With the U.S. adoption of EMV chip cards, businesses heaved a brief sigh of relief, as the technology added another layer of protection against fraud by reducing the risk of card counterfeiting. However, as expected, in the wake of chip card adoption, there has been an increase in card-not-present (CNP) credit card fraud in online and telephone transactions.
Although much of the increase in fraud relates to consumer transactions with merchants, commercial cardholders are experiencing an increase in CNP fraud as well.
Data breaches that occurred over the past few years at major retailers and healthcare providers are beginning to result in increases in fraudulent charges occurring on both consumer and commercial credit cards.
New authentication tools
Fifth Third Bank now uses new multi-layer authentication tools to help its merchants mitigate the risk of accepting fraudulent payments, and commercial cardholders have access to enhanced security tools as well. Merchants can access MasterCard 3D SecureCode® and Verify by VISA®, and beginning this summer, Fifth Third will upgrade its commercial Mastercard holders to MasterCard 3D SecureCode®. Both services add another layer of security for merchants and commercial cardholders when making online purchases.
3D SecureCode requires an additional layer of authentication before an e-commerce transaction can be processed and accepted. It compares the online transaction under review against model cardholder behavior to spot anomalies and unusual purchases.
In the course of its authentication process, 3D SecureCode reviews the device information as well as the transaction amount, date, time and merchant. This enables the tool to flag transactions originating from devices with internet protocol (IP) addresses that are known to be fraudulent sites.
Companies need to be sure cardholder-level contact data is up-to-date for all employees who hold commercial cards. It is increasingly important for Fifth Third to be able to quickly contact individual cardholders when a potentially fraudulent transaction is occurring, and the bank can only do so if individual cardholder information is current and accurate.
Recommended best practices
To guard against CNP fraud occurring on transactions made on your company’s commercial cards, Fifth Third recommends:
- Use the available 3D SecureCode and Verify by VISA® tools.
- To ensure that authentication tools are most effective, have employees who hold commercial cards keep their contact information up-to-date using the Fifth Third Cardholder Portal. This can be easily done by logging into 53.com with the cardholder’s user ID and password. Cardholders also can update their contact information by calling the number on the back of your card or stopping in at any Fifth Third branch office.
- Remind employees to carefully review commercial card transaction data and monthly statements to spot unusual activity and ensure all transactions are valid and appropriate.
- Encourage employees to treat their commercial cards with the same caution and care they extend to their own personal credit cards. Employees should review their monthly statements carefully for unusual transactions and never allow their commercial cards outside of their possession.
- Remind employees to immediately report possible fraudulent CNP transactions on their commercial cards to Fifth Third and to their company administrator, as appropriate.
- Companies should suspend inactive commercial cards immediately when employees leave the company or change job responsibilities.
- If an employee believes a fraudulent CNP purchase was made using his or her commercial credit card number, the employee should immediately call Fifth Third using the phone number listed on the back of the card.
- If it appears systemic fraud has occurred with several of your company’s commercial cards, contact your Fifth Third Relationships Manager directly or call the bank by using a verified Fifth Third Bank phone number. You can forward any additional information on fraudulent CNP transactions by email to: firstname.lastname@example.org.