COVID-19 has disrupted everyone’s lives. For many businesses, the pandemic led to a rapid rise in online payments, along with changes to government policies and depleted workforces. These macro factors have created a more fertile ground for fraudsters, resulting in an alarming surge in card-not-present (CNP) fraud. What can businesses do to protect themselves and their customers? In this article, we will help you work out the best credit card fraud prevention strategy for your situation.

How to prevent credit card fraud as a merchant

There are several ways to fight card-not-present (CNP) fraud. These can be divided into four distinct categories — some are multilayered, giving businesses nine effective tools to combat cyber breaches.

Let’s explore the strategies.

Device specific

A process called digital fingerprinting is used to identify specific devices. It analyses the characteristics of a remote device, such as time zone, installed plug-ins and software, and other identifying features to determine and verify authenticity. Digital fingerprinting helps combat CNP fraud because it flags suspicious activities – multi-accounting attempts, for example, leading to the detection of malicious devices.

IP based

All devices connected to the internet have a public IP address. An anonymous IP address – or proxy – is one of the primary enablers of fraudulent activity. An excellent way to detect fraudsters early on is through the use of a proxy database. The database assists in card fraud monitoring by checking IP addresses. When it finds an anonymous proxy, all transactions associated with that IP address can be blocked.

Similarly, geolocation can be used to compare the IP location to a registered billing address, enabling merchants to identify any connections that pose a risk. Merchants can also block specific IP addresses in suspicious or high-risk locations. If your business only sells locally, you can opt to block international transactions.


Effective credit card fraud detection means valid transactions are approved and highly dubious ones are declined. To achieve this, authentication should include the following three layers:

Address Verification Service (AVS):

This verifies the address and other card details provided by a cardholder by comparing them to the information on file with the cardholder’s issuing bank. Once verified, the issuing bank sends an AVS code to the merchant’s payment gateway. The merchant can use the AVS code to decide how to proceed with the transaction.

3D Secure 2.0:

This security protocol provides an extra layer of authentication during the checkout process by verifying the identity of a cardholder before authorisation. 3DS 2.0 has a number of benefits, including:

  • Smoother customer experience – often called ‘frictionless flow’;

  • Richer exchange of data between card issuers, cardholders, and merchants, resulting in better fraud detection and lower rates of false declines;

  • Multiple device support – enables authentication on any device, including tablets, smartphones, and IoT technologies;

  • Liability shift – shifts liability from merchants to card issuers for fraudulent transactions.

2 Factor Authentication (2FA):

This occurs when a user enters a username and password into a portal and then receives a dynamic passcode via SMS to authenticate themselves.

Read more: The most common types of eCommerce fraud

Tokens & Biometrics


This helps prevent CNP fraud by replacing a card number with randomly generated numbers known as a ‘token’. Tokens are temporary and one of a kind. They’re of little interest to fraudsters, unlike card and account numbers.

Biometric authentication:

This utilises keystroke analysis, fingerprinting, iris (eyes), voice, and facial recognition to identify and verify customers. A major benefit of biometrics is that it creates less friction than tapping in passcodes delivered by SMS.

Artificial Intelligence-enabled behavioural biometrics:

This includes the identification and measurement of keystroke dynamics, device usage, and error pattern. Behavioural biometrics can be used as an extra layer of security in combination with other data. The advantage is that it continuously authenticates the customer during the transaction – it’s not a one-off event at the start of an action. It helps minimise situations where a fraudster steals a user’s credentials to log-in to an account. Any ongoing activities that deviate from normal usage patterns will be picked up by behavioural biometrics.

Your all-in-one card anti-fraud strategy

Eway is a leading online payment solution featuring award-winning fraud prevention. Every Eway account includes Fraud Lite, a good, basic fraud protection toolkit that lets you start transacting safely and securely online. If you need stronger anti-fraud tools, Eway can provide Fraud Essentials or Fraud Ultimate.

Read more: What level of fraud protection does my business need?

Contact us today to find out more about Eway payments and how we tailor all of our services to suit your specific needs.

Useful Resources

Useful Resources

All the resources you need in one place

Knowledge Base

Knowledge Base

Read our detailed implementation articles.

Contact us

Contact us

Our sales and support teams are here for you.