how can you
reduce risk
when the Card
is not present?
card not present fraud solutions
you can gain
the advantage
American Express offers
strategies and tools to
help mitigate fraud and
potential chargebacks.
contents
1 card acceptance for Card Not Present
transactions
2 cut your risks
3 use our tools to help reduce fraud
4 Card Identification Number (CID)
5 contact us to verify Cardmember
information
7 enhanced authorization
9 under some circumstances, we can
call the Cardmember for verification
10 identification of sales channels
10 you can take advantage of more training
solutions
11 Merchant Risk Council
Copyright © 2005 – 2009 by American Express Travel Related Services Company, Inc.
All rights reserved. No part of this document may be reproduced in any form or by any
electronic or mechanical means, including information storage and retrieval systems,
without the express prior written consent of American Express Travel Related Services
Company, Inc.
card acceptance for Card Not Present
transactions
Mail, phone and Internet transactions carry a higher fraud risk
because the Card is not presented. Following these guidelines
for Card acceptance and authorizations can help.
always ask for the right information
B
Ask for the Cardmember name exactly as it appears on the
Card.
B
Request the Card account number and expiration date.
B
Request Cardmember home or business phone number and
billing address.
B
Verify Cardmember information via one of our verification
systems.
B
Acquire shipping address and name (if different from billing
address).
American Express recommends shipping to the Cardmember’s
billing address to avoid a Chargeback should a Cardmember
dispute the Charge.
other things you can do
cut your risks
Criminals are hoping that you won’t detect their
activities to defraud you. But it is important to
your business that you do. Undetected fraud
can result not only in lost goods and services,
but also Chargebacks and higher discount fees.
Being vigilant about unusual spending can be
your first line of defense.
how can I detect fraud?
Certain behaviors can indicate that a transaction has a higher
risk of being fraudulent. Trust your instincts. While the following
situations may also occur during a valid transaction, be suspicious
if the customer:
B
requests a rush order
B
desires only high-value ticket items, in stock
B
has multiple orders being mailed to an address other than
the billing address
B
cannot repeat the billing information correctly (address,
phone number, etc.)
B
places large orders of similar items
B
Select carriers that do not allow shipment re-routes.
B
orders merchandise that is “re-sellable”
B
Require the Cardmember’s signature upon delivery.
B
B
Identify each business model: internet sales, telephone
sales or catalog sales by authorizing each model through a
separate Merchant Number.
places out-of-pattern orders for your business (volume and/
or amount)
B
uses consecutive Card numbers given within a short period of time
B
provides an e-mail from an anonymous free e-mail domain
B
is rude or abrasive and seems to rush you
B
Require the Card to be presented if phone/mail/internet
orders are to be picked up at retail locations.
1
what to do if you ship merchandise
B
If you fulfill an order more than 30 days after the original
authorization, call again for a new approval code before
mailing the merchandise.
B
Charges cannot be submitted for payment until the
merchandise is shipped.
2
use our tools to help reduce fraud
Card Identification Number (CID)
American Express offers solutions to help reduce your fraud
related expenses, increase your revenues and reduce back
office costs associated with fraudulent transactions.
The Card Identification Number, known as the CID, is one
method to authenticate the Card using data not available
on the Card’s magnetic stripe. Because the CID number is
uniquely associated with the Card itself, it is highly effective in
deterring the fraudulent use of an account number.
Our suite of free fraud mitigation tools for Card Not Present
sales may help you validate transactions. Below is a quick
reference table. Some solutions are as simple as calling when
you suspect a problem. Others can be incorporated into your
Point of Sales systems. You can choose the solutions that best
fit your business.
Fraud Tools
Card Not Present
(Keyed)
Card Identification (CID) Program

Automatic Address Verification (AAV)
– zip code verification
– full street address verification
– name verification

Voice verification
– name, zip, address or phone

Enhanced Authorization
Charge Verification Program
B
CID
using the CID
To utilize the CID fraud prevention tool you must:


