Card Not Present Operating Guide

40 0 February 12, 2024

1.0 Introduction

Welcome to your Smartpay Card Not Present facility (CNP), and thank you for choosing us.

Our Card Not Present Operating Guide will help you understand how to set up and use your Smartpay Merchant facility so that you can start accepting credit and debit card payments over the phone (often called MOTO, this refers to the acronym Mail Order Telephone Order to allow businesses to take and manage card transactions remotely).

You can also find out what technology you’ll need, how to process payments, how our merchant fees work and when you’ll get paid.

As a Smartpay merchant, it’s important to follow the instructions in this guide to help protect your merchant facility from fraud and chargebacks whilst keeping your business compliant with your Merchant Services Agreement: (available at https://www.smartpay.com.au/help-centre/account/terms-conditions)

You must also comply with the Visa, Mastercard® American Express Scheme rules and Payment Card Industry (PCI) – Data Security Standards (DSS) covered in this guide.

2.0 What is Card Not Present (CNP)?

Card Not Present transactions are when transactions are processed when the physical card is not in the store. This scenario could apply if the customer is talking to you over the phone and wishes to pay for the product/service during the call.

The cardholder must have a scheme (Visa or Mastercard) debit or credit card and provide you with the card number, name on the card, expiry date and CVV/CVC number.

You will key in the card details while your customer is on the phone. Smartpay will provide specific instructions on how to complete a CNP transaction through your EFTPOS terminal.

3.0 What is Authorisation?

Authorisation is built into all scheme credit and debit card transactions. If a card is used to make a payment, it will be authorised by the issuing bank and the payment processed if:

  • The account number is valid. 
  • The card has not been reported lost or stolen.
  • There are sufficient funds available to cover the transaction. 

For instructions on how to perform a MOTO transaction, please refer to the MOTO Help Centre Guide.

3.1 What to do when processing a CNP transaction

   The following actions should be performed when conducting a CNP transaction:

  • Accept card information over the phone only – not via email or any other channel. If you use an online/e-commerce form to capture information, this must be reviewed and approved by Smartpay before approving such transactions. 
  • Process transactions immediately while the cardholder is on the phone.
  • Disclose surcharges (before processing) where applicable to the customer.
  • Request the card expiration date and CVV/CVC to key into the terminal.
  • Provide a purchase receipt to the customer (this can be found in the HUB).
  • Disclose your terms and conditions to your cardholder and provide this information along with their receipt.
  • Be aware of unusual customer purchase behaviour. Refer to guided details under the heading of Warning signs of Card Not Present Fraud Risk and potential chargebacks that will provide further guidance.
  • Follow the correct authorisation procedures for manual transactions (PAN entry) where card details are entered directly into your EFTPOS terminal.
  • Get Smartpay’s approval if you use a service provider to capture and store card data securely. If you change your service provider, you must notify Smartpay immediately.
  • Obtain proof of delivery to the cardholder. When goods and services are provided to the cardholder, it is best to have them sign for the receipt of goods/services and to provide identification that they are the cardholder.
  • Retain all relevant information about the order. e.g. What phone number was the order made from?
3.2 What not to do when processing a Card Not Present transaction

Ensure you do not undertake any of the following actions when processing a CNP payment:

  • Write down and/or store card numbers for later use or record card numbers through your phone system. This breaches your PCI Security standards – which you are obliged to follow. For more information on PCI obligations,  please refer to our terms and conditions.
  • Store any verification numbers (i.e. the CVV/CVC number on the back of the card)
  • Request card details to be sent to you by email or any other channel
  • Use manual key entry for your EFTPOS terminal when the cardholder is present.
  • Use your personal or business card to process transactions or refunds through your merchant facility.
  • Process transactions on behalf of another person or business
  • Process transactions that are more than the value of your goods or services. For example, if you’re selling a mattress for $100 you can’t process a transaction for $110. Surcharges must not exceed the Cost of Acceptance. 
3.3 Settlements

Smartpay settles to your nominated bank for processing the next business day. However, each bank will clear the funds at different times. Please call your merchant bank to see when these funds will be available.

Your CNP settlement will also be incorporated into your current Card Present settlement which will also be accessible via Smartpay’s Merchant Portal.

4.0 Processing Limits

Each Card Not Present/MOTO limit has been assigned based on your business and our risk assessment criteria. The following has been assigned:

  • Daily Transaction Value Limit
  • Transaction  Limit
  • Refund limit

These limits need to be adhered to at all times. If business circumstances change, please contact your Account Manager or our Merchant Assist Team to discuss your limit requirement.

