--- title: Card not present fraud: Gil Rosenthal answers issuer and fintech questions source_page: https://www.sardine.ai/media/fraudology/episodes/card-not-present-fraud canonical: https://www.sardine.ai/media/fraudology/episodes/card-not-present-fraud format: text/markdown date: 2023-10-31T00:00:00Z description: Card not present fraud exposes card testing, issuer blind spots, and the payment risks teams need to recognize much earlier now --- **Quick links:** [Human page](https://www.sardine.ai/media/fraudology/episodes/card-not-present-fraud) · [Home](https://www.sardine.ai) · [Customers](https://www.sardine.ai/customers) · [Blog](https://www.sardine.ai/blog) · [Demo](https://www.sardine.ai/demo) --- # Card not present fraud: Gil Rosenthal answers issuer and fintech questions **Published:** 2023-10-31T00:00:00Z Card not present fraud exposes card testing, issuer blind spots, and the payment risks teams need to recognize much earlier now Guest: Gil Rosenthal Today I’m digging into card not present fraud from a perspective I know a lot of issuers, banks, and fintech teams can relate to. Sometimes you are seeing fraud on your side of the data, but you still do not have enough context to fully understand what is actually happening on the merchant or processor side. And that gap can make it a whole lot harder to respond well. That is exactly why I wanted to bring Gil Rosenthal back on the podcast. Gil has deep experience in credit and risk management for fintechs, banks, and issuers, and in this episode, we answer two listener questions that get right to the heart of what so many teams are dealing with right now. One is about understanding payment fraud signals, especially around ecommerce fraud, card testing, token activity, credential-on-file behavior, and suspicious merchant patterns. The other is about career growth and how someone in financial services can move into fraud and payments risk roles on the merchant or processor side. I love conversations like this because they stay practical. We are not talking in vague terms about fraud getting worse. We are talking about what teams are actually looking at, what they do not always understand yet, and how to get better at interpreting patterns before losses pile up. And that matters. Because card not present fraud is one of those areas where a little more context can change a lot. The difference between a normal recurring charge and a carding attack. The difference between a legitimate terminal and a manipulated one. The difference between seeing noise and seeing a real fraud pattern. That is the kind of gap this episode helps close. Here is what that means in practice: Card not present fraud is harder to fight when issuers only see one side of the payment flow Payment fraud detection improves when teams understand merchant, acquirer, and terminal behavior more clearly Card testing and account testing often hide inside patterns that look confusing before they look obviously fraudulent Fraud career growth usually accelerates when people learn the language, incentives, and workflows of adjacent parts of the ecosystem What you’ll hear in this episode: Why card not present fraud can be so difficult for issuers and fintechs to interpret without merchant-side context How Gil thinks about card testing, account testing, merchant IDs, acquirer IDs, and suspicious terminal activity What fraud detection teams should pay attention to when transactions spike or patterns start to look abnormal Why ecommerce fraud prevention depends on understanding how different parts of the payment ecosystem work together What advice Gil shares for people who want to move from financial services into fraud and payments risk roles at retailers or processors You should listen to this episode if you: Work in issuing, banking, fintech, or fraud operations and need a better framework for card not present fraud Are trying to improve credit card fraud detection or payment fraud detection in ecommerce environments Want to understand card testing, account testing, and carding attack patterns more clearly Are responsible for chargeback fraud, account takeover fraud, or online payment fraud strategy Want practical advice on moving into ecommerce fraud prevention or payment risk roles from the financial services side If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out. Episode notes & key takeaways Why card not present fraud creates so many issuer blind spots Let’s break this down. One of the hardest things about card not present fraud is that a lot of teams are trying to make decisions with incomplete visibility. Issuers may see the authorization requests, the merchant identifiers, the transaction timing, and the loss outcomes. But they often do not see the full merchant environment, the checkout flow, the customer session, or what the acquirer and processor are seeing on their end. That is a problem. Because without that broader context, patterns can be easy to misread. A burst of transactions could be recurring billing. Or it could be account testing. Multiple acquirer IDs tied to the same merchant could be routine. Or it could be something far more unusual. The point is not that every anomaly is fraud. The point is that fraud detection gets harder when teams do not fully understand the ecosystem they are monitoring. This is exactly why this listener question matters so much. It captures something I hear often from issuer-side teams. They know something is off. They just do not always have enough context to name it quickly. Here is what stands out: Card not present fraud often looks ambiguous before it looks obvious Payment fraud detection suffers when teams only see one side of the payment flow Ecommerce fraud creates interpretation challenges when merchant, acquirer, and issuer signals are disconnected Credit card fraud detection gets stronger when teams understand what “normal” looks like across more of the ecosystem How card testing and account testing usually reveal themselves Here’s what’s actually happening. A lot