Common Warning Signs of CNP Fraud and How Merchants can use it to Their Advantage


Global eCommerce sales are expected to almost double from $2.3 trillion in 2017 to $4.5 trillion by 2021.

Total worldwide ecommerce sales

(Source: Shopify)

To put that figure into perspective, that’s close to the total GDP for one of the biggest economies in the world, Japan, which is around $4.9 trillion.

And this growth in online sales is not just confined to one corner of the earth, it’s a truly global phenomenon.

If we look at 10 of the largest eCommerce markets in the world (according to, we can actually see how it is spread out.

  1. China: $672 billion
  2. United States: $340 billion
  3. United Kingdom: $99 billion
  4. Japan: $79 billion
  5. Germany: $73 billion
  6. France: $43 billion
  7. South Korea: $37 billion
  8. Canada: $30 billion
  9. Russia: $20 billion
  10. Brazil: $19 billion

The opportunity for online merchants to take advantage of this growth is therefore massive.

However, it won’t all be plain sailing.

Card-not-present fraud is also on the rise.

The average merchant experiences 133 fraudulent transactions per month, at an average cost of $144. If we do the math, that’s close to $20,000, EVERY month.

For big online retailers, this is a major concern. For smaller players, this is a potential deathblow.

The problem is that with CNP transactions, the merchant can never be a 100% sure that the person making the payment is the authorised user of the card.

So, if you’re a merchant and you want to protect your customers and yourself against CNP fraud, what are some of the warning signs to watch out for?

Common indicators of CNP fraud

This list is not exhaustive and should not be used in isolation to out rightly reject a transaction but rather used as an indication of suspicious behaviour that warrants further authorisation.

1- First-time buyer

New customers without any buying history are always a risk factor. Fraudsters are unlikely to go back to the same store with the same stolen card details. Therefore, first-time shoppers especially, should be treated with extra suspicion and further verification might be required.

2- Large purchases

In most cases, a stolen card will be reported fairly quickly. Hence, criminals will look to take as much advantage as they can out of it in this short space of time. A common way of doing this is to place a single, large order before the card is cancelled.

3- Priority shipping

We would normally expect our online deliveries to arrive in 2-3 days and plan ahead for that. People are inclined to buy early and save on shipping.

Criminals, on the other hand, won’t care about extra shipping costs as it’s not their hard-earned money that they are spending.

In fact, they will most likely go for the shortest delivery time to get rid of the goods as quick as possible.

International shipping outside the merchant’s country could also warrant further investigation.

4- Various transactions in a short space of time

Fraudsters won’t know the spending limit a person has on their card or account. As such, they will try to run it to its max by placing multiple orders, probably spending a bit more each time.

Therefore, if you come across a customer account with several purchases in a short space of time, it should raise a major red flag.

Additionally, if these orders are shipped off to different shipping addresses, it could indicate the fraud is part of a larger organised scheme.

5- Look out for inconsistencies

This could be differences in the shipping and billing address, strange email addresses, mismatches between telephone area codes and physical postal codes, etc.

We are also creatures of habit, and our online shopping behaviour tends to reflect this.  Any significant deviation in order amount could indicate fraudulent activity.

6- More than two cards

Any online merchant can expect one or two sets of card details registered with a single billing address. However, more than two at any one point (excluding expired card details), could be a warning sign.

Similarly, if you identify multiple cards used from the same IP address, it could point to suspicious behaviour by a larger criminal scheme.

7- Multiple logins

This could indicate foul play before we even get to the payment stage.

We’ve all forgotten our login details at some point or another. The logical step would be to click the ‘Forgotten password’ link after the first attempt. A fraudster is unlikely to follow this link.

Multiple unsuccessful attempts to get into account are therefore a very big risk factor.

3D Secure mitigates the danger through risk-based authentication

To effectively deal with fraudulent activities, over the years, payment processing companies have taken extra precautions such as matching the billing address on file, verifying the CCV security codes, and prohibiting merchants from storing customer codes.

Although proven effective to some extent, these measures should not be used in isolation. If a criminal is in possession of a stolen card they are likely to have the CCV code as well and could quite easily find the billing address.

A more robust security layer has become absolutely essential in today’s online economy. Not just to protect customers, but the merchants themselves as well.

3D Secure provides that additional layer of security by prompting customers for extra information at the checkout stage to reduce the occurrence of CNP fraud.

The second iteration of the protocol (3D Secure 2) takes it a step further by facilitating risk-based authentication.

How does it work?

When a customer finishes the checkout stage, the transaction will be screened for specific risk factors (like the ones mentioned above) to determine the probability of fraud. This will happen at the backend and in most instances, the risk level is deemed to be low (believed to be deep in the 90th percentile).

When the risk is deemed to be high, the customer will, however, be redirected to a verification screen for the extra layer of cardholder identification (such as an additional password or biometric information).

When the risk is deemed to be low, shoppers will be directed directly to the approval screen without having to provide additional authorisation.

Even if the transaction is deemed to be low risk, and doesn’t go through the extra authentication step, it still qualifies for all the benefits that the protocol has to offer. Shoppers get a frictionless checkout experience, while merchants are still protected from fraudulent chargebacks.

The 3D Secure 2 protocol can be implemented across various platforms, including mobile apps and browsers, to provide that essential layer of added security for all parties involved, while still facilitating a frictionless checkout experience for customers.