Card-not-present (CNP) transactions are an essential part of daily operations for millions of business owners. If you’re unfamiliar with the term, a CNP transaction refers to any credit card transaction where you’re not physically processing the card in a reader or terminal. These transactions include anything from online purchases to recurring payments.
The one downside of CNP transactions is that they’re slightly more expensive for merchants than card-present transactions. The reason for that is that CNP transactions run a higher risk of being fraudulent. Here’s a list of five card-not-present best practices that can help you minimize those risks and fully enjoy the benefits these transactions provide.
1. Provide Your Contact Information
Your email address and working phone number should be in a prominent location on your website, receipts, and any correspondence you share with customers. In the event of an issue with a CNP transaction, you want your customers to reach you as easily as possible. Otherwise, they may decide to create a chargeback dispute through their card company.
2. Have Customers Provide Their CVV
The CVV is the three-digit code at the back of a credit card. Whether you’re taking an order over the phone or running an online store, you should always require the customer’s CVV. This is a key step in ensuring that the person claiming to own the credit card during a transaction actually owns it. In many cases, this is a mandatory part of the verification process.
3. Protect Your Customer Data
Most of the risk related to CNP transactions lies in improperly stored cardholder data. Therefore, it’s important to make sure you keep this data on a server that’s protected by a firewall and encrypt it whenever you need to send it across a public network. In addition, you should never include private cardholder data in public emails or online communication.
4. Use an Address Verification Service
Using an address verification service (AVS) allows you to confirm that the cardholder’s address matches the shipping or billing address they’ve given you. An AVS service also collects all the relevant information about the cardholder’s address and saves it for future use. If the transaction gets flagged for fraud, you’ll have all you need to fight a potential chargeback.
5. Follow PCI Compliance
The PCI DSS is a set of standards that explains exactly what you need to do to protect your business and customers from fraud. This is why merchant account companies, payment processors, and payment gateways go through a rigorous process to be PCI-certified. Following the PCI standards is essential for securing your payment transactions.