Professional Documents
Culture Documents
Copyright................................................................................................................................ 3
Introduction ................................................................................................................................ 4
What the Risk Management Results Mean and What Action is Needed............................. 14
Procedures to Adopt................................................................................................................ 21
1
Introduction to Fraud
Screening ............................................................................................................................. 23
Website Warning.................................................................................................................. 24
Communications .................................................................................................................. 24
2
Introduction to Fraud
The fraud prevention measures that WorldPay and our banking partners use.
The checks you can make and the procedures you can adopt when making decisions
about shipping orders.
Use this guide in conjunction with the Cardholder Authentication Guide and the Payment
Notifications Guide, which provide detailed information about specific tools and measures.
Update History
Copyright
© WorldPay (UK) Limited
While every effort has been made to ensure the accuracy of the information contained in this
publication, the information is supplied without representation or warranty of any kind, is
subject to change without notice and does not represent a commitment on the part of
WorldPay (UK) Limited. WorldPay (UK) Limited, therefore, assumes no responsibility and
shall have no liability, consequential or otherwise, of any kind arising from this material or any
part thereof, or any supplementary materials subsequently issued by WorldPay (UK) Limited.
WorldPay (UK) Limited has made every effort to ensure the accuracy of this material.
3
Introduction to Fraud
Introduction
What is Introduction to Fraud?
Put simply, this introduction to fraud is about how you can maximise profit and reduce your
losses due to fraud when you are trading online.
Online trading has massive potential, unfortunately its very success attracts fraudsters of
many kinds: some use stolen cards or stolen card details and passwords, others deny
receiving goods and demand refunds - and, as you will see in this guide, there are many
other ways fraudsters will attempt fraud.
To counter fraud, and to help protect you from losses, we provide a range of automated anti-
fraud measures that operate within our payment service and across our connections to bank
systems; we carry out fraud checks on every card-based transaction we process.
Although these measures offer a high degree of protection - you can think of them as your
first line of defence - you can add additional measures to further improve your defences
against fraud.
For example, if your business handles a small number of high value transactions per day, an
effective measure could be to manually review each transaction. This might not be realistic if
you handle a large number of transactions, but there are other options open to you. This
guide describes a range of procedures and checks that you should consider adopting within
your overall anti-fraud strategy.
Alerts Procedure
4
Introduction to Fraud
Fraudulent purchase – In this case the fraudster’s aim is to use the anonymity
provided by the Internet to obtain goods for delivery often to a foreign, temporary or
unoccupied address using fraudulently-obtained cards or card details.
Card verification testing - In this case the fraudster’s main aim is to use your
website as an entry point into the card authorisation system.
The fraudster may have a batch of card numbers and will place a dummy order on
your site with each card number in turn to discover if the card is authorised or not. An
authorised card will probably be used later in a fraudulent purchase, very often with
another website rather than just yours. Generally, the billing/delivery detail is
incorrect and often completely meaningless, as this kind of fraudster typically doesn’t
expect or want delivery.
Sadly, charity sites are often targeted by this kind of fraudster. Note that you may still
be liable for chargebacks with this type of fraud.
First Party Fraud
Refund or chargeback fraud - In this case the genuine cardholder falsely denies
having ordered and/or received goods, and then claims either a refund or a
chargeback.
What We Provide
We provide a number of automated tools and measures to help combat fraud. These are
described in Tools We Provide. The tools make standard checks, in real-time, on every
transaction we process by communicating with the card issuer, to ensure that:
Address Verification Service (AVS): The card issuer makes checks on the address
details entered by shoppers.
Card Verification Code (CVV2, CVC, CSC): Banks and card issuers check the
security codes that are printed, but not embossed, onto cards.
5
Introduction to Fraud
AVS, CVV2 and cardholder authentication are free as part of our standard payment
processing services. However, you will need to register for the cardholder authentication
schemes by contacting us. We then contact the card issuer on your behalf. Note that the
registration process can take a few days.
You should use our automated tools as part of your overall strategy. Some of these tools will
help you identify and highlight risk, while others will provide additional information and some
protection from chargebacks.
For more information on the checks and procedures we suggest incorporating within your
strategy, please refer to Checks to Make and Procedures to Adopt.
Keep Informed
You should always keep abreast of the scams and rackets operated by online fraudsters.
