What Is Card-Not-Present (CNP) Fraud + How to Avoid It 2026

Card-Not-Present (CNP) fraud happens when someone uses stolen credit card information to make purchases. This kind of fraud can occur whenever a physical card is not required to make a transaction, such as online purchases or over-the-phone transactions.

Credit card companies will always side with the real cardholder, leaving you, as the merchant, with a potentially significant loss of revenue. With CNP fraud becoming more and more common, it’s important to protect your business from these fraudulent transactions. 

Fortunately, there are some very effective ways to avoid losing money to CNP fraud. In this article, I’ll explain everything you need to know.

{{text-box}}

What Is Card-Not-Present Fraud?

Cybercrime is on the rise these days, and hackers and criminals have far too many ways of obtaining other people’s credit card information – whether by hacking into ecommerce systems, phishing unsuspecting individuals, or taking advantage of data leaks.

CNP fraud is an important issue to address as a merchant, because you have full financial liability. When someone makes a purchase on your website using stolen credit card details, you are the one who has to take the loss, unlike in card-present fraud in which issuing banks cover the cost. 

Pay.com can help you mitigate the risk of CNP fraud. With 3D Secure authentication, you can rest assured that the person entering their credit card details is the real cardholder, and not someone pretending to be them.

How Is Card-Not-Present Fraud Committed?

To commit CNP fraud, a cybercriminal needs to obtain the following information:

• Card number
• Cardholder name
• Billing address
• 3-digit CVV/CVC security code
• Card expiration date

Here are some common methods these criminals use to get this data.

Phishing

Phishing is when cybercriminals pose as a reputable company to gain credit card information or other personal details. 

To appear legitimate, they might send out an email that looks like it’s from Venmo or PayPal, including the company logo and branding, asking the victim to click a link to re-enter their credit card details. This may come with an element of urgency, telling the victim their account will be removed from the site if they don’t comply right away.

When a victim falls for this and enters their card details, the scammers have everything they need to commit CNP fraud. 

Employee Leaks

Employees with access to customer data can steal or leak credit card information, which can lead to CNP fraud.

Hacking and Data Leaks

Hackers can find credit card information by hacking into networks. In some cases, they’ll sell it on for a profit. Another way hackers can get their hands on credit card data is by taking advantage of known system vulnerabilities and data leaks.

How Can You Protect Your Business from Card-Not-Present Fraud?

The best way to protect your business from CNP fraud is to work with a secure payment service provider like Pay.com, which uses the highest level of credit card authentication. This way, you can be sure the only transactions that go through are from genuine cardholders.

3D Secure Authentication 

The 3D Secure protocol adds on an extra layer of authentication. You’ve probably seen it in action before: when a customer uses their credit card to make an online purchase, they’re asked to enter a code sent to them via text message.

This way, the customer confirms that they are the real cardholder.

PCI DSS 

The data security standards for the card payment industry have four levels of security, with Level 1 being the highest. 

Pay.com has Level 1 PCI DSS compliance, which helps you maintain the highest security standards.

Verification Checks

You can use an address verification service (AVS) to make sure the billing address entered matches what the credit card issuer has on file. 

The Bottom Line: Avoiding Card-Not-Present Fraud 

The best way to protect your business from CNP fraud is to use a secure payment service provider like Pay.com. With the highest level of PCI DSS compliance and 3D Secure card authentication, you can rest assured that only real transactions will go through.

Pay.com comes with many other great benefits. In addition to credit cards, you can accept a variety of other payment methods, including ACH transfers and digital wallets like PayPal, Google Pay, Apple Pay, and more. You can easily integrate your new payment system into your site, either with our simple no-code solutions or our developer-friendly APIs.

Click here to get started now.