Card Not Present (CNP) Fraud: What Is It & How to Prevent It

Card-not-present (CNP) fraud is one of the fastest-growing threats in digital payments. As more transactions move online and real-time payment rails expand globally, fraudsters have more opportunities than ever to exploit stolen card credentials without ever touching a physical card. CNP fraud is a subset of payment fraud that is particularly difficult to detect, as neither the card nor the cardholder is physically present to verify at the point of transaction.

In SEON’s Fraud & Risk in the Global Payments Era report, 56% of payments professionals say fraud losses are still outpacing revenue growth, and 62% now identify real-time transaction monitoring as their single most critical defense. CNP fraud is a significant driver of both pressures.

This article explains what CNP transactions are, how criminals exploit them and how businesses can protect themselves.

What Is a Card Not Present (CNP) Transaction?

A card-not-present transaction is a payment made with a credit or debit card in which the card never physically interacts with a payment terminal. Instead, the transaction is authorized using the card’s credentials alone: the card number, expiry date, CVV and billing address.

CNP transactions are the backbone of modern digital commerce. They power eCommerce checkouts, subscription billing, phone orders and online banking. But their convenience is precisely what makes them a target: without a physical card or cardholder present, it is harder to verify that the person initiating the transaction is who they claim to be.

Card-Present vs Card.Not-Present

Understanding the distinction helps frame the fraud risk:

• Card-present (CP) transactions require the physical card to interact with a terminal, whether by chip insertion, magnetic stripe swipe, or contactless tap. The card and often the cardholder are physically verified at the point of sale.
• Card-not-present (CNP) transactions rely entirely on credential input. No physical verification takes place. This shifts fraud liability in most cases onto the merchant or payment provider, rather than the card issuer.

This liability gap is why CNP fraud is disproportionately costly for businesses compared to card-present fraud.

Examples of Card Not Present Transactions

CNP transactions occur across a wide range of payment contexts:

• eCommerce: A customer enters card details during online checkout and receives the goods by delivery or in-store pickup.
• Phone orders: A customer dictates card credentials to a sales agent over the phone.
• Mail orders: Card details are submitted on a paper order form sent by post.
• Online invoicing: A business client pays an invoice by entering card credentials into a payment portal.
• Card on file: A customer authorizes a merchant to store their card details for recurring payments or installment billing, so they don’t have to re-enter their credentials each time.
• Online banking: A cardholder uses card credentials to authenticate and conduct transactions through a financial dashboard.

What Is Card Not Present Fraud?

Card-not-present fraud occurs when stolen, fabricated or otherwise unauthorized card credentials are used to initiate a CNP transaction without the legitimate cardholder’s consent. It is one of the two primary forms of payment card fraud, alongside card-present fraud, and it is significantly harder to detect because neither the card nor the cardholder is physically present to verify.

As more merchants move to digital-first payment models, CNP fraud continues to grow as a proportion of overall card fraud losses. Fraudsters obtain card credentials through data breaches, phishing attacks, dark web purchases and social engineering, then use them to make purchases before the cardholder notices.

Types of Card-Not-Present Fraud

• Phishing: Criminals create fake websites or send deceptive messages to trick cardholders into submitting their payment credentials, which are then used for unauthorized CNP transactions.
• Chargeback fraud: A fraudster uses stolen credentials to make a purchase. The legitimate cardholder disputes the transaction, triggering a chargeback. The merchant loses both the goods and the payment.
• Friendly fraud: A legitimate cardholder makes a CNP purchase, receives the goods or service, then files a false chargeback claiming the item never arrived or the transaction was unauthorized.
• Triangulation fraud: A criminal sets up a fake eCommerce storefront and uses stolen card details to fulfill orders from legitimate merchants. The real cardholders file chargebacks, and the legitimate merchants absorb the losses.
• Card testing: Fraudsters make small, low-value CNP transactions to verify whether stolen card credentials are active before using them for larger purchases. These micro-transactions are often difficult to spot without velocity monitoring.
• Payment card application fraud: Criminals use stolen or synthetic identities to apply for new payment cards, which are then used for CNP transactions. Synthetic identity fraud alone is projected to reach $23 billion in annual losses by 2030.

