card not present fraud solutions

card not present fraud solutions

how can you

reduce risk

when the Card

is not present?

Copyright © 2005 – 2009 by American Express Travel Related Services Company, Inc. All rights reserved. No part of this document may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval systems, without the express prior written consent of American Express Travel Related Services Company, Inc.

you can gain

the advantage

contents

1 card acceptance for Card Not Present

transactions

2 cut your risks

3 use our tools to help reduce fraud

4 Card Identifi cation Number (CID)

5 contact us to verify Cardmember

information

7 enhanced

authorization

9 under some circumstances, we can

call the Cardmember for verifi cation

10 identifi cation of sales channels

10 you can take advantage of more training

solutions

1 2

card acceptance for Card Not Present

transactions

Mail, phone and Internet transactions carry a higher fraud risk because the Card is not presented. Following these guidelines for Card acceptance and authorizations can help.

always ask for the right information

Ask for the Cardmember name exactly as it appears on the

B

Card.

Request the Card account number and expiration date.

B

Request Cardmember home or business phone number and

B

billing address.

Verify Cardmember information via one of our verifi cation

B

systems.

Acquire shipping address and name (if different from billing

B

address).

American Express recommends shipping to the Cardmember’s billing address to avoid a Chargeback should a Cardmember dispute the Charge.

other things you can do

Select carriers that do not allow shipment re-routes.

B

Require the Cardmember’s signature upon delivery.

B

Identify each business model: internet sales, telephone

B

sales or catalog sales by authorizing each model through a separate Merchant Number.

Require the Card to be presented if phone/mail/internet

B

orders are to be picked up at retail locations.

cut your risks

Criminals are hoping that you won’t detect their activities to defraud you. But it is important to your business that you do. Undetected fraud can result not only in lost goods and services, but also Chargebacks and higher discount fees. Being vigilant about unusual spending can be your fi rst line of defense.

how can I detect fraud?

Certain behaviors can indicate that a transaction has a higher risk of being fraudulent. Trust your instincts. While the following situations may also occur during a valid transaction, be suspicious if the customer:

requests a rush order

B

desires only high-value ticket items, in stock

B

has multiple orders being mailed to an address other than

B

the billing address

cannot repeat the billing information correctly (address,

B

phone number, etc.)

places large orders of similar items

B

orders merchandise that is “re-sellable”

B

places out-of-pattern orders for your business (volume and/

B

or amount)

uses consecutive Card numbers given within a short period of time

B

provides an e-mail from an anonymous free e-mail domain

B

is rude or abrasive and seems to rush you

B

what to do if you ship merchandise

If you fulfi ll an order more than 30 days after the original

B

authorization, call again for a new approval code before mailing the merchandise.

Charges cannot be submitted for payment until the

B

use our tools to help reduce fraud

American Express offers solutions to help reduce your fraud related expenses, increase your revenues and reduce back offi ce costs associated with fraudulent transactions. Our suite of free fraud mitigation tools for Card Not Present sales may help you validate transactions. Below is a quick reference table. Some solutions are as simple as calling when you suspect a problem. Others can be incorporated into your Point of Sales systems. You can choose the solutions that best fi t your business.

Fraud Tools

Card Not Present (Keyed)

Card Identifi cation (CID) Program



– zip code verifi cation – full street address verifi cation – name verifi cation



Voice verifi cation

– name, zip, address or phone







These tools are fraud mitigation solutions and do not provide a guarantee in preventing Chargebacks.

contact us for more information

Visit our web site often at americanexpress.com/fraudinfo for the latest fraud training materials and tools. You may also consider becoming a member of the Merchant Risk Council. These are discussed in more detail later in this booklet.

Card Identifi cation Number (CID)

The Card Identifi cation Number, known as the CID, is one method to authenticate the Card using data not available on the Card’s magnetic stripe. Because the CID number is uniquely associated with the Card itself, it is highly effective in deterring the fraudulent use of an account number.

CID is a four-digit number printed above the account number on the front of all American Express® _Cards.

using the CID

To utilize the CID fraud prevention tool you must:

Submit the four-digit CID number with the Authorization

B

request.

Meet CID program requirements.

B

Contact your American Express representative or Merchant

B

Services to apply.

Important

For security purposes, the CID must only be retained until an authorization response is received. Immediately following receipt of the CID validation/authorization, it must be deleted and must not be stored in any system or printed on any document.

CID

5 6

contact us to verify

Cardmember

information

American Express offers tools to validate Cardmember information electronically or over the phone. You can decide which method best fi ts your business needs.

you can verify electronically

For Card Not Present transactions such as mail order or internet, you can verify address, zip code, and name

electronically. You receive a code indicating the match outcome for each transaction. This can help you make a more informed decision about whether to accept a transaction before you ship a product or provide a service.

check addresses automatically

Automatic Address Verifi cation (AAV) helps reduce fraud by verifying that the billing name, street address, and postal code information provided by the Cardmember matches the information on fi le with American Express. AAV is free to merchants and certifi ed third party processors.

Operates in batch mode or real time environments.

B

Helps to identify high-risk transactions.

B

Processes with or without an authorization request.

B

Supports all American Express Cards, domestic and

B

international.

