US Payments Forum offers card-not-present fraud advice

The US Payments Forum has published a survey of card-not-present (CNP) fraud worldwide to help the US payments industry assemble “layered, effective and systematic” mitigation strategies. “While many attribute the rise in CNP fraud seen in other countries to the implementation of EMV chip technology, there are other factors such as the rapid growth of online sales and the fact that fraud prevention tools have not been fully adopted and implemented by all stakeholders,” says the trade body’s Randy Vanderhoof.

  • Willam Hugh Murray, CISSP

    The simplest way for merchants to avoid “card not present” fraud is not to accept credit card numbers. Instead they should use proxies like PayPal. PayPal is the oldest and best known product but American Express, Apple, MasterCard, Visa and others offer competing products.

    At checkout time, the customer is taken to the proxies web page. If he is a returning customer of the proxie, he logs on, and selects any applicable options such payment method or shipping address and he is done. If he is not a registered customer, he enters the same information he would enter on a merchant checkout page. He will be given the option of having the proxie save the newly entered information, chose a user name and password, and become a registered user of the proxie.

    The proxie passes the customer name and shipping address to the merchant and credits the merchant’s account with the net amount of the sale. Fraud becomes the problem of the proxie, not the merchant. The proxie guarantees payment to the merchant as well as the name and shipping address of the customer. Fraud becomes the responsibility of the proxie rather than that of the merchant.

    To exploit a customer’s preference for a particular proxie brand, the merchant may offer multiple proxies but, since all proxies accept most payment methods, a merchant really only has to offer the one that offers him the best price, terms, and services.