What Is Card-Not-Present Fraud?

Card-not-present fraud is a type of credit card scam in which the customer does not physically present the card to the merchant during the fraudulent transaction. Card-not-present fraud can occur with transactions that are conducted online or over the phone in which the user only provides the credit card numbers.

Card-not-present fraud can be difficult to detect because the merchant cannot personally examine the credit card for signs of possible fraud, such as a missing hologram or altered account number. However, the merchant can take some steps to try to minimize the risk of card-not-present fraud, such as by verifying a user's mailing address associated with the card or using biometrics like fingerprints.

Nearly half of Americans have been the victim of digital payment fraud. Learn how it works and ways to prevent it.

Key Takeaways

  • Card-not-present fraud is a scam in which someone attempts to make a fraudulent credit card transaction with a credit card they don't own or have in their possession.
  • Online purchases and those done over-the-phone are prime examples of where just a credit card number is required.
  • The ubiquity of online shopping has contributed to an increase of card-not-present fraud.
  • To combat this type of fraud, many online merchants now require the CVV number to validate you have the card.

Card-Not-Present Fraud Definition

Credit card payment processors take a number of steps to minimize card-not-present fraud. These include verifying that the address provided by the customer at the time of purchase matches the billing address on file with the credit card company, checking the validity of three-digit CVV security codes, and prohibiting merchants from storing these codes.

However, if the criminal has stolen these details, the fraudulent transaction may appear legitimate.

How Card-Not-Present Fraud Works

Card-not-present fraud can occur when a criminal obtains a cardholder’s name, billing address, account number, three-digit CVV security code, or card expiration date. These details can be stolen electronically without obtaining the physical card.

The theft of credit card data for use in card-not-present fraud most commonly occurs through online phishing or through theft of a customer's credit card information by dishonest employees. It also occurs less commonly through merchant database hacks.

When card-not-present fraud occurs, the merchant bears the loss. This type of fraud can have a significant impact on the merchant’s bottom line, especially for retail establishments, which tend to have smaller profit margins.

By contrast, in card-present fraud, the credit card issuer usually bears the loss, not the merchant. Under credit card terms and conditions, the credit card issuer will not hold the cardholder liable for any fraudulent charges, whether through card-present or card-not-present fraud.

How Card-Not-Present Fraud Is Detected

Sophisticated technology can help detect many instances of attempted card-not-present fraud. For example, credit card companies have methods of detecting credit card purchases that are likely fraudulent given the accountholder’s typical card usage.

Merchants can take steps like using biometric information like fingerprints or voice patterns to try to detect card-not-present fraud. They can also try to confirm the identity of a cardholder by using personal information like a mailing address.

However, they cannot easily detect online shoplifting or friendly fraud. In this scenario, the criminal will make a purchase online or by phone, receive the merchandise, then file a dispute with the credit card issuer saying that the merchandise is inferior or that it never arrived. The issuer initiates a chargeback and the merchant has to refund the dishonest customer.

Is Card-Not-Present a Type of Card Fraud?

Card-not-present fraud is a type of credit card fraud in which the criminal uses the numbers of your credit card to make purchases online, by mail, or over the phone. In these cases, they do not have to present the physical card to a merchant.

How Do You Detect Card-Not-Present Fraud?

One way a merchant can detect card-not-present fraud is to use an Address Verification System. With this strategy, the merchant can cross check a customer's address with the address associated with the credit card to help confirm the card belongs to the buyer.

How Can Someone Use Your Card Without Having It?

A criminal can use the numbers on your credit card, including the account number and expiration date, to make purchases online or over the telephone. Criminals can even use your debit card without physically having it.

The Bottom Line

Card-not-present fraud is a danger that can threaten your personal finances and personal identity. Merchants can work to prevent this type of fraud in a few ways, including by using biometrics for identification or verifying an identity with information like a mailing address.

Monitor your credit and credit card statements regularly and look for any signs of fraud, such as purchases you didn't make. If you believe you've been a victim of card-not-present fraud, contact your credit card company immediately.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. TransUnion. "What is Card Not Present Fraud (CNP Fraud)?"

  2. National Association of Federally Insured Credit Unions. "Card Not Present Fraud Is Skyrocketing."

  3. Seon. "10 tips to prevent card-not-present fraud."

Take the Next Step to Invest
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.