News24 mins ago
CNP hypothetical
6 Answers
I have had �200 taken against my credit card on the first Friday of Jan and Feb. I have not authorised either of these payments. My credit card is investigating but what I want to know is how the request arrives at my Credit card account and what checks are made by them to verify this mandate.
It is annoying but how does anyone (people or companies) get the information to the credit card. What form (hard copy, electronic, BACS etc) is needed when they do not have a signature or customer reference?
It is annoying but how does anyone (people or companies) get the information to the credit card. What form (hard copy, electronic, BACS etc) is needed when they do not have a signature or customer reference?
Answers
Best Answer
No best answer has yet been selected by davidmarley. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.If you use your card to make a genuine transaction then almost all of the info needed to make a CNP payment is on the store's copy of the receipt . Extra info sometimes required would be the 3 digit number on the signature strip, your home address and, at best, a password on your card.
If a dishonest person works in the store or rakes through your bins to access a receipt then these payments are possible.
http://tinyurl.com/5fqhu
http://www.cardwatch.org.uk/index.htm (click "card fraud overview")
At the most basic level, if the info supplied (electronically) to your card issuer matches what they have on record (card number, expiry date etc.) then the transaction is immediately approved and assigned an authorisation code which the merchant quotes later to debit the funds. This process is obviously computerised.
Only if there's a suspicious pattern of activity/individual transaction on your card will the transaction either be declined or "referred" for extra security checks (such as the password).
e.g. you use your card, on average, 10 times a month and then suddenly there are loads of payments in a short period of time. In Dollars.
Stopping fraud completely is impossible so if your credit card company are in the process of refunding the money don't continue to be in a mood with them - there's only so much that they (and you) can do.
Is it completely outlandish to think that the average customer would make a payment of �200 over the phone? What checks would you find acceptable if you did try to make a genuine purchase over the phone/internet of �200 before they became intrusive?
If a dishonest person works in the store or rakes through your bins to access a receipt then these payments are possible.
http://tinyurl.com/5fqhu
http://www.cardwatch.org.uk/index.htm (click "card fraud overview")
At the most basic level, if the info supplied (electronically) to your card issuer matches what they have on record (card number, expiry date etc.) then the transaction is immediately approved and assigned an authorisation code which the merchant quotes later to debit the funds. This process is obviously computerised.
Only if there's a suspicious pattern of activity/individual transaction on your card will the transaction either be declined or "referred" for extra security checks (such as the password).
e.g. you use your card, on average, 10 times a month and then suddenly there are loads of payments in a short period of time. In Dollars.
Stopping fraud completely is impossible so if your credit card company are in the process of refunding the money don't continue to be in a mood with them - there's only so much that they (and you) can do.
Is it completely outlandish to think that the average customer would make a payment of �200 over the phone? What checks would you find acceptable if you did try to make a genuine purchase over the phone/internet of �200 before they became intrusive?
stevie21
Thanks for the info, very helpful. I am not trying to make the card company culpable or responsible, I was genuinely trying to find out just how the system works. I take your point about modest (?) amounts being taken and not arousing any concern in the checking process.
I think that there are special codes used for CNP transactions alerting the card company to a possible greater risk.
Can you explain to me how somebody can create a debit using just the card details but no PIN and having received no authorisation for the transaction from the acquirer. (I think that is the body which checks the request but I am not sure. Any further hekp you can give would be appreciated. Thanks
Thanks for the info, very helpful. I am not trying to make the card company culpable or responsible, I was genuinely trying to find out just how the system works. I take your point about modest (?) amounts being taken and not arousing any concern in the checking process.
I think that there are special codes used for CNP transactions alerting the card company to a possible greater risk.
Can you explain to me how somebody can create a debit using just the card details but no PIN and having received no authorisation for the transaction from the acquirer. (I think that is the body which checks the request but I am not sure. Any further hekp you can give would be appreciated. Thanks
My last paragraph reads back as being a bit defensive "how dare you question the banks??? Grrrr!" haha. I certainly didn't intend it that way.
Anyway, "special codes used for CNP transactions"...
