CNP fraud is projected to account for 73% of all payment fraud in 2023; a whopping 57% increase on 2019. But, what’s the reason for the increase, and what can businesses do about it?

In recent years, card not present (CNP) fraud has become one of the most common types of payment fraud, especially in the online gambling sector. In fact, overall losses are expected to reach $9.49 billion by the end of the year, marking an 8.5% increase on 2022.

The reason why CNP fraud is so common is because CNP transactions don’t require a physical card, just the details from it. Fraudsters can therefore steal and use the cardholder’s name, billing address, account number, CVV security code, and expiration date without needing to obtain the actual card. But online casinos are fighting back.

What is CNP fraud?

Put simply, CNP fraud occurs when a fraudster steals someone’s credit card information for transactions that do not involve a physical card, such as over the phone or on the internet. It usually constitutes a criminal using someone else’s credit card information and is also seen as a form of identity theft. Discover about the darkest form of identity theft, ghosting fraud, in our blog ‘Ghosting fraud: Are you doing business with the dead?’.

Understanding CNP fraud.

CNP fraud can be detrimental to businesses and users in numerous ways. The most obvious is that the victim of CNP fraud may be unable to reclaim their lost money. If a cardholder is unable to file a chargeback successfully, then the responsibility for the fraudulent transaction passes to the gambling platform. What can make this scenario even worse is that if a gambling platform receives excessive chargebacks within a specific timeframe, its payment service provider may impose penalties on the operator or even terminate their contract.

How does CNP fraud occur?

CNP fraud occurs when a criminal acquires payment information from a cardholder without their permission and uses it to buy products or services.

Nowadays, criminals can easily buy ‘fullz’ (packages of individuals’ identifying information) through the dark web or obtain via phishing attacks or data breaches.

Online casinos and CNP fraud.

Online casinos rely solely on digital payments, so are considered prime targets for CNP fraud. As cardholders are not present during CNP transactions, it makes it all the more convenient for criminals to use stolen card details.

Online casinos often deal with high transaction volumes, making identifying fraudulent transactions difficult. That alone gives rise to payment fraud in online gambling. A few signs that an online casino may be vulnerable to CNP fraud include a lack of proper security measures like SSL encryption and 2FA and a considerable number of chargebacks.

It is worth mentioning that not all casino platforms are equally vulnerable to CNP fraud since some have better payment fraud prevention measures in place than others.

What are CNP red flags to look out for?

Red flags for potential CNP fraud in online casinos include the following:

Frequent chargebacks: Many chargebacks can be considered a clear sign of CNP fraud since players may be using stolen cards and later reporting unauthorized transactions.
Large numbers of small transactions: Fraudsters may make several small transactions to test the validity of stolen card information.
Failed transactions: Repeated failed attempts to verify payment information usually indicates fraudulent activity.
Multiple accounts from a single IP address: Multiple accounts originating from the same IP address usually implies fraudulent activities, e.g., one individual using multiple stolen cards.
Rapid deposits and withdrawals: Fraudsters often try to deposit funds, play a few rounds, and quickly withdraw their funds before their activity is detected.

How does CNP fraud impact online casinos?

CNP fraud can have a significant impact on online casinos in numerous ways:

Financial losses.

CNP fraud can result in significant financial losses for casino platforms. Chargebacks are a common phenomenon in this type of fraud. If a platform receives significant chargebacks within a specific period, its payment provider may impose penalties or even end its contract.

Reputational damage.

CNP fraud, once discovered, can severely damage the reputation of online casinos. Negative reviews and publicity discourage new users from joining, resulting in a decrease in revenue.

Legal and regulatory consequences.

CNP fraud can lead to severe legal and regulatory consequences for online casinos. Operators may face hefty fines or even criminal charges if they are found to be negligent in preventing CNP fraud. The costs related to legal proceedings can be considerable, which further adds to the financial impact of CNP fraud.

Can online casinos recover from the damage caused by CNP fraud?

While online casinos can recover from the reputational and financial damage caused by CNP fraud, it requires time and effort. For financial recovery, casino platforms need to implement strict CNP fraud prevention measures, such as anti-fraud software and multi-factor authentication. Operators can also work with payment service providers to reduce charges and potentially recover lost funds.

In terms of dealing with reputational damage, casino operators can be transparent with their users regarding the steps they need to take to prevent fraud and offer compensation to those affected.

Preventing CNP fraud in online casinos.

Operators can implement various CNP fraud prevention strategies:

Robust identity verification.

Implementing robust identity verification processes like Know Your Customer (KYC), is effective in fraud prevention and can combat crimes like money laundering. KYC processes typically include document verification, which involves submitting government-issued identification documents that the online casino verifies. Biometric authentication, such as fingerprint scanning and facial recognition, is also effective in verifying the identity of users. Read more about the importance of KYC in online casinos in our blog.

Multi-factor authentication.

Multi-factor authentication (MFA) requires users to provide multiple forms of authentication, such as a one-time password sent to their mobile phone, before accessing their account. MFA enhances security by requiring users to provide multiple forms of authentication. There are three main categories. Something you know, such as a password; Something you have, like a phone with an authentication app or one time passcode; and Something you are, such as a biometric feature like a fingerprint, face, voice, or other biometric piece of information. With MFA, users must present more than one of these factors, before gaining access to their account. This adds an extra layer of security to the conventional login process.

AI and machine learning solutions.

Emerging technologies like AI and ML can help operators combat CNP fraud. For example, AI-powered identity verification services can validate player identities by comparing submitted information with external databases, identity documents, and biometric data. This helps ensure players are who they claim to be.

Regular security updates.

Online casinos should regularly update their security measures for protection against CNP fraud. How often they should update their online casino security measures depends on factors including the size of the casino, the existing security measures, and the risk associated with fraud. However, operators must review their security protocols at least once a year. It is also important to note that operators must comply with anti-fraud laws like KYC and AML.

How can players protect themselves against CNP fraud in online casinos?

Players can protect themselves and prevent CNP fraud by the following:

Only signing up with licensed casinos
Verifying their identity through the online casino’s KYC process
Keeping their login information secure
Following the casino’s fraud prevention policies and procedures
Using security features such as multiple-factor authentication
Frequently checking their accounts for suspicious activity or transactions
Informing the online casino of any suspicious transactions or activity on their account

How online casinos can prevent CNP fraud while ensuring seamless gaming experiences.

As CNP fraud remains a serious threat to online casinos, operators must implement robust safety measures to prevent it. Online casinos can achieve this through the use of MFA processes, state-of-the-art fraud detection technologies such as anti-spoofing facial recognition, and secure payment gateways.

That said, it is equally crucial to maintain a healthy balance between security and a seamless gaming experience for users.

Preventing CNP fraud should be a top priority for operators to maintain their integrity and protect their bottom line.

Card not present? Well, identity verification should be.

Our highly configurable platform for identity proofing in the gaming market allows operators to keep abreast of constantly changing regulations, and new fraud schemes and scams, while ensuring a safe, secure and seamless gaming experience. With our latest round of platform enhancements, we now offer UK-specific data checks, and financial risk checks, which provide operators with insights into a player’s affordability indicators to comply with the latest updates to the UK Gambling Act.

If you would like more information on obtaining a UK gambling license, read our ‘Everything you need to know to get a UK gambling license.’ blog.

Card not present? How online casinos can turn the tables on CNP fraud. 1

Ellie Burns
Team Lead of Product Marketing at IDnow
Connect with Ellie on LinkedIn

Card not present? How online casinos can turn the tables on CNP fraud.