There are a number of useful web sites dedicated to fighting fraud which can be used to find
up-to-date information including http://www.cardwatch.org.uk/.
Fraud often targets the weakest link and as the payment environment changes fraud will
adapt. The successful roll out of Chip and Pin has provided significant protection for
merchants trading in the cardholder-present environment but it has increased fraud pressure
on the cardholder-not-present environments of mail order, telephone order and ecommerce.
Some fraudsters are very tech-savvy and produce highly convincing scams to obtain financial
details, for example, email phishing.
Phishing - emails and telephone calls supposedly from a bank or supplier requesting
account, PIN and password information. These scams vary widely in their
sophistication, from elementary to very complex and convincing, but most are
successful because of their scale.
6
Introduction to Fraud
Large numbers of people (sometimes hundreds of thousands) are targeted and even
a small success rate means that substantial numbers of people do hand over PINs
and passwords along with account details. The risk to you is the fraudulent use of
these details on your website, which can be difficult to detect.
Pharming - where website traffic is redirected to a bogus website. The bogus site
can then gather account and card details from shoppers. Pharming can be done in a
number of ways, by placing advertising to direct shoppers to the bogus site or by
viruses changing files on a victim's computer or DNS server for example.
Chargeback Losses
Although you might not be able to avoid chargebacks due to fraud completely, you can
reduce your losses by adopting appropriate procedures, as described in this guide.
If you are enabled for Verified by Visa, MasterCard SecureCode for MasterCard and Maestro,
and American Express SafeKey, you can benefit from Liability Shift, where you can be
protected from certain fraud-related chargebacks on card transactions.
Please refer to the chapter Chargebacks - Avoiding Losses for more information.
7
Introduction to Fraud
Tools We Provide
You can use the following features and automated tools to prevent fraud:
Capture Delay
For more information about Capture Delay, see the Payments & Orders Guide.
Capture Delay enables you to specify a delay between the authorisation of a payment and its
capture. This can be helpful when determining whether you should fulfil an order since it
allows you time to assess a transaction.
8
Introduction to Fraud
When a payment has been delayed in this way, it means that the funds have been reserved
by the card issuer, but they will only be transferred either:
At the end of the delay period when an automatic delay expires, if you are using
automatic capture.
When you manually capture the payment using the Merchant Interface.
Automatic Capture
You can use the Merchant Interface to activate the automatic capture delay for credit card
payments and certain ELV payments (used in some European countries), and to set the
number of days delay for the automatic capture. To avoid the risk of authorisations expiring,
check that you use an appropriate length of the delay period.
This feature depends on the ELV acquirer, and has to be activated for you
by WorldPay.
Manual Capture
Once again, you should take care with the length of the delay to avoid the risk of
authorisations expiring.
Cardholder Authentication
This topic is fully described in the Cardholder Authentication Guide, please refer to it for
further details.
Verified by Visa, MasterCard SecureCode for MasterCard and Maestro, and American
Express SafeKey are cardholder identity authentication solutions, which allow cardholders to
confirm their identity by supplying a password when shopping online. Cardholder
authentication therefore reduces instances of online fraud.
9
Introduction to Fraud
The results of these checks are also fed into the Risk Management service, which monitors
transactions and warns you of possible fraudulent transactions. Please refer to Risk
Management service for details.
Additionally, you are protected from certain fraud-related chargebacks on card transactions,
where the cardholder did not make the purchase. For more information, please refer to
Chargebacks - Avoiding Losses.
For more information about the various authentication schemes, see the following Websites:
MasterCard SecureCode
(http://www.mastercard.com/securecode/securecode_main.html)
Maestro SecureCode
(http://www.mastercard.com/securecode/securecode_main.html)
With online transactions, there is usually no written evidence that the cardholder used the
card or that they received the goods or services. The liability for losses related to online
transactions therefore lies with you. Although you might not be able to avoid fraud-related
chargebacks completely, you can reduce your losses by adopting appropriate procedures, as
described in this guide.
You can also benefit from Liability Shift by enrolling with the cardholder authentication
schemes such as Verified by Visa, MasterCard SecureCode for MasterCard and Maestro,
and American Express SafeKey. Please contact us to enroll.
If you are enabled for cardholder authentication schemes you can protect your business from
certain fraud-related chargebacks on card transactions.