Example: 123 Main Street/88130

you can verify over the phone

When you’re suspicious of a transaction, you can take another step to protect yourself with Name and Address Verifi cation (NAV). Requiring no changes to your processing equipment, dial 800-528-2121 and follow the instructions. The automated system uses voice-activated technology to validate:

Cardmember’s name

B

Cardmember’s billing address

B

Cardmember’s postal code

B

Cardmember’s telephone number

B

The voice response will advise of a match outcome.

implementation is easy

Ask your third party processor, terminal provider, or American Express representative about adding address verifi cation to your electronic authorization messaging.

Electronic verifi cation is the most effi cient way to validate Cardmember information and the match response can be incorporated into your risk modeling systems.

Phone. Unusually high sales activity from the same incoming

phone number, but through multiple merchants, can point to possible fraud.

Airline. Factors such as short time between purchase and

travel dates and high risk routing can be indicators of a riskier transaction.

Enhanced Authorization Data

internet e-mail address, IP address, product SKU

shipping ship to address, postal code, country code, phone number, fi rst and last name, and shipment method

telephone order phone number

airline passenger name, origin airport, destination airport, travel date, routing, class of service, number of passengers, airline carrier codes, e-mail address, IP address

you can be part of the solution

You can help reduce your fraud risks by adding these additional transaction fi elds to your Authorization requests. Contact your third party processor, terminal providers, American Express representative, or Merchant Services for more information.

enhanced authorization

reduce fraud in Card Not Present transactions

The popularity and growth of internet and phone sales have sparked exciting new business opportunities for Card Not Present transactions. Unfortunately, criminals have capitalized on the anonymity of these sales channels to expand their illegal activities.

use powerful transaction decision tools

American Express leverages its risk management systems and extensive Merchant network to help protect both Cardmembers and merchants from fraud while enabling legitimate

transactions to process uninterrupted. American Express is uniquely positioned to provide an enhanced level of transaction validation that individual merchants can’t do on their own.

more detail for Card Not Present decisioning

Electronic sales contain valuable information for determining the risk of Card Not Present transactions. When these additional data elements are included in Authorization requests, American Express can make a more thorough risk assessment.

Internet. Variables such as e-mail and IP addresses can help

link internet transactions to both legitimate and suspicious sources.

Shipping. This data can help pinpoint abnormal shipping

patterns and identify multiple Cards used to ship goods to a single compromised location. Shipping details can also link a transaction to a previous fraud case.

9 10

identifi cation of

sales channels

Different sales channels, such as internet sales, phone sales and others, carry different risks. By identifying your sales channels with separate Merchant Numbers or through the POS data code, we can provide

enhanced risk screening specifi c to Cardmember behavior and history in those channels. To learn more, contact your American Express representative or Merchant Services.

you can take advantage

of more training solutions

American Express provides value-added, fraud mitigation training services.

Call for free Fraud Prevention brochures at

B 800-528-5200.

Visit our web site at

B americanexpress.com/fraudinfo.

We have information and materials available to help you fi ght fraud.

under some

circumstances,

we can call the

Cardmember for

verifi cation

Our Charge Verifi cation Program (CVP) is another Card Not Present transaction fraud tool. If, after receiving an Authorization Approval code, you are still suspicious about an order ($200 or more), call us and we’ll attempt to contact the Cardmember based on information in our fi les.

This tool can help you make a better decision on whether to ship the merchandise. However, you must be able to delay the goods or services for up to 3 days while we attempt to contact the Cardmember.

Have your Merchant Number, Cardmember number, approval code and date of authorization available. We’ll ask certain key questions about the transaction so that we can investigate your concern. Using contact information in our fi les, we’ll attempt to reach the Cardmember for three days. If we are able to reach the Cardmember, we’ll contact you and advise you of the outcome. If we are unable to reach the Cardmember, you must decide whether or not to ship the goods or provide the services without verifi cation.

Call 800-876-9786 to participate.

member tools & resources

verify the existence of an address

B

verify a name with an address

B

reverse look-up of phone numbers to retrieve corresponding

B

addresses

verify phone numbers

B

capture a consumer’s internet protocol (IP) address

B

review all free email domains and verify the owner of a

B

domain

verify credit card numbers via MOD 10 (a mathematic

B

formula used to identify correct credit card formats) report a cyber crime

B

review a list of freight forwarders used by international

B

fraudsters to regularly pass on unsolicited goods

access a comprehensive e-Library of e-Commerce fraud and

B

risk issues at www.merchantriskcouncil.org

Merchant Risk Council

Fraud prevention requires partnership

and collaboration across the industry. One manner American Express partners closely with members of the industry is through participating actively in the Merchant Risk Council. The Merchant Risk Council (MRC) is a trade association founded by American Express in partnership with leading merchants and card processors focused on mitigating e-Commerce fraud and risk. Formed in 2000, the MRC now has 500+ members and is a leading forum for discussion of best practices and new anti-fraud initiatives.

Being an MRC member gives you access to the resources you need to mitigate fraud for your company by providing opportunities for networking, education, and advocacy. MRC members include businesses of all types and sizes. By improving the security of all on-line merchants, large or small, we help limit exposure to fraudulent credit card transactions. And as consumers become more confi dent that their personal information is safe, e-Commerce will continue to grow.

there are several ways you can

contact American Express for

more information

Merchant Services 800-528-5200

Card Authorizations Center 800-528-2121

Web americanexpress.com/fraudinfo

FP-CNPG 0109

A critical component to your overall fraud mitigation strategy is adherence to our Card acceptance procedures. The procedures are contractual requirements and can also serve as an effective line of your defense against potential fraud.