CNP fraud involves internet, phone and mail-order transactions or activity. The actual fraud occurs after criminals steal card information by hacking, skimming or phishing. Predictably, this category of credit card fraud has begun to outpace card-present fraud in recent years as e-commerce transaction volume has proliferated.
According to a 2018 study by the Federal Reserve, the amount of card-present fraud in the U.S. declined from $3.68 billion in 2015 to $2.91 billion in 2016, while the amount of card-not-present fraud jumped from $3.4 billion to $4.57 billion during the same period. Also, a study by Javelin Strategy & Research the same year revealed that CNP fraud is now 81 percent more likely to occur than card-present fraud.
Hacking appears to offer criminals the greatest potential to steal massive volumes of credit card information at one time. Having achieved this, the criminals can make the data, such as card numbers, available on the so-called dark web. Due to their widespread adverse impacts on both cardholders and retailers, the largest credit card data breaches in history have received a great deal of publicity in recent years.
A major objective of credit card data theft is identity theft, a crime that exponentially increases the impact of credit card fraud on victims. It’s possible for a perpetrator of identity theft to literally steal most of what a victim owns or earns. Besides possibly ruining consumers financially, identity theft has the potential to greatly increase retailers’ liability.
Retailers that offer online transactions cannot even expect the issuing bank to cover the charge-back fraud, also known as friendly fraud. If they install chip readers to read chip-enabled cards issued by the bank and get signatures for transactions and fraudulent charges still occur, the bank must cover charge-backs. The same security measures are not in place for CNP transactions, so the retailer, not the bank, must refund the amount of the fraudulent transaction.