Ecommerce is booming, and sadly, for online retailers that means digital fraud is too. One growing form of fraud is Card Not Present (CNP) fraud.
In fact, it’s estimated that 73% of card payment fraud in the U.S. 2023 is a result of CNP scams.
If you sell online, this statistic highlights the importance of understanding exactly what Card Not Present fraud is and how you can spot it. Then, you can use this knowledge to build a better fraud prevention strategy for your ecommerce site (or brick-and-mortar retail operation).
Ultimately, the reason CNP fraud in ecommerce is so prevalent is that it’s so easy to perpetrate. All a fraudster needs is stolen credit card information. And after making fraudulent purchases, this can result in massive charge back penalties and other headaches for unsuspecting online sellers.
Interested in what you can do to protect yourself? This guide provides a closer look at CNP fraud, and offers ideas for detecting it, tools to prevent it, and fraud prevention tips for ecommerce sites.
What Is Card Not Present (CNP) Fraud?
Card Not Present fraud occurs when a fraudster uses stolen credit card information to make a purchase but does not actually have physical possession of the card. CNP fraud is most common in ecommerce transactions, as the thief does not need to present the card to a cashier.
CNP fraud is most frequently used to:
- Perform unauthorized purchases (typically online)
- Make over-the-phone purchases
- Transfer bank balances to a different account
- Max out the credit cards
- Create fake cards and change addresses
Although this is most common in ecommerce, CNP fraud can happen in retail operations. This is why brick-and-mortar shops shouldn’t process a transaction when the card cannot be presented.
Types of Transactions Most Vulnerable to CNP Fraud
Here are some examples of the most common types of transactions for CNP fraud:
- Online shopping
- Mobile payments and digital wallets
- In-app purchases
- Unsecured websites or platforms
- Over-the-phone transactions
The online payments landscape is continuously changing, and taking precautionary measures to prevent CNP fraud is crucial.
Common CNP Fraud Red Flags for Businesses
To protect your ecommerce site from fraud, it’s important to recognize CNP fraud. Some of the most common features include:
1. Unusual Purchase Patterns
Check for frequent, high-value transactions from unknown or ‘not previously used’ IP addresses. A few common signs are:
- New IP address making high-value purchases (without any special occasion)
- No previous purchase history
- Transactions that contradict the customer’s typical behavior and purchase history
- Random spikes in sales/transaction amount and purchases
2. Unusual IP Addresses
Scammers use multiple IP addresses to remain anonymous and avoid charges. If numerous sales and order inconsistencies originate from multiple geographical locations within a short timeframe, CNP fraud is a potential cause.
3. Unusual Time or Frequency
You likely understand your customers’ purchasing patterns well. Hence, if there are transactions at odd hours or unusually high orders, it may indicate fraudulent activity. You may need to check a customer’s purchase history; this will help you determine if a string of new purchases matches that behavior.
4. Mismatched Billing and Shipping Addresses
One of the first actions of any scammer is changing the delivery and shipping location. If these three activities are happening simultaneously, it is a sign of CNP fraud:
- A high number of orders deviating from your customer’s purchase history
- Change in delivery location while billing address remains the same.
- Request for urgent/quick deliveries
5. Multiple Failed Payment Attempts
Monitor any failed payment attempts caused by incorrect card details. This may suggest that someone is trying to access the user’s card details and attempting to make unauthorized transactions.
6. Inconsistencies in Account Information
If your customer has entered multiple card details, check for inconsistencies, such as discrepancies in personal information, minor changes in email addresses, contact numbers, etc. These are signs that your customer’s card details have been compromised.
How Businesses Can Prevent CNP Fraud
The latest fraud prevention technologies can safeguard your business from CNP tactics. Moreover, it’s imperative that you train your team to spot this type of fraud. A few of the methods you can use include:
1. Two-Factor Authentication (2FA)
Users can access their account after verifying their identity through a 2FA method.
Example: One-Time Password, Security Code, Authorization Link, etc.
2. Biometric Authentication
This enhances security and verifies users by linking activities to unique physical attributes.
Example: Fingerprint or facial recognition to access email account or banking app.
3. Fraud Detection Tools
Invest in an identity verification tool that can spot fraudulent profiles.
Example: FTx Identity can perform ID verifications in real-time.
4. Fraud Monitoring with Machine Learning
ML algorithms can record user buying history, analyze this data, and detect transaction patterns that indicate fraud. The accuracy level tends to be incredibly high, and there is minimal human intervention.
Example: Fraud monitoring to detect money laundering, market manipulation, identity theft, credit card fraud, etc.
5. Secure Payment Gateways
A safe, secure payment platform. Check for a fast and reputable platform as your preferred payment gateway. Many scammers replicate the payment gateway to extract customer information.
Example: PayPal’s payment gateway is an example.
6. Employee Training
Periodically train your staff to recognize and respond to potential signs of fraud.
Example: Software training, customer verification protocols, etc.
7. Regular Security Audits
Conduct regular security audits to check for discrepancies and identify potential red flags in the system.
Example: Software training, monitoring and maintaining customer databases, and how to perform purchase order audits.
8. Blockchain Technology
Blockchain technology provides a secure, tamper-resistant, and decentralized identity verification tool.
Example: Cross-border identification, anti-money laundering, real-time supply chain and inventory visibility, etc.
Why You Should Address CNP Fraud Right Now
CNP fraud has become a big problem, and businesses new to build better systems to protect themselves:
1. Rising Digital Transactions
More commerce is moving online. In the future, the majority of businesses will have at least some ecommerce activities.
