Card-Not-Present (CNP) Fraud Mitigation Techniques
Publication Date: July 2020
There is no dispute that card-non-present (CNP) payment fraud is growing and will continue to do so. Moreover, those who commit fraud—fraudsters—are creative and engaged in a relatively low cost but high payoff game. A recent study from Juniper Research indicated that retailers are expected to lose $130 billion in digital CNP fraud between 2018 and 2023.
The U.S. Payments Forum CNP Fraud Working Committee developed this white paper to provide a high-level document that directs readers to relevant fraud mitigation techniques while providing easy access to details about the solutions.
The white paper is intended for payments industry stakeholders who need to understand and make business decisions about implementing technologies that are designed to fight CNP fraud. The primary audiences are business decision makers at issuers, merchants, issuer processors, wallet/online payment service providers (PSPs), and merchant processors/acquirers.
This document has two sections: general concepts/best practices to consider with any fraud mitigation approach, and a listing of selected techniques that are currently available, along with attributes that will help readers decide which techniques are most relevant to their situations.
Techniques profiled in this white paper are:
- One-time passcode (OTP) display card
- Customer website/mobile behavior
- Interactive voice response (IVR) voice verification
- Negative/positive database
- Velocity checks
- Address verification service (AVS)
- Browser cookies
- Multifactor authentication
- Check ID or credit card upon order pick-up
- Transaction alerts/controls/notification services
- Static card security code
- Fraud scoring
- Common point-of-purchase analysis
Each technique profile has a summary of the following:
- Applicability to channels, use cases, and stakeholders
- How the technique works
- Risks associated with the technique
- Customer impact: level of friction
- Implementation considerations
- Maturity of the technique
- Applicable industry standards (if available)
- Publicly available statistics on implementations and use (if available)
Please note: The information and materials available on this web page (“Information”) is provided solely for convenience and does not constitute legal or technical advice. All representations or warranties, express or implied, are expressly disclaimed, including without limitation, implied warranties of merchantability or fitness for a particular purpose and all warranties regarding accuracy, completeness, adequacy, results, title and non-infringement. All Information is limited to the scenarios, stakeholders and other matters specified, and should be considered in light of applicable laws, regulations, industry rules and requirements, facts, circumstances and other relevant factors. None of the Information should be interpreted or construed to require or promote the establishment of any solution, practice, configuration, rule, requirement or specification inconsistent with applicable legal requirements, any of which requirements may change over time. The U.S. Payments Forum assumes no responsibility to support, maintain or update the Information, regardless of any such change. Use of or reliance on the Information is at the user’s sole risk, and users are strongly encouraged to consult with their respective payment networks, acquirers, processors, vendors and appropriately qualified technical and legal experts prior to all implementation decisions.