These tools are fraud mitigation solutions and do not provide
a guarantee in preventing Chargebacks.
contact us for more information
Visit our web site often at americanexpress.com/fraudinfo
for the latest fraud training materials and tools. You may also
consider becoming a member of the Merchant Risk Council.
These are discussed in more detail later in this booklet.
3
CID is a four-digit number printed above the account number on
the front of all American Express® Cards.
B
Submit the four-digit CID number with the Authorization
request.
B
Meet CID program requirements.
B
Contact your American Express representative or Merchant
Services to apply.
Important
For security purposes, the CID must only
be retained until an authorization response
is received. Immediately following receipt
of the CID validation/authorization, it must
be deleted and must not be stored in any
system or printed on any document.
4
contact us to verify
Cardmember
information
American Express
offers tools to validate
Cardmember information
electronically or over the
phone. You can decide
which method best fits your
business needs.
you can verify electronically
For Card Not Present transactions such as mail order
or internet, you can verify address, zip code, and name
electronically. You receive a code indicating the match outcome
for each transaction. This can help you make a more informed
decision about whether to accept a transaction before you ship
a product or provide a service.
check addresses automatically
Automatic Address Verification (AAV) helps reduce fraud by
verifying that the billing name, street address, and postal
code information provided by the Cardmember matches the
information on file with American Express. AAV is free to
merchants and certified third party processors.
B
Operates in batch mode or real time environments.
B
Helps to identify high-risk transactions.
B
Processes with or without an authorization request.
B
Supports all American Express Cards, domestic and
international.
you can verify over the phone
When you’re suspicious of a transaction, you can take another
step to protect yourself with Name and Address Verification
(NAV). Requiring no changes to your processing equipment,
dial 800-528-2121 and follow the instructions. The automated
system uses voice-activated technology to validate:
B
Cardmember’s name
B
Cardmember’s billing address
B
Cardmember’s postal code
B
Cardmember’s telephone number
The voice response will advise of a match outcome.
implementation is easy
Ask your third party processor, terminal provider, or American
Express representative about adding address verification to
your electronic authorization messaging.
Electronic verification is the most efficient
way to validate Cardmember information and
the match response can be incorporated into
your risk modeling systems.
Example: 123 Main Street/88130
5
6
enhanced authorization
reduce fraud in Card Not Present
transactions
The popularity and growth of internet and phone
sales have sparked exciting new business
opportunities for Card Not Present transactions.
Unfortunately, criminals have capitalized on the
anonymity of these sales channels to expand
their illegal activities.
Phone. Unusually high sales activity from the same incoming
phone number, but through multiple merchants, can point to
possible fraud.
Airline. Factors such as short time between purchase and
travel dates and high risk routing can be indicators of a riskier
transaction.
Enhanced Authorization Data
internet
e-mail address, IP address, product SKU
shipping
ship to address, postal code, country code, phone
number, first and last name, and shipment method
telephone
order phone number
airline
passenger name, origin airport, destination airport,
travel date, routing, class of service, number of
passengers, airline carrier codes, e-mail address, IP
address
use powerful transaction decision tools
American Express leverages its risk management systems and
extensive Merchant network to help protect both Cardmembers
and merchants from fraud while enabling legitimate
transactions to process uninterrupted. American Express is
uniquely positioned to provide an enhanced level of transaction
validation that individual merchants can’t do on their own.
more detail for Card Not Present decisioning
Electronic sales contain valuable information for determining
the risk of Card Not Present transactions. When these
additional data elements are included in Authorization
requests, American Express can make a more thorough risk
assessment.
Internet. Variables such as e-mail and IP addresses can help
link internet transactions to both legitimate and suspicious
sources.
you can be part of the solution
You can help reduce your fraud risks by adding these additional
transaction fields to your Authorization requests. Contact your
third party processor, terminal providers, American Express
representative, or Merchant Services for more information.
Shipping. This data can help pinpoint abnormal shipping
patterns and identify multiple Cards used to ship goods to a
single compromised location. Shipping details can also link a
transaction to a previous fraud case.
7
8
under some
circumstances,
we can call the
Cardmember for
verification
Our Charge Verification
Program (CVP) is another
Card Not Present
transaction fraud tool. If,
after receiving an Authorization Approval code, you are still
suspicious about an order ($200 or more), call us and we’ll
attempt to contact the Cardmember based on information in
our files.
This tool can help you make a better decision on whether to
ship the merchandise. However, you must be able to delay the
goods or services for up to 3 days while we attempt to contact
the Cardmember.
Have your Merchant Number, Cardmember number, approval
code and date of authorization available. We’ll ask certain key
questions about the transaction so that we can investigate
your concern. Using contact information in our files, we’ll
attempt to reach the Cardmember for three days. If we are able
to reach the Cardmember, we’ll contact you and advise you of
the outcome. If we are unable to reach the Cardmember, you
must decide whether or not to ship the goods or provide the
services without verification.
identification of
sales channels
Different sales channels,
such as internet sales, phone
sales and others, carry
different risks. By identifying
your sales channels with
separate Merchant Numbers
or through the POS data
code, we can provide
enhanced risk screening specific to Cardmember behavior and
history in those channels. To learn more, contact your American
Express representative or Merchant Services.
you can take advantage
of more training solutions
American Express provides value-added, fraud mitigation
training services.
B
Call for free Fraud Prevention brochures at 800-528-5200.
B
Visit our web site at americanexpress.com/fraudinfo.
We have information and materials available to help you
fight fraud.
Call 800-876-9786 to participate.
CVP hours are Monday-Friday, 8:00 AM-10:00 PM E.T.
9
10
Merchant Risk Council
member tools & resources
Fraud prevention requires partnership
and collaboration across the industry. One manner American
Express partners closely with members of the industry is
through participating actively in the Merchant Risk Council.
B
verify the existence of an address
B
verify a name with an address
B
reverse look-up of phone numbers to retrieve corresponding
addresses
The Merchant Risk Council (MRC) is a trade association
founded by American Express in partnership with leading
merchants and card processors focused on mitigating
e-Commerce fraud and risk. Formed in 2000, the MRC now
has 500+ members and is a leading forum for discussion of
best practices and new anti-fraud initiatives.
B
verify phone numbers
B
capture a consumer’s internet protocol (IP) address
B
review all free email domains and verify the owner of a
domain
B
verify credit card numbers via MOD 10 (a mathematic
formula used to identify correct credit card formats)
B
report a cyber crime
B
review a list of freight forwarders used by international
fraudsters to regularly pass on unsolicited goods
B
access a comprehensive e-Library of e-Commerce fraud and
risk issues at www.merchantriskcouncil.org
Being an MRC member gives you access to the resources
you need to mitigate fraud for your company by providing
opportunities for networking, education, and advocacy.
MRC members include businesses of all types and sizes.
By improving the security of all on-line merchants, large
or small, we help limit exposure to fraudulent credit card
transactions. And as consumers become more confident that
their personal information is safe, e-Commerce will continue
to grow.
11
12
there are several ways you can
contact American Express for
more information
Merchant Services
800-528-5200
Card Authorizations Center
800-528-2121
Web
americanexpress.com/fraudinfo
A critical component to your overall
fraud mitigation strategy is adherence
to our Card acceptance procedures. The
procedures are contractual requirements
and can also serve as an effective line of
your defense against potential fraud.
FP-CNPG 0109