A Comprehensive Guide To Card Not Present Fraud

Are you worried about increasing fraud in your business transactions as you expand? Chargebacks and complex compliance issues can add significant operational challenges. In 2024, according to eMarketer, card-not-present fraud will make up 74.0% of card payment fraud loss, up from 57.0% in 2019.

Source: eMarketer

Furthermore, fraud can compromise customer information, damaging your reputation and customer relationships. How do you protect your business from these fraudsters’ activities?

This blog discusses everything you need to know about card-not-present fraud, how it happens, and how to avoid it.

What is card-not-present (CNP) fraud?

Card-not-present fraud is a type of credit card fraud in which a criminal makes an illegal transaction with stolen credit card information. It can occur via an online transaction, phone, or mail, and we can also call it a ‘remote purchase’ fraud.

As the name ‘card-not-present fraud’ suggests, the credit card (or the cardholder) does not need to be present during the transaction. Once fraudsters get sufficient data about the cardholder, they can commit card-not-present fraud at any time and place, making it difficult to anticipate and catch them.

Another type of fraud, ‘card-present fraud,’ is also quite popular in developed countries. Let’s examine both and see the differences between card-not-present fraud and card-present fraud.

How is card-not-present fraud different from card-present fraud?

Here are the top 4 differences between card-not-present fraud and card-present fraud.

Aspects	Card-not-present fraud	Card present fraud
Common methods	Stealing card information,Taking over a cardholder’s account, fabricating a fake ID	Stealing the physical card,Creating counterfeit cards with stolen data by cloning the magnetic stripe of a card
Risk of fraud	Greater risk of fraud since fraudsters do not need to steal any physical item to commit fraud	Lowered risk of fraud because fraudsters need to steal the physical card without alerting the cardholder
Liability for damages	Business merchants are usually liable to reimburse the cardholder since they accept CNP transactions to sell products online	The bank is generally liable for damages because the bank is responsible for the security of the customer’s account, especially for faux transactions occurring after the customer has reported the card stolen. However, if the business does not use an EMV-enabled card reader, they can be liable for the loss.
Common security systems	Relies heavily on digital verification methods such as digital KYC, online transaction PINs, CVV (card verification value), and AVS (address verification system)	Relies more on physical verification methods such as physical identification, card magnetic chip, PIN, and two-factor authentication

Now that you know the difference between card-not-present and card-present fraud, let’s see how it works.

How does CNP fraud work?

Understanding how CNP fraud works can help you protect your business. Here’s how fraudsters typically acquire sensitive information and carry out fraudulent activities.

• Fraudsters acquire the credit card information of their next victim. This data can include the credit card number, expiration date, card verification value (CVV) number, bank account password, or transaction PIN.
• Fraudsters make small transactions to verify that the card is active and not flagged. The transaction amount is so small that cardholders may not check where it originated or may not even notice it.
• Once fraudsters know that the card is working and they can make transactions, they will buy high-value items or services that can be easily and quickly resold.
• Fraudsters use drop addresses to receive goods. Using drop addresses helps fraudsters avoid revealing their true identity.
• After receiving the goods, fraudsters sell them online or through physical resale shops, where they make money.
• Fraudsters use multiple cards simultaneously with multiple vendors to maximize gains before detection.

To effectively combat card-not-present fraud, you can leverage AI-driven fraud detection solution. Solutions like HyperVerge are designed to identify and mitigate fraudulent transactions, safeguarding both your operations and your customers’ data.

Now, let’s discuss how these fraudsters get the data in the first place. 

9 Common techniques that fraudsters use to obtain card information

There are 9 common ways fraudsters can acquire a cardholder’s private data to commit card-not-present fraud.

