Card-not-present (CNP) fraud has been a growing tumour within the digital economy since its inception. This cancer is fuelled by ecommerce growth and the ever-evolving tactics of fraudsters, leading to continuously increasing ‘healthcare’ costs. According to Juniper Research, online payment fraud has resulted in USD 38 billion in losses for ecommerce merchants in 2023 and is expected to grow by approximately 20% annually for the foreseeable future.
Consumers are the ones paying the losses through higher prices for goods and services. To combat this mostly invisible but very real adversary, we must delve into the prevailing trends, potential implications, and management strategies of CNP fraud.
CNP fraud encompasses a range of deceptive activities that exploit online transactions. The most prevalent methods include:
Carding attacks, where fraudsters use automated bots to test large numbers of card numbers to verify their validity. This usually entails obtaining card details from hacked databases and using them for unauthorised transactions.
First-party fraud, when legitimate cardholders make a purchase and then claim that the transaction was unauthorised, resulting in a chargeback.
Phishing, social engineering, and account takeovers, during which fraudsters trick individuals into providing their card details by pretending to be legitimate businesses, through deceptive emails and websites, or make purchases using the stored payment information.
Triangulation, when a fraudster sets up a fake online store, sells goods at attractive prices, and uses stolen card information to buy and ship the goods to the buyer.
All companies are affected by these, including Amazon, eBay, and Eneba. One example of CNP fraud we have observed over recent years is a variation of triangulation fraud. In this scenario, fraudsters skip the creation of a counterfeit store and establish a Telegram channel that advertises purchasing significantly discounted products (often at half the original cost). Interested buyers contact fraudsters with their desired product details and pay upfront. The fraudsters then complete the purchase on the website using stolen card information, which eventually comes back as a chargeback. This scheme illustrates the possibility of a collusion between legitimate consumers and the fraudsters, with the former knowingly complicit in the fraudulent transaction.
Fraudsters exploit any vulnerability in online payment systems, and the anonymity of digital transactions makes it easier to perpetrate undetected fraud. For consumers, CNP fraud results in unauthorised charges, loss of funds, and disputing fraudulent transactions. For ecommerce, “The True Cost of Fraud” study by LexisNexis estimated that for every 1 USD of lost value due to fraud, the actual costs are more than three times higher, due to additional costs. Beyond financial losses, CNP fraud can severely damage a business’s reputation.
Consumer trust is the ‘holy grail’ in digital commerce, and repeated incidents of fraud can erode this trust. It is paramount to employ sophisticated fraud prevention measures, which naturally result in increased costs and usually lead to higher prices for goods and services, making the overall economy suffer.
Completely eradicating CNP fraud might be impossible without sacrificing privacy or introducing an unbearable amount of friction for customers. However, we can significantly reduce its impact through a multi-layered approach. This involves technology, data analysis, and collaboration.
There are numerous fraud prevention tools on the market aiding businesses to protect themselves and their customers. These include 3D-Secure authentication, machine learning (ML), and artificial intelligence (AI) based on behavioural analytics, which analyse transaction patterns and detect anomalies indicative of fraud. Real-time fraud detection systems flag suspicious transactions for further review before being processed, reducing the likelihood of successful fraud.
Fraudsters constantly develop new tactics, but the adaptive ML allows for ongoing adjustment of detection methods based on emerging trends. As the volume of ecommerce transactions grows, AI and ML systems can efficiently analyse massive datasets for risks, without sacrificing accuracy and customer experience with redundant security checks.
Another notable solution is Dark Web monitoring. This involves continuously scanning dark/deep websites (such as hacker forums) for signs of leaked credentials or exposed infrastructure vulnerabilities. Fraudsters often purchase large volumes of compromised card credentials, known as ‘card dumps’, and exploit them on ecommerce websites. The table below shows the number of deep web mentions of leading ecommerce websites worldwide (February 2024) confirming the attractiveness of the sector for fraudsters.
Embracing deeper collaboration and information sharing is the next critical step to mitigate fraud. Each entity - businesses, banks, law enforcement - has a piece of the puzzle. Sharing data on fraudulent activities, suspicious actors, and emerging tactics allows for a more comprehensive view of the CNP fraud landscape. By connecting these dots, we can identify fraud rings, track stolen card information across transactions, develop more effective preventative measures, and improve ML/AI models faster. In essence, information silos are a fraudster’s best friend. Breaking down these barriers through collaboration is crucial for creating a united front against CNP fraud.
Overall, adopting advanced technological solutions, employing behavioural analytics, and fostering collaboration are essential for businesses to protect themselves and their customers from CNP fraud. Combining these efforts with proactive customer education and internal training is crucial for maintaining consumer trust and ensuring long-term success and ecommerce security.
This editorial piece was first published in The Paypers' Fraud Prevention in Ecommerce Report 2024-2025, the ultimate source of knowledge that taps into the ever-evolving fraud realm and helps ecommerce specialists protect their businesses with the latest fraud prevention strategies.
Mantas Eitutis is a seasoned professional with experience in the dynamic fintech industry and central banking. He’s an expert in financial institution licencing, strategic development, and compliance intricacies. As the Head of Payments and Risk at Eneba, Mantas has been shaping the company’s payment strategies, overseeing partnerships, and implementing risk management practices to optimise operational efficiency.
Eneba is a digital entertainment marketplace specialising in game keys, gift cards, and mobile top-ups. It offers a wide range of products for platforms like PC, Xbox, PlayStation, and Nintendo Switch. Eneba aims to enable everyone to discover the joy of gaming by offering users competitive prices and deals on over 80,000 products, secure payments, quick refunds, and ready-to-help customer support.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now