Best Practices for Card-Not-Present Transactions

For millions of business owners, online and remote payments are essential to daily operations. In fact, without the convenience of online and phone payments, many companies wouldn’t be able to stay in business. However, for banks, credit card companies, and merchant account processors, these remote payment transactions aren’t just a major headache; they’re also part of a risky scenario that can lead to fraud and criminal activity. And ultimately, it all has to do with “card-not-present” transactions. Luckily, there are some card-not-present best practices you can keep in mind to help minimize risk.

What is a card-not-present transaction?

For many e-commerce business owners, card-not-present transactions are an absolute necessity, but for payment processors, they can be a nightmare. If you’re wondering: “How do you do a card-not-present transaction?” and you’re not sure why this would impact your business, then you need to understand exactly how these transactions can lead to credit card fraud and what you can do to you can prevent it.

One way you can protect yourself is by enlisting the services of a reputable, affordable merchant account provider. As a leading payment processing provider for high-risk businesses and industries, Zenti provides various essential payment options and billing tools that can help you streamline your business, satisfy your customers, and protect your company from fraudulent credit card transactions.

How do you do a card-not-present transaction?

There are two types of credit card transactions: “card present” and “card-not-present.” “Card present” transactions refer to payments made with a credit card not physically present. In a card-present transaction, the credit card is processed when the customer or merchant swipes or inserts the card in the card reader. In recent years, credit cards have also been implanted with EMV chips, adding another vital security layer to the transaction.

How do you do a card-not-present transaction? As the name implies, the credit card isn’t physically present in a “card-not-present” (CNP) transaction. Rather, the payment is made remotely, usually via the Internet or by phone. The card isn’t swiped in a CNP transaction, nor is the EMV chip inserted. Instead, the merchant takes the credit card number or, in the case of online purchases, typed in by the customer. Also, businesses typically don’t impose a card-not-present transaction limit, so customers can remotely charge as much as the card will allow.

Since remote CNP payments are a valuable part of many businesses, why are they so problematic? The answer lies in one word — fraud. According to Nasdaq, credit card fraud will cost more than 32 billion USD in 2021. Likewise, statistics show that 45 percent of all credit card fraud in the U.S. involves some type of card-not-present transaction. And globally, card-not-present fraud will cost a staggering 130 billion USD by 2023.

But there’s good news. You can protect yourself and access affordable merchant account services while still offering convenient CNP options to your customers. Zenti offers a full line of payment options but charges affordable fees, even for high-risk businesses and industries. With Zenti, you can offer your customers the convenient payment methods they want at a very low cost to your company.

Best practices for CNP transactions

In addition to getting help from a high-risk merchant account specialist, you can also follow these proactive steps to prevent CNP fraud:

Implement a card-not-present transaction limit

One of the ways you can protect yourself is by implementing a card-not-present transaction limit, which limits the number of purchases made without the card physically present. This isn’t a practical strategy for a strictly online business, but for merchants and retailers with a physical storefront, it can be an effective way to mitigate risk.

Get the complete address and contact information 

Surprisingly, studies show 61 percent of business owners will accept transactions even when a customer doesn’t provide a verified billing address. When dealing with a CNP transaction, it’s crucial to ask for all relevant customer information. This establishes the customer’s credibility and helps if there’s a problem with the payment and you have to contact the customer. Relevant information includes an address, daytime/evening phone number, and email address.

Get accurate credit card information

The first thing you’ll need is the customer’s full name as it appears on the credit card during a CNP transaction. Next, you’ll want to ask for the type of card (VISA, MasterCard, etc.), the account number, and the expiration date on the card (make sure it hasn’t yet passed). And don’t forget one more important thing…

Always check the CVV

The card verification value (CVV) number is a three or four-digit number on the back of the credit card. It’s used as a security code and proves to a merchant that the purchaser has the physical card in hand when they’re purchasing over the phone or online. If you’re a cardholder, it also gives you an added layer of protection if your card number is hacked. One good thing about CVV numbers is that they’re never stored during payment processing, so criminals have a harder time accessing them.

For remote purchases, the CVV number has become a valuable way of protecting business owners from CNP fraud. If a customer has their credit card in their hand, they’ll be able to give the merchant their CVV code. Likewise, if someone is trying to make a fraudulent purchase and doesn’t have a credit card in hand, they won’t have the CVV code.

