card-not-present fraud (card-not-present transaction)

Card-not-present (CNP) fraud is the unauthorized use of a payment card when the cardholder does not physically present the card at the time of the transaction.

In CNP fraud, merchants unwittingly process fraudulent transactions because the party committing the fraud has gained access to the information on the card's magnetic strip and knows the payment card number, the card's three-digit security code and the cardholder's name and address. Because the merchant never physically handles the payment card, there is not an opportunity to verify the cardholder's signature or request additional identification. The victim, who usually remains in possession of the compromised card, is typically unaware of the fraud until after the unauthorized activity has occurred. 

The information necessary to commit CNP fraud can be gained through a variety of methods including skimming, phishing and carding. Unlike transactions in which a card is present, the loss liability for fraudulent CNP transactions falls to the merchant which means the payment processor will charge the full value of the fraudulent purchase back to the merchant.

This was last updated in April 2015

Next Steps

Web fraud detection systems can reduce credit card fraud. This Buying Decisions series offers an introduction to Web fraud detection systems, compares the top Web fraud detection systems, and examines four scenarios where Web fraud detection is used in an enterprise, as well as criteria for buying Web fraud detection products. 

Continue Reading About card-not-present fraud (card-not-present transaction)

Dig Deeper on Threats and vulnerabilities