1. Phishing: Phishing is the most common way to steal data. It includes creating a deceptive website or sending a deceptive message to trick people into sharing personal information or credit card details.
2. Digital skimming: This process involves fraudsters injecting malicious code into the merchant’s website. The criminals can easily capture customers’ payment information on the checkout page.
3. Social engineering: Social engineering is a more abstract term that refers to a fraudster appearing friendly to an unsuspecting cardholder. The fraudster then manipulates the cardholder into unintentionally revealing sensitive information they can use later.
4. Spyware: Fraudsters sneak spyware into cardholders’ devices to easily obtain sensitive information. Sometimes, the criminals also use social engineering to trick people into inadvertently installing such spyware on their devices.
5. Triangulation fraud: In this method, the criminal would create a fake website to lure unsuspecting people into entering their card information to buy a product.
6. Payment card application fraud: If a fraudster obtains someone’s personal information, steals a social security number (SSN), or creates a synthetic ID, they can use it to obtain a payment card, which they can use to make unlawful transactions, costing the bank money.
7. Hacking: Hacking is a broad term that refers to stealing personal data or credit card information by gaining illegal access to the person’s device through a virus or other malicious code.
8. Data breaches: Banks and merchants are targets of data breaches, where criminals penetrate the database and steal the stored payment information of multiple users at once.
9. Public Wi-Fi networks: If a cardholder logs in to a public network with their device, they risk exposing their sensitive information to criminals through the network.

After getting private data from any of these methods, fraudsters can operate on these transactions.

Which transactions can occur with a card-not-present fraud?

Once a fraudster gets the data required to commit fraud, they can do it in multiple ways. The following are 6 common transactions criminals can make to commit card-not-present fraud.

1. Online Card Purchases: Online card purchases refer to transactions made directly through an eCommerce platform or website, where the fraudster enters the stolen card information to complete the purchase. This is the most traditional form of online purchase.

2. Phone Purchases: These are transactions made via a mobile phone and can include app-based purchases or mobile web transactions. The emphasis on phone purchases is on the device being used, rather than the platform.

3. Digital Wallet Payments: Using a digital wallet service like Apple Pay, Google Wallet, or PayPal. The fraudster uses the stolen card information to set up or access a digital wallet account and then makes purchases through this service.

4. Card-on-File Payments: These are transactions where a merchant stores a customer’s card information for future use. The fraudster exploits this by accessing the stored information to make unauthorized purchases.

5. Recurring Payments: These are subscription-based transactions where payments are made at regular intervals. The fraudster sets up a recurring payment using the stolen card details.

6. Pickup In-Store Orders: These transactions are initiated online, but the item is picked up physically in a store. This method can appeal to fraudsters who want to obtain goods quickly and avoid shipping addresses that could be traced back to them.

How does CNP fraud happen globally?

1. North America

North American countries, specifically the US, are the biggest victims of card-not-present fraud worldwide. Businesses in the US have had to endure a significant amount of financial loss, and merchants saw a wild increase in the overall chargeback rates in the last few years.

Here are some statistics that show the severity of CNP fraud in the North American continent.

• A projection by eMarketer shows that CNP fraud will have a total loss of about $10.16 billion in 2024, compared to $3.57 billion from non-CNP frauds.
• An FTC report states that investment and imposter scams are the top two frauds in the US in 2022, costing around $3.8 billion and $2.6 billion, respectively.
• One year prior, in 2021, the FTC recorded 389,737 reports of credit card fraud.
• In 2022, the US spent about 10% of its total eCommerce annual revenue on managing payment fraud.

2. UK

The United Kingdom is not far behind in the number of card-not-present fraud victims. Similar to the US, merchants in the UK adopted new payment methods, which increased the risks of card-not-present fraud. This is what card-not-present fraud’s notoriety looks like in the UK.

• In 2022, CNP Remote Purchase fraud made up 81% of total card fraud loss in the UK.
• The same report also states that the UK suffered about £395.7 million from CNP remote purchase fraud in 2022.

3. Europe

European countries such as Germany, France, Italy, Switzerland, and Sweden have gone through a similar journey to the US and UK. Many European countries have to reserve a substantial amount of revenue for damage recovery. Here are some statistics that exhibit the infamy of CNP fraud in Europe.

• According to Fintech Futures, as of February 2024, Europe holds the second-highest share in total fraudulent B2C eCommerce transaction value, right after the US.
• Like the US, Europe also spends a hefty amount, about 10% of its annual eCommerce revenue, to manage payment fraud.

Now that you know just how many people CNP fraud affects, let’s take a look at some of the consequences of CNP fraud.

What are the consequences of CNP fraud?

Here are 5 major possible effects of card-not-present fraud.

1. Financial loss and chargebacks

When a customer falls prey to card-not-present fraud, they usually order a chargeback through the bank. Since merchants must comply with chargeback rules, they must reimburse the customer the whole transaction amount and bear the chargeback fee.