According to Visa, over 80% of all chargebacks fall into fraud-related category. Liability for
this type of chargeback passes from the merchant to the card issuer, even if the card issuer
is not a participating member of the scheme or if the cardholder is not enrolled.
10
Introduction to Fraud
These authentication schemes are designed to increase confidence in online shopping and to
reduce your exposure to fraud. For more information about authentication schemes, please
refer to the Cardholder Authentication Guide and Cardholder Authentication.
Both services are available to all of our merchants as standard at no extra cost. Please note
that although most card issuers support these checks, some do not.
We support these services in conjunction with banks and card issuers. We pass the
information entered by the shopper to our banking partners who pass it to the card issuer for
comparison with their records. The results of the comparison are then passed back to you.
The card issuer must support AVS (and/or CVC/CVV2) in order that the comparison can take
place.
You can examine the results of these checks (as shown in the table below) in the Merchant
Interface and the confirmation email. The results are also fed into the Risk Management
service, which may generate an alert if one or more of the checks fail. Please refer to What
the Risk Management service Results Mean for details.
Where the card issuer does not provide AVS (and/or CVC/CVV2) support, a 'not checked'
response is returned.
AVS enables elements of the billing address and postcode, entered by the shopper, to be
compared against the card issuer's records during the payment process. The billing address
must be the address to which the card statement is currently sent, and must match the
address held by the Card Issuer. Results for the address and postcode are returned
separately. Note that AVS is not widely used outside the UK and USA.
The Security Code Verification service enables the card security code entered by the shopper
to be compared against the card issuer's records during the payment process.
The card security code is a number printed on the card. The number is not embossed on the
card, nor is it encoded in the magnetic stripe; it is not printed on receipts etc, making it harder
for anyone other than the person reading from the card to know what the code is. This helps
prevent 'cardholder not present' fraud. Security codes are now printed on the vast majority of
credit/debit cards.
11
Introduction to Fraud
The format and position of the security code varies across card-schemes. Some cards have a
three-digit number printed at the end of the cards’ signature strip. Some cards (AMEX, for
example) have a four digit number on the front of the card.
Some card issuers refer to this number as the 'Security Code', others as the 'personal
security code' and others as 'Card Verification Value'. In addition, it may also go by the name
of 'CVV2' for Visa Cards, 'Card Verification Code' (CVC) for Mastercard/Eurocard and
'Security Code' for AMEX cards. Our payment page offers guidance to the shopper as to
which number is the Security Code.
The Risk Management service monitors each transaction and provides automated alerts
indicating transactions with elevated risk. This helps you to make a more informed decision
on whether or not to ship goods.
The automated alerts are sent to you via the methods listed below:
Note that the results of the other automated tools, such as AVS/CVV and
authentication, are also fed into the Risk Management service.
12
Introduction to Fraud
You can make the Risk Management service more effective by tailoring its fraud checking.
You may create extra blocking filters (or 'blocks'), to detect and block various shopper details,
based on your previous experience. For example, your added filters could detect - and block -
orders from known fraudulent shopper names, or various ranges of email and IP addresses.
Please refer to Screening in Procedures to Adopt for further details, and contact us if you
want to apply country blocks.
No Risk Result
If no risk result is shown on a transaction, this indicates that no alert was issued from the Risk
Management service for that transaction.
However, this does not necessarily guarantee that it is a good transaction, standard
cautionary measures should also be taken before shipping. For more information, please
refer to Checks to Make and Procedures to Adopt.
Generally we pass on indications of risk to you so that you may make further investigations.
However, we may very occasionally block transactions where specific risk criteria have been
identified.
We are unable to process the transaction at this time. Check you have
entered the correct details or retry with another card. Alternatively,
contact the merchant to arrange an alternative means of payment.
The option to retry with another card allows legitimate shoppers to consider their options.
13
Introduction to Fraud
This section is relevant only if you have a number of Merchant Ids within an Administration Id.
Generally, when you set a block with the Risk Management service, the scope of the block
will be at the Administration Id level, that is, it will apply to all of your Merchant Ids within your
Administration Id.
Please contact us if you want to be able to specify blocks that are specific to particular
Merchant Ids.
Such warnings are purely for your information - the shopper is NOT alerted. If the transaction
has been authorised by the bank, the shopper will assume that the transaction is being
processed. Shoppers are alerted only if a transaction is actually blocked - please refer to
Blocked Transactions - What You See for details.
