Introduction

Shekels, duckets, scrilla, cheddar; our world revolves so much around currency, we have a plethora of words to describe it. Whatever your word choice preference, we all know money makes the world of commerce go around. The way we transact has profoundly changed from the first crude metal objects used as currency thousands of years ago. Even before a global pandemic sent more than 20 percent of the global population home under shelter-in-place orders, the digital commerce and payments landscape was changing fast. Since the start of 2020 digital payments are showing a 15% year-over-year increase

How can e-commerce companies protect themselves from a type of fraud that uses real payment information for dubious transactions? How do financial institutions mitigate risk from chargebacks caused by such fraud? In this article, we will take a close look at how Card Not Present (CNP) fraud works, and what best practices and technologies exist to combat it.

What is Card Not Present Fraud? 

CNP fraud occurs when a criminal obtains real credit card information from a victim and uses it to complete a transaction over the internet, phone or by mail-order without the physical card ever being lost or stolen. The victim’s credit card information is stolen using techniques like phishing, hacking or skimming

This is contrasted by card present fraud where the thief uses a stolen card at a physical retail location. In this case, consumers are likely to notice when their wallet or purse goes missing and alert their financial institutions. Experts say as many as 80 percent of the cards sitting neatly in a consumer’s wallets have already been compromised. Consumers and financial institutions won’t be any the wiser until the fraudulent charges have already occurred. 

CNP fraud has a big ripple effect for consumers, businesses and financial institutions. The business where the fraudulent transaction occurred is on the hook for the charges so the card issuer can make customers whole in addition to chargeback fees card issuers may assess. Card issuers shoulder more than 62 percent of the $24.26 billion in associated fraud losses as they require teams of data processors to verify fraudulent purchases and quickly resolve the chargebacks. 

Consumers whose cards have been compromised suffer the inconvenience of reporting and resolving the initial charge, and the likely scenario of needing to update card information across multiple accounts. Updating this information is often painstaking and there’s a likelihood that an account will be missed, eventually resulting in a decline for service or product.

History of Card Not Present Fraud 

The first iteration of credit cards emerged in the 1920s as a means for individual companies to allow their customers to make purchases and billed at a later date. The first universally accepted credit cards were introduced by Diners’ Club and American Express in the 1950s. Banks began issuing cards that charged “carrying fees” or interest for charges, but these cards were limited regionally until broad networks emerged in the 1970s. 

Early types of credit card fraud began almost in tandem with the advent of the cards themselves. Thieves stole cards out of people’s wallets or removed the carbon copies of card imprints from a merchant’s trash. These are all examples of card present fraud, because the transactions were done in person and the cards had to be manually run. 

Early impersonators also used stolen numbers to make fraudulent purchases via mail order catalogue or phone, similar to some CNP fraud that exists today. As technology expanded and  e-commerce took hold, the invisible transaction, one where no sales clerk or cashier was personally interacting with the customer, created a perfect environment for fraud.

Consumer buying behavior has changed and today CNP purchases are routine. Banks and merchants worked in tandem to authenticate online purchases and authorize charges electronically. 

Female about to press the enter key and confirming her online order with credit card.

Terms to Know

Authentication

Authorization

CVV – Card Verification Values 

Encryption

Phishing

Hacking

Examples of Card Not Present Fraud 

Card not present fraud includes any transaction committed by an unauthorized user of a credit account or card. Common examples of this type of fraud are when credit card numbers and personally identifiable information is stolen through some scheme and used to make online purchases. The merchant and bank authorize the purchase by the fraudster because the account is real and can be electronically authenticated with the stolen information, but the purchaser is not the owner of the account. The goods, service or merchandise is consumed or delivered at a different address and the real account owner has no idea the purchase occurred until they check their statement. Under the Fair Credit Billing Act, the account owner is not liable for the fraudulent purchase, but the merchant and card servicer shoulder the loss. Another example of CNP fraud happens when a company experiences a data breach and criminals gain access to customer information that is then sold over and over again, making it nearly impossible for the crime to be traced and the thieves brought to justice. 

How to Identify and Prevent Card Not Present Fraud 

It is said that an ounce of prevention is worth a pound of cure, and when it comes to fraud, this idiom is true. Retailers are estimated to experience $130 billion in losses from CNP fraud over the next four years. However, many merchants don’t prioritize a fraud detection and prevention strategy for this until they are accountable for charges, or worse, lose customers because of a lack of faith in transaction security. Emailage’s fraud detection and prevention and risk scoring solutions are designed to deliver intelligence about fraud risks and trends based on a global data consortium. 

The Email Risk Score combines the power of the dynamic data linked to customer email and sophisticated machine learning to give businesses a more complete picture of who is behind the transaction. This technology helps companies assess risk and create custom rules to increase authorization speed while decreasing customer friction and mitigating fraud risk.

The Digital Identity Score builds upon the dynamic data of email addresses to further increase accuracy and decision confidence. Fraud leaders can leverage the Confidence Score and the entire matrix of data pairings with more than 20 individual scores to evaluate. This visibility gives fraud teams the ability to focus their efforts on only the riskiest of transactions, rather than having to deeply examine each one. 

Emailage’s suite of fraud detection tools are all scalable for any industry and provide best-in-class, customer-centric global support to help you outsmart fraud. 

Analyzing Card Not Present Fraud 

CNP fraud is one of the most pervasive and difficult to spot, because it employs actual user data in a dubious manner.  Without robust data points linking customers’ IP address, shipping address, CVV and other personally identifiable information, fraud analysts are largely in the dark recognizing CNP fraud before it’s too late. The damage has been inflicted both monetarily and reputation-wise for companies. This type of fraud requires a proactive fraud detection strategy that uses constantly updated machine learning models anchored to an email address. 

It is also true that for every action there is an equal and opposite reaction. As card issuers have increased security to combat fraud in brick and mortar stores with chip technology, this has made CNP transactions even more desirable for fraudsters. With more and more criminals committing CNP fraud, the time to enhance your company’s fraud strategy has never been more relevant or necessary. 

Resources for Card Not Present Fraud Mitigation

Emailage is a leading provider in fraud prevention solutions. Our Knowledge Hub is home to a wealth of content, case studies and research that supports the proficiency of our fraud management tools and services. 

For merchants processing online payments, strategies to thwart CNP fraud are essential to risk management efforts. Emailage’s unique approach using the email address at the core of our fraud detection technology, robust machine learning models and global data consortium saves clients time and effort as they outsmart fraud and deliver seamless customer experiences.  Across every continent, industry and business segment, Emailage’s network intelligence gives fraud leaders an advantage in their work outsmarting CNP fraud.

Lessons Learned 

As merchants and consumers navigate this increasingly contactless world, fraudsters are poised to evolve and take advantage of the CNP transaction environment. Consumers’ habits may have permanently shifted to favor e-commerce and remote transactions. CNP fraud will increase as the volume of transactions increases. This scenario could overwhelm even well-staffed fraud prevention teams with endless queues of transactions requiring manual review. However, with the right technology and fraud detection solutions in place, companies can get in position to outsmart a rise in CNP fraud. While the fraudsters aim to operate in the shadows to commit CNP fraud, Emailage’s global network and machine learning technology shines a light on their shady tactics.

Learn how the power of Emailage’s network intelligence can help your company outsmart card not present fraud.

Visit emailage.com for more information.