2. Loss of merchandise

Fraudsters often sell items quickly, leaving no trail behind. Hence, tracking and retrieving the sold item is very difficult after merchants become aware of a fraudulent transaction.

3. Reputational damage

If customers face frequent fraud when buying from a particular merchant, they will stop coming. Once a certain amount of customers go through this phase, the business’s reputation is at stake.

4. Identity theft

When fraudsters access a cardholder’s private data through CNP fraud, the risks extend beyond unauthorized transactions. The cardholder’s identity itself becomes vulnerable. Fraudsters often exploit this stolen information by selling it on the dark web, posing significant threats to the individual’s financial security and personal safety. This type of identity theft can manifest in various forms, each with its unique challenges and implications.

5. Possibility of closing down business

In some extreme cases, if the impact of card-not-present fraud is severe enough for small businesses, business owners may have to resort to closing down the business or even filing for bankruptcy. 

It must be clear to you that we have to prevent card-not-present fraud at all costs. Here are some ways we can do it.

5 Best strategies to prevent CNP fraud

Here are the 5 best strategies business owners can deploy to prevent card-not-present fraud.

1. Use an identity verification system in your business

Identity verification in a business helps to detect fraudulent transactions in real time. Adding extra security measures like digital KYC and facial recognition software can prevent triangulation fraud and drastically decrease the card-not-present fraud rates for the merchant.

2. Use 3D Secure or a 2FA system

The 3D Secure (3DS), also known as strong customer authentication (SCA), is a multi-factor authentication system that adds an extra layer of security between cardholders and fraudsters. 3DS and 2-factor Authentication (2FA) are security system protocols that require customers to provide some sort of verification like a single-use code or a security question during a purchase.

3. Add AVS and geolocation verification system to the transaction process

The address verification system (AVS) cross-checks the address provided on an official ID card with the one mentioned in the central databases. AVS prevents fraudsters from purchasing items on the customer’s card and sending them to a different address.

The geolocation verification system verifies the IP address and the physical location of the transaction with the cardholder’s address. If the location does not match, it can trigger a warning that the purchase might be fraudulent.

4. Implement AI capabilities in your solution

By using an AI module, you can significantly streamline fraud management processes, saving time and resources while boosting task efficiency across multiple operations.

5. Keep up-to-date with new threats

As technology advances, so do the methods used by fraudsters. It’s crucial to continuously enhance your security protocols to reflect the latest threats. Regular updates and adjustments to your fraud prevention strategies will help safeguard your business against emerging risks over the long term.

Protect your business from CNP fraud with the help of HyperVerge 

Detecting and preventing CNP, as well as non-CNP fraud, relies heavily on AI and intelligent automation. Utilizing a professional solution for fraud prevention is an effective way of shielding your business from CNP fraud.

HyperVerge specializes in identity verification technologies to combat card-not-present (CNP) fraud. Leveraging AI and intelligent automation, the company provides effective fraud prevention tools that include

• KYC (Know Your Customer)
• OCR (Optical Character Recognition)
• AML (Anti-Money Laundering)
• KYB (Know Your Business) requirements
• Face deduplication

With over 900 million identities verified, HyperVerge’s facial authentication system includes AI-based checks such as forgery checks, deep image analysis, and liveness detection. It can authenticate IDs with 99.8% accuracy in just 0.2 seconds. 

This helps to prevent the use of image injections or deepfakes. Additionally, HyperVerge’s digital KYC solution quickly and effectively identifies and removes fraudsters, further securing businesses against CNP fraud while onboarding customers.

Get a demo on how you can incorporate HyperVerge’s AI-powered solution and start preventing CNP fraud within 4 hours.

Frequently Asked Questions

1. What are the common signs of CNP fraud?

Some of the common signs of card-not-present fraud are unusual purchasing patterns, varying information from the same customer, frequent chargebacks, geographical anomalies, or unusual device fingerprints.

2. Can card-not-present fraud occur in mobile payments such as Google Pay and Venmo?

Yes, card-not-present fraud can occur in any transaction where the physical card is not present, including mobile payments.

3. Are there specific industries that are more vulnerable to CNP fraud?

Yes, industries that process a high volume of online transactions, such as retail, hospitality, and services, are more susceptible to CNP fraud because of the nature of their payment environments.