14
Introduction to Fraud
Please also refer to When You Suspect Fraud if you wish to take further action.
Unfortunately, we cannot provide you with additional information regarding the exact reason
for an alert. The parameters used by the Risk Management service to provide you with alerts
may change over time, it is important that we protect the details of its operation to make it as
difficult as possible for fraudsters to circumvent the system.
We are also prevented by Data Protection legislation from divulging details of specific
shoppers' purchasing activities with other merchants other than to the proper authorities.
15
Introduction to Fraud
Checks to Make
This chapter describes the checks you can make as part of your managing fraud strategy.
We strongly suggest that you consider the checks described in this chapter, and to implement
those with specific relevance for your type of business.
The checks can be incorporated into your managing fraud procedures, please refer to
Procedures to Adopt for more details.
Note that when you identify high-risk names, email addresses and IP
addresses by using the checks, you can update the referral lists in the Risk
Management service to provide blocks against them.
A shopper whose name is not correctly formatted and/or shows nonsense details.
A mobile phone as the contact number.
Check that the area code of the phone number matches with the address by using
one of the free web-based look-up programs such as (UK only)
http://www.ukphoneinfo.com/section/tci/locator.shtml.
Check the shopper name with Directory Enquiries http://www.bt.com/directory-
enquiries/dq_home.jsp (UK) and http://www.infobel.com (outside the UK) to verify the
address and telephone number.
Small discrepancies in shopper name and contact information carry a lesser overall risk, as
shoppers sometimes make minor errors when entering their details.
The Risk Management service enables you to automatically block transactions from specified
cardholder names.
If the domain looks ok, send an email to the email address supplied to confirm that it
exists, if it doesn’t it may be returned by your email server as undeliverable. Note that
the delay before the response is received depends on your email server and may be
16
Introduction to Fraud
several hours, to determine the typical delay you should send some test mails to non-
existent email addresses.
Shoppers often make mistakes when entering their email addresses and some of
these are easy to pick up, such as another character where the '@' symbol should
be, misspelling of .co.uk, .com, etc. You may also be able to detect obvious
misspelling by comparing the name with the email address.
If you aren’t able to identify an obvious problem and if the email address cannot be
delivered, you should try to contact the shopper on the telephone number provided.
IP address - the IP address is a unique identifying number given to a PC, usually by
an Internet Service Provider (ISP), when it connects to the internet. An ISP will reuse
IP addresses as users connect and disconnect but the addresses will always be from
a specific range allocated to the ISP.
Check the IP address supplied on the order confirmation with Free IP Address
Lookup at http://www.ip-to-location.com/free.asp and verify that the IP country
matches the billing country.
The Risk Management service enables you to automatically block transactions from IP
addresses that you know from experience have been associated with fraud in the past. As IP
addresses are re-used, blocking a single address is usually a short-term remedy as the
shopper can reconnect to the ISP and get a new IP address. Screening a range of addresses
is much more powerful.
However, blocking any address should be approached with caution. You could easily block a
very wide range of addresses and accidentally include a significant portion of another ISP’s
users such as AOL.
17
Introduction to Fraud
Address Checks
The following checks can help to identify a fraudster, consider implementing them as risk
indicators in your managing fraud procedures.
Address checking is a very useful measure. A fraudster who has obtained card data by
copying elements from a card will not usually have the genuine user's billing address so must
invent one.
Order Checks
The following checks can help to identify a fraudster, consider implementing them as risk
indicators in your managing fraud procedures:
a shopper ordering unusually large amounts of an item without any preference for the
size, colour, make or model
an existing shopper who suddenly orders an unusually large volume of goods
a small order or, conversely, a big order
top-of-the range item or multiples ordered
a repeat order shortly after the first, which is in itself unusual
call the phone number to confirm the order details and check that the number and
shopper exist.
If it is normal for your shoppers to buy from you repeatedly in a short period
of time, and you correspondingly receive false alerts from our Risk
Management service, please contact us and we will review your alert
parameters.
18
Introduction to Fraud
Delivery Checks
The following checks can help to identify a fraudster, consider implementing them as risk
indicators in your managing fraud procedures:
Country Checks
Carrying out checks on shoppers whose billing country does not match the country in which
the card was issued can help identify fraudsters. This particular result is shown on your email
confirmation, and in the Merchant Interface and we advise implementing this as risk indicator
in your managing fraud procedures.
