Research shows that every dollar of fraud costs U.S. merchants $3.75 in chargeback fees and related expenses. According to recent studies, card-not-present (CNP) fraud has surged by over 30% in the past five years, outpacing traditional card-present fraud.
Losses from CNP fraud are expected to reach $10 billion in the US in 2024. This alarming trend severely threatens consumers and businesses, leading to substantial financial losses and a decline in trust. It’s a critical issue to resolve for anyone involved in online transactions.
Here’s what you need to know.
What is CNP fraud?
Card-not-present fraud refers to fraudulent transactions in which the physical card is absent at the point of sale. This type of fraud typically occurs during online purchases, phone orders, and mail orders, where the buyer’s card information is used without the actual card being physically swiped or inserted into a card reader.
Some common examples of CNP transactions include:
Online Purchases: A customer buys products from an online store by entering their card details, including the card number, expiration date, and CVV, during checkout. While this process offers convenience, it also presents opportunities for fraudsters. They can use stolen card information to purchase without the cardholder’s knowledge.
Phone Orders: In this scenario, a customer orders products or services over the phone, providing their card details verbally to the sales representative.
Mail Orders: A customer completes an order form, including their card information, and mails it to the merchant. Although this method is less common today due to the rise of digital transactions, it still presents a risk in certain industries.
CNP fraud vs. other types of credit card fraud
CNP fraud is distinct from other types of fraud primarily due to the absence of a physical card during the transaction.
CNP fraud vs. card present (CP) fraud
Card-not-present transactions are made without the physical card being present. Verification in CNP transactions relies on card details such as the card number, expiration date, and CVV, making it more challenging to verify the cardholder’s identity remotely.
Card-present (CP) fraud involves physical verification methods, such as swiping, inserting, or tapping the card, often requiring a PIN or signature. This type of fraud occurs during in-store purchases or ATM withdrawals, where the physical card is used at the point of sale. Detection of CP fraud is more straightforward through physical inspection and additional security measures like EMV chips.
CNP fraud vs. account takeover fraud
While CNP fraud focuses on unauthorized transactions using stolen card information, account takeover fraud involves gaining unauthorized access to the victim’s online accounts using stolen login credentials. Once inside, the fraudster can change account settings, make purchases, or transfer funds.
CNP fraud vs. synthetic identity fraud
CNP fraud uses actual stolen card information from real individuals, making the transactions appear legitimate. Synthetic identity fraud, on the other hand, involves creating fake identities using a mix of real and fabricated information. Fraudsters open new accounts or apply for credit using these synthetic identities, which makes detection harder as it doesn’t rely on stolen existing account or card information but rather on newly created identities.
A growing concern for mobile purchases
CNP fraud has been on the rise in recent years, driven by the growth of e-commerce and changes in consumer behavior. Several current trends highlight the evolving nature of CNP fraud and the increasing sophistication of fraudsters.
Data breaches and dark web transactions
The frequency and scale of data breaches continue to rise, providing fraudsters with a steady supply of stolen card information. Personal and financial data obtained from breaches are often sold on the dark web, where fraudsters purchase this information to conduct CNP fraud.
Account takeover fraud
Account takeover (ATO) fraud is becoming a significant component of CNP fraud. In ATO fraud, fraudsters gain access to a victim’s online accounts through stolen credentials, allowing them to make unauthorized transactions. This type of fraud often involves using personal information obtained from data breaches or phishing attacks to bypass security measures and take control of accounts.
Increased targeting of small and medium-sized businesses (SMBs)
Small and medium-sized businesses (SMBs) are increasingly targeted by CNP fraud due to their relatively weaker security measures than larger enterprises. Fraudsters exploit the fact that many SMBs lack the resources to implement robust fraud prevention technologies, making them easier targets for attacks.
Growth of mobile commerce (m-commerce)
The rise of mobile commerce has also contributed to the increase in CNP fraud. As more consumers use their smartphones and tablets for shopping, fraudsters are adapting their methods to exploit mobile payment systems and apps.
The business impact of CNP fraud
CNP fraud losses are projected to reach $28 billion globally by 2026. When a fraudulent transaction occurs, the legitimate cardholder can dispute the charge, leading to a chargeback. Plus, the chargeback process can be time-consuming and resource-intensive, requiring businesses to investigate and respond to disputes.
And it’s not just the impact of that one purchase. When customers fall victim to fraud while shopping on a particular website, their trust in that business can be severely undermined. Negative experiences can lead to customer attrition, reduced customer loyalty, and negative word-of-mouth, further harming a business’s reputation.
Preventing CNP fraud
Effectively combating CNP fraud requires a multi-faceted approach. Here are key preventative measures businesses can implement to mitigate the risk of CNP fraud:
Implement a card scanner for mobile purchases
Integrating a credit card scanner into the checkout experience is an easy way to combat fraud without burdening customers. Instead of a customer manually entering the information, these scanners use the camera on a person’s mobile device to scan the card and automatically enter the information, verifying the physical presence of a card for digital transactions.
Use an address verification system (AVS)
During a purchase, the customer is asked to provide their billing address, including the street address and postal code. The billing address details are sent to the card issuer along with the transaction request, and the card issuer checks the provided address against the address they have on file for that cardholder. Verifying the billing address helps AVS ensure the purchaser is a legitimate cardholder.
Use advanced fraud detection tools and algorithms
Modern fraud detection systems leverage AI and machine learning to analyze transaction patterns and detect real-time anomalies. These systems can flag suspicious transactions based on different factors, like unusual purchasing behaviors, inconsistent geolocation data, or known fraud patterns.
Learn how to prevent CNP fraud and boost conversions
DyScan is the market-leading credit card scanner that works on all credit cards.
It takes less than an hour to integrate DyScan into your checkout process. Companies that implement DyScan see between a 4% to 21% boost in conversions and a 95% reduction fraud.
Get a demo to learn how you can scan 100% of cards, add to your conversions, and delight your customers.