What is card-not-present fraud?
Card-not-present fraud (CNP) is a category of fraud made via online transactions, telephone or mail.
In other words, it’s a fraudulent payment in situations where a card is not presented to a merchant for a visual check.
Typically, a CNP fraud happens after a payment card or information on the card has been stolen (name, card number and 3-digit static card security code at the back) or purchased on the Dark Web.
How big is card-not-present fraud?
Card-not-present statistics show that in many countries it's THE major source of card fraud by far - 75% in value of all card frauds on average.
Yes, you read that right.
CNP fraud in the U.S. and Canada
In the U.S., 7.9 million consumers were the victim of CNP fraud in 2018.
This figure represents about 3.1% of the U.S. population over 18 years of age, according to a 2019 study
The amount of card-not-present fraud was estimated at $4.57 billion for 2016 by the U.S. federal reserve in a 2018 report.
In Canada, CNP fraud has been driven by solid growth in e-commerce transactions. CNP amounts to 76% of the total value of card fraud in 2015.
CNP fraud in Europe: 73%
According to the September 2018 report on fraud in the Single Euro Payments Area (SEPA), card-not-present (CNP) payments counted for a massive 73% of the total value of card fraud for 2016.
With €1.32 billion ($1.49 billion) in losses in 2016, CNP fraud was the largest segment of fraud in the eurozone and the only one to record an increase (+2.1%) compared with the previous year.
This area covers Austria, Belgium, Cyprus, Estonia, Finland, France, Germany, Greece, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Portugal, Slovakia, Slovenia, and Spain.
Card-not-present fraud in the U.K.: 76%
In the U.K. (not in the eurozone), CNP accounted for £506.4 million (or €563m or $636m), which is 76% of the total value of card fraud in 2018 and a +24% increase over 2017.
CNP fraud in Australia: 85%
In 2017, card-not-present fraud in Australia accounted for 84.8% of all fraud on cards. It is a +14% increase over 2016 for a total of 476.3 million AUD (or €295m or 330m USD) in 2017. (source Australian payments network)
The bad news?
The true cost of CNP: $3.36 for $1 of fraud
In its "True cost of fraud" 2020 report, LexisNexis estimates that every $1 in CNP fraud costs $3.36 to merchants in the USA.
To top it off, EMV is not going to help.
CNP fraud and EMV
With the shift to EMV drastically reducing card-present fraud, CNP fraud is more likely to grow in the coming years according to a January 2019 report from a Juniper Research report.
The company says that CNP fraud will have retailers lose about $130 billion in cumulative revenue between now and 2023.
Why?
It's because EMV has slashed card-present fraud and eCommerce is so convenient.
The COVID-19 has just accelerated this trend. See "shifting to online purchases because of the pandemic" stats from Statista).
Juniper also forecasts that by 2023 companies supporting retail transactions are to spend about $10 billion yearly on fraud detection and prevention capabilities.
Beyond that, CNP fraud affects consumers' behaviour, merchants and banks.
Stay with us, here comes the good news.
Preserve the consumer's shopping experience
Gemalto’s Dynamic Code Verification is a complete card-not-present security solution based on:
- a payment display card,
- a mobile solution,
- and a validation server.
It replaces static cryptograms with dynamic codes, thus mitigating fraud linked to the use of static card numbers stolen online without any impact on the merchant’s infrastructure.
The Gemalto Dynamic Code Verification launched in October 2015, is the first complete and adaptable solution on the market.
Banks can decide to deploy the solution on the mobile, on display cards, or with both components.
The versatility offered by Gemalto Dynamic Code Verification allows banks to provide a relevant and secure eCommerce solution to their customers.
How Gemalto DCV allows mitigating online fraud

Gemalto Mobile DCV
The Gemalto mobile DCV solution allows your customers to store their cards and read the dynamic codes on their mobile phone.
Customers can choose to secure their application with a PIN to add a strong authentication layer to the application.
- Stores your cards in a secure mobile application
- Allows you to complete simple and secure transactions

Gemalto Dynamic Code Card
The Gemalto Dynamic Code Card is a classic EMV contactless payment card that displays a dynamic code that automatically changes over every 20 minutes without the cardholder’s intervention.
Instead of the static code currently used to secure online purchases, the dynamic code is displayed on a small ePaper screen on the back of the card.
- Up to 125K Dynamic Code Verifications in 4 years
- Updated security cryptogram every 20 minutes

Thales Gemalto Confirm Authentication Server
The Gemalto Confirm Authentication Server is a multi-channel, multi-token and vendor-agnostic authentication solution that supports all forms of authentication technologies, across all channels.
It allows easy integration into banks’ authorization hosts and is protected by hardware security modules.

- Easy integration
- Field-proven, comprehensive, scalable and cost-effective
What customers are saying
Hugo Najera Alva, General Director of Digital Banking, BBVA Bancomer, Mexico