Site icon Novalnet

Card-Not-Present Fraud in 2022: What Merchants Need To Know

representational image of credit card information theft

What is Card-Not-Present Fraud?

Card-Not-Present (CNP) fraud is a type of fraud where a fraudster makes an unauthorized transaction without physically presenting the card. CNP fraud most commonly happens in e-commerce but can also occur in other card-not-present channels, such as mail order and phone fraud. Fraud actors use stolen payments data to carry out CNP transactions; this could be to test the validity of the payment credentials, to order products that they can resell for cash, or illegally steal money from the compromised account.

CNP fraud most often happens because the merchant is unable to confirm the identity of the cardholder in person or verify if the purchase is legit. When a merchant accepts a fraudulent transaction, they become liable to refund the actual cardholder when the latter raises a chargeback request. And if a merchant processes a large volume of such fraudulent CNP transactions, their chargeback numbers increase, inviting further penalties and legal disputes. According to the European Central Bank, CNP fraud accounted for losses to the tune of €1.5 billion in 2019 – about 80% of all card-related fraud!

Preventing CNP fraud can be challenging for merchants as they cannot use a physical card’s chip and pin EMV security features or point-of-sale PCI compliance standards. Thus, merchants become liable to refund a cardholder for fraudulent CNP transactions if the cardholder raises a chargeback. Common types of CNP include synthetic identity theft, account takeovers, friendly fraud, gift card fraud, and loyalty points fraud.

How Does Card-Not-Present Fraud Impact Businesses?

Card-Not-Present fraud can have potential negative effects on your business. It leads to chargebacks, erodes your bottom line and customer trust, and hurts your brand reputation in the long term.

How Does Card-Not-Present Fraud Work?

Card-Not-Present fraud works by a fraud actor impersonating an actual cardholder using stolen payment creds, which they use to commit large-scale fraud. These could range from card testing to making unauthorized purchases from an e-commerce merchant and reselling the products for cash. Fraudsters could also sell the payments creds on the Dark web, steal money from the cardholder’s account, or commit large-scale fraud.

It is not only fraud actors or rogues who commit CNP fraud. Sometimes, it could also be “friendly fraud” – where a legit consumer purchases products from a merchant but then falsely claims they did not authorize the transaction and instead raises a chargeback request.

If not protected, merchants have to take the liability of CNP fraud. Issuing banks have a vested interest in protecting cardholders from fraud-related losses – to encourage more card usage, leaving merchants open to losses and with no choice but to accept card payments, despite potential fraud risks.

Hence, it is critical for merchants to have the right systems and protocols in place to detect and prevent CNP fraud, ideally before it can cause much damage.

How Do You Detect and Prevent Card-Not-Present Fraud?

Your best strategy to fight CNP fraud is to have an omnichannel approach that combines AI and machine learning tools with human fraud analysts with specific knowledge and toolsets related to your business or industry. While no fraud prevention tool can be 100% fool-proof, having one can be a strong deterrent. Fraudsters don’t like resistance and would rather look for softer targets than engage a robust fraud-fighting setup.

If you haven’t already, here are the definitive steps you should take to combat CNP fraud:

How Can Novalnet Help?

Novalnet offers AI-powered risk management that helps you to prevent fraud before it happens. Our tailor-made fraud prevention solutions use AI and machine learning to protect your business from any fraudster activity and design the best payment experiences for your customers, all of it in a PCI DSS-compliant environment. With our Payment APIs, hosted payment page, and instant plug-ins, you can accept payments easily while being fully compliant with the revised PSD2 guidelines.

Exit mobile version