How CNP Fraud Works

CNP fraud typically follows a consistent pattern, though the methods for obtaining credentials vary:

1. Credential theft: Fraudsters acquire card details through phishing, data breaches, skimming devices or the dark web purchase of “fullz” (complete cardholder profiles including name, address, card number, CVV and sometimes PIN).
2. Credential validation: Small test transactions are made to confirm the card is active and the credentials are correct.
3. Exploitation: Valid credentials are used to make higher-value purchases, often of easily resalable goods, gift cards, or digital products that are difficult to trace.
4. Cashout: Goods are resold, gift cards are liquidated or funds are moved through mule accounts before the fraud is detected.

The window between credential theft and detection is often narrow, which is why real-time monitoring is critical. In SEON’s Fraud & Risk in the Global Payments Era report, 62% of payments organizations now identify real-time transaction monitoring as their single most effective defense against this kind of fast-moving fraud.

How to Prevent Card Not Present Fraud

Since the majority of the time liability falls on the merchant, payment service provider, or the victim’s bank, it’s vital to understand the best ways to protect your business from CNP fraud. Modern solutions have been developed to help you spot the true customer or the fraudster.

Maintain PCI DSS compliance

The PCI Security Standards Council establishes baseline data security requirements for any organization that processes card payments. Key obligations include encrypting cardholder data in transit and at rest, restricting data access to authorized personnel only, maintaining audit logs of all access to card data and regularly testing systems and processes for vulnerabilities. Compliance does not guarantee fraud prevention, but non-compliance significantly increases exposure and regulatory risk.

Collect and enrich customer data at every touchpoint

The more signals you gather at account registration, login and checkout, the easier it is to distinguish legitimate users from fraudsters. Beyond basic card credentials, collect email addresses, phone numbers, device identifiers, IP addresses and billing information. Data enrichment tools can then cross-reference these against external sources, such as social media profiles, phone carrier data and IP reputation databases, to surface inconsistencies without adding friction for genuine customers.

Monitor transactions for unusual behavior in real time

Fraudsters tend to act quickly and follow patterns: rapid successive transactions, multiple cards used from the same device, mismatched billing and shipping addresses or sudden high-value purchases from new accounts. Real-time transaction monitoring compares each payment against established behavioral baselines and flags anomalies the moment they occur, rather than after the fact.

Apply velocity rules

Velocity rules track the rate and combination of events over a defined time window. For example: multiple transactions on the same card within minutes, several different cards used from the same IP address or a new account placing a high-value order with express shipping. These patterns are strong indicators of CNP fraud and card testing activity, and can trigger automatic review or blocking.

Require CVV verification

Card verification values (CVVs) are not stored in most data breaches and are not encoded on magnetic stripes, meaning fraudsters may have a card number without having the CVV. Requiring CVV entry for all CNP transactions adds a meaningful barrier. It also provides merchants with some liability protection when disputes arise.

Use Address Verification Service (AVS)

AVS cross-references the billing address entered during a CNP transaction against the address registered with the card issuer. Mismatches flag potentially fraudulent transactions for review or automatic rejection. AVS is particularly effective for detecting the use of stolen credentials where the fraudster does not know the cardholder’s registered address.

Implement 3DS and multi-factor authentication

3-Domain Secure (3DS) and other strong customer authentication (SCA) methods require cardholders to verify their identity through an additional step, such as a one-time password sent to their phone or biometric confirmation. While this adds friction to the checkout process, it significantly reduces CNP fraud rates and shifts liability back to the card issuer in most dispute scenarios.

Build risk score profiles

Risk scoring aggregates signals from device intelligence, behavioral analytics, data enrichment and transaction history into a single risk score for each transaction. Low-risk transactions proceed without friction. Higher-risk transactions trigger additional authentication. This tiered approach, sometimes called light and heavy KYC, balances fraud prevention with customer experience.

Dispute chargebacks with enriched data

Friendly fraud, where a cardholder makes a legitimate purchase and then falsely disputes it, is a significant and growing problem. Merchants with detailed transaction records, device fingerprints, delivery confirmations and behavioral data are significantly better positioned to win chargeback disputes and recover lost revenue.

How SEON Helps Prevent CNP Fraud

SEON’s Digital Footprint analysis module enriches email addresses, phone numbers and IP addresses in real time to surface thin or suspicious identities before a transaction is approved.

Its Device Intelligence covers a wide variety of device related data and detects emulators, VPNs and device spoofing commonly used in CNP fraud operations.

The AI-enhanced Payment Screening capabilities monitor and score each transaction against behavioral baselines, flagging anomalies the moment they occur. Explore SEON’s transaction monitoring services and identity fraud solutions to see how these capabilities combine into a layered CNP defense.

Frequently Asked Questions about Card Not Present Fraud