Online payments make shopping easier for everyone. But they also open the door for card not present (CNP) fraud. And if you’re not watching carefully, it can cost you more than money. It can lead to chargebacks, lost goods, and higher risk ratings. Here's how to stop that spiral before it starts.
What Is Card Not Present Fraud?
Card not present fraud happens when someone makes a purchase without physically presenting the card. This typically happens online, by phone, or through an app. If the purchase is unauthorized, the real cardholder may dispute the charge. That often turns into a chargeback, and you're left covering the loss.
This type of fraud is hard to detect because you can’t rely on traditional clues like matching a card to an ID. Everything depends on the data and your ability to recognize red flags.
Why Card Not Present Fraud Prevention Is So Important
CNP fraud is one of the top causes of chargebacks. Unlike in-store fraud, you're almost always liable as the merchant. Even one missed risk signal can lead to a loss that’s difficult to recover.
Prevention is more than running payments through a gateway. It involves layering tools that catch risky behavior before it escalates.
Key Tools and Tactics That Actually Work
Here’s what digital merchants are using today to fight card not present fraud without destroying conversions:
Address Verification Service (AVS)
AVS checks the billing address provided by the customer against the one on file with the card issuer. It’s one of the oldest CNP fraud tools and still useful. A mismatch isn’t a guaranteed fraud signal, but it should trigger extra caution.
Use AVS with other tools to avoid false positives. Some international cards, for example, don’t support full AVS data.
CVV Verification
The CVV (card verification value) code is printed on the card but not stored in the magnetic stripe or chip. It helps confirm that the buyer actually has the card in hand.
If the CVV doesn’t match or is missing, block the transaction or send it to manual review. It’s a quick way to stop bots and stolen numbers from testing purchases.
Device Fingerprinting
Every device leaves a trace, like IP address, browser type, language settings, and operating system. Device fingerprinting pulls this information together to spot suspicious users or unusual setups.
If someone uses the same device to test dozens of cards or switches browsers frequently, that’s a red flag.
Velocity Checks
Velocity checks track how often the same data is used across transactions. For example:
- 3 purchases from the same IP in 10 minutes
- 5 cards used on the same account in one day
- 4 orders shipping to the same address with different names
These patterns often reveal fraud attempts that would pass a single-transaction check. Customize your thresholds based on normal customer behavior.
Geolocation and IP Analysis
Compare the user’s IP location to the billing or shipping address. If they’re thousands of miles apart or the IP is masked by a known proxy, that’s worth investigating.
You can also look for connections to high-risk countries or known fraud hotspots.
Risk Scoring Engines
Many fraud prevention tools assign a numerical risk score based on dozens of factors. Transactions that cross a certain threshold are automatically declined or flagged for manual review.
Some tools let you customize the rules to better fit your customer base. If you're selling low-cost subscriptions, for example, your fraud pattern will look very different from a luxury retailer’s.
Manual Review for Suspicious Orders
Automated systems catch a lot. But sometimes a human eye is the best tool. Orders with mismatched details, large values, or other red flags should go through manual review before approval.
Train your team to check:
- Order history and customer behavior
- Email address formatting (random characters are often suspicious)
- Typos in billing or shipping info
- Urgent or unusual shipping requests
Manual review is slower, but it’s a solid line of defense for edge cases.
Patterns of Risky Behavior to Watch
Fraudsters adapt fast. But certain behaviors continue to pop up in successful CNP attacks:
- Multiple failed attempts with small payment amounts
- Orders placed at unusual hours in your business’s timezone
- Repeated use of prepaid cards or gift cards
- High-ticket purchases shipped overnight to a new customer
- Inconsistent billing and shipping addresses
Spotting patterns early keeps your fraud costs down. Don’t rely on one signal alone. Watch for combinations.
Final Takeaway
Card not present fraud isn’t going away, but you don’t have to sit back and take the hit. By layering tools like AVS, device tracking, and velocity rules, you can stop most bad transactions before they trigger a chargeback. Don’t wait until your chargeback ratio spikes. Start tightening your fraud filters now.
FAQ: Card Not Present Fraud Prevention Tactics
What’s the difference between card not present fraud and friendly fraud?
Card not present fraud involves unauthorized use of a payment method by someone other than the cardholder. Friendly fraud happens when the real cardholder disputes a legitimate charge, often after receiving the product or service.
Does using 3D Secure stop CNP fraud?
3D Secure adds a layer of authentication during checkout, such as a password or biometric check. It reduces your liability but doesn’t stop all types of fraud, especially if the attacker has access to the authentication step.
How do I balance fraud prevention with customer experience?
Use a layered system with adjustable thresholds. Don’t block every mismatch. Flag for review instead. Overly aggressive filters can lead to false declines, which hurt revenue and trust.
Is manual review still necessary if I have a risk engine?
Yes. Risk engines automate detection, but they can miss context. Manual review is helpful for high-risk transactions, especially those flagged by multiple tools but not clearly fraudulent.
What’s a good fraud rate to aim for?
Keep your fraud rate under 0.1% of total transactions. Anything higher may trigger payment processor scrutiny or place you in a high-risk category. Regular monitoring and rule updates help keep the rate in check.
Tighten the Leaks Before the Chargebacks Flow In
You can’t stop chargebacks if you’re letting fraud slide through the front door. Chargeblast helps digital merchants plug fraud leaks with early detection, real-time alerts, and tailored dispute strategies that fit your industry. Want fewer chargebacks and better outcomes when fraud slips through? Let’s make that happen.