Card not present fraud: what is it and how to prevent it
Card-not-present fraud affects both online and phone transactions. Learn how the right processor can protect your business from fraud.
What is card-not-present fraud?
Card-Not-Present (CNP) fraud is a type of credit card fraud that occurs when a transaction is made without the physical card being presented to the merchant. These purchases are typically made online, by telephone, or through mail-order, where only the card details, such as the number, expiration date, and CVV, are required. When a card isn’t present, retailers find it harder to verify the legitimacy of the transaction, making CNP fraud particularly challenging to detect and prevent.
CNP fraud often happens when criminals obtain card information through data breaches, phishing scams, or the dark web, and then use it to make unauthorized purchases. For example, a fraudster might steal a victim’s credit card details in an online fraud attack and use them to buy electronics from an online retailer. This leaves the legitimate cardholder to dispute the charge with their bank and the merchant to bear the financial loss through chargebacks and fees.
Types of card-not-present fraud
Card-not-present fraud can be committed in multiple ways:
- Phishing – where the user is tricked into disclosing their credit card details, often using a fake ecommerce or banking website. The stolen card details can then be used to make fraudulent transactions.
- Chargeback fraud – where a shopper fraudulently reports a problem with their order, such as non-delivery, and claims a refund. The fraudster keeps the goods and receives a refund (chargeback) from their card issuer, leaving the retailer to cover the costs of their loss.
- Triangulation fraud – where scammers set up a fake ecommerce website and accept an order from an innocent victim for an item – say, an iPhone. The scammer then uses stolen credit card details to order the item from another, legitimate vendor, and has the iPhone shipped to their ‘customer’. The fraudster keeps the payment from their victim, while the owner of the stolen card files a chargeback with the legitimate vendor.
- Payment card application fraud – where criminals use stolen or synthetic identities to apply for credit with no intention of repaying debts accrued on the card.
How does card-not-present fraud work?
Committing card-not-present fraud is a multi-stage process:
First, the criminal must acquire a victim’s credit card information. This is achieved through data breaches, phishing attacks, skimming devices, or purchasing stolen data from organized gangs.
Next, they verify stolen details using small transactions or online verification services to confirm the card is valid and active. They will then shift focus, making unauthorized transactions through online shopping portals for larger, high-value items.
Finally, the criminal will use a safe, anonymous address to receive goods or services that can’t be tracked back to them. The goods can be resold to unsuspecting victims, generating a profit for the scammer.
How to detect card-not-present fraud?
Technology is essential for reducing business fraud rates. Tools like machine learning, real-time transaction monitoring, and multi-factor authentication can detect and prevent unauthorized transactions, all of which will be offered by your ideal card payment processing partner.
Your business can also help to defend itself by actively looking for tell-tale signs of potential fraud, including:
Unusual order patterns – A sudden spike in orders, especially involving high-value items or unusually large quantities of goods, may indicate a potential attack by fraudsters.
Multiple transactions on one card – especially those that are failed and retried, which may indicate a fraud attempt using incomplete card data.
Different shipping and billing addresses – PCN fraudsters will arrange deliveries to a safe address unrelated to the cardholder.
Orders from high-risk locations – this is particularly true for international orders.
Inconsistent delivery details – where a regular customer arranges deliveries to different addresses or locations.
How to protect your business against card-not-present fraud
Your business can begin mitigating online fraud with the following tools:
Advanced verification tools – features that confirm the CVV data printed on a card. Introducing two-factor authentication (2FA) at checkout provides an additional identity verification step that will deter low-level criminals.
Monitor transactions – setting transaction limits, in terms of value and volume, can help contain and mitigate fraud.
Secure payment gateways – the right payment processing partner will integrate all of this functionality (and more) into a single secure payments interface for comprehensive card-not-present fraud protection.
Secure payment processing with Paysafe on your side
Selecting a payment processor is more than simply choosing a company to connect your banks and credit card networks to your business. It’s a line of defense as well as a business channel.
Paysafe prioritizes your fraud and risk management requirements. Our merchant processing solutions enable your business to grow in a safe environment and protect against the rising tide of card-not-present fraud.
Card-not-present fraud FAQs
What is a card-not-present transaction?
A card-not-present transaction is any payment where the physical card is not handled or processed during checkout.
Examples of card-not-present transactions
Any payment taken online, over the phone, or by post is considered a card-not-present transaction.
What is card-present fraud?
Card-present fraud refers to transactions involving physical payment cards. These cards tend to have been stolen or cloned.
