Card not present transaction
Encyclopedia
A card not present transaction (CNP) is a credit card
purchase made over the telephone
or over the Internet
where the physical card has not been swiped into a reader. It is a major route for credit card fraud
. If a fraudulent transaction is reported, the bank that hosted the merchant account
that received the money from the fraudulent transaction must make restitution. Whereas in a swiped transaction the bank that issued the credit card is liable for restitution.
uncovered an operation running from 2006 to 2010 that netted more than $10 million in bogus charges on credit and debit cards. The perpetrators used more than 100 phony merchant account
s that they had created to do the billing.
Each merchant account was attached to a Employer Identification Number
belonging to a real merchant with a similar sounding name.
Each merchant account was tied to an 800 number from CallMe800. Each account was also tied to a web site they had created. They also rented physical addresses from Regus
, which rents virtual offices, for each merchant accounts. Regus would forward the snail mail
to Earth Class Mail, a digital mailroom
service that scanned snail mail
from the physical address of the merchant account and forwarded it as a PDF to email
accounts that they had set up. They made sure that when they checked their online merchant accounts, that they used an IP address
located near the billing address so as not to arouse suspicion.
A charge of $9 was transacted on about one million credit cards over the 4 year period. Each card billed a single time. Credit card companies only investigate if the charge is more than $10, since it costs that much to run an investigation. Then the money was moved to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan where the money could not be traced or recovered. The perpetrators experimented with a 20 cent charge and that generated more suspicion than the $9 charge. Only about 10 percent of the fraudulent charges were ever reported or contested by the card owner that was billed.
Credit card
A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...
purchase made over the telephone
Telephone
The telephone , colloquially referred to as a phone, is a telecommunications device that transmits and receives sounds, usually the human voice. Telephones are a point-to-point communication system whose most basic function is to allow two people separated by large distances to talk to each other...
or over the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
where the physical card has not been swiped into a reader. It is a major route for credit card fraud
Credit card fraud
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also...
. If a fraudulent transaction is reported, the bank that hosted the merchant account
Merchant account
A merchant account is a type of bank account that allows businesses to accept payments by debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of credit card and/or debit card transactions...
that received the money from the fraudulent transaction must make restitution. Whereas in a swiped transaction the bank that issued the credit card is liable for restitution.
Fraud
The Federal Trade CommissionFederal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
uncovered an operation running from 2006 to 2010 that netted more than $10 million in bogus charges on credit and debit cards. The perpetrators used more than 100 phony merchant account
Merchant account
A merchant account is a type of bank account that allows businesses to accept payments by debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of credit card and/or debit card transactions...
s that they had created to do the billing.
Each merchant account was attached to a Employer Identification Number
Employer identification number
Applicable to the United States, an Employer Identification Number or EIN is the corporate equivalent to a Social Security Number, although it is issued to anyone, including individuals, who has to pay withholding taxes on employees.-Other names:Also known as the Tax Identification Number ,...
belonging to a real merchant with a similar sounding name.
Each merchant account was tied to an 800 number from CallMe800. Each account was also tied to a web site they had created. They also rented physical addresses from Regus
Regus
Regus plc is a multinational corporation that provides serviced office accommodation in business centres worldwide. As of March 2011, it operates 1,100 business centres in 85 countries. The Company is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index...
, which rents virtual offices, for each merchant accounts. Regus would forward the snail mail
Snail mail
Snail mail or smail is a dysphemistic retronym—named after the snail with its slow speed—used to refer to letters and missives carried by conventional postal delivery services. The phrase refers to the lag-time between dispatch of a letter and its receipt, versus the virtually instantaneous...
to Earth Class Mail, a digital mailroom
Digital mailroom
Digital mailroom is a term used to describe the automation of incoming mail processes. Using document scanning and document capture technologies companies can digitise incoming mail and automate the classification and distribution of mail within the organisation...
service that scanned snail mail
Snail mail
Snail mail or smail is a dysphemistic retronym—named after the snail with its slow speed—used to refer to letters and missives carried by conventional postal delivery services. The phrase refers to the lag-time between dispatch of a letter and its receipt, versus the virtually instantaneous...
from the physical address of the merchant account and forwarded it as a PDF to email
Email
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
accounts that they had set up. They made sure that when they checked their online merchant accounts, that they used an IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
located near the billing address so as not to arouse suspicion.
A charge of $9 was transacted on about one million credit cards over the 4 year period. Each card billed a single time. Credit card companies only investigate if the charge is more than $10, since it costs that much to run an investigation. Then the money was moved to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan where the money could not be traced or recovered. The perpetrators experimented with a 20 cent charge and that generated more suspicion than the $9 charge. Only about 10 percent of the fraudulent charges were ever reported or contested by the card owner that was billed.