Yes, as soon as a payment is presented for authorisation to the bank/credit card :
"Dear Barclays, can we get permission to charge your customer �50? Does he have that amount to spend?"
then the bank knows and records the time of the transaction, if the transaction includes any cashback, whether the card is present or not (swiped? PIN used? card# keyed & card present/not present etc.) and if CNP then other codes are present as you say.
I don't know half of them but there are apparently different types of CNP payment such as a "code 10"/voice authorisation which means that your bank are suspicious and want the merchant to phone their bank , who call your bank who have a chat and carry out extra security checks.
http://www.100best-merchant-accounts.com/termc.html
is American but explains common jargon used here too.
http://www.cardwatch.org.uk/html/publications.html
Anyway, "special codes used for CNP transactions"...
Yes, as soon as a payment is presented for authorisation to the bank/credit card :
"Dear Barclays, can we get permission to charge your customer �50? Does he have that amount to spend?"
then the bank knows and records the time of the transaction, if the transaction includes any cashback, whether the card is present or not (swiped? PIN used? card# keyed & card present/not present etc.) and if CNP then other codes are present as you say.
I don't know half of them but there are apparently different types of CNP payment such as a "code 10"/voice authorisation which means that your bank are suspicious and want the merchant to phone their bank , who call your bank who have a chat and carry out extra security checks.
http://www.100best-merchant-accounts.com/termc.html
is American but explains common jargon used here too.
http://www.cardwatch.org.uk/html/publications.html
The first debit simply had �PAY BASE� as its reference (the one above was MARKS & SPENCER) and a geographical reference which is a town, I think it must be for it is followed by GB.
There is also a reference number.
I should hear back from the bank this week so if I get a result I will post the answer to you.
You have really answered my last question but how does a company ask my bank for the money. Is it by electronic means, BACS or email or a bank electronic system or is it by snail mail hard copy?
Thanks, regards
There is also a reference number.
I should hear back from the bank this week so if I get a result I will post the answer to you.
You have really answered my last question but how does a company ask my bank for the money. Is it by electronic means, BACS or email or a bank electronic system or is it by snail mail hard copy?
Thanks, regards
All electronically - if you want to know the finer details of it then it's in that 2nd link. There are pdf files you can download, e.g. section 3 and page 10 of
http://www.cardwatch.org.uk/pdf_files/cnp_pack.pdf
I forgot to mention that merchants are assigned (and submit, when they debit the account rather than at authorisation) a merchant category code so even a company with an obscure name can be found to be "a garden centre". Your card issuer can find this for you.
When the card is "swiped" (we'll ignore that the card may or not be present) then if the details submitted match what the bank have as their record of your card number etc. then the payment is "authorised" and the money deducted from your available balance:
http://www.100best-merchant-accounts.com/glossary11.html
At this point your bank will issue an authorisation code (commonly a 6 digit number) which the company have to quote to completely debit your account and for the transaction to show on your statement. This 2nd part happens a few days later (after the payments have been batched etc.)
Whether or not your card is physically there, the merchant is required to produce and keep a receipt (and often they will send you a copy, either phycally with the goods, or e.g by email). If you dispute any payment then the onus is on the merchant to produce this receipt and try to demonstrate that the transaction is genuine. The onus is never on you to prove that it is not genuine.
http://www.cardwatch.org.uk/pdf_files/cnp_pack.pdf
I forgot to mention that merchants are assigned (and submit, when they debit the account rather than at authorisation) a merchant category code so even a company with an obscure name can be found to be "a garden centre". Your card issuer can find this for you.
When the card is "swiped" (we'll ignore that the card may or not be present) then if the details submitted match what the bank have as their record of your card number etc. then the payment is "authorised" and the money deducted from your available balance:
http://www.100best-merchant-accounts.com/glossary11.html
At this point your bank will issue an authorisation code (commonly a 6 digit number) which the company have to quote to completely debit your account and for the transaction to show on your statement. This 2nd part happens a few days later (after the payments have been batched etc.)
Whether or not your card is physically there, the merchant is required to produce and keep a receipt (and often they will send you a copy, either phycally with the goods, or e.g by email). If you dispute any payment then the onus is on the merchant to produce this receipt and try to demonstrate that the transaction is genuine. The onus is never on you to prove that it is not genuine.
Related Questions
Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.