5.0 Refunds

  • You may need a refund card or PIN to authorise a refund through your EFTPOS terminal. This depends on your terminal or network provider.
  • You must process the refund using the same merchant facility you used for the original transaction.
  • You must process the refund to the same card used for the original sale.
  • Never provide cash refunds for card transactions.
  • Don’t refund more than the amount of the original transaction. If you want to provide compensation to the cardholder that is more than the amount of the original sale, use a different payment method, such as a bank transfer, to pay the cardholder the additional compensation.
  • Don’t exceed your daily refund limit.
  • Follow the correct authorisation procedures for manual transactions (PAN entry) where card details are entered directly into your EFTPOS terminal.

For instructions on how to perform a MOTO refund, please refer to the MOTO Help Centre.

6.0 Why Card Not Present Transactions are a Fraud Risk?

It is possible for fraud to happen with CNP transactions because the customer or the credit card is not physically present for proof. CNP fraud happens when someone else gets unauthorised access to a cardholder’s billing information and uses it to make payments. 

The person who commits fraud gets the cardholder’s payment information, like the card number, CVC/CVV code, and expiration date. And then uses it to buy things.

Not only does CNP theft hurt the customer, but it also costs the business revenue because chargebacks are common after fraudulent charges have occurred. If a customer sees that their card has been used fraudulently, they can challenge the payment with the bank that issued the card and ask for a refund. This means the business has lost the sale price and given the criminal a free good or service. If the business gets too many chargebacks, they may also have to pay a fee or risk cancellation of their merchant facility.

7.0 Chargebacks

A Chargeback is a reversal of a card transaction. Usually, it occurs when a cardholder raises a dispute with their financial institution (also known as the Issuer) in relation to a purchase made with their credit or debit card.

The processing and investigation of Chargebacks are governed by the Schemes (i.e. Visa, Mastercard® or American Express). This includes time-frames, transaction processing requirements and the acceptable documentation that banks and acquirers (such as Smartpay) must submit.

A Chargeback may result in the amount of the original sale and a Chargeback fee to be deducted from the merchant’s account. The reason why Chargebacks occur may vary; however, they are generally the result of customer dissatisfaction with their purchase or because of unauthorised or fraudulent use of their card. You as the merchant, are liable for any chargebacks received, even if you have delivered the goods/services in full.

For more information, please refer to the chargeback link in the Chargeback Guide.

7.1 Warning signs of Card Not Present Fraud Risk and potential chargebacks

The following should be used to indicate potential risk with the transaction, and further investigation is required before authorising the transaction.

  • Multiple card details: When multiple card details are presented or multiple declines occur. This may indicate the customer is trying to use card details that do not belong to them.
  • Split transactions: When you are requested to split transactions over a number of cards.
  • International cards: If the card being used is international, this carries a higher risk of fraud. Using online tools, you can look up the first six digits of the cardholder’s PAN to find out where the card is from.
  • Large or unusual orders: When items are ordered in unusual quantities and combinations and/or the total greatly exceeds your average order value. 
  • Email addresses: Be wary of customers using a free email service (i.e. Yahoo, Hotmail, Gmail). This is a potential risk as they do not require a billing relationship or verification that a legitimate cardholder opened the account.
  • Phone numbers: Use caller ID to determine where the call is coming from. Check if it is necessary for a call to be coming from a different area or country code. (Ask for the mobile number and call them back).
  • Delivery addresses: Exercise caution with orders that are being shipped to international destinations you may not normally deal with. Delivery to Post Office Boxes can also indicate potential fraud.  
  • Freight: Orders requesting express freight can be a fraud indicator as they want to obtain the goods as quickly as possible. 
  • Unlikely orders: Orders are received from locations where the goods or services would be readily available locally, or you receive an order for additional products that you do not normally see (i.e. Mobile Phones).
  • Undue Pressure: If the customer is hurrying you or insistent on processing the transaction via MOTO where you are not comfortable. This may indicate that the customer is trying to commit fraud.
  • Refund requests: Specifically, when orders are cancelled, and refunds are requested via telegraphic transfer, bank transfer or to an account instead of the card used to make the purchase.
  • Numerous orders: A small value order followed by a large order a few days later can indicate possible fraud. Fraudsters often place a very small order, hoping this will not be questioned and go undetected. Once they know the first small fraudulent transaction has gone through, they will place orders for greater value of goods, hoping this still won’t be questioned since they are now an established customer.  

When taking an order, as well as obtaining the credit card number, expiry date and full name, we recommend you also obtain the following:  

  • Cardholder’s physical address, contact phone numbers( including landline contacts).
  • The name of the Card Issuing Bank and the country the card was issued in. 

Trust your instincts! If a sale seems too good to be true, it probably is.

Was this helpful?