Extra protection when there’s no card
Card-not-present (CNP) merchants must take extra precaution against fraud
exposure and associated losses. Anonymous scam artists bet on the fact that
many Visa fraud prevention features do not apply in this environment.
Follow these recommendations to help prevent fraud in your card-not-present
Obtain an authorization.
Verify the card’s legitimacy:
Ask the customer for the card expiration
date, and include it in your authorization request. An invalid or
missing expiration date might indicate that the customer does not have
the actual card in hand.
Use fraud prevention tools such as Address
Verification Service (AVS) and Card Verification Value 2 (CVV2).
Look for general warning signs of fraud
If you receive an authorization, but still
Ask for additional information during the
transaction (e.g., request the financial institution name on the front
of the card).
Contact the cardholder with any questions.
Confirm the order separately by sending a
note via the customer's billing address rather than the “ship to”
To report suspicious activity, contact
your merchant financial institution.
12 potential signs of CNP fraud
Keep your eyes open for the following fraud indicators. When more than one
is true during a card-not-present transaction, fraud might be involved.
Follow up, just in case.
First-time shopper: Criminals are
always looking for new victims.
Larger-than-normal orders: Because
stolen cards or account numbers have a limited life span, crooks need to
maximize the size of their purchase.
Orders that include several of the same
item: Having multiples of the same item increases a criminal's
Orders made up of “big-ticket” items:
These items have maximum resale value and therefore maximum profit
“Rush” or “overnight” shipping:
Crooks want these fraudulently obtained items as soon as possible for
the quickest possible resale, and aren’t concerned about extra delivery
Shipping to an international address:
A significant number of fraudulent transactions are shipped to
fraudulent cardholders outside of the U.S. Visa AVS can't validate non-U.S.,
except in Canada and the United Kingdom.
Transactions with similar account
numbers: Particularly useful if the account numbers used have been
generated using software available on the Internet (e.g., CreditMaster).
Shipping to a single address, but
transactions placed on multiple cards: Could involve an account
number generated using special software, or even a batch of stolen
Multiple transactions on one card over
a very short period of time: Could be an attempt to "run a card"
until the account is closed.
Multiple transactions on one card or a
similar card with a single billing address, but multiple shipping
addresses: Could represent organized activity, rather than one
individual at work.
In online transactions, multiple cards
used from a single IP (Internet Protocol) address: More than one or
two cards could definitely indicate a fraud scheme.
Orders from Internet addresses that
make use of free e-mail services: These e-mail services involve no
billing relationships, and often neither an audit trail nor verification
that a legitimate cardholder has opened the account.