As e-commerce, online payments and remote purchases become increasingly integral parts of people’s lives, opportunities for financial crimes will continue to grow. That’s why card fraud losses keep going up year after year. Juniper Research forecasts that merchant losses from online payment fraud will exceed $362B globally over 2023–2028 (with ~$91B in 2028 alone)³.

Of particular concern for financial institutions is card-not-present fraud, also known as CNP fraud. CNP fraud is expected to account for the lion’s share of that $30 billion-plus figure, likely upward of 80 percent. 

So let’s explore what CNP fraud is, why it has become so prevalent and what banks can do to detect and prevent instances of such fraud.

What is CNP fraud?

Card-not-present fraud happens when a fraudulent transaction occurs remotely, usually when payment is made online, over the phone or by mail. In most cases, the person committing CNP fraud is using a stolen payment card or information (cardholder name, card number, card security code) they bought on the Dark Web.

The remote nature of the transaction makes CNP fraud so hard to detect. When you are paying with a card in person, a merchant can verify the card’s authenticity on the spot, e.g., by checking the pin as well as the physical cryptographic elements of the chip. Merchants can have a tougher time authenticating a card online or over the phone, however.

Remote transactions represent a significant portion of consumer spending. In the UK and China, more than 25 percent of retail spending happens online.

The problem: Businesses have embraced digital payments, but the world’s payment architecture is still playing catch-up. This gap creates room for fraud to grow and evolve.

How do fraudsters access payment card information?

There are several ways for financial criminals to get their hands on payment card information. 

• Through hacks and leaks of Personal Identifiable Information (PII) usually as the result of poorly secured or misconfigured databases.
• They can use card readers in public places — often ATMs — to skim the information from a payment card.
• They can use phishing techniques to pose as legitimate entities seeking a customer’s payment information.
• They can also utilize online skimming software that captures sensitive data from online payment forms. 

Financial institutions understand these tricks, so they have their own methods for confirming someone’s payment details. That’s why you might have to enter a billing address or a ZIP code when using a credit card to make purchases online.

Cybercriminals also steal data like that — including ZIP codes, Social Security numbers, dates of birth, billing addresses — to circumvent those verification procedures.  

CNP fraud detection: How financial institutions spot the scam

Financial institutions have a variety of methods for assessing a card’s authenticity. They can verify the customer’s billing address at the time of purchase, they can confirm the card’s three-digit CVV security code and they can prevent merchants from storing those codes in their customer records.

To buttress those capabilities, banks can also deploy machine-learning tools that recognize out-of-character customer financial behavior in real time. This is what the next generation of fraud detection and mitigation tools look like.

CNP fraud detection strategies

For banks, there are a number of key elements that can be used to help verify a customer when making an online transaction, from something physical such as the three-digit CVV security code, to something more advanced such as Multi-Factor Authentication. If a fraudster cannot match a CVV to a card number, they cannot complete the fraudulent CNP transaction.  

Globally, different regions are working to limit the impact of CNP fraud with new technologies, such as the European payment network’s Request to Pay (R2P) and EMVCo’s 3DS 2.x protocol for e-commerce.

Instead, Featurespace is focusing on the use of machine learning and Automated Deep Behavioral Networks for card fraud detection.

Protect your business against CNP fraud 

Because of the nature of CNP fraud, banks and the merchants often act as the customer’s backstop. It’s their verification procedures that stop unauthorized card payments.

Certainly, there are ways to improve those verification procedures, whether through multi-factor authentication, biometric scans or digital tokenization.  
Featurespace has developed tools for learning and understanding the behaviors of individual card users. By being able to recognize and learn new patterns of authentic card use, banks can remain a step ahead of fraudsters.