Quick answer
Card-not-present fraud hits high-risk merchants harder because stolen card data is cheaper to use where the physical card is not required. The best defense is a layered screening system — AVS, CVV, velocity rules, device fingerprinting, IP screening — not any single tool. Every layer you add removes a fraud vector.
Why CNP fraud targets high-risk merchants specifically
Fraudsters actively test stolen cards on merchants with high approval rates, digital delivery, or products with resale value. High-risk merchants — supplements, digital goods, gaming, electronics — are preferred targets because products are either instantly accessible or easy to resell. Some fraud rings specifically target merchants whose fraud controls they have already profiled.
The result: a merchant who does not screen aggressively can accumulate fraud chargebacks rapidly — and since fraud chargebacks count toward your Visa VAMP ratio and Mastercard BRAM calculations, a single fraud wave can put your account at risk within 30 days.
The CNP fraud signals to screen
AVS mismatch
Flag for review or decline — billing address not matching card records is a strong fraud signal.
CVV failure
Decline immediately — a CVV failure suggests the card number was stolen without the physical card.
Shipping address differs from billing address
Review or apply additional velocity checks, especially for high-ticket orders.
Order velocity — same card or email, multiple orders in short window
Apply velocity rules: max 2–3 orders per card per 24-hour window.
High-risk BIN country
Compare card-issuing country to shipping country and IP country — large mismatches are fraud signals.
Disposable or forwarding email address
Screen email domains — fraudsters often use temporary email services.
Proxy or VPN IP address
Flag or decline orders from known proxy and datacenter IP ranges.
Device fingerprint reuse across different identities
One device placing orders under many names/emails is a fraud ring signal.
How 3DS helps
3D Secure 2 (3DS2) shifts fraud liability to the card issuer when authentication succeeds. For high-risk merchants with significant fraud chargeback volume, implementing 3DS2 can eliminate most of your Visa 10.4 and Mastercard 4837 disputes. See the full breakdown in the 3DS liability shift guide.
Blocking fraud without blocking real customers
The goal is to decline fraud without adding friction to legitimate orders. The best approach: use risk scoring rather than hard blocks for borderline signals. A single AVS mismatch on a $15 order may not be worth declining — but an AVS mismatch combined with a VPN IP, a new email domain, and a high-velocity pattern on the same card is a clear decline.
Review your declined-to-fraud ratio monthly. If your fraud declines are under 0.5% of orders but your fraud chargebacks are still high, your rules are either too narrow or targeting the wrong signals. HighRiskIntel flags transaction-level fraud signals and surfaces patterns by campaign, BIN cluster, and IP range so you can tune your rules on real data rather than guessing.