arrow left facebook twitter linkedin medium menu play circle

Live Webinar on Feb 28: Authorized Push Payments (APP) Fraud: Trends, Risks, and Your Defense Playbook

Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

Card Not Present (CNP) Fraud: Detection & Prevention

Of all the types of card fraud, one stands out as the most popular—card-not-present (CNP) fraud. In 2022, over 70% of all credit card fraud was CNP fraud. Studies predict this will only increase in years to come. Here’s how CNP fraud happens, plus how to detect and prevent it.

What is card-not-present fraud?

Card-not-present (CNP) fraud is any fraudulent card transaction made without the physical card. These frauds typically happen online or over the phone, but work anywhere a physical card isn’t required for a sale.

How does card-not-present fraud happen?

Card-not-present fraud scams work anywhere fraudsters can pay without the use of a physical card. There are several common schemes they follow to access card information.

Stolen Card Details

Many times, CNP fraud comes from stolen card information. Fraudsters can buy stolen card information online through black market dealers who leak breached data. They also capture it through scams like phishing, voice phishing (vishing), and SMS phishing (smishing).

Account Takeover

Fraudsters can stealing users’ login credentials to get access to card accounts. Techniques like phishing or keylogging work great for this. Once they have control of the account, they make purchases using stored payment card.

Weak mobile provider verification processes can open a victim’s phone a hijacking known as sim swapping. Once fraudsters get control, they can bypass two-factor authentication and access saved cards.

Card Skimming

Card skimming captures physical card details using skimmers on point-of-sale terminals or ATMs. Fraudsters can then use this stolen card information for for online purchases.

Synthetic Identity Theft

Fraudsters create fake identities using a mix of real and fake information. Then they apply for credit cards with these synthetic IDs to make fraudulent transactions online.

Friendly Fraud

Also known as chargeback fraud, this is when legitimate cardholders dispute a valid transaction. They claim that they didn’t receive what they paid for and request a chargeback from the card issuer. The card iself doesn’t need to have been used, only the details.

Card Testing

Fraudsters use bots to test stolen card details by making small transactions with online merchants. They can identify which cards are still active, then use those for larger fraudulent purchases.

Man-in-the-Middle (MITM) Attacks

In a MITM attack, hackers intercept the communication between a customer and a legitimate online merchant. Once they access the transaction data, they can alter the payment details or steal the customer’s login credentials.

Malware and Remote Access Trojans (RATs)

Malware victims accidentally installed on devices can capture credit card details. Fraudsters even set these malicious programs to sen card information directly to them without the victim being aware.

Can card not present fraud be prevented?

With the right systems in place, yes it’s possible to prevent CNP fraud. But, it requires the right prevention measures and detection solutions.

Strong authentication measures like multi-factor authentication are must-haves. This includes biometrics, one-time passwords, authentication apps, or hardware tokens. These prevent the account takeover route fraudsters will try to take.

Tokenization and encryption technologies help protect sensitive cardholder data during transmission and storage. Tokenization replaces actual card data with unique tokens that are useless if intercepted. Encryption ensures sensitive data is scrambled and can only be decrypted by authorized parties. Customer education about best practices can also play a key role in stopping social engineering scams.

The most powerful tool for card providers is fraud detection and monitoring. These systems analyze transaction patterns, customer behavior, and other risk indicators. The best systems leverage AI and machine learning to spot fraud in real time.

How AI detects card not present fraud

AI is vital today in detecting card-not-present (CNP) fraud. Advanced algorithms and machine learning techniques can spot fraud much faster than humans. It can also adapt to new fraud types and set up prevention in real time.

Though systems vary, many follow similar prevention strategies. First, they analyze vast amounts data on transactions, customer behavior, and known fraud patterns. Then they use this data to establish baselines and identify anomalies or suspicious activities.

AI models can detect complex patterns and correlations that indicate fraudulent behavior. They also excel at identifying outliers and anomalies in data. That’s because they map user behavior patterns, like the way a customer navigates a website or interacts with an app. If the behavior deviates from the customer’s usual patterns, it triggers a fraud alert.

But these case management systems can only go so far. That’s where real-time decision making comes in. Real-time ready AI-powered fraud detection systems, like DataVisor’s, assess transactions as they happen and provide instant risk assessments. Using unsupervised machine learning, the platform itself addresses the fraud and stops transactions. Even better, it’s so well trained it can do this with an incredibly low false positive rate.

To learn more about how DataVisor’s platform can solve CNP fraud threats for your instituion, set up a personalized demo with our team.