What is card-not-present fraud?

Card-not-present fraud (CNP) is a category of fraud made via online transactions, telephone or mail.

In other words, it’s a fraudulent payment in situations where a card is not presented to a merchant for a visual check.

Typically, a CNP fraud happens after a payment card or information on the card has been stolen (name, card number and 3-digit static card security code at the back) or purchased on the Dark Web.


How big is card-not-present fraud?

Card-not-present statistics show that in many countries it's THE major source of card fraud by far - 75% in value of all card frauds on average.

Yes, you read that right. 

CNP fraud in the U.S. and Canada

In the U.S., 7.9 million consumers were the victim of CNP fraud in 2018.

This figure represents about 3.1% of the U.S. population over 18 years of age, according to a 2019 study

The amount of card-not-present fraud was estimated at $4.57 billion for 2016 by the U.S. federal reserve in a 2018 report.

In Canada, CNP fraud has been driven by solid growth in e-commerce transactions. CNP amounts to 76% of the total value of card fraud in 2015.

CNP fraud in Europe: 73%

According to the September 2018 report on fraud in the Single Euro Payments Area (SEPA), card-not-present (CNP) payments counted for a massive 73% of the total value of card fraud for 2016.

With €1.32 billion ($1.49 billion) in losses in 2016, CNP fraud was the largest segment of fraud in the eurozone and the only one to record an increase (+2.1%) compared with the previous year.

This area covers Austria, Belgium, Cyprus, Estonia, Finland, France, Germany, Greece, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Portugal, Slovakia, Slovenia, and Spain.

Card-not-present fraud in the U.K.: 76%

In the U.K. (not in the eurozone), CNP accounted for £506.4 million (or €563m or $636m), which is 76% of the total value of card fraud in 2018 and a +24% increase over 2017.

CNP fraud in Australia: 85%

In 2017, card-not-present fraud in Australia accounted for 84.8% of all fraud on cards. It is a +14% increase over 2016 for a total of 476.3 million AUD (or €295m or 330m USD)  in 2017. (source Australian payments network)

The bad news?


The true cost of CNP: $3.36 for $1 of fraud

In its "True cost of fraud" 2020 report, LexisNexis estimates that every $1 in CNP fraud costs $3.36 to merchants in the USA.

To top it off, EMV is not going to help.


CNP fraud and EMV

With the shift to EMV drastically reducing card-present fraud, CNP fraud is more likely to grow in the coming years according to a January 2019 report from a Juniper Research report

The company says that CNP fraud will have retailers lose about $130 billion in cumulative revenue between now and 2023. 


It's because EMV has slashed card-present fraud and eCommerce is so convenient.

The COVID-19 has just accelerated this trend. See "shifting to online purchases because of the pandemic" stats from Statista).

Juniper also forecasts that by 2023 companies supporting retail transactions are to spend about $10 billion yearly on fraud detection and prevention capabilities. 

Beyond that, CNP fraud affects consumers' behaviour, merchants and banks.

Stay with us, here comes the good news.


​​​Preserve the consumer's shopping experience​​​​​


card not present fraud


Thales Gemalto’s Dynamic Code Verification is a complete card-not-present security solution based on:

  • a payment display card, 
  • a mobile solution,
  • and a validation server. 

It replaces static cryptograms with dynamic codes, thus mitigating fraud linked to the use of static card numbers stolen online without any impact on the merchant’s infrastructure.

The Gemalto Dynamic Code Verification launched in October 2015, is the first complete and adaptable solution on the market. 

Banks can decide to deploy the solution on the mobile, on display cards, or with both components. 

The versatility offered by Gemalto Dynamic Code Verification allows banks to provide a relevant and secure eCommerce solution to their customers. ​

Product Sheet (PDF - 126kb)


How Gemalto DCV allows mitigating online fraud 


dynamic code on mobile


Gemalto Mobile DCV

The Gemalto mobile DCV ​solution allows your customers to store their cards and read the dynamic codes on their mobile phone. 

Customers can choose to secure their application with a PIN to add a strong authentication layer to the application.

dynamic code on mobile

- Stores your cards in a secure mobile application
- Allows you to complete simple and secure transactions

Dynamic Code Card


Gemalto Dynamic Code Card

The Gemalto Dynamic Code Card​ is a classic EMV contactless payment card that displays a dynamic code that automatically changes over every 20 minutes without the cardholder’s intervention. 

Instead of the static code currently used to secure online purchases, the dynamic code is displayed on a small ePaper screen on the back of the card.

Gemalto Dynamic Code Card

- Up to 125K Dynamic Code Verifications in 4 years
- Updated security cryptogram every 20 minutes


Read more about Thales Gemalto Dynamic Code Card​

card not present


Thales Gemalto Confirm Authentication Server

The Gemalto Confirm Authentication Server is a multi-channel, multi-token and vendor-agnostic authentication solution that supports all forms of authentication technologies, across all channels. 

It allows easy integration into banks’ authorization hosts and is protected by hardware security modules.

DCV Mobile

- Easy integration
​- Field-proven, comprehensive, scalable and cost-effective

Read more about the Gemalto Confirm Authentication Server

What customers are saying

"Gemalto helped us quickly implement groundbreaking dynamic CVV/CVC technology and the response thus far has been outstanding: in the first weeks of the project, we already have more than 100,000 active users."
Hugo Najera Alva, General Director of Digital Banking, BBVA Bancomer, Mexico