Ecommerce Security / Payments

Digital Commerce and the Threat of Card-not-present Fraud

Discover Global Network / 5 min read

Digital commerce continues to be top of mind for online retailers.

  • Consumers shop more and more across a variety of devices and channels.
  • Retailers continually optimize their sales channels to deliver more seamless consumer experiences.

But within this focus on digital commerce is also increasing pressure from fraudulent activities.

According to a recent survey of North American digital enablers (e.g., ecommerce platform providers) commissioned by Discover® Global Network, mid-sized merchants with annual revenues of $250 million to $1 billion are seen as the most high-risk targets for fraud over the next 12-24 months.1

This risk for mid-sized merchants could be caused by two factors:

  1. First, fraudsters likely see mid-sized merchants as having enough revenue and customer volume to make attacks worthwhile.
  2. Second, mid-sized merchants often lack the necessary complex risk management systems used by larger digital commerce companies that would help thwart fraud.1

There’s not much you can do about factor #1, and that makes the second factor here incredibly important.

As digital commerce continues to grow, so do new methods to commit fraud.

Let’s look at a few of those –– and what you can proactively do about it.

New Payment Methods, New Fraudulent Activity

The method in which consumers shop is continually evolving.

Take digital commerce, for example. In 2016, shoppers spent more than $1.9 trillion worldwide.2

Some estimates project that global ecommerce sales will reach $4 trillion by the year 2020.2

Mobile payments are also making an increasing impact. This shift to mobile is pushed along with the ever-expanding list of payments-enabled devices.

Consumers can now pay with:

  • Their phone and apps
  • Smartwatches
  • Voice-activated assistants
  • Connected cars

The list goes on.

In fact, in the U.S., 28% of millennials prefer shopping on their smartphones (a mobile device) rather than on their computers.3

Not only is mobile building amongst consumers, but retailers see the importance of incorporating a digital payments and mobile strategy throughout their business to potentially capture a greater share of wallets.

This shift towards m-commerce is predicted to reach $284 billion, or 45% of the total U.S. ecommerce market, by 2020.4

And the use of mobile payments is expected to grow at an 80% compound annual growth rate through 2020 — reaching $503 billion.5

Along with this evolution into digital commerce come new payment technologies that aim to meet the needs and expectations for a more seamless, secure and immediate payments experience.

Currently, examples of prominent payment technologies include:

  • Digital wallets – apps that store credit card information on a mobile device—be it phone, smart watch or other payments-enabled devices. Common examples are Android Pay, Apple Pay and Samsung Pay; but individual companies have also begun developing their own branded digital wallet.
  • Hybrid online-mobile systems – the use of a personal computer and mobile device, which enables consumers to do things like authenticate an online purchase through their mobile device.
  • EMV technology – a chip embedded within credit and debit cards that is generally harder to clone than the traditional magnetic strip of a card. EMV chips create data unique to each transaction, which make card validation possible for each transaction.
  • Contactless payments – technology that allows consumers to hold their payment method of choice (e.g., mobile device) near the merchant point-of-sale terminal to complete a transaction, as opposed to inserting or swiping a card.

However, the rewards of new payment technologies, like faster transactions through digital wallets, and the shift towards new preferred methods of paying also come with new challenges.

Common challenges include consumer adoption.

Retailers generally want their consumers to adopt new technology before considering investing expenses and efforts to support it.

However, until retailers support a technology, it is difficult to demonstrate an interest.

Another challenge: retailers and issuers need to communicate with employees and consumers about how to complete transactions on new technologies and systems.

A notable risk of these challenges: card-not-present fraud.

Let’s start from the beginning here.

What is CNP Fraud?

Card-not-present (CNP) transactions are when the consumer does not or cannot present their physical card to the merchant at the point-of-sale.

An ecommerce site is a common example in which this is the case.

Therefore, CNP fraud is when a consumer’s credit card is used to make a fraudulent transaction in a CNP setting.

The State of CNP Fraud

CNP fraud is likely to become more prevalent as emerging payments technologies gain wider acceptance and as consumer preference for digital methods continues to grow.

And digital enablers would agree.

In the same survey of North American digital enablers commissioned by Discover Global Network, 62% of digital enabler respondents cited an increase in fraud year over year. This fraud occurred among their merchant customers, with one in five noting the increase as significant.1

These results are not surprising, as similar trends continue to be reported.

In 2016, one research and advisory firm predicted CNP fraud will exceed $7.2 billion in the U.S. by 2020, which, according to the report, is a 225% increase from 2015 levels.6

With so much value lost to fraudulent activities, where are these attempts coming from?

Some common examples include:

  • Hacking and data breaches – When a data breach occurs, user credentials and payment information can be attained. This information can end up on the dark web and, subsequently, bought by fraudsters.
  • Bots – Fraudsters use bots as a way to more easily and efficiently test stolen data across digital commerce sites.
  • Phishing attacks – Phishing is a common fraud method in which fake communications are sent by a seemingly legitimate “company” in an effort to get consumers to enter in sensitive information.

Other examples include malware, new account fraud, digital wallet fraud, account takeover and many more.

