Card-not-present (CNP) fraud

Card Not Present Fraud

Card Not Present (CNP) fraud a type of fraud that is on the rise in Seychelles as more cardholders take their cards abroad and use it to buy goods and services online. CNP fraud occurs when fraudsters steal your card details and use them to pay for purchases (usually of high value items) over the internet or by phone, fax or email. 

 

Capturing your card details

One way is via the skimming method, and your card details then used for CNP transactions.

 

Your card details may also be captured through various methods as you enter them online:

  • The website on which you enter your card details could be one set up by a fraudster especially for this purpose. Such websites usually claim to sell items at low rates to attract ‘customers’ from which the card details are stolen. Be careful of offers that seem too good to be true – they usually are. You may receive a link to such websites in ‘phishing’ emails, where you are persuaded to click on a link and then make a purchase or to enter your card details.
  • The website on which you enter your card details may belong to a reputable merchant but it could have been hijacked by fraudsters. You may see signs given by your browser such as a warning about issues with the website’s security certificate.
  • Your computing device could have been compromised by malicious software such as keyloggers and screen capture software that silently install themselves from the internet or shared storage devices, and send keystrokes and screenshots of your web activities to fraudsters, who then takes the card details that you enter on legitimate websites.

 

If your card details are captured and used to purchase goods and services online it may be difficult to recover the money stolen from your account in the execution of such transactions from the merchants concerned. Where the card details are used to purchase from merchants with 3D secure websites, we would be unable to request a chargeback based on a claim that the card details were used fraudulently.

 

3D security

3D security in the form of Verified by Visa, is a security feature that is available on your debit card, whereby on certain merchant sites that are participating in the 3D secure scheme request for a one time password (OTP), which we will send to your registered mobile phone, when you pay with your card online. Where a merchant has a 3D secure website, the card scheme concerned (Visa, MasterCard or American Express) offers them protection against chargeback. You may have recourse if the transaction was done on a website which does not feature 3D security or the card details were processed by the merchant offline at a POS.

 

Protecting yourself when paying with your card online

  • Ensure that the operating system of your computing devices have the latest security patches installed and that they run an up to date antivirus software, which is used to regularly scan the devices for malicious software.
  • Avoid entering your card details on shared or public computers. These could be infected with malicious software.
  • Always remember to log out of any websites where you’ve entered your card details. This would prevent any persons who may use your computer after you from getting access to these card details.
  • Only enter your card details on secure sites that you are certain are run by reputable merchants. Ensure that on the page on which you are entering your card details, the web address begins with ‘https’ and the browser displays a padlock. We also recommend that you check the website’s security certificate to ensure that it can be trusted.