Last Updated On August 21, 2020 / Written By Chloe Henderson

How Is Card Not Present Fraud Committed? And How to Avoid It

Implementing card-not-present fraud detection reduces the risk of theft by enhancing the security of consumer information and business revenue.

Businesses that do not have payment theft prevention are susceptible to card-not-present fraud, which requires time and resources to reconcile.

Card-not-present (CNP) transactions are the check-out procedures that occur most frequently during online payment processing. When a customer buys a product online, the payment gateway and processor use the entered credit card information to fulfill the order. However, since the physical card is not presented to the merchant, they are at a higher risk for CNP fraud.

CNP fraud is a type of credit card theft that occurs during a purchase made online, by phone, or by mail using stolen information. This is easier to prevent during card-present purchases, as the cashier can verify the cardholder's identity by examining their driver's license.

The threat of credit card scams requires businesses to implement fraud prevention and detection to enhance their online payment processing and security.

CNP Fraud Occurrences and Repercussions

The popularity of online shopping has continued to grow, making it a necessity for a business's scalability and profitability. However, according to the US Payments Forum, 45% of all credit card fraud occurs during CNP transactions.

Settling these thefts can be expensive, costing merchants up to $310 for every $100 spent in fraudulent purchases. Therefore, it is crucial to understand how CNP fraud is committed to taking preventative measures.

Cybercriminals can obtain payment information from several methods, including-

  • Hacking - Hacking is a direct attack on a computer to steal financial data.
  • Skimming - Skimming is stealing information from the physical card or device, such as a phone, to obtain payment information.
  • Phishing - Phishing is pretending to be a financial institution to get information from the cardholders themselves. This occurs via telephone scams, junk emails, and occasionally through the mail.

Once the criminal has gathered the victim's name and card information, they could make a fraudulent transaction through-

  • Recurring Payments - Small purchases under $50 are more likely to go unnoticed for an extended period of time. Credit card thefts often take advantage of this by making payments on smaller bills such as utility, insurance, and other subscriptions.
  • Cryptocurrency - Purchasing physical goods online increases the criminal's chances of getting caught because they are required to enter a shipping address. Cryptocurrency is the method of converting the victim's credit into cash, eliminating any traces of theft.
  • Gift Cards - Cybercriminals also steal gift card information, as they have a limited digital trail. Many businesses send gift cards to customers via email, heightening their exposure to cybercriminals. By entering a fake email address, thieves can receive gift cards without leaving a trace, allowing them to make purchases or re-sell the certificate.

While CNP fraud is inconvenient and damaging to the consumer, it can be even more costly for the merchant. Retailers, whose profit margin is relatively low compared to other industries, can lose capital from reconciling fraud cases, reducing their bottom line.

When the victim of card theft disputes a purchase to their bank, the institution handles what is known as a chargeback. This is the process of investigating the fraudulent transaction. However, the bank is not responsible for providing the victim's refund. Therefore, not only does the business bear the loss of stock, but they lose the revenue made from the unauthorized purchase.

How to Prevent CNP Fraud

Fraud prevention is essential for securing the customer's payment information and protecting the merchant's bottom line. There are several strategies businesses can implement to enhance their CNP payment processing security, including-

  • Multi-factor Authentication - This system sends the buyer an email or text containing a one-time code to finalize their online purchase.
  • Biometric Scanning - Biometric recognition requires a fingerprint, face scan, or other physical proof that verifies the cardholder's identity. This feature is now offered on various smartphones where users must scan their finger or face to confirm a purchase.
  • Address Verification Service (AVS) - This system automatically cross-examines the customer's billing information from the card purchase with the bank's data. If the addresses do not match, the bank can deny the transaction and request to freeze the account.
  • CVV Code Request - This three or four-digit code is located on the back of the credit card and is usually unattainable to hackers unless they have access to the physical card. Requesting this code at check-out can reduce the risk of fraud by ensuring the cardholder is initiating the transaction. If the wrong code is entered, the bank and cardholder are alerted immediately.

CNP fraud has continued to rise and developers are continually innovating software to match cybercriminal efforts. Installing fraud detection may be costly but it is a vital investment in protecting business and consumer funds.