Blog article
See all stories »

Card Not Present Transactions – Friend or Foe? – Transaction Volumes Are Soaring but so Is Fraud

As all investors know, there can be no reward without risk. With volumes rocketing, card-not-present (CNP) payments offer the potential to generate handsome rewards. But in parallel, the risk of fraud is escalating and CNP fraud now accounts for around 73% of total card fraud. This blog considers how payment providers can balance the risks and rewards of a flourishing market. 

The ubiquity of online and remote shopping has driven the exponential increase in CNP transactions. Although the pandemic forced the pace, CNP transaction volumes continue to rise and are estimated to reach $5.2T by 2023[1]. People have grown accustomed to CNP transactions and value the convenience of paying for goods and services remotely. In parallel, merchants and banks have adopted and encouraged mobile wallet and card-on-file solutions that remove the need for a card to be present. The truth is that CNP payments offer benefits all round and are here to stay. But this progress comes at a cost. 

Criminals have also seized CNP as an opportunity and with an almost 10 basis point fraud rate[2], meaning that CNP fraud contributes to 73%[3] of total fraud loss volume. While it may be tempting to consider that loss as a cost of doing business, it is much worse than that. A rise in fraud is a major threat to a payment intuition’s brand and reputation. Customer trust that has been hard earned over a long period of time, can disappear overnight as can the customers themselves. Banks with high rates of fraud experience higher customer attrition, higher cost of customer acquisition, and lower customer spend.

Fraud Comes in Many Forms

All payment providers have duty to protect customers from fraud and they need to step up step up their efforts to identify and combat CNP fraud. However, most existing fraud models are not tested for CNP transactions on secondary networks and many banks need to upgrade their fraud solutions. Always prevention is better than cure and many banks need to make this a priority. Although fraud comes in many forms, bank need to address five major categories:

Phishing. A type of social engineering, phishing occurs when attackers deceive cardholder into revealing sensitive information that can be used to commit fraud. Phishing is the most common type of cybercrime and financial institutions are the most frequently attacked account for 27.7% of phishing scams.

Chargeback Fraud. Also known as a “friendly fraud” because the fraudster is also a customer, this occurs when a customer makes a false chargeback claim. For example a customer may claim not to recognise a payment on their credit card statement and pursues a chargeback with their bank, despite having made the purchase.

Triangulation Fraud. This is a type of CNP fraud that is increasing by 10% every year[4].Typically the fraudster sits between a legitimate customer and a retailer. The fraudster intercepts the customer’s payment while they are making a purchase. They take the money and often steal the customer’s credit card details and other personal data.  Triangulation fraud can involve several parties and happens in several ways. However, the unique aspect of this sophisticated crime is that customer orders and receives an item and so is unaware they were involved in a scam.

Card Application Fraud.  This crime is at its highest ever level and in the UK alone it increased by 18% in the fourth quarter of 2022.  The increase is partly due to the acceleration of credit approval processes. Criminals apply for credit using a stolen identity the max out of the credit agreement. By the time the crime is detected the criminal is long gone. Although not a new crime, the incidence of application fraud is increasing, and criminals are using an array of sophisticated tools and technologies that make prevention more difficult.

Fraud Is Not a Victimless Crime

Increasing CNP fraud has a very negative impact on the customer experience. But winning the battle against fraud requires commitment, persistence the right technology. Success is a moving target and it’s always necessary to strike a balance to minimize losses from CNP transaction fraud, while minimizing fraud risk and false declines.

Research[5] suggests that 20% of cardholders stop card use after more than one false decline within six months. Moreover, statistics reveal a 15% drop in average monthly spend after a second false decline[6]. Banks with higher rates of false declines experience increased rates of customer attrition, and a reduction in average customer spend.  As fraud rates increase, everyone loses.

Card Security Checks

To help reduce fraud for CNP transactions, the major credit card companies implemented authentication systems to ascertain if the credit card used in a transaction is actually in the possession of the owner. Knowledge of the card security value – known as CVV/ CVC (Card Verification Value/Code) is essential to complete a transaction. In many countries it is now mandatory to provide this code when the cardholder is not present during the transaction.

While card security checks offer a step-change improvement in fraud prevention, minimizing losses from CNP fraud requires a solution focused on ID verification and advanced analytics. In order to drive maximum value from processing solutions, every bank must choose a processing partner that can combine competitive pricing with the ability to optimize authorization rates.  

FIS’ Commitment

At FIS, we are committed to optimizing the digital, ecommerce experience, while securing the ecosystem for financial institutions and merchants. We have invested in additional fraud rule and innovative predictive modelling capabilities focused on card enumeration attacks on card Issuers. Ecommerce threat disruption tools have been rolled out to merchants to help identify and prevent malware on ecommerce websites that can often become the attack surfaces for various CNP fraud schemes. Bringing both sides of the ecosystem together, we have created trusted consumer programs with e-commerce merchants who share additional data to validate and streamline authorization approvals for legitimate transactions with no incremental fraud risk to payment providers and card Issuers. Additionally, FIS is working closely with the industry, network partners, and public authorities to share fraud intelligence, trend data, and best practices in an effort to quickly identify emerging threats and shut them down.


[1] Federal Reserve, 2023 values projected on historical Fed analysis

[2] Federal Reserve and E-Marketer

[3] Federal Reserve and E-Marketer


[5] ABA

[6] ClearSale



Comments: (1)

Peter Alcock
Peter Alcock - NMI - Bristol 15 December, 2023, 10:24Be the first to give this comment the thumbs up 0 likes

The solution to most of these is to implement Strong Customer Authentication, in the form of 3D-Secure. It's what has been mandated in Europe for a while now and cardholders are used to it. 

I've never understood why financial authorities in the US are so reticent about implementing measures  proven to reduce fraud, crime and card miuse. Chip and PIN is a great example. The US has EMV cards, sure, but the one single thing that makes EMV work perfectly is PIN! And the US banks stopped short of mandating it for credit card transactions... Talk about a missed opportunity!

Now hiring