High-Risk Countries
The countries identified in the table below are considered high-risk as purchases originating
from them have much higher incidences of fraud. To help you identify fraudsters, payments
made by shoppers with IP (Internet Protocol) addresses in these countries are likely to be
declined by our fraud screening tool (Risk Management service).
If a shopper purchases their goods/services from, or requests delivery to one of the countries
shown in the table below, we advise you carry out further manual checks before deciding to
accept the transaction.
If you are having specific issues with fraud from one or more countries you can request to
add more country restrictions to your Risk Management service. A country restriction can
stop all future orders where at least one of the following shopper details matches your
country criteria.
Billing country
Card issue country
IP country
Note that this may only be requested as an anti-fraud measure, it must not
be used as part of a business process, that is, to limit your orders to
regions where you have shipping options available.
19
Introduction to Fraud
Pattern Checks
The following checks can help to identify a fraudster, consider implementing them as risk
indicators in your managing fraud procedures:
Unusual buying patterns by the shopper, for example, unusually frequent purchasing.
Fraudsters often make repeat purchases and some part of the order detail is usually
common, for example, the same email address.
20
Introduction to Fraud
Procedures to Adopt
This chapter describes procedures you can adopt to help reduce your risk of fraud. We
strongly suggest that you consider the procedures described in this chapter, and implement
those with specific relevance for your type of business.
Your managing fraud procedures should incorporate some of the checks described in Checks
to Make.
Note that trading rules can affect the level of risk you are exposed to. For
example, you cannot refuse to sell on the basis of the cardholder country
alone - in such a case you will need to review the other details before you
can say "No".
You are at greater risk from fraud if you supply high value, branded or otherwise easily traded
consumer products that are easy to transport and store.
New enterprises that are not well known retailers also tend to attract fraudsters, who
speculate that the merchants will be inexperienced. Similarly, in the service industries, those
services that seem easy to deny having been booked or received also rank highly for fraud
risk.
Your order acceptance risks. For example, you can review all orders above a certain
amount.
Your delivery risks. For example, you can only provide immediate shipping to trusted
shoppers such as those who have traded with you and have a good record, or you
can decide to immediately ship all orders below a certain value if the automated tools
do not provide alerts.
Your chargeback history. If you are experiencing too many chargebacks we
recommend that you reassess your existing procedures and adopt procedures to
review your chargeback history at regular intervals.
High chargeback/fraud levels could affect our ability to provide you with a
payment service because of card programs rules relating to excessive
chargebacks/frauds.
21
Introduction to Fraud
Order Acceptance
Adopt an order acceptance procedure, which includes an accept, review, reject process.
There should be no doubt about which orders can be filled immediately and which should be
reviewed. You could include some or all of the following:
establish the criteria for which orders you will accept - for example, orders below £15
where both Address Verification and Card Security Code match
establish the criteria for which orders should be reviewed – for example, all orders
over £75, and all orders with either Address Verification or Card Security Code
mismatch
establish the criteria for which orders should be rejected – for example, all orders
over £75 where both Address Verification and Card Security Code mismatch and the
delivery address differs from the billing address.
Capture delay can be used to provide additional time for you to check orders before capturing
the payment.
Respond to Alerts
Adopt a procedure, tailored to your business that specifies how you will respond to alerts.
For example, you may want orders with Caution alerts to be filled if the order value is below
a certain limit, but want a review of all orders with Warning alerts, regardless of the order
value.
An alerts procedure can be quite simple, such as the one shown below.
Alerts Procedure
22
Introduction to Fraud
Screening
Adopt a screening procedure that clearly identifies and blocks risky names, email addresses
and IP addresses, etc.
As part of that procedure you should specify the conditions under which you carry out
updates to the referral lists in the Risk Management service. For example, every week or as
soon as you have information about a suspicious name or IP address.
We recommend that you include the following checks in your screening procedure:
Country Checks
Contact us if you want to restrict high-risk countries.
Payment Methods
Adopt a procedure that specifies the acceptance level for each payment method you select.
Select your payment methods in accordance with your risk; consider their specifications and
acceptance level in your target audience. Make sure you understand the specifics of each
method. For instance, some card schemes do not support Authentication and, hence, do not
support Chargeback Liability Shift, which means that you are always liable for chargebacks
rather than the card issuer.
