Card-Not-Present Fraud- Who Bears the Risk?

Christabel Onyejekwe, Executive Director, NIBSS Plc

Giving the increasing volume of electronic payment transaction in the Nigerian Sector, a pertinent question to ask is who bears the risk in the event of Card Not Present (CNP) fraud- Is it the customer, the card issuer  or the merchant?

In its simplest form CNP fraud involves the unauthorized use of a customer card details to purchase product or service from a merchant in a non-face-to-face setting. What usually happens is the merchant never physically inspects the card used for transaction, thus the term “card not present” applies. The transaction happens over a merchant website or through the phone/email purchase order, the merchant subsequently release the goods or render service with the understanding that the customer authorized the purchase and will make the required payments.

In a card not present transaction, typically, the customer information used to perpetuate the fraud includes the card number, the card verification code, and the expiration date all of which are printed on the physical card. In most cases the PIN which is known secretly by the customer is not used.

So who bears the brunt in the event of fraud?

Generally, if a merchant accepts a card for a purchase and the card is physically present, the liability for loss fall on the card issuing financial institution, not the merchant; however, under Card Association rules of most developed economies (US inclusive), the risk of loss falls on the merchant. The implication of this is that the full value of a purchase will be charged back to the merchant if the transaction turns out to be a fraud.

Fraudulent transaction trough Card Not Present transaction seems to be on the rise. A reliable source reveals that 62 percent of the bank in Nigeria has recorded this type of customer fraud claims in the last three years.