What is card-not-present fraud?

Card-not-present fraud is a type of scam that happens when the cardholder attempts to make a fraudulent credit card transaction while not actually in possession of the physical credit or debit card. This can include payments made online, via mail order, over the phone, or by fax. Fraudsters then use that stolen information to purchase goods or services without the cardholder’s consent.

These kinds of transactions are more prone to fraud because:

  • They’re not protected by chip and PIN
  • The merchant can’t check if the physical card is genuine
  • The merchant can’t verify the cardholder’s identity

The ubiquity of online shopping has contributed to the increase of card-not-present fraud. Indeed, a 2019 Juniper Research report suggested that retailers will lose $130 billion in card-not-present fraud between 2018 and 2023. What’s more, card-not-present transactions represent 72% of the total credit and debit card fraud in the UK.

To commit card-not-present fraud a criminal must obtain a cardholder’s name, billing address, account number, three-digit security code, and card expiration date. These details can be stolen electronically, most commonly occurs through online phishing, or, through theft of a business’s customers’ credit card information by dishonest employees. It also occurs less commonly through merchant database hacks.

Because of the risks associated with collecting, handling and storing sensitive card information, many online merchants now choose to use an external payment gateway to handle card payments on their behalf. These are intended to reduce card-not-present fraud by requiring some form of two-factor authentication. One such example you may have come across is the portal ‘Verified by Visa’, which sends you a unique security code or asks you to type in a password into your laptop or phone in order to authenticate the payment.


How can I protect myself from card-not-present fraud?

Victims of card fraud are protected as long as the fraud was not due to negligence on the cardholder’s part and reasonable care was taken to prevent it. As such, when card-not-present fraud occurs, it is the merchant that bears the loss. To help protect yourself from becoming caught out by card-not-present fraud remember to:

  • Be cautious when you receive any unexpected phone calls, letters, emails or people knocking on your door.
  • Do not give out personal information or login details like your PIN or passwords. Your bank should never ask for the CVV number of your card so be wary if anyone asks you for this.
  • Destroy any old credit cards, making sure you cut through the chip and magnetic strip.
  • Make sure you keep your computer and mobile phone software up to date.
  • Always use strong passwords and don’t use the same password for multiple accounts. You should also change your passwords regularly.
  • Be careful what you share on social media. If there’s personal information like your date of birth on your account, it could be the missing piece for someone looking to impersonate you.
  • Don’t use public Wi-Fi for transactions.
  • Check your bank statements regularly

Nowadays, many banks will send an alert to your registered mobile phone number if they suspect fraudulent transactions are occurring. However, for even greater protection you can also set up from your bank for payments made using your card. This means you’ll get sent a notification whenever your card is used.

From September 2019, new rules (the EU’s second Payment Services Directive (PSD2)) will require a PIN once a customer’s total contactless payments exceed a cumulative value of roughly €150 or when five contactless transactions have been made.


Reporting card-not-present fraud

You should report any fraud on your credit card by: calling your credit card provider and explaining what’s happened. Normally you’ll be reimbursed for any charges you weren’t responsible for if you report fraud quickly. Depending on the situation, you might want to also report the fraud to the police. In this case, make sure to keep a record of any correspondence.

We hope this post was helpful. To read more about protecting yourself from payment fraud you can read some of our other posts: