Why is CNP fraud more common than card-present fraud?

CNP fraud is easier to commit because fraudsters only need card numbers, expiration dates, and CVV codes—information readily available from data breaches or dark web markets. They don't need the physical card or ability to bypass chip technology. The lack of face-to-face verification and physical card inspection makes CNP transactions inherently riskier.

Who is liable for CNP fraud—the merchant or the bank?

Merchants bear liability for most CNP fraud. When cardholders dispute fraudulent charges, merchants typically lose the chargeback and pay fees. Banks and card networks have shifted liability to merchants for CNP transactions because merchants can't verify physical cards. This is why fraud prevention is critical for e-commerce businesses.

Can 3D Secure completely prevent CNP fraud?

3D Secure significantly reduces CNP fraud and shifts liability to card issuers for authenticated transactions. However, it's not foolproof—sophisticated fraudsters bypass it through phishing, account takeover, or exploiting implementation weaknesses. 3D Secure works best as part of layered fraud prevention with IP risk scoring, device fingerprinting, and behavioral analysis.

Payment Fraud

What is CNP Fraud (Card Not Present)?

7 min read Last updated: Dec 2025

Definition

CNP fraud (Card Not Present fraud) occurs when stolen payment card information is used for transactions where the physical card isn't present—primarily online purchases, phone orders, or mail orders. Without the ability to physically verify the card or cardholder identity, CNP transactions face inherently higher fraud risk than card-present transactions.

How CNP Fraud Works

Fraudsters obtain stolen card data from data breaches, phishing schemes, card testing operations, or dark web markets. They need only the card number, expiration date, and CVV code—information readily available from these sources. IP Risk Score helps merchants verify the legitimacy of CNP transactions by analyzing IP characteristics, location patterns, and device signals that indicate fraudulent activity.

With stolen card details, fraudsters make online purchases or phone orders. They don't need the physical card, don't need to bypass chip technology, and never interact face-to-face with merchants. This anonymity and lack of physical verification makes CNP fraud significantly easier to commit than card-present fraud.

Common CNP Fraud Scenarios

E-commerce purchases represent the most common CNP fraud. Fraudsters buy high-value items like electronics, gift cards, or luxury goods that can be quickly resold. They ship to addresses they control or use package forwarding services to obscure their location.

Subscription services and digital goods also attract CNP fraud. Monthly subscriptions, streaming services, software licenses, and in-game purchases can be accessed immediately with low detection risk. Fraudsters use or resell these digital products before merchants detect the fraud.

Account takeover combined with CNP fraud creates particularly damaging scenarios. Fraudsters access legitimate user accounts through credential stuffing or phishing, then use stored payment methods or add new stolen cards. The legitimate account history provides cover for fraudulent purchases.

CNP Fraud is Exploding

CNP fraud accounts for over 70% of all card fraud and continues growing as e-commerce expands. The shift to online shopping during COVID-19 accelerated CNP fraud dramatically. Merchants now face unprecedented fraud pressure while also managing increased transaction volumes.

Detecting CNP Fraud

IP Address Analysis

IP Risk Score provides real-time intelligence about transaction sources. High-risk indicators include VPN or proxy usage, data center IP addresses, connections from high-fraud countries, IP addresses associated with previous fraud, and mismatches between IP location and billing address.

Geographic velocity also reveals fraud. A cardholder makes a purchase from New York, then another transaction appears from London an hour later. Physical travel times make this impossible for legitimate users but typical for fraudsters using stolen cards.

Order Characteristics

Suspicious orders show recognizable patterns. Unusually large first orders from new customers. Multiple orders in rapid succession. High quantities of the same product. Expedited shipping requests. Delivery addresses different from billing addresses, especially to freight forwarders or mailbox services.

Customer Behavior

Fraudsters behave differently than legitimate shoppers. They skip product details and rush through checkout. They don't compare options or read reviews. They create new accounts rather than reusing existing ones. They make no contact before or after purchase unless their order gets flagged.

Device Fingerprinting

Device fingerprinting tracks unique device characteristics. Fraudsters often use new devices or clear their browser data to avoid detection. Multiple accounts or transactions from the same device despite different stated identities indicates fraud.

Mismatched Information

Information inconsistencies suggest fraud. Email addresses don't match names. Phone numbers are disconnected or invalid. Billing addresses fail verification. Customer names don't align with card names. Each mismatch increases fraud probability.

