Card-Not-Present Fraud Definition, Types, and Countermeasures

Covery Blog / Covery, Fraud prevention, Fraud types / Card-Not-Present Fraud Definition, Types, and Countermeasures

Card-Not-Present Fraud Definition, Types, and Countermeasures

The outburst of the COVID-19 pandemic forced multiple businesses to transition to online interactions with their customers. It also spurred various types of fraud with card-not-present transactions. This resulted in more than $32 billion in losses in 2020 alone, according to the MerchantSavvyUK survey. As it turned out, fraudsters were much better prepared for the crisis than law-abiding merchants. They were able to utilize vast databases of stolen credit card details to cause significant damage to the bottom line across many industries.

Furthermore, nearly 50% of companies experienced some kind of card-not-present fraud attack within the last 2 years. The pace is only increasing, so your business can become a victim at any time — or already is and you just don’t know it. Let this sink in and keep on reading to discover what is CNP fraud, how it can be detected, and what countermeasures you can deploy to protect your card-not-present payments.

What is CNP fraud?

By an Investopedia definition, card-not-present fraud is any kind of scam activity taking place during online payments, because the merchant cannot check the card as it is not present. 

Hackers use stolen credit card details and forged identities to do any of the following:

  • abuse your loyalty and bonus programs by transferring the bonuses to another account
  • order merchandise. have it delivered and start chargeback claims
  • abuse referral program or gift card program
  • perform card testing with small purchases to see if the credentials of the stolen card work before placing large-scale fraudulent orders
  • do a triangulation fraud, etc.

We covered this in more detail in our post on the 5 most common types of online fraud, feel free to read it for more insights.

The prerequisite for performing fraudulent card-not-present transactions involves obtaining customer details. This is usually done through phishing, skimming, or hacking.

  • Phishing involves fooling victims with fake emails to coerce them into disclosing their credit card details and provide their credentials
  • Skimming involves attacking special devices to skim credit card information at ATMs and build a base of credit card numbers and PINs
  • Hacking uses malware to infiltrate the victim’s device and steal their sensitive financial details and credentials.

This is a topic for another big article, so let’s instead concentrate on the card-not-present fraud signs and what you can do to prevent it from happening on your platform.

How to detect fraud in card-not-present payments

Naturally, the first step to detecting signs of an abnormal activity is to track normal activity and establish patterns of legitimate card-not-present transactions. This can be done using risk management platforms like Covery, which provides lots of useful features:

  • Device fingerprinting. Every customer logs into their account with your platform using a specific device (or an array of them). Each such device has a digital fingerprint — a set of identifiers like OS and browser version, an IP address, email address, IBAN of the credit card on file associated with that phone number, etc.

    Some of these parameters can change — like updating the OS and browser versions, which will be reflected accordingly in the profile. Some cannot — like the hardware ID or screen resolution for mobile devices, etc.

    Monitoring user devices in such a way helps to detect drastic profile updates at once and raise alerts, if a user logs in from another IP address, device and OS, as it can be a sign of using stolen credentials.
  • Trustchain. A global reputational knowledge base containing these identifiers, which is continuously updated by all Covery customers. Due to this, if one of the customers identifies a user as a fraudster, all the rest of Covery customers receive updates automatically.

    If that combination of identifiers (or at least some of them) is used in the future, the account is marked as suspicious at once. This way, the more merchants use Trustchain, the bigger the benefit for every member of the community.
  • Behavioral analysis. When you can track individual devices, it’s easy to discern usage patterns by your clients. When they log in, from which location, how long are they online for, how much do they order and how often, etc. This data is invaluable in allowing you to improve your services.

    More importantly, if some card-not-present payments fall outside of normal behavioral patterns, a system raises an alert. If a customer logged in 3 hours ago on his usual device from Austin and just now there is a login attempt with these credentials from Kuala Lumpur, the credentials were most likely stolen. 

These are just some of Covery features, but along with other components, they enable real-time transaction monitoring and Card-Not-Present fraud protection.

How to counter fraudulent transactions

It’s important to understand that when fraudsters steal your client’s money through your platform, the liability is with you. This way, aside from bearing reputational losses, you face chargebacks from real customers. Most importantly, while the money you lost on transaction refunds might not be so big, the ratio of chargebacks to stable operations is crucial. If your business exceeds a certain threshold, you risk being blacklisted by major credit card processing networks, effectively meaning the closure of your merchant account. This outcome should be prevented at all costs.

Thus said, rejecting a fraudulent transaction is the best way to prevent financial CNP fraud. As for bonus abuse and other types of fraud, the best course of action is to freeze the account until further notice and contact your customer directly for clarifications.

The best way to avoid processing fraudulent card-not-present payments is to use AVS or Address Verification System to ensure the delivery address on the order matches the billing address with the issuing bank. You should also use CVV checks to require customers to provide the security code, meaning they have physical access to the card.

Lastly, you might want to implement 3D Secure procedures, so potentially risky transactions will require confirmation with one-time passwords sent via email or SMS. This helps to once again ensure the customer has access both to the card on file and the device your system is familiar with. Covery provides all these features out of the box.


Implementing working card-not-present fraud protection is essential in safeguarding your bottom line, ensuring a positive experience for legitimate customers, and filtering out potential fraudsters to avoid dealing with fraudulent chargebacks in the future. This helps reduce the number of CNP fraud by up to 80%.
Should you want to know how you can achieve this using Covery — let us know, we would be glad to show the value Coverey can deliver for your business!