What Is Card-Not-Present Fraud?

Updated July 9, 2026 6 min read

Chip technology made it dramatically harder to counterfeit a physical card at a store register, but it did nothing to stop someone from typing stolen numbers into an online checkout form from thousands of miles away.

The short answer

Card-not-present fraud is unauthorized use of card details for a purchase where the physical card is never shown to a merchant, typically online, by phone, or through mail order. Because the transaction relies only on the card number, expiration date, and security code rather than the physical card or a chip, it sidesteps the protections built into in-person purchases. It has become the more common form of card fraud precisely because in-person counterfeiting got harder.

Why chips didn’t solve this

Chip cards make it much harder to clone a physical card that can be swiped or inserted at a terminal, since the chip generates a unique code for each in-person transaction that can’t simply be copied. That protection, however, only applies when the card is physically present. An online or phone transaction never touches a chip reader at all — it just needs the numbers printed on the card, which can be captured through a data breach, a phishing page, or a skimming device at an unrelated location entirely. As in-person fraud became harder, card-not-present fraud grew as the easier path.

How merchants and banks try to catch it

Because there’s no physical card or chip to verify, online and phone merchants lean on other signals instead:

None of these tools is foolproof on its own, which is why card-not-present fraud is generally caught through a mix of automated screening and after-the-fact dispute processes rather than being prevented outright.

What happens after a fraudulent charge

When a card-not-present transaction turns out to be unauthorized, the cardholder can typically dispute it with the issuer, who investigates and often reverses the charge through a chargeback process. The merchant, rather than the cardholder, usually absorbs more of the financial risk in these cases, which is part of why online sellers invest heavily in fraud-screening tools. For the cardholder, the more meaningful cost is often the disruption — a new card number, updated autopay details, and time spent reviewing statements.

Reducing exposure without giving up online shopping

Card-not-present fraud can’t be eliminated by the cardholder alone, since the vulnerability lives in how online transactions are structured. Reviewing statements regularly for unfamiliar charges, using virtual card numbers where a merchant offers them, and being cautious about which sites store card details on file are all ways to narrow the opportunity without avoiding online purchases altogether.

The bottom line

The shift from counterfeit cards to card-not-present fraud reflects a simple trade-off: as one door closed, another stayed open. Recognizing that a card number alone is enough to enable a fraudulent purchase helps explain why prompt statement reviews and quick reporting matter as much as the card’s physical security features.