Note that future changes to legislation may affect payment methods for
certain kinds of online business. For example, recent legislation in the USA
has banned credit card payments for online gambling.
Customer Registration
If you have specific risks and your target customer group will tolerate it, then you might
consider an enforced registration procedure for new customers that will exclude some of the
potentially riskier shoppers. For example, allowing a probation period during which customers
build up a payment history.
Predefine and publish the conditions for registration and for upgrade to full membership. For
example, include: the minimum number of orders; the minimum time frame as a customer;
and similar.
If incidents do occur, move the customer in question from your client list to a suspense file,
against which new orders can be checked.
require full name and address details - do not accept free ISP-addresses (@hotmail
and such), since no registration with these providers is required and consumers
therefore remain untraceable
require registration in current telephone directory (for ex-directory applicants ask for
phone bill details)
23
Introduction to Fraud
Delivery Procedure
Adopt a delivery procedure, including, for example, some of the following - depending on your
risk:
Website Warning
State clearly on your website that, in case of fraud, the proper authorities will be informed and
legal action will be taken.
Communications
Ensure that all personnel involved, including external suppliers, such as delivery and parcel
services, as well as your own staff, are fully aware of your procedures and their importance.
For example, ensure that your delivery service knows that they should not leave goods on the
doorstep, if this is a part of your delivery procedure.
24
Introduction to Fraud
If you are in doubt about a transaction, we cannot stress enough the importance of
completing further, manual checks, as the final decision lies with you.
Note that when you identify high-risk names, email addresses and IP
addresses, you can update the referral lists in the Risk Management
service to provide blocks against them.
Taking Action
If your decision is NOT to proceed with a transaction you must advise the shopper you are
not going to fulfil the order and either promptly perform a full refund using the Merchant
Interface, or, if you are using automated capture with capture delay, you must cancel the
payment manually with the Merchant Interface .
If you believe that you have fraudulent transactions on your account, or have discovered an
attempted deception against you, you can contact your local police station to report the
suspected crime directly to them (regardless of where the suspect crime/point of delivery is).
The most effective way to report the suspected crime is to submit your complaint in writing to
the police using the form produced by APACS, which can be found at
http://www.cardwatch.org.uk.
Note that in the United Kingdom, all crime is reported territorially to the
local police stations and not directly to the National Hi-Tech Crime Unit
(NHTCU). Please visit the NHTCU website www.NHTCU.org for further
information regarding the role of this organization.
You need to ensure that your terms and conditions are clearly visible to shoppers before they
place orders and ideally the checkout process should include explicit acceptance of the terms
by the shopper before an order can be placed. You should include your right to reject orders
and specify the point in the order/delivery process where the order is accepted. You should
take specific legal advice in relation to your business and applicable law. However, a possible
clause to cover this would be as follows:
25
Introduction to Fraud
"Order acceptance and the completion of the contract between you and us will take
place on the dispatch to you of the Products ordered, unless we have notified you that
we do not accept your order, or you have cancelled it in accordance with the
instructions in How to Cancel an Order.
26
Introduction to Fraud
We strongly recommend that you consider the checks and procedures described in this
guide, and implement those with specific relevance for your business requirements. We also
recommend that you enroll with cardholder authentication schemes such as Verified by Visa,
MasterCard SecureCode for MasterCard and Maestro, and American Express SafeKey.
Please contact us if you want to enroll.
With online transactions, there is usually no written evidence that the cardholder used the
card or that they received the goods or services. The liability for losses related to online
transactions therefore lies with you. Although you might not be able to avoid fraud-related
chargebacks completely, you can reduce your losses by adopting appropriate procedures, as
described in this guide.
You can also benefit from Liability Shift by enrolling with the cardholder authentication
schemes such as Verified by Visa, MasterCard SecureCode for MasterCard and Maestro,
and American Express SafeKey. Please contact us to enroll.
If you are enabled for cardholder authentication schemes you can protect your business from
certain fraud-related chargebacks on card transactions.
According to Visa, over 80% of all chargebacks fall into fraud-related category. Liability for
this type of chargeback passes from the merchant to the card issuer, even if the card issuer
is not a participating member of the scheme or if the cardholder is not enrolled.
These authentication schemes are designed to increase confidence in online shopping and to
reduce your exposure to fraud. For more information about authentication schemes, please
refer to the Cardholder Authentication Guide and Cardholder Authentication.
27