2. Inter-Connectivity
To allow the users easy accessibility, generally, all the cards and bank accounts are interlinked.
This interconnected nature of the global economy allows fraudsters to commit fraud and steal account details by gaining access to a single card.
3. Consumer Trust
You lose business when customers stop making purchases. One of the common reasons is the need for more trust during online payments.
Consumers need to feel confident that their financial information is secure, further maintaining trust and encouraging the growth of the digital economy.
4. Financial Loss Prevention
CNP fraud can result in significant financial loss. Keeping CNP fraud under control helps reduce the economic losses from such fraudulent activities.
Industry Standards and Compliance
Businesses must comply with industry standards and regulations for enhanced protection. Here are some key requirements based on your business:
- Payment Card Industry Data Security Standard (PCI DSS)
- Secure Payment Gateway Standards
- Identity Verification Tools and Regulations
- KYC Requirements
- Card Verification Values (CVV) – Generally used during card payments
- Address Verification System (AVS)
- ISO Compliance
- Consumer Data Privacy Norms
- Strong Customer Authentication (SCA) & 3-Domain Security (3DS) Regulations
- Data Encryption Standards
- Network Security Standards
How Does CNP Fraud Work?
Beware of these most common Card Not Present (CNP) fraudulent methods:
1. Phishing
Phishing is a fraudulent method where fraudsters trick individuals into sharing sensitive information such as account numbers, ATM PINs, credit card details, and OTPs.
How It Works in CNP Fraud: Phishing scammers can create company communications (email), websites, or banks mimicking the legitimate identity. When users make any transactions on these platforms, all your account details get shared, making you a victim of phishing.
2. Account Takeover (ATO)
When scammers gain unauthorized access to your bank account or email.
How It Works in CNP Fraud: When fraudsters gain access to mail accounts, they can misuse it by asking for money from your contact list, creating false company communications, or changing bank details and taking over banking accounts. This allows them to make CNP transactions using the compromised account’s details.
3. Stolen Card Details
A stolen card is always the easiest form of gaining unauthorized access to credit or debit card information.
How It Works in CNP Fraud: When fraudsters gain control of the card, they can commit CNP fraud by hacking into personal files. With these stolen card details and personal data, they can commit CNP fraud by making unauthorized purchases.
4. Card Skimming
Scammers install copying devices on ATMs or POS terminals to capture the customer’s personal information.
How It Works in CNP Fraud: This type of CNP fraud can take your stolen card data from skimming devices, and they can get complete access to the card, using it for purchases, withdrawals, etc.
How to Respond to CNP Fraud in Your Business
If you suspect CNP fraud, here are some steps you can take to help remedy the issue:
Internal Investigation
It is essential to identify and assess the extent of the fraud. This step will help to evaluate the system’s vulnerabilities as well.
Report the Fraud
For any individual or business, it is crucial to report the fraud to prevent any further complications, and it is a mandatory step to claim the amount of fraud (if applicable to your business).
Notify Payment Processors
You must inform them about the fraud if there is a security breach from the installed payment gateway application. They can investigate their software’s vulnerabilities and alert other clients.
Customer Communication
Once you have taken security measures to stop further fraud, you NEED to inform your customers and STOP other cashless transactions until everything is clear.
Implement Security Measures
Invest in a robust identity verification system and strengthen security measures to safeguard your business from future incidents.
Responding to CNP Checklist
- Step 1: Contact Local Law Enforcement
- Step 2: File a Report with the Concerned Trade Partner
- Step 3: Contact Banking or Card Companies
- Step 4: Notify Your Software Company (if their software was compromised)
- Step 5: Alert Your Customers
- Step 6: Notify Your Payment Gateway Partner
- Step 7: Report to a Cyber Crime Agency (if applicable in your business)
Protecting Your Customers
Another tip: You can provide these tips for your customers, if you suspect suspicious activity. Tell them to:
Contact the Bank or Card Company
You should immediately alert your bank or credit card company and report if you ever face a ‘credit card is not present during this transaction’ error. They will temporarily block your account and restrict further transactions. There are 24/7 customer care numbers and a one-touch card-blocking facility in mobile banking apps. You should immediately reach out to your bank in any such scenario.
Freeze Accounts
Suspend your account to stop further fraudulent transactions immediately.
Remember: You can register for a new card anytime! But you can’t always get your stolen money back.
If you suspect such activities or you are repeatedly getting payment messages, someone is likely trying to access your details.
Freezing your accounts can safeguard your compromised account information, block unauthorized transactions, etc.
Change Passwords
As soon as you realize your account is getting misused, block your account OR change the passwords immediately.
Tip: Regularly changing your banking passwords is recommended to prevent unauthorized access.
Monitor Bank and Credit Card Statements
Banks generally release monthly card usage history; you must regularly monitor your card and account statements to identify unusual transactions.
File a Police Report
In case of any fraud, you NEED to file a police report. It is necessary for documentation and reclaiming (if eligible) the lost amount when discussing with banks.
Prevent Card Not Present (CNP) Fraud with FTx Identity
As a business owner, you need to protect your company reputation, customer data, and monetary collections. This is possible by investing in smart and intuitive tools, real-time customer and transaction monitoring, regular staff training, and updating yourself with the latest cybercrimes, etc.
FTx Identity can help you manage this. With years of experience and a strong client base, we offer a solution to help you build a stronger, more secure customer onboarding process. Contact us today to learn more.