Fraud Prevention / Understanding Card Not Present (CNP) Fraud

Understanding Card Not Present (CNP) Fraud

Sarah Hunter-Lascoskie

Sarah Hunter-Lascoskie

worried man in front of computer identity fraud

As the world becomes increasingly digital, the landscape of fraud has evolved, with Card Not Present (CNP) fraud becoming one of the most pressing concerns for businesses, financial institutions, and consumers alike. CNP fraud occurs when a transaction is made without the physical card being present, typically in online, phone, or mail orders. The rise of e-commerce and digital payment methods has provided fertile ground for this type of fraud to flourish, and it shows no signs of slowing down.

The Rise of CNP Fraud

The rapid growth of online shopping and digital payments has significantly increased the volume of CNP transactions. According to industry reports, e-commerce sales are expected to continue growing, with a corresponding rise in CNP fraud cases. This trend is partly due to the enhanced security measures for Card Present (CP) transactions, including EMV chip technology, which have made in-person fraud more difficult. Ever evolving, fraudsters have lately shifted their focus to CNP transactions, where security measures are often less stringent.

How CNP Fraud Gets Its Information

CNP fraud typically involves the unauthorized use of stolen card information, including card number and security code, as well as stolen or discovered personally identifiable information (PII) to make purchases online or over the phone. Fraudsters can obtain card and personal details in several ways, including:

  • Phishing: Fraudsters send fake emails or messages to trick individuals into providing their card or personal information.
  • Data breaches: Large-scale breaches of companies’ databases can expose millions of credit card details, which are sold on the dark web for use later by bad actors. In 2024 alone, there have been one billion stolen records, and the number is only growing.
  • Malware: Bad actors can use malware to steal card information directly from a victim’s computer or mobile device.
  • Social engineering: Fraudsters may impersonate legitimate entities to extract card information from unsuspecting victims.

The CNP Fraud Process

Once fraudsters have card details, they can make purchases without needing the physical card. Bad actors will often “test” their stolen information with small transactions that may go unnoticed by a cardholder before moving on to bigger purchases.

Fraudsters can use various techniques to avoid detection, such as placing orders for digital goods or services, which are more difficult to trace and can be shipped to them quickly. They may ship items to addresses that can’t be traced to them in another effort to avoid detection, or they resell physical items for cash. After their purchases are complete, the bad actors will often close whatever transaction route they used very quickly, either by discarding the account or using stolen credentials to change account details.

Merchants are typically liable for these fraudulent CNP transactions.

The Growing Threat of CNP Fraud in a Digital World

The digital age has brought numerous conveniences, but it has also introduced new avenues for fraud. Several factors contribute to the growing threat of CNP fraud:

  1. Increase in E-commerce: The convenience of online shopping has led to a boom in e-commerce, with more people than ever making purchases online. This trend has expanded the pool of potential victims and made it easier for fraudsters to operate.
  2. Mobile Payments and Digital Wallets: As mobile payments and digital wallets become more popular, they present new opportunities for CNP fraud. If users don’t secure their devices properly, or if the platforms are compromised via a breach or poor identity verification practices, these platforms can be vulnerable to fraud attacks.
  3. Cross-Border Transactions: Online shopping is a global enterprise. That means that CNP can be transnational, making it harder to trace and prosecute offenders. Fraudsters can exploit differences in security standards and law enforcement capabilities across countries.
  4. Sophisticated Fraud Techniques: Fraudsters are getting better at evading security protocols and are continually developing more sophisticated methods to carry out CNP fraud. Fraudsters are increasingly using artificial intelligence to automate attacks, creating convincing fake websites, and exploiting vulnerabilities in payment processing systems.
  5. User Experience and Security: Consumers increasingly demand less friction and inconvenience when making purchases, and businesses are often working to balance the risk of identity and other fraud with customer experience.

Mitigating CNP Fraud

Despite the growing threat, there are several strategies that businesses and consumers can adopt to mitigate the risk of CNP fraud:

  • Multi-factor Authentication (MFA): Requiring additional verification methods, can offer increased security. Multi-factor authentication uses three categories of factors, including something you know, something you have, and who you are, including biometrics. Using powerful MFA driven by biometrics can significantly reduce the likelihood of fraud.
  • Step-up Authentication: Trigger more security protocols for higher risk anomaly transaction or high-dollar amount purchases via ID verification or biometric authentication.
  • Tokenization: This process replaces sensitive card information with a unique identifier or token, which can be used for transactions without exposing the actual card details.
  • Real-Time Fraud Detection: Leveraging machine learning and AI, businesses can monitor transactions in real-time to detect suspicious activity and flag or block potentially fraudulent transactions, looking for signals like unusual order patterns, rush shipping, incosisntencies in order details, and more.
  • Data Enrichment: Merchants can use data enrichment, which takes single data points and uses them to aggregate information from other, external sources ot collect extra information in their fight against fraud. This additional information can help detect discrepancies in user behavior.
  • Consumer Education: Educating consumers about the risks of CNP fraud and encouraging safe practices, such as using secure payment methods and being cautious with personal information, can help reduce the incidence of fraud.
  • Data Protect Practices: Merchants should use online security tools like SSL and encrypt data to ensure they are safeguarding sensitive consumer information.
  • Velocity Rules: Velocity rules can be useful to calculate risks in transaction fraud and look at connections and combinations of points happening during a transaction, including an address that is connected to multiple cards in a short time, a high number of transactions on a single card, multiple high-priced orders in a day, and more. These checks can illuminate suspicious and potentially fraudulent transactions.

Card Not Present Fraud is Prevalent, But Best Practices and Technology Can Help

Like so many types of fraud, Card Not Present fraud is an ever-evolving threat in our increasingly digital world. Merchants and consumers must stay one step ahead of bad actors who are using increasingly savvy methods to steal and use PII and card data. By staying informed and adopting proactive measures, businesses and consumers can protect themselves from this growing menace. The battle against CNP fraud is ongoing, but with continued vigilance and innovation, the tide can be turned in favor of security and trust in the digital marketplace.

Identity verification can help businesses like yours to prevent and detect fraud attempts like CNP. AuthenticID’s comprehensive suite of identity verification and fraud prevention solutions, powered by AI and ML, can help your organization offer customers a streamlined experience while protecting against threats like Card Not Present Fraud. Learn more about our solutions and contact us for a demo today!

Get the latest identity
insights delivered to your inbox.

Privacy Policy(Required)