Regardless of the method, though, one thing is certain: Fraud will likely continue to grow.

CNP Fraud Likely to Grow

CNP fraud is commonly associated with the implementation of EMV technology as merchants across the U.S. upgrade their point-of-sale terminals.

And though EMV technology will and has likely given rise to an increase in CNP fraud, other factors may be contributing to CNP fraud growth too.

One such potential factor is the continued growth of digital commerce, because as purchase volumes in digital channels continue to grow in value, so does the potential reward for fraudsters.

And digital commerce is growing.

According to the U.S. Department of Commerce Census Bureau, U.S. retail ecommerce sales have increased by 15.5% from Q3 2016 to Q3 2017.4

This upward trend has been present since at least 2008, when the Census Bureau reported that ecommerce sales accounted for about 3.5% of total sales, compared to now, where ecommerce accounts for about 8.4% of total sales.7

Authentication Strategies for Managing CNP Fraud

To better manage CNP risk in the new payment frontier, among other methods, merchants could consider embracing a holistic solution that includes:

  1. Layered security
  2. Collaborative security
  3. Consumer-centric security

1. Layered Security.

Layered security is when the payments network, the issuer and the merchant all perform separate aspects of risk analysis and notify one another of potential events.

Since each respective player has different levels of information throughout the full transaction process, this method has inherent potential to be more effective than just one party performing a risk analysis by itself.

Large online retailers have incorporated a variety of authentication services as part of their layered security.

Some real-time services and tactics include:

  • Device IDs
  • Fingerprint identification
  • Sophisticated rules engines
  • The 3-Domain Secure protocol

During pre-transaction activity, retailers have used predictive analytics that can help determine whether the consumer is an actual consumer versus a bot or fraudster.

Knowing the nature of the transaction helps the retailer permit only transactions that seem legitimate.

Layered security, broadly, can be implemented to help detect fraud throughout the entire payments chain—that is, before, during and after transaction authorization.

2. Collaborative Security

Collaboration across the entire payments ecosystem is critical.

Retailers who partner with networks, issuers and even other retailers to extend the benefits of security best practices and insights could potentially have more effective anti-fraud security measures than those who do not engage in a collaborative approach.

And this is important to having a strong layered security.

3. Consumer-Centric Security.

Of course, the key to any strategy is keeping the consumer at the center of it all.

If a security strategy disrupts the consumer experience by being slow or complex, consumers could be frustrated and go elsewhere.

But fortunately, anti-fraud tools continue to evolve into being more transparent and more frictionless for consumers.

Take mobile devices, for instance, and the implementation of biometrics to authorize payments.

Regardless of the security strategy, retailers should take a pragmatic approach by weighing risks versus sales in context.

From there, retailers need to determine if the hard losses avoided through fraud prevention will balance out the unrealized margin due to potential incomplete purchases.

What Next?

As it stands, retailers must understand the current payments environment, implement current and evolving best practices to help reduce risk, increase consumer satisfaction and plan for the future direction of transactions.

It is not necessarily an easy task, and it can be a continual process in this shifting payments landscape.

An effective approach is to work with partners who are already experienced with the latest payment technologies, including fraud service providers, issuers and leading payments networks.

Want more insights like this?

We’re on a mission to provide businesses like yours marketing and sales tips, tricks and industry leading knowledge to build the next house-hold name brand. Don’t miss a post. Sign up for our weekly newsletter.


  • 1 “Combatting Fraud in the New Digital Commerce Ecosystem,” 451 Research, September 2017.
  • 2 Worldwide Retail Commerce Sales Will Reach $1.915 Trillion This Year,” eMarketer, August 2016.
  • 3 “The 2016 Smartphone User Behavior Report Millennials’ Mobile Shopping Habits,” Coupify, 2016.
  • 4 “The Mobile Checkout Report,” Business Insider, February 2016.
  • 5 “The Mobile Payments Report,” Business Insider, June 2016.
  • 6 “Card-Not-Present Fraud Losses to Exceed $7 Billion by 2020,” Aite Group, May 2016.
  • 7 “Quarterly Retail E-commerce Sales 3rd Quarter 2017,” U.S. Department of Commerce, November 2017.

The information provided herein is sponsored by Discover Global Network. It is intended for informational purposes, and is not intended as a substitute for professional advice.


Discover Global Network

Discover Global Network

Sponsored by Discover

View all posts by Discover Global Network
Leave a Comment

2 comments on “Digital Commerce and the Threat of Card-not-present Fraud

  1. Dhwani Bhavsar on

    Good Article, where did you come up with the knowledge in this piece of content? I’m glad I found it though, ill be checking back soon to see what other articles you have.
    Give me Feedback On my page

  2. Trevor Noah on

    Hey this really is wonderful article. I’ve been searching on this thing and my observations are that according to the results of the 2015 Global Fraud Survey, e-commerce sales fraud is becoming “cleaner.” While fraud tracking is not gap-free, chargeback and confirmed fraud rates tend to be the most important key performance indicators.

Leave a Reply

Your email address will not be published. Required fields are marked *

Less Development. More Marketing.

Let us future-proof your backend. You focus on building your brand.