What Is Card-Not-Present Fraud? Learn to Recognize the Threats & Know How to Beat Them
Card-not-present transactions present a great opportunity for cybercriminals.
They know that, without access to a physical payment card, it’s hard for you to know if you’re dealing with the cardholder or an imposter. Plus, thoroughly validating each customer causes friction that slows down checkout. So, when it comes to maintaining this balance, customers’ demands for speed and convenience usually win out. Unfortunately, this is often at the expense of security best practices.
In this article, we'll discuss the threat posed by card-not-present fraud (or “CNP fraud”). We’ll explore some of the common tactics fraudsters use, and offer some actionable steps you can take to protect your business.
Recommended reading
- Address Fraud: How Criminals Swap Addresses to Abuse Victims
- The Top 10 Prepaid Card Scams to Watch Out For in 2024
- How do Banks Conduct Credit Card Fraud Investigations?
- What is Synthetic Identity Theft? How Can Merchants Stop it?
- Increase in Fraud in APAC Highlights Need for Solutions
- What is SIM Swapping Fraud & How Does It Work?
What is Card-Not-Present Fraud?
- Card-Not-Present Fraud
Card-not-present fraud, or CNP fraud, is when a fraudster illegally uses stolen credit card information to make purchases through a remote channel. Card-not-present fraud usually occurs online, but can happen via any remote channel, including phone or email.
[noun]/kärd • nät • prez • (ə)nt • frôd/What is CNP fraud? The term essentially covers any unauthorized activity resulting from a payment card transaction where the physical card was never presented to the merchant. In other words, the buyer’s payment information was bogus, but since you couldn’t see the actual card, you took it at face value.
Of course, once that customer gets a glance at their statement and sees those unauthorized purchases, their first response will be to call their bank. A chargeback is filed, the merchandise you shipped is gone forever, and you’ll be held liable for the cost, plus additional fees.
How Does CNP Fraud Happen?
Without any prevention measures in place, an online transaction really only requires a card account number, plus the card’s expiration date and CVV security code. Illegally obtaining that information is easier than you might expect.
Personal details from data breaches often end up on the dark web, where fraudsters can buy batches of account numbers for pennies on the dollar. Those numbers may come with actual card expiration dates and CVVs. Or, the crook may mix and match card details, either manually entering information or using bots, until they find a combination that works.
This is a very fast-growing problem. According to Mastercard, global eCommerce fraud topped $48 billion in 2023. It gets worse; the cumulative global losses to online payment fraud are predicted to exceed $343 billion by 2027.
CNP chargebacks cost you much more than the original transaction amount, too. You also lose the value of the merchandise, and incur hefty fees. All totaled, the average fraud incident will cost you $3.75 per every dollar lost during the attack itself.
Top 10 Card-Not-Present Fraud Threats
There’s a vast array of tactics that fraudsters can use, and they come up with new attack methods all the time. Let’s look at some of the most commonly used tactics for card-not-present and contactless payment fraud:
As you might suspect, these ten tactics are only the tip of the card-not-present iceberg. There are too many card-not-present fraud threats to list them all.
What Should You Do if You Suspect Card-Not-Present Fraud?
So, let’s say there’s a card-not-present transaction that you suspect is fraudulent. How do you stop it?
Unfortunately, by the time you see any “red flags” suggesting a purchase is fraud, the transaction will have already happened. With the right tools, you may be able to avoid a chargeback. But, the fraudster will probably still get away clean. And in many cases, you’ll be liable for the loss: from the bank’s perspective, you let the fraud happen, so it’s your responsibility.
That said, both issuers and card networks are aware of the problem, and have had a measure of success fighting card-not-present fraud. Unfortunately, the benefits often don’t trickle down to the merchant level. The best protection against card-not-present fraud is you.
How Do You Prevent Card-Not-Present Fraud?
Card-not-present fraud prevention needs to be approached as a long-term project. The most effective strategies rely on combining multiple fraud fighting tools on a consistent basis. These should be deployed strategically, augmented by best practices, and backed by relevant and accurate metrics such as these:
There’s no magic formula for distinguishing between real customers and fraudsters. However, there are a number of effective tactics you can deploy. Here are few examples of best practices you can put in place to help mitigate risk:
Since you never come face-to-face with your customer, it’s critical to develop a detailed profile for each buyer. This can be done by deploying fraud-detection tools like address verification (AVS), card verification codes, 3D Secure 2.0, and so on.
When it comes to anticipating card-not-present fraud, more customer information gets you better metrics and better decisioning. Things like card numbers, billing and delivery addresses, IP information, and purchase history, for example, will come in handy if you need to fight a claim
Keeping meticulous records affords more opportunities to detect and avoid CNP fraud. You develop better fraud KPIs and refine fraud detection tools. The data can be used for refining your strategy, and can also help when integrated with technologies like Order Insight and Consumer Clarity. Just be sure your data collecting adheres to compliance regulations.
AI or automated tools can be paired with your internal processes to gauge fraud risks for each transaction. These technologies examine multiple factors and deliver a simple score, allowing for “up-or-down” decisioning. This data can also help in creating “blacklists” of potential fraudsters.
Criminals will often switch back and forth between tactics to throw you off their trail. Knowing their tricks — and how to spot them — is a great way to block their efforts. Common red flags include changes in account information, multiple password resets, and a number of failed login attempts.
You can eliminate many friendly fraud triggers by providing excellent customer service and adhering to security best practices. You should also create a contingency plan, using tools like network inquiries and chargeback alerts as a last line of defense against chargebacks.
You can’t win a reversal on card-not-present fraud chargebacks if the cardholder is actually a victim. In cases of friendly fraud, however, fighting invalid claims through representment lets you retain revenue. It also shows would-be fraudsters that you’re not an easy target.
Chargebacks911 Can Help
Card-not-present fraud is just one example of the ways in which bad actors are looking to gain at your expense. That said, it’s important to note that criminal fraud is highly preventable through smart strategies and wise best practices.
CNP fraudsters may have the tools to overcome one or more fraud detection tactics…but the experts at Chargebacks911® have the experience and expertise to fight all types of fraud. Contact us today to learn more.
FAQs
What is a card-not-present fraud?
Card-not-present fraud, or CNP fraud, happens when a bad actor makes illegal purchases through a remote channel using stolen credit card information. CNP fraud usually occurs online, but can happen via any remote channel, including phone or email.
How do I stop card-not-present fraud?
Suggestions for CNP fraud prevention include requiring billing address (AVS) and CVV verification, employing 3-D Secure protocols, using tools like fraud filters, and tracking down phishing sites that may be trying to imitate your brand.
How do I protect my card from not-present fraud?
For cardholders, fraud prevention largely depends on vigilance. To protect yourself from identity theft and credit fraud, monitor all your online accounts for red flags, use strong passwords (and change them from time to time), and take care when making purchases using public-access networks (airports, coffee shops, etc.).
How much does card-not-present fraud cost?
Card-not-present (CNP) fraud accounted for an estimated $9.49 billion in losses in 2023. An estimated 73.0% of card payment fraud losses in that period came from CNP fraud.
What is an example of a card-not-present transaction?
CNP transactions are payment card transactions in which the physical card is not seen or handled by the merchant. This umbrella term covers eCommerce (online shopping), purchases made over the telephone or mobile device, mail order sales, card-on-file payments, and transactions using a digital wallet.