Provide your business contact information

It’s essential to provide a working phone number and/or email address (preferably both) in a prominent location on every page of your website, where customers can see it. This vital information also needs to be on your receipts, bills, and every piece of correspondence that you share with your customers. In addition, it’s a good idea to check your web and app pages regularly to ensure that your updated contact information is showing up on all your pages. In the event of a problem, if customers don’t know how to reach you, they may decide instead to create an expensive chargeback dispute through the credit card company.

Pro tip: It helps to provide a toll-free phone number comprised of digits, not letters, and an email address that’s easy to read and remember. The clearer you can make your contact information to a customer, especially if they’re dissatisfied and stressed about a transaction, the better.

Check your billing descriptors for abbreviations

The term “billing descriptor” refers to how your business name appears on statements, invoicing, and billing. With some payment processors, your business name, or billing descriptor, might get shortened in the description field, so ensure your full company name (along with contact information) is included on every statement and transaction document.

Protect cardholder data

Online CNP transactions tend to be less risky than phone sales, which are more subject to human error or negligence. In a phone sale, an employee might take down the incorrect contact information or even forget to ask for the CVV number. However, online sales can still pose risks, especially if cardholder information is improperly stored.

It’s essential not to store cardholder information on a web server or computer that a firewall does not protect. In addition, cardholder data should be encrypted when sent across public networks (you can use various free encryption products to implement this). Likewise, private cardholder information should never be included in an email or internet communication where others can see it.

Use an Address Verification Service

An Address Verification Service (AVS) is a fraud protection service that can reduce the risks associated with CNP transactions. With an AVS service, the customer’s address is compared with the address on file with the credit card company. Once the match is confirmed, the credit card issuer sends an AVS authorization code to the business owner, who can then put the payment through. The entire process only takes a few seconds, but it can be an invaluable authentication step in preventing credit card fraud.

Follow PCI compliance

Payment Card Industry Data Security Standards (PCI DSS) are protocols that explain, step by step, exactly what you need to do to protect your business and your customers’ data from fraud. Fortunately, merchant account companies, payment gateways, and payment processors undergo a rigorous process to be PCI-certified and compliant. By working with a payment processing service like Zenti, you’ll be able to enjoy the added peace of mind that comes from secure payment transactions.

Install security software

Even with the best practices, fraudsters can sometimes stay one step ahead. Recent reports show that today’s sophisticated cybercriminals are using software bots to harvest payment card data from various online sources. To prevent your website from getting hacked and cloned, you’ll want to install security software, implement security access protocols, and monitor your site regularly for suspicious activity.

Stay on top of security protocols and the latest information

If you ever see a phishing site impersonating your brand, you’ll want to report it to law enforcement authorities immediately. Plus, it’s a good idea to monitor and stay on top of all sales transactions, whether made in person or remotely.

If you’d like to learn more about safeguards and security protocols, VISA has published a best practices brochure that provides excellent information on implementing fraud prevention and protecting your business from fraudulent transactions.

One of the best ways to monitor your payments is through a payment processing service like Zenti, which gives you the tools you need to track your payments and monitor account activity. And speaking of payment processing…

How CNP transactions impact merchant account services

Here are several ways a high ratio of CNP transactions can impact payment processing services:

Higher processing fees

Because of the risk potential, merchant payment processors typically charge higher fees for businesses that regularly use CNP transactions. This is because CNP transactions are considered a high financial risk for credit card companies and the banks and financial institutions that underwrite and finance them.

Chargeback rates

Another risk factor of CNP transactions is chargebacks or credit card refunds. Chargebacks are the bane of any business owner’s existence. They wreak havoc with your profits and negatively impact your reputation with financial institutions, banks, and payment processors. In extreme cases, too many chargebacks can lead to your payment processor charging higher fees or even suspending your merchant account.

To help prevent chargebacks from customers, you can follow these four risk management steps:

1. Provide complete descriptions (including photos) of all your products, services, and prices.

2. Give complete information about your return and cancellation policies.

3. If a refund is requested, process it immediately, and make sure to contact the customer via email or letter to let them know the refund is on its way.

4. Ensure your customers get top-notch customer service and that someone is always available to answer questions.

Choosing the best payment processor

As a leading payment processing service provider for high-risk industries, Zenti gives you the payment and credit card processing solutions you need at a price you can afford. Zenti can provide your business with:

• Multiple payment options, including credit card, debit card, app, and e-check payment methods

• Tracking tools to follow each payment from the point of sale through the completion

• Automated billing to suit your schedule

• Reasonable rates, even if your business is designated high-risk.

To find out more, contact Zenti and learn how we can give you the merchant account services you need to take your business to the next level.