of card testing and account testing activity does not begin with large fraud losses. It begins with patterns. Small-dollar authorizations. Repeated attempts. Strange timing. Similar merchant activity spread across multiple cards. Velocity that does not quite fit a legitimate business model. That is where experienced teams start paying attention. And that matters. Because a carding attack often depends on scale, not on one transaction looking dramatic. Attackers are testing what works. They are learning which credentials are still live. They are figuring out which merchants or payment flows are easier to push through. So if a team is only looking for obviously bad transactions, they may miss the setup phase entirely. Gil does a really good job of helping frame these questions in a more practical way. Not every odd pattern is proof of fraud, but abnormal activity deserves context. If the same merchant ID shows up with multiple acquirer IDs, if transactions are seconds apart, or if terminal behavior seems off, those are the moments where curiosity matters. A few practical takeaways: Card testing often appears as low-value or repetitive transaction patterns before larger abuse follows Account testing can look like scattered noise unless teams connect the activity across cards, merchants, or time Payment fraud detection works better when velocity, merchant behavior, and authorization patterns are viewed together Online payment fraud is easier to interrupt when the testing phase is recognized early Why issuer teams need more merchant-side context This is where things get especially interesting. A big part of the first listener question is really about translation. Issuers, banks, merchants, processors, and acquirers may all be looking at the same fraud event from different angles, using different terminology, with different incentives. So even when they are talking about the same underlying problem, they are not always speaking the same language. I have seen this come up a lot over the years. And honestly, it is one of the biggest reasons fraud can persist longer than it should. If one team sees token activity, another sees suspicious terminal behavior, another sees elevated dispute rates, and another sees ecommerce fraud pressure, it takes coordination to realize those may all be signs of the same problem. That is why learning the merchant and processor side matters so much for issuer teams. It is not just about professional curiosity. It is about becoming better at interpreting risk. The more you understand how the other side operates, the more clearly you can identify when something does not fit. What good teams should keep in mind: Card not present fraud is easier to understand when issuer teams learn how merchant and processor environments work Ecommerce fraud prevention depends on more shared context across the payments ecosystem Fraud detection improves when teams understand terminology, incentives, and workflows across different roles Payment fraud often persists longer when organizations interpret the same signals in isolation What fraud professionals should know about moving into payments risk roles The second listener question is a good one too, because a lot of people in fraud eventually realize they want broader exposure. Maybe they started on the issuer side. Maybe they have spent years inside financial services. Then at some point they want to understand risk from the merchant, processor, or retailer perspective. That makes sense. And it is usually a smart move if the goal is to grow. Gil’s advice here is especially useful because he does not treat the transition like a branding exercise. He treats it like a learning exercise. If you want to move into fraud and payments risk on the merchant side, you need to understand how merchants think, what they optimize for, how they measure losses, how payment flows work, and what different types of fraud look like from that seat. Right. Because the job is not just about knowing fraud. It is about knowing fraud in context. What matters to a retailer is not always identical to what matters to an issuer. What matters to a processor is not always identical to what matters to a bank. The strongest fraud professionals learn how to translate across those environments. A few practical ideas: Build a stronger understanding of merchant economics, payment flows, and processor operations Learn how ecommerce fraud prevention differs from issuer-side fraud management Network with people already doing the job you want and ask smart, specific questions Study the language of chargebacks, online payment fraud, and merchant risk so you can speak across functions Why pattern recognition and relationships both matter in fraud work One of the things I really like about this episode is that it covers both technical curiosity and career growth, because those two things are more connected than people sometimes realize. Fraud professionals get better by learning patterns. But they also get better by learning from other people. That is the part that holds up. If you want to get better at spotting card not present fraud, you need to ask better questions and understand more of the payment ecosystem. If you want to grow your career, you need to build relationships with people who can help you see around corners you have not reached yet. Both things require humility, curiosity, and a willingness to admit when you do not fully understand what you are seeing yet. And honestly, that is not a weakness. That is usually the beginning of getting much better. The big takeaway from this episode is pretty straightforward. Card not present fraud becomes easier to detect when teams understand more of the ecosystem around the transaction, not just the data in front of them. And fraud careers tend to grow faster when people intentionally learn how adjacent parts of the industry work. That combination of pattern recognition and perspective is what makes good fraud professionals better over time. That is the part I would pay attention to.