Trending Articles

Blog Post


Best Practices for Handling Card Not Present (CNP) Transactions

Best Practices for Handling Card Not Present (CNP) Transactions

(CNP) Transactions: Do you always carry your card or cash to make purchases at the retail store? No, right? Because you have your digital wallet right in your smartphone! After all, that’s how you pay for your online purchases too.

The same goes for your customers. Well, for buyers, it doesn’t really make a difference. But merchants processing card-not-present (CNP) payments need to handle these types of transactions in a different manner. And what’s more important is, your payment processing fees differ for CNP payments.

What are Card Not Present (CNP) Transactions?

Card not present or CNP payments are connected via the internet, telephone, email, or mobile devices in cases when the physical presence of a card is not required. In other words, the consumer doesn’t need to show the card to the merchant or the sales rep to make a purchase. Rather, the merchant receives the card information remotely.

In fact, CNP payments have worked wonders for small businesses as it enables them to have a steady cash flow and increase their overall revenue. Earlier, customers often abandoned their carts due to insufficient cash or card balance.

But with the advent of digital payments, buyers no longer need to worry about completing their purchases since they have enough money right in their smart devices. CNP payments, therefore, offer the highest amount of flexibility and convenience to customers and businesses alike.

The Best Practice to Handle CNP Transactions

There are some downsides to CNP payments, such as fraudulent activities like making unauthorized payments using stolen cards or accessing someone’s sensitive card data by a malicious third party. In the face of rising cybersecurity threats, merchants need to know the right way of handling card-not-present transactions. Here are some useful tips for you.

1.   Never Store Customer’s Card Data on Unsecured Platforms

Whenever you ask for your consumer’s card details, it’s a natural tendency for many merchants to write them down directly into their virtual terminal, which is online-based. Never do this if you really want to safeguard your customers’ sensitive card details.

Never input any card information into an unsecured drive, or worse, write it down on paper or Excel sheets! Such practices will lead to a higher number of data leaks, thus compromising your customer’s privacy.

Also, never ask your buyers to send their card details over the phone, email, text messages, or even live chat, as it makes their card data exposed to a number of scammers and hackers, as these channels are generally unsecured.

2.   Provide Your Contact Information Everywhere

At times, not having proper contact details of the business one has purchased items from, leads to grave consequences and misunderstandings. In fact, hiding your phone number, email address, and other contact details may result in higher chargeback disputes.

  1. Provide your contact information everywhere possible, such as on every page of your website or app, especially the home page.
  2. Check (and recheck) that you have updated your billing descriptor.
  3. Add your business phone number and email address to every correspondence, including email, SMS, interactions on social media, invoices, and everywhere else you can think of!

3.   Save Proof of Purchase

Develop the habit of saving all the purchase information for every transaction made. Notify your customers at every step and have clear and proper documentation of the entire purchase. It will help you defend yourself in chargeback disputes.

Whenever someone disputes a charge, you can always claim that the purchase was rightful by showing the purchase receipts and payment details to the bank. It may be done unintentionally on the part of the customer, who often doesn’t recognize a purchase when they check their credit card statements. Therefore, it is also advisable that you use clear labels by mentioning your brand name and the product the buyer has purchased.

You must record the following information for every purchase –

  1. The time and date of the purchase, including that of the order placed
  2. The customer contact details
  3. The time and date of the product delivery
  4. The total amount charged for the purchase (this includes a proper break down of all the items purchased or ordered)
  5. The mode of payment

Further, you should send confirmation receipts to your buyer and track the packages delivered. These are some excellent practices of managing and tracking CNP transactions.

4.   Always Confirm a Buyer’s Address with AVS

It is essential for merchants to use the AVS or the Address Verification System for verifying the billing address of a consumer. AVS makes sure that the billing address provided matches the buyers’ shipping address.

If the two sets of address details don’t match, make it a point to flag that transaction. Often it may be for a good cause, such as sending a gift to a friend or a close one who resides in a different location. But it won’t happen every day. In fact, many activities occur when billing addresses and shipping addresses do not match.

This practice is a must for eCommerce and online businesses. Besides, recording your customers’ data is beneficial in a number of ways. For instance, if a transaction is disputed in the form of chargeback or due to fraudulent activity, you will always have the necessary information at hand to defend yourself.

Also Read: Is GST Applicable on Google AdSense Income?

5.   Comply With PCI Security Standards

Credit card fraud is a major issue these days, especially in the era when eCommerce purchases have taken center stage. It’s a costly affair for merchants, customers, and financial institutions alike, and it’s the responsibility of the business owner to enhance its security standards.

Besides, risks are different for card-present and card-not-present transactions. So, for CNP payments, merchants need to –

  • Ensure that their company is PCI certified and that they are complying with all the updated PCI security standards. Also, make sure that your payment processor, too, is PCI certified.
  • Protect all your stored data through solutions like tokenization, encryption, etc. In such cases, you don’t need to store the actual card data but rather in encoded forms, which are difficult for hackers to read or access.
  • Train and educate employees and partners regarding the necessity and methods of protecting crucial cardholder data.
  • Encrypt your data across all public networks, including phone lines, emails, data streams, and FTP.
  • Restrict access to cardholder data to departments who “need to know” it, such as the chargeback department or your own call center team.

Related posts