Preventing CNP Fraud

IP Risk Scoring

IP Risk Score evaluates every transaction in real-time. Block or challenge orders from high-risk IP addresses. Allow trusted customers to checkout smoothly while scrutinizing suspicious sources. Risk scores adapt to emerging threats and new fraud patterns.

CVV Verification

Require CVV (Card Verification Value) codes for all transactions. The three or four-digit security code proves someone has physical access to the card. While CVV codes appear in some data breaches, requiring them stops many fraudsters who lack complete card information.

Address Verification System (AVS)

AVS compares billing addresses provided during checkout with addresses registered with card issuers. Mismatches indicate potential fraud. Configure AVS to automatically decline high-risk mismatches while manually reviewing moderate risks.

3D Secure Authentication

3D Secure (3DS) adds authentication before completing transactions. Cardholders verify their identity through passwords, SMS codes, or biometrics. 3DS shifts liability from merchants to card issuers for authenticated transactions, providing both fraud protection and chargeback protection.

Velocity Limits

Implement velocity checks on transactions, payment methods, and shipping addresses. Flag multiple purchases from the same card in short periods. Monitor rapid order submission. Limit daily purchase amounts for new accounts. These rules catch fraud patterns without impacting most legitimate shoppers.

🛡️ Prevent CNP Fraud with IP Intelligence

Fraudlogix IP Risk Score provides real-time transaction verification for CNP purchases. Identify high-risk IP addresses, proxy usage, VPN connections, geographic mismatches, and fraud patterns before processing payments. Protect your e-commerce business from card-not-present fraud.

Explore IP Risk Score

Machine Learning Fraud Detection

Modern fraud systems use machine learning to identify suspicious patterns. They analyze thousands of transaction attributes simultaneously—order details, customer behavior, device characteristics, IP reputation, historical patterns. ML models adapt to new fraud techniques and improve detection over time.

Manual Review Processes

High-value or suspicious orders warrant manual review. Fraud analysts examine order details, contact customers, verify information, and make final decisions. Manual review catches sophisticated fraud that automated systems miss, though it adds operational costs and delivery delays.

Customer Communication

Verify suspicious orders by contacting customers directly. Call phone numbers provided. Email for confirmation. Legitimate customers appreciate security measures and respond quickly. Fraudsters typically abandon orders when merchants request verification.

Balance Security and Conversion

Overly aggressive fraud prevention hurts sales by declining legitimate orders. Use risk-based approaches that apply strong verification to suspicious transactions while allowing trusted customers to checkout smoothly. False positives cost revenue and frustrate customers.

Liability and Chargebacks

Merchant Liability

Merchants bear liability for CNP fraud. When cardholders dispute fraudulent charges, merchants lose the transaction amount, pay chargeback fees ($20-$100 per dispute), and lose shipped merchandise. High chargeback rates result in fines, account holds, or losing merchant accounts entirely.

Liability Shift with 3D Secure

3D Secure authentication shifts liability to card issuers for authenticated transactions. If fraudsters bypass 3DS authentication, issuers bear the loss. This liability protection makes 3DS valuable despite adding friction to checkout.

Chargeback Ratios

Payment processors monitor chargeback-to-transaction ratios. Exceeding 1% typically triggers warnings. Higher ratios result in fines, increased processing fees, reserve holds, or account termination. CNP merchants must actively manage fraud to maintain acceptable ratios.

Representment Rights

Merchants can dispute chargebacks through representment. Provide evidence proving transactions were legitimate—IP addresses matching customer location, delivery confirmation, AVS matches, customer communication records. Strong evidence sometimes wins disputes, recovering lost revenue.

Frequently Asked Questions

Use risk-based fraud prevention that evaluates each transaction individually. Apply strong verification to suspicious orders while allowing trusted customers smooth checkout. Implement IP Risk Score to identify high-risk sources. Use 3D Secure selectively for risky transactions. Accept some fraud risk rather than declining all uncertain orders—perfect fraud prevention means declining too many legitimate sales.

Yes, but with extra verification. Legitimate reasons exist for different addresses—gifts, work addresses, vacation homes. Don't automatically decline these orders. Instead, apply additional scrutiny: verify IP location matches, contact customer for confirmation, check shipping address history, look for freight forwarders or mailbox services. Many legitimate orders use different addresses, but most fraud does too.

Card-present fraud requires physical cards and occurs at point-of-sale terminals. CNP fraud needs only card numbers and happens online or by phone. Card-present fraud has declined dramatically due to EMV chip technology. CNP fraud has exploded as fraudsters shifted to easier online targets. CNP transactions can't verify physical cards, making them inherently riskier and why merchants bear liability for CNP fraud.