What is CNP /MOTO
In order to understand the reasons why a business might need to use MOTO|Secure, it is vital to understand the nature of CNP/MOTO transactions. CNP/MOTO (Card Not Present/ Mail Order | Telephone Order) applies to any transaction where the card and cardholder are not present at the point of transaction, this applies to the following:
When a CNP transaction is processed the payment gateway requests authorization from the card issuer via the acquiring bank. The card issuer will then confirm that the card has not been reported lost or stolen and the cardholder has sufficient funds in their account.
What’s the problem?
Consumers do not like disclosing their card numbers to a stranger at the end of the phone, when there is nothing to prevent a rogue employee or unscrupulous business owner from retaining the card details in order to use them fraudulently at a later date.
Is this not the customers’ problem?
No, not entirely. Though losses to UK card holders alone totalled $803 Million in 2016, as a merchant you can be held accountable for those losses if you are found to have not complied with PCI DSS standards.
What is PCI-DSS?
The Payment Card Industry Data Security Standards is a set of requirements for enhancing payment account data security and is a contractual obligation generally between a merchant and their acquiring bank.
Surveys show the majority of SME’S do not know what PCI-DSS is?
So what exactly does it mean for the merchant?
PCI-DSS compliance is a contractual obligation and applies to all entities that store, process and/or transmit payment card data.
Who needs to comply?
Every merchant of every size is required to comply with PCI-DSS in its entirety.
What are the implications if a merchant is found not to be compliant?
Penalties for Non-Compliance
If you do not comply with the security requirements of the card associations, you put your business at risk of compromising sensitive data. You will also be liable for the cost of any required forensic investigations, fraudulent purchases and the cost of re-issuing compromised cards.
Penalties for Data Breach
Penalties vary by card schemes, and by the state of the compliance at the point of each breach. Visa Europe state that for each breach of Account Data Compromise (ADC) a penalty of $3500 will apply, which could be followed by a PFI (PCI Forensic Investigation) for level 1. – 3 merchants or level 4 merchants who process more than 10,000 visa cards. Each card then deemed at risk (PAN and CVV2 details) would carry a penalty of $21 per card.
Bank Charges, Brand Damage & Loss of Business
If you are not certified PCI-DSS compliant then some banks may be charging you additional fees on a monthly or annual basis. Further to this, from Oct 2016 we have seen every ‘non-secure’ or ‘card not present’ transaction via Global payments increase from 0.1% to 0.3% of the TV, costing merchants thousands.
Not to mention the potential catastrophe of PR or brand damage.
This website is provided for general information purposes only. Motosecure gives no warranty nor makes any representation regarding the accuracy, completeness or quality of the content. Readers should seek information and advice specific to particular circumstances before forming conclusions or taking action.