Card-not-present (CNP) fraud, the unauthorized use of a payment card for any transaction where the cardholder does not physically present the payment card, poses significant risk to today's payments ecosystem comprised of primary stakeholders such as issuers, merchants and their acquirers, processors, payment gateways, payment networks, PIN debit networks, and other relevant businesses. X9 TR-48-2018 presents guidelines for the mitigation of CNP fraud for all relevant impacted industry stakeholders, such as merchants, acquirers, issuers, payment card networks, online payment service providers, payment processors, and hardware and software providers. This Technical Report addresses the environment of payment cards, such as credit, debit, and prepaid, but does not extend to private label cards, which are out of scope. Given the high cost of CNP fraud in the U.S., these guidelines are designed to help stakeholders understand the: 1) landscape of CNP fraud attacks; 2) how to protect against data theft; 3) how to detect and prevent CNP fraud using mitigation tools and processes; and 4) how to respond and implement an adaptive CNP fraud mitigation model. These guidelines are intended to provide a benchmark checklist of the CNP mitigation tools, procedures, and strategies that should be considered for effective CNP fraud mitigation.