It’s hard to wrap your mind around the scope of global payment card fraud.  

For 2021, it is expected that financial losses from payment card fraud will exceed $30 billion — approximately the GDP of Latvia.  

As e-commerce, online payments and remote purchases become increasingly integral parts of people’s lives, opportunities for financial crimes will continue to grow. That’s why card fraud losses keep going up year after year. 

Of particular concern for financial institutions is card-not-present fraud, also known as CNP fraud. CNP fraud will account for the lion’s share of that $30 billion-plus figure, likely upward of 80 percent. 

Below, we explore what CNP fraud is, why it has become so prevalent, and what banks can do to detect and prevent instances of such fraud. 

What is CNP fraud? 

Card-not-present fraud happens when a fraudulent transaction occurs remotely, usually when payment is made online, over the phone or by mail. In most cases, the person committing CNP fraud is using a stolen payment card or information (cardholder name, card number, card security code) they bought on the Dark Web. 

The remote nature of the transaction makes CNP fraud so hard to detect. When you are paying with a card in person, a merchant can verify the card’s authenticity on the spot (e.g., by utilising chip and pin as well as physical cryptographic elements of the card). Merchants have a tougher time of authenticating a card online or over the phone, however. 

Remote transactions represent a significant portion of consumer spending. In the UK and China, more than 20 percent of retail spending happens online.  

The problem: Businesses have embraced digital payments, but the world’s payment architecture is still playing catch-up. This gap creates room for fraud to grow and evolve. 

How do fraudsters access payment card information? 

There are several ways for financial criminals to get their hands on payment card information.  

  • Through hacks and leaks of Personal Identifiable Information (PII) usually as the result of poorly secured or misconfigured databases. 
  • They can use card readers in public places — often ATMs — to skim the information from a payment card. 
  • They can use phishing techniques to pose as legitimate entities seeking a customer’s payment information. 
  • They can also utilize online skimming software that capture sensitive data from online payment forms 

Financial institutions understand these tricks, so they have their own methods for confirming someone’s payment details. That’s why you might have to enter a billing address or a ZIP code when using a credit card to make purchases online. 

Cybercriminals also steal data like that — including ZIP codes, Social Security numbers, dates of birth, billing addresses — to circumvent those verification procedures.  

CNP fraud detection: How financial institutions spot the scam 

Financial institutions have a variety of methods for assessing a card’s authenticity. They can verify the customer’s billing address at the time of purchase, they can confirm the card’s three-digit CVV security code, and they can prevent merchants from storing those codes in their customer records. 

To buttress those capabilities, banks can also deploy machine-learning tools that recognize out-of-character customer financial behavior in real time. This is what the next generation of fraud detection and mitigation tools look like, and in 2019 the Aite Group recognized Featurespace’s Adaptive Behavioral Analytics technology as Best-in-Class. 

CNP fraud prevention strategies 

For banks, there are a number of key elements that can be used to help verify a customer when making an online transaction, from something physical such as the three-digit CVV security code, to something more advanced such as Multi-Factor Authentication. If a fraudster cannot match a CVV to a card number, they cannot complete the fraudulent CNP transaction. 

Globally different regions are working to limit the impact of CNP fraud with new technologies, such as the European payment network’s Request to Pay (R2P) (R2P) and EMVCo’s 3DS 2.x protocol for eCommerce. 

Instead, Featurespace is focusing on the use of machine learning and Automated Deep Behavioral Networks for card fraud prevention 

Protect your business against card-not-present fraud 

Because of the nature of CNP fraud, banks and the merchants often must act as the customer’s backstop. It’s their verification procedures that stop unauthorized card payments.  

Certainly, there are ways to improve those verification procedures, whether through multi-factor authentication, biometric scans, or digital tokenization.  

But we also believe that real-time fraud protection is essential to protect customers, merchants and banks against the effects of financial crimes. That’s why Featurespace has developed tools for learning and understanding the behaviors of individual card users. By being able to recognize and learn new patterns of authentic card use, banks can remain a step ahead of fraudsters. 

To learn more, have a look at the bilingual Turkish-English webinar we hosted with our partner DVA on how the pandemic affected both card-present and card-not-present fraud around the world.