What does a CPP Notification (CPP) fraud notice mean?

Being the owner of a business that was associated with a Common Point of Purchase (CPP) does not mean that fraudulent purchases were made at your establishment. Rather, it means that your business was the target of a breach, during which, credit card numbers were potentially compromised. The majority of all CPPs are linked to small businesses.  If you don’t know the size of your business in terms of credit transaction volume size, head over to our quick guide to PCI compliance merchant levels.

The payment brands (Visa, MasterCard, Discover, American Express and JCB) are responsible for notifying merchant banks or acquirers (Capitol One, Bank of America, Target, etc.) of at-risk or compromised accounts by identifying patterns in spending, geography, vendor and industry.

What happens after a CPP notification is sent?

Upon receipt of a CPP notification by the payment brands, acquirers will notify the merchant and have 10 days to contain the breach. This is typically done in one of two ways; the first option is to cancel and reissue cards to their customers. Another option would be to initiate high-risk indicators on customer’s cards that may have been included in the breach. Both options are designed to prevent future fraud from occurring. Though the first option is a surefire way to prevent any additional fraud from occurring, it is expensive. Payment brands often choose to apply high-risk indicators to accounts instead. Once a breach has been completely contained and compliance has been regained, this information is relayed to the acquirer and, in turn, to the payment brand.

How can I prevent a CPP notification?

Now you may be asking yourself what you should be doing as a business owner to prevent your business from receiving a CPP notification. Our best advice is to give us a call at 877-556-8279 and talk to one our PCI compliance solution specialists. Our business is dedicated to making sure yours is safe and secure. We offer a line of cybersecurity products and services that can be used to prevent breaches from happening in the first place – saving you time and money and giving you peace of mind.


“Effectively Managing Data Breaches.” Visa, 27 May 2015.

Pin It on Pinterest

Share This