Subscribe

Fraud | August 2024 How to guard your business from card-not-present fraud

This crime, called card-not-present (CNP) fraud, is a serious and rapidly growing threat to businesses and credit card companies

In today’s digital world, scammers can remotely take control of a debit or credit card without the card itself ever leaving the owner’s possession. This crime, called card-not-present (CNP) fraud, is a serious and rapidly growing threat to businesses and credit card companies. Between 2020 and 2022, instances of CNP fraud in the U.S. grew by 32%, with $8.75 billion in losses in 2022 alone.Disclosure 1

Key concepts

In this article, we explore:

  • What makes card-not-present fraud possible
  • How companies use digital tools to combat CNP fraud
  • Best practices to protect your company’s card details

Video: Understanding card-not-present fraud

Component ID : "accordionGridLayout-25668600"
Model : "disclaimer"
Position : "left"

[Fraud prevention 101: Card-not-present fraud] [Truist logo]

[Company cards are convenient—and increasingly easy to compromise. Stay vigilant with these best practices.]

Narrator:

Fraudsters no longer need to steal a physical debit or credit card to go on a spending spree at your business’s expense. Through sophisticated technology, criminals can now commit fraud by using a card’s information. This is called card-not-present fraud.

One of the best defenses against this fraud is a series of simple security checks:

  • Always keeping cards in a safe place.
  • Not sharing cards or card information among employees.
  • And actively reviewing transaction statements to identify and report suspicious card activity.

Don’t forget to double-check the URL of retail websites to make sure you’re shopping on the real site. Some copycat sites can look very similar.

Card information can also be compromised when someone uses an unsecured Wi-Fi network, such as the public connection at a coffee shop or hotel.

If public Wi-Fi is your only option, follow best practices by encrypting your session or using a virtual private network (VPN).

You may want to consider additional account protections, like restricting

purchases to those that match a predetermined merchant code or using dynamic card numbers.

And when cardholding employees leave the company, close any cards they had access to immediately.

[Protect your company assets.]

Truist [logo]

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation.

Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

[end transcript]

How does card-not-present fraud happen?

To commit CNP fraud, criminals use password compromise and social engineering tactics to steal credit card details—or simply purchase them from a third party—and then use those details to make illegal purchases. Because CNP fraud can be perpetrated online, through mobile payments, or with a phone call, it’s more difficult to detect than in-person credit card fraud.

[stat for graphic]

$10.16 billion: Projected U.S. losses to CNP fraud in 2024, accounting for 74% of total card payment fraud lossesDisclosure 1

Good news: Digital tools are evolving to combat CNP fraud.

Experts note that as fraudsters shift their focus from paper checks to digital purchases, so do the engineers designing AI and machine learning tools to thwart them.Disclosure 2

Case study: New artificial intelligence does real-time checks for fraud.

IBM recently launched a new type of mainframe with artificial intelligence built into the chip.Disclosure 3 Its goal is to strengthen CNP fraud prevention by enabling banks and credit card providers to run real-time checks on all their customers’ transactions.

Best practices and prevention

Although CNP fraud is on the rise, you can mitigate your company’s risk by layering different levels of protection. Here are several smart strategies to help you and your employees avoid this common scam.

Educate employees on the latest card theft methods.

Implement companywide trainings that help employees recognize digital and physical methods of card theft. Social engineering (such as phishing) and card skimming both dominate the scammer’s toolbox today—but that doesn’t mean there won’t be more tools tomorrow.

Train cardholders in financial data hygiene.
Require these safety protocols for any employee with a corporate card:

  1. Store credit and debit cards in a secure place.
  2. Don’t share sensitive data (like a card’s number or CVV) with unauthorized employees or allow them to use the card.
  3. Don’t save corporate passwords or card details in an internet browser.
  4. Avoid the use of public Wi-Fi networks when making card purchases.

Create baseline limits and layers of approval.

Empower your financial team by instituting strict procedures for corporate card purchases—such as baseline spending limits and multilayered approval processes.

Double-check card charges at regular intervals.

Regardless of the dollar amount, have a plan in place to track and double-check all card charges at regular intervals. For the best results, these intervals should be unpublicized and hard to predict.

Require two-factor authentication.

Two-factor authentication (2FA) adds another level of security to an employee’s login credentials. Often, it takes the form of a code sent from an authentication app to a device the employee owns and must log into independently.

Let algorithms lend a hand.

Machine-learning fraud detection algorithms can monitor the IP addresses, shopping behavior, and types of devices connected to your corporate account. This data helps establish regular patterns of activity. These patterns make it easier to spot future irregularities, cross-reference any card actions that break company protocol, and flag or halt suspicious transactions.

Talk to Truist.

Consult with a Truist relationship manager about our business credit cards with corporate, executive, employee, and purchasing card options. Each card has specific uses and fraud protections. For example, the Truist Purchasing Card lets employees buy goods and services within certain limits while also finding discount opportunities and limiting check usage.

FAQ on card-not-present fraud

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Card-not-present fraud happens when scammers steal credit or debit card details to make fraudulent purchases on the internet, with a mobile device, or over the phone.

No. CNP fraud is the theft of a narrow range of data—the details of your corporate card—so that a scammer can briefly pose as you to make unauthorized financial transactions. While it can involve fraudulent financial transactions, identity theft covers a much wider scope of stolen data that supports more crimes like medical and insurance fraud. 

CNP scammers will target anyone with access to a corporate card in your organization. However, card details can also be stolen through hacking, such as a password attack that breaches one of your supplier’s databases where your card details are kept on file. This is why layering multiple protections is so important to identifying and stopping fraudulent card transactions.

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Purple PaperSM

The power of partnership

Uncover the value of Truist Business Lifecycle Advisory.

Download the Purple Paper (PDF)
Client Success Stories

Supporting a future-focused advisory firm through accelerated growth

Helping a repair service entrepreneur flip the switch on business transition

Paving the way to growth for an infrastructure innovator

See all Client Stories

Related resources

    {0}

    {0}

    {2}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {6}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Contact us

    Helpful links

    Business Insights
    Truist Business Lifecycle Advisory
    Business Resource Center
    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option
    Component ID : "accordionGridLayout-1396148670"
    Model : "disclaimer"
    Position : "left"

    Disclosure 1Card-not-present fraud to make up 73% of card payment fraud,” EMarketer, January 23, 2023.

    Disclosure 2Why the Rise of CNP Fraud Isn’t Cause for Panic,” LinkedIn, October 31, 2023.

    Disclosure 3IBM Puts AI On A Chip To Improve Fraud Detection In Real-Time Payments,” Forbes, April 7, 2022.

    Disclosures

    Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

    Equal Housing Lender

    Investment and Insurance Products:

    • Are Not FDIC or any other Government Agency Insured
    • Are Not Bank Guaranteed
    • May Lose Value

    TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

    Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

    McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

    Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

    Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

    Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

    "Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

    Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

    • Multilingual teammates available at our Multicultural Banking Centers
    • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
    • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

    New York City residents:

    Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

    • Limited English Proficiency Support
    • New York City residents

    Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

    Site footer

    Footer Navigation

    Banking products
    About Truist
    Resources
    Support

    © 2024, Truist. All Rights Reserved.