What Is Card-Not-Present Fraud?
Card-not-present fraud is a type of credit card scam in which the customer does not physically present the card to the merchant during the fraudulent transaction. Card-not-present fraud can occur with transactions that are conducted online or over the phone. It is theoretically harder to prevent than card-present fraud because the merchant cannot personally examine the credit card for signs of possible fraud, such as a missing hologram or altered account number.
- Card-not-present fraud is a scam where the scammer attempts to make a fraudulent credit card transaction while not possessing the physical card.
- Online purchases and those done over-the-phone are prime examples of where just a credit card number is required. The ubiquity of online shopping has contributed to the increase of card-not-present fraud.
- To combat this type of fraud, many online merchants now require the CVV number, which is on the reverse side of a physical card to validate you have the card.
Understanding Card-Not-Present Fraud
Credit card payment processors take a number of steps to minimize card-not-present fraud. These include verifying that the address provided by the customer at the time of purchase matches the billing address on file with the credit card company, checking the validity of three-digit CVV security codes, and prohibiting merchants from storing these codes. However, if the criminal has stolen these details, the fraudulent transaction may appear legitimate.
How Card-Not-Present Fraud Is Committed
Card-not-present fraud can occur when a criminal obtains a cardholder’s name, billing address, account number, three-digit security code, and card expiration date. These details can be stolen electronically, without obtaining the physical card. The theft of credit card data for use in card-not-present fraud most commonly occurs through online phishing or through theft of a business’s customers’ credit card information by dishonest employees. It also occurs less commonly through merchant database hacks.
The theft of credit card data for use in card-not-present fraud most commonly occurs through online phishing or through theft of a business’s customer credit card information by dishonest employees.
When card-not-present fraud occurs, the merchant bears the loss. This type of fraud can have a significant impact on the merchant’s bottom line, especially for retail establishments, which tend to have small profit margins. By contrast, in card-present fraud, the credit card issuer usually bears the loss, not the merchant. Under credit card terms and conditions, the credit card issuer will not hold the cardholder liable for any fraudulent charges, whether through card-present or card-not-present fraud.
Sophisticated technology can detect many instances of attempted card-not-present fraud. For example, credit card companies have methods of detecting credit card purchases that are likely fraudulent given the account holder’s typical card usage. However, they cannot easily detect a type of card-not-present fraud called online shoplifting or friendly fraud. In this scenario, the criminal will make a purchase online or by phone, receive the merchandise, then file a dispute with the credit card issuer saying that the merchandise is inferior or that it never arrived. The issuer initiates a chargeback, and the merchant has to refund the dishonest customer.
The continuous rise and spread of online shopping have been cited as contributing factors in the increase of card-not-present fraud.