What is card-not-present fraud?
Card-not-present fraud (CNP) is a category of fraud made via online transactions, telephone, or mail.
In other words, it’s a fraudulent payment in situations where a card is not presented to a merchant for a visual check.
Typically, a CNP fraud happens after a payment card or information on the card has been stolen (name, card number, and 3-digit static card security code at the back) or purchased on the Dark Web.
How big is card-not-present fraud?
Card-not-present statistics show that it's THE major source of card fraud by far - 75% in value of all card frauds on average in many countries.
Yes, you read that right.
CNP fraud in the U.S. and Canada
In the U.S., 7.9 million consumers were the victim of CNP fraud in 2018.
This figure represents about 3.1% of the U.S. population over 18 years of age, according to a 2019 study.
The amount of card-not-present fraud was estimated at $4.57 billion for 2016 by the U.S. federal reserve in a 2018 report.
In Canada, CNP fraud has been driven by solid growth in e-commerce transactions. CNP amounts to 76% of the total value of card fraud in 2015.
CNP fraud in Europe: 79%
According to the sixth report on fraud in the Single Euro Payments Area (SEPA), card-not-present (CNP) payments counted for a massive 79% of the total value of card fraud for 2018.
Card fraud at ATMs and POS terminals represented 6% and 15% respectively in 2018.
With €1.8 billion ($2.17 billion) in losses in 2018, CNP fraud was the largest segment of fraud in the eurozone and the only one to record an increase (+13% vs 2017) compared with the previous year.
This area covers Austria, Belgium, Cyprus, Estonia, Finland, France, Germany, Greece, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Portugal, Slovakia, Slovenia, and Spain.
Card-not-present fraud in the U.K. : 76%
In the U.K. (not in the eurozone), CNP accounted for £470.2 million in 2019, a 7% decrease vs 2018.
CNP is 76% of the total value of card fraud in 2019.
Other frauds include Lost & Stolen (15%), card ID theft (6%), counterfeit card (2%), and card not received (1%).
CNP fraud in Australia: 85%
In 2017, card-not-present fraud in Australia accounted for 84.8% of all fraud on cards. It is a +14% increase over 2016 for a total of 476.3 million AUD (or €295m or 330m USD) in 2017. (source Australian payments network)
The bad news?
The true cost of CNP: $3.36 for $1 of fraud
To top it off, EMV is not going to help.
CNP fraud and EMV
With the shift to EMV drastically reducing card-present fraud, CNP fraud is more likely to grow in the coming years, according to a January 2019 report from a Juniper Research report.
The company says that CNP fraud will have retailers lose about $130 billion in cumulative revenue between now and 2023.
It's because EMV has slashed card-present fraud, and eCommerce is so convenient.
The COVID-19 has just accelerated this trend. See "shifting to online purchases because of the pandemic" stats from Statista).
Juniper also forecasts that by 2023 companies supporting retail transactions are to spend about $10 billion yearly on fraud detection and prevention capabilities.
Beyond that, CNP fraud affects consumers' behaviour, merchants, and banks.
Stay with us. Here comes the good news.
Preserve the consumer's shopping experience
Gemalto’s Dynamic Code Verification is a complete card-not-present security solution based on:
- a payment display card,
- a mobile solution,
- and a validation server.
It replaces static cryptograms with dynamic codes, thus mitigating fraud linked to the use of static card numbers stolen online without any impact on the merchant’s infrastructure.
The Gemalto Dynamic Code Verification launched in October 2015, is the first complete and adaptable solution.
Banks can decide to deploy the solution on the mobile, on display cards, or with both components.
The versatility offered by Gemalto Dynamic Code Verification allows banks to provide a relevant and secure eCommerce solution to their customers.
How Gemalto DCV allows mitigating online fraud
Gemalto Mobile DCV
The Gemalto mobile DCV solution allows your customers to store their cards and read the dynamic codes on their mobile phones.
Customers can choose to secure their application with a PIN to add a strong authentication layer to the application.
- Stores your cards in a secure mobile application
- Allows you to complete simple and secure transactions
Gemalto Dynamic Code Card
The Gemalto Dynamic Code Card is a classic EMV contactless payment card that displays a dynamic code that automatically changes over every 20 minutes without the cardholder’s intervention.
Instead of the static code currently used to secure online purchases, the dynamic code is displayed on a small ePaper screen on the back of the card.
- Up to 125K Dynamic Code Verifications in 4 years
- Updated security cryptogram every 20 minutes
Thales Gemalto Confirm Authentication Server
The Gemalto Confirm Authentication Server is a multi-channel, multi-token, and vendor-agnostic authentication solution that supports all forms of authentication technologies across all channels.
It allows easy integration into banks’ authorization hosts and is protected by hardware security modules.
- Easy integration
- Field-proven, comprehensive, scalable, and cost-effective
What customers are saying
Hugo Najera Alva, General Director of Digital Banking, BBVA Bancomer, Mexico