ZERO TRUST SECURITY FOR CARD-NOT-PRESENT TRANSACTIONS: EXTENDING EMV-LIKE CONTINUOUS AUTHENTICATION AND ADAPTIVE RISK VALIDATION ACROSS PAYMENT NETWORKS

Card-Not-Present (CNP) fraud remains a critical challenge [1][2][3] in digital payments, exploiting gaps between merchants, acquirers, and issuers within trusted payment networks. While EMV technology ensures dynamic authentication for Card-Present (CP) transactions [4][5], CNP transactions lack equivalent protection [6], often bypassing real-time risk assessment. This pa-per introduces a Zero Trust security model for CNP transactions, extending EMV-like continuous authentication and adaptive risk validation across payment stakeholders without modifying the ISO8583 messaging standard. By leveraging AI-driven risk scoring, behavioral biometrics, device finger-printing, and multi-factor authentication (MFA), the model ensures continuous verification from initiation to authorization. Risk scores dynamically evolve across the payment chain, enabling real-time decision-making. Experimental results demonstrate a 92.1% fraud detection accuracy, a 36% reduction in false positives, and real-time processing within 310 milliseconds per transaction. This approach bridges the security gap in CNP transactions, aligning with PCI-DSS, PSD2, and EMVCo standards while preserving user experience. By extending Zero Trust principles across the payment network, this work establishes a scalable and resilient framework for securing digital transactions.