How to prevent CNP fraud

Covery Blog / Covery, Fraud prevention / How to prevent CNP fraud

How to prevent CNP fraud

Fraud prevention for credit card operations is a continuous effort from merchants and payment providers, a battle that cannot be won easily — but a battle that must be fought nonetheless. Card not present fraud detection and mitigation is vital for the long-term success of any business, as most of the mobile and online payments are performed with card not present transactions. Read on to find out how Covery can help to keep card not present fraud at bay and safeguard your business revenues from scammers. 

What is CNP fraud

CNP stands for card not present — which is literally every case of online or mobile payments, as the merchant does not see the physical card. Thus, scammers can get away by using stolen credit card credentials to purchase goods, and the frustrated cardholders issue chargebacks when they discover they were charged for the products they did not buy. This is so simple that it actually works. How to prevent fraudulent card not present payments then?

The first thing to do is maximize the data you gather about your users and automate the way you process it. The more you know, the easier it will be to detect bad actors or provide precise risk scores for potentially risky actions. Email address, IBAN, credit card number and CVV code, phone number, and billing address — details like this help create comprehensive user profiles. But how to collect this data without introducing additional friction and forcing the customers to fill them in some forms?

Your three main contact points with a user are the registration page, the login page, and the checkout page. By using risk management and fraud prevention solutions like Covery, you can gather all the aforementioned details seamlessly, as well as perform many additional checks to enable precise risk scoring and mitigate card not present fraud. 

To ensure reliable CNP fraud detection and prevention, your business should combine several activities within a holistic strategy:

  • performing device fingerprinting
  • behavioral analysis
  • IP screening
  • KYC and reputation checks
  • transaction monitoring and logging.

Below we take a closer look at each of these steps.

Device fingerprinting 

This is enabled by adding special JavaScript strings to your website landing pages, checkout pages, etc. These device fingerprinting scripts gather publicly available information provided by visitor devices — OS and browser version, screen resolution, timezone, IP address, language preferences, addons and plugins installed, hardware and firmware ID numbers, etc. This information should always be provided by every device as a part of crash handling and debugging, so a special script can gather it during every session.

This creates a unique device fingerprint, which can later be used to identify this device and confirm the authenticity of the visitor. Should your customer update their OS or browser, log in from another location or use additional plug-ins — the system automatically checks the profile on record and updates it if need be. However, should user credentials be used on an unknown device, from an unusual location, from a device in another timezone and with another default language — Covery automatically flags this session as suspicious, so you can block the account in case an account takeover or other types of scam took place.

Behavioral analysis

A specially trained AI model can identify and track the behavioral patterns of your users. People tend to follow certain patterns — log in from the same IP address and device around the same time, buy the same goods around the same time every weekday or month, etc. Tracking such patterns helps identify potentially risky customers with even better accuracy.

Look out for things like:

  • changes of shipping address before every purchase
  • lots of small purchases in quick succession
  • several unsuccessful payment attempts with incorrect CVV codes used
  • a very big purchase exceeding the account static and dynamic limits
  • multiple accounts logging in from the same device or IP address
  • use of emulators or virtual machines,
  • frequent change of browsers, use of VPN services, etc.

For example, one of Covery features, IP screening, helps uncover all the details related to the IP address used every session. Yet another feature, device screening, enriches this information with device fingerprinting details. This way, you are not only alerted of a risky transaction on the fly but you are also given sufficient details to make an informed data-driven decision.

IP screening

This is a process of checking the visitor’s IP address for signs of foul play:

  • Does the customer use a VPN? If so, what is his original IP address, what country is it from? Is the country under sanctions? 
  • Was this IP used in any previous fraudulent schemes? If so, is it a dynamic or static IP, and how long ago was such activity reported? If it was reported 2 years ago and it’s a dynamic IP address, it’s highly unlikely to be the fraudster, per se.
  • Does the IP address geolocation match the customer’s billing address on file? 
  • What previous activity was recorded from this IP, if any? 

Answering such questions results in more precise risk scoring and leads to predictable risk mitigation results.

KYC and reputation checks

Every merchant must check every user as a part of an ongoing Customer Due Diligence strategy, to prevent money laundering. Thus, a KYC (know your customer) check must take place during registration and every login/transaction, as a person that was a normal customer yesterday might have been added to PEP/RSA/sanctions watchlists today. 

Covery provides automated KYC/AML checks against the latest versions of Dow Jones watchlists. Knowing who your customers are, helps choose the best strategy according to your company’s risk appetites.

Customer reputation checks are also a great tool, which allows finding out whether this customer has previously interacted with any member of the Covery community, and what were the results of such interaction. Covery provides every user with access to Trustchain — a global reputational knowledge base with 400+ million reputation records. These records are comprised of 12 individual identifiers (email address and domain, IP address, IBAN, BIC, and others) that allow identifying a user across the Covery community. 

For example, a new user registers an account with a microfinancing company. A Trustchain check shows that this device was used on several eCommerce sites to make various purchases and has never been a part of a fraudulent scheme. Is it good? Yes, but the same check shows this device is frequently used to log in to various gambling sites. This lets you know this person is a gambler and you run a risk of losing your money if they have bad luck one day. Well, it’s not your problem, yes, but collecting debts from gambling regular is quite a chore.

Transaction monitoring and logging

As we mentioned earlier, you should monitor card-not-present transactions at all times, meaning you must be able to compile all the data collected earlier to make an informed decision: is it a safe or a risky transaction, and if it’s the latter — how risky it is. This way, if any action gets scored as risky based on IP screening, you can halt this transaction until additional verification from a customer (via 3D Secure flow, for example) or reject it completely.

This way, you can prevent risky transactions from becoming chargeback disputes in the future, and if they do — you have sufficient details to prove you are right. As a result, you can reduce the number of chargebacks you face, thus saving a fortune on dispute resolution fees and payment processing costs.


Wrapping it up — card not present fraud is an omnipresent threat (no pun intended, it’s just an ugly truth). However, it’s well within your power to not make this threat omnipotent and not let it crush your business. Investing in comprehensive risk management solutions like Covery arms you with the means to fight back, allowing you to prevent fraudulent card not present transactions, reducing your chargeback ratio, and ensuring a healthy bottom line.
Should you want to know how Covery can help you with fraud prevention credit card measures and what value it can provide for your business — get in touch, we are always glad to assist!