fraud. They’re starting to ask, ‘What can I do to protect myself?’”

CNP fraud is on the rise, and it’s up to you to protect yourself and your business. There’s no such thing as too much security when it comes to accepting cards. For more tips, read about the Top 5 Security Risks in Credit Card Payments and 10 Ways to Stay Secure When Accepting Credit Cards Online.

BASYS Processing as a business partner 

Does your current processor understand the unique struggles of your industry? Do they provide great rates and personal customer service? Are they offering solutions to grow your business and being proactive about helping you reduce risk and increase your savings? 

Contact BASYS today to learn more about innovative payment solutions that will save you time and money. We make accepting debit cards and credit cards convenient, safe and affordable. 

BASYS Processing features: 

• A friendly, live voice will answer the phone when you call; no automated phone systems 
• In-house PCI Compliance team to walk you through the process step-by-step, improving security and reducing costs
• Accept payments in person, over the phone or online
• Next-day funding options 

About BASYS Processing 

BASYS Processing provides credit card and debit card processing services, plus solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banks, associations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personal Payment Processing. 

Learn more at, and connect with us online at: