Among the challenges facing ecommerce today is fraudulent orders made with stolen credit card information (including the card number, expiration date, and even the security code). The technical name for this is card not present (or “CNP”) fraud, which gets its name from the fact the card is never physically presented to the merchant. The merchant is thus unable to examine the card and check the name and face of the shopper against a valid photo ID (usually a driver’s license), and thereby both prove the shopper’s identity and confirm that the purchase is authorized by the cardholder.
CNP fraud is obviously bad for the person whose credit card details have been stolen – disputing charges and ordering a new card are never fun – but CNP fraud is also seriously unfun for the etailer. That’s because when that victim does call and successfully dispute the charge, a chargeback (a refund from the merchant’s bank to the victim’s account) is initiated.Device fingerprinting allows merchants to more easily identify returning customers. Click To Tweet
Although the cardholder gets their money back, the merchant is ultimately stuck footing the bill…and then some. In addition to the refunded charge, the merchant incurs the cost of replacing the merchandise, and paying a chargeback penalty to their card payment processor. All told, the actual cost to the merchant of a chargeback can be more than double the cost of original order.
Tech to the rescue?
As a result, etailers adopt all sorts of technologies and techniques to detect and decline fraudulent orders, from ecommerce fraud protection solutions based on machine learning, to legions of analysts who manually review incoming orders. Even though many of these measures can be quite costly, they can more than pay for themselves by reducing losses from costly chargebacks.
In the summary of ecommerce order fraud at the beginning of this article, we’ve had to define two key terms: CNP fraud and chargebacks. If you’re an online merchant trying to combat CNP fraud, that’s only the beginning of the lexicon you’ll need to be familiar with as you consider, evaluate, and adopt the many anti-fraud solutions available.
If that online merchant happens to be you, let’s build up your CNP fraud vocabulary starting with the names of important data points used by fraud-screening algorithms and analysts alike, one of which is IP address: the number assigned to any device connected to the Internet, and are assigned geographically. IP addresses can indicate fraud if the IP address from which an order originates is assigned to Moscow but both the shipping and card billing addresses are in Moscow, Russia.
Speaking of shipping and billing addresses, our next term is the name of a system which can be used to verify a match between part of a cardholder’s address on file with the card issuing bank and the billing address supplied during the order: AVS. An AVS mismatch can indicate fraud, while a match can be an indicator that the order is legitimate. However, an AVS match can also occur on fraudulent order (criminals can often buy stolen card details complete with matching billing addresses). Ditto for IP addresses: fraudsters often use IP proxies (basically another computer which relays traffic to and from another computer) to hide their true location, making them appear to be somewhere they’re not.
More data, more confidence
There are many other clues which can be used to distinguish real shoppers from scammers, but they all have similar caveats. This is why modern CNP fraud protection has shifted to more holistic approaches which consider all the individual data points in an attempt to discern the story behind the order.
So, you may hear terms like machine learning (algorithms which allow computers to learn from data instead of being explicitly controlled via commands), and behavioral analytics (the analysis of web browsing and shopping behavior). A third term you’ll come across is device fingerprinting (the identification of specific users and computing devices which allows tracking across web sites or previous orders).
Device fingerprinting allows merchants to more easily identify returning customers. Since customers who have placed orders from a merchant (without a chargeback afterward) in the past are extremely unlikely to place fraudulent orders in the future, their orders can be safely approved without much additional scrutiny.
Behavioral analytics is able to extract, compile, and compare data from online activity (which pages a shopper looked at, for how long, in what sequence, etc.). This data is very useful because a real shopper’s behavior is very different from a fraudster’s. Machine learning technology is able to take in all the above data (including AVS match results, IP addresses, and shipping and billing addresses) and learn which combination of what values most accurately predict whether that order can be safely approved or confidently declined.
Hopefully, by reading this basic glossary you appreciate how much more there is to know about CNP fraud and how to combat it. By smartly adopting the best tech and practices, your definition of CNP might very well be Chargebacks Not a Problem.