What Is Card-Not-Present (CNP) Fraud + How to Avoid It [2023]

Understand what card-not-present fraud is and how to take action to effectively avoid it and prevent a negative impact on your bottom line as a merchant.

Card-Not-Present (CNP) fraud happens when someone uses stolen credit card information to make purchases. This kind of fraud can occur whenever a physical card is not required to make a transaction, such as online purchases or over-the-phone transactions.

Credit card companies will always side with the real cardholder, leaving you, as the merchant, with a potentially significant loss of revenue. With CNP fraud becoming more and more common, it’s important to protect your business from these fraudulent transactions. 

Fortunately, there are some very effective ways to avoid losing money to CNP fraud. In this article, I’ll explain everything you need to know.


What Is Card-Not-Present Fraud?

Cybercrime is on the rise these days, and hackers and criminals have far too many ways of obtaining other people’s credit card information – whether by hacking into ecommerce systems, phishing unsuspecting individuals, or taking advantage of data leaks.

CNP fraud is an important issue to address as a merchant, because you have full financial liability. When someone makes a purchase on your website using stolen credit card details, you are the one who has to take the loss, unlike in card-present fraud in which issuing banks cover the cost. 

Pay.com can help you mitigate the risk of CNP fraud. With 3D Secure authentication, you can rest assured that the person entering their credit card details is the real cardholder, and not someone pretending to be them.

How Is Card-Not-Present Fraud Committed?

To commit CNP fraud, a cybercriminal needs to obtain the following information:

  • Card number
  • Cardholder name
  • Billing address
  • 3-digit CVV/CVC security code
  • Card expiration date

Here are some common methods these criminals use to get this data.


Phishing is when cybercriminals pose as a reputable company to gain credit card information or other personal details. 

To appear legitimate, they might send out an email that looks like it’s from Venmo or PayPal, including the company logo and branding, asking the victim to click a link to re-enter their credit card details. This may come with an element of urgency, telling the victim their account will be removed from the site if they don’t comply right away.

When a victim falls for this and enters their card details, the scammers have everything they need to commit CNP fraud. 

Employee Leaks

Employees with access to customer data can steal or leak credit card information, which can lead to CNP fraud.

Hacking and Data Leaks

Hackers can find credit card information by hacking into networks. In some cases, they’ll sell it on for a profit. Another way hackers can get their hands on credit card data is by taking advantage of known system vulnerabilities and data leaks.

How Can You Protect Your Business from Card-Not-Present Fraud?

The best way to protect your business from CNP fraud is to work with a secure payment service provider like Pay.com, which uses the highest level of credit card authentication. This way, you can be sure the only transactions that go through are from genuine cardholders.

3D Secure Authentication 

The 3D Secure protocol adds on an extra layer of authentication. You’ve probably seen it in action before: when a customer uses their credit card to make an online purchase, they’re asked to enter a code sent to them via text message.

This way, the customer confirms that they are the real cardholder.


The data security standards for the card payment industry have four levels of security, with Level 1 being the highest. 

Pay.com has Level 1 PCI DSS compliance, which helps you maintain the highest security standards.

Verification Checks

You can use an address verification service (AVS) to make sure the billing address entered matches what the credit card issuer has on file. 

The Bottom Line: Avoiding Card-Not-Present Fraud 

The best way to protect your business from CNP fraud is to use a secure payment service provider like Pay.com. With the highest level of PCI DSS compliance and 3D Secure card authentication, you can rest assured that only real transactions will go through.

Pay.com comes with many other great benefits. In addition to credit cards, you can accept a variety of other payment methods, including ACH transfers and digital wallets like PayPal, Google Pay, Apple Pay, and more. You can easily integrate your new payment system into your site, either with our simple no-code solutions or our developer-friendly APIs.

Click here to get started now.


How do you detect card-not-present fraud?

The best way to detect card-not-present fraud and protect your business is to use credit card authentication tools. Pay.com offers 3D Secure authentication to verify that each transaction is coming from a real cardholder and not a scammer.

Who is responsible for card-not-present fraud?

In cases of CNP fraud, it’s the merchant who has to take the loss. This is different from card-present fraud, in which the card issuer absorbs the loss. That’s why as a merchant, you should make sure your payment service provider is using 3D Secure card authentication.

How does a card-not-present transaction work?

A card-not-present (CNP) transaction is any transaction that doesn’t require the customer to present their physical credit card, such as online orders, over-the-phone transactions, or mail orders.

What's the most secure way for my business to accept payments?

Pay.com provides the most secure way for you to accept payments. With Level 1 PCI DSS compliance and 3D Secure 2.0 (3DS2) authentication, you get the peace of mind you need to run your business smoothly, and your customers can feel comfortable entering their payment details on your site. Click here to find out how to get started.

Meet the author
Sam Dixon
A writer with a keen interest in software and finance, Sam has spent the past several years producing content out of Seville, Spain. He keeps up to date with all things tech and enjoys reading when he has a spare minute.
Protect Your Business with 3D Secure Card Authentication

When you use Pay.com as your payment service provider, all your transactions are protected with multiple layers of authentication. We keep out any fraudulent transactions, and you get the peace of mind you need to focus on growing your business.

Get started now

Ready to boost revenue for your business

Contact sales