Skip to main content
Credit Card Marketplace

The rise of card-not-present (CNP) fraud

Time to read min

      Quick insights

      • CNP fraud happens when stolen card information is used to make unauthorized transactions online, by phone or by mail.
      • Many credit card issuers and merchants use advanced technologies to help detect and prevent CNP fraud, but it can still occur.
      • If you dispute CNP fraud charges, some credit card issuers offer protections that may secure you a refund.  

      Online transactions can save time, but like any transaction, there are potential risks. Because the card doesn’t need to be physically present, these transactions can be a target for CNP fraud.  

      Banks and merchants use a variety of precautions to help limit the risk of CNP fraud for online and other transactions, and when it does happen, the fraud protections offered by many banks mean that cardmembers can usually recover their money.

      Below, we’ve outlined some things to know about CNP fraud, including how it works, protections banks and merchants may offer and a few practical steps cardmembers can take to help protect themselves.

      What is CNP fraud?

      CNP fraud is a type of payment fraud that occurs when an unauthorized transaction is made without the physical card being presented to the merchant. This typically happens in online, phone or mail-order purchases, where only the card details are required. Credit cards tend to be more common targets, but debit cards could also be at risk.

      A vulnerability with CNP transactions is that the merchant cannot examine the physical card. However, there are some steps merchants can take to potentially minimize the risk of fraud.

      How CNP fraud works

      CNP fraud occurs when someone who is not authorized to use a credit or debit card obtains the card information (card number, expiration date and CVV) and uses it for transactions without the physical card being present.

      Some ways scammers might get this information include:

      • Phishing: An online scam where someone tries to convince you to provide sensitive information (like passwords or credit card numbers) by pretending to be someone familiar.
      • Data breaches: A security incident where sensitive information is stolen or accidentally shared with an unauthorized party.
      • Malware: A type of software designed to access unauthorized information via computer, network or device.
      • Skimming: A type of fraud where someone illegally captures data from the magnetic stripe on the back of a credit or debit card (often via attaching a device to an ATM, point-of-sale system or similar).

      Fraudulent websites may also be designed to steal card information.

      When CNP fraud occurs, the merchant may unknowingly process the transaction. If the cardmember notices the unauthorized charge, they can dispute the credit card charge with the issuer and request a chargeback.

      Cardmembers are typically not responsible for unauthorized charges when CNP and other types of fraud occur due to the protections that many credit card issuers offer. In many cases, the merchant—not the cardmember—bears the financial loss.

      Some measures for detecting CNP fraud

      Many credit card issuers and merchants use a variety of preventative measures to help protect against CNP fraud. Here are some of those safety measures:

      • Fraud detection technologies: Banks may use advanced technology to analyze transaction patterns, flag suspicious activity and detect anomalies in user behavior.
      • Advanced authentication: Customers might be required to verify their identity using two-factor authentication (via SMS code, biometric scan, etc.).
      • Data security technologies: Encryption or tokenization can help safeguard sensitive card data during transactions, which may render stolen data useless.
      • Verification tools: Address Verification Systems (AVS) compare the bill address provided by the customer with the one on file, while Card Verification Value (CVV) checks provide an additional layer of verification. 
      • Merchant best practices: Merchants typically need to comply with Payment Card Industry Data Security Standards (PCI DSS) for handling sensitive card data and generally conduct regular security audits.

      Additionally, banks, merchants and law enforcement might share information about fraud trends and maintain lists of known fraudulent (or trusted) entities.

      This multi-layered approach combines technology, process controls and education to help prevent and detect CNP fraud. Despite these protections, it’s still possible for CNP fraud to occur.

      Learn more about the fraud protections offered by Chase.

      How to protect against CNP fraud

      Here are some tips that may help you prevent CNP fraud:

      • Track your banking and credit card account activity in real time through mobile banking apps and review your monthly credit card statements.
      • Sign up for alerts on unusual or large purchases and use temporary credit card locks when needed.
      • Enable two-factor authentication for online banking and shopping accounts.
      • Only use your credit card for online shopping at reputable, secure websites. Look for “https” in the retailer’s URL as the ‘s’ stands for “secured.”
      • Be cautious when providing card information over the phone and verify the recipient’s legitimacy.
      • Avoid sharing card details over email, text or social media.
      • Keep your operating systems and apps current, as software updates could contain patches to address security vulnerabilities.
      • Beware of phishing scams, which may ask you to click on suspicious links or download attachments from unknown sources.
      • Create strong, unique passwords for each online account.
      • Report lost or stolen credit cards immediately.
      • If available, consider making online purchases with virtual credit cards, which can be used for single transactions or limited time periods. Note that Chase does not offer virtual credit cards.

      Learn more about general credit card safety and some more tips for online shopping with a credit card.

      In summary

      CNP fraud occurs when someone uses stolen card information to make unauthorized transactions, usually online or by phone or mail. This type of fraud happens with transactions where the card doesn’t need to be physically present.

      Both merchants and banks use a multilayered approach—combining technology, processes and education—to prevent and detect CNP fraud. A few ways cardmembers can help protect themselves include monitoring their account, using credit card features like card lock and account alerts and only shopping on reputable sites.

      If CNP fraud does occur, cardmembers can often receive a refund by alerting their bank and requesting a chargeback, thanks to the protections that many credit card issuers offer. Chase credit cards offer fraud protection and a range of features to help keep your account safe.

      Find a credit card
      What to read next