Card Not Present Transactions (CNP): Processing, Costs, Fraud |

Card Not Present Transactions (CNP): Processing, Costs, Fraud

Card not present transaction fraud

Financial transactions have long extended beyond traditional physical locations. An ever-larger part of commerce occurs through card-not-present (CNP) transactions, which do not require the physical presence of a credit or debit card for payment.

What is a Card Not Present Transactions

A card-not-present (CNP) transaction takes place when a credit card isn’t physically presented to the merchant at checkout. In more specific terms, a CNP transaction signifies that the card did not come into contact with a payment terminal; there was no swiping of the magnetic stripe, no insertion of a chip card into the card reader, and no tapping for contactless payment using NFC or RFID technology. Transactions that did involve such physical contact are referred to as card-present transactions.

Card-not-present transactions encompass payments made remotely, as seen in online shopping, phone orders, and mail payments. Additionally, they include scenarios where a merchant manually enters card details into the payment system rather than relying on swiping, inserting, or tapping the card.

These CNP transactions are processed using the cardholder’s account information, typically provided by the cardholder over the phone or online. The payment processor or merchant then utilizes this information to authorize the payment and complete the transaction.

The merchant or the payment provider can tokenize the card, ensuring compliance with the PCI DSS security standard to securely store card details. These tokenized card details can subsequently be used for further (recurring) payments, categorized into two distinct types:

  • Merchant Initiated Transaction (MIT): In this scenario, the merchant leverages the previously received card token to execute charges without requiring direct customer involvement. Examples include subscription payments or auto top-ups when predefined limits are reached.
  • Customer Initiated Transaction (CIT): Here, the customer initiates the payment, and the merchant processes it using the stored card token. This approach is utilized in methods like 1-click payments or pay-per-action, streamlining the payment process for customers and eliminating the need for repetitive input of card details.

Understanding these distinctions is essential for navigating the nuances of modern payment processing, both in card-present and card-not-present contexts.

Card Not Present Transaction Examples

Card-Not-Present (CNP) transactions have become increasingly popular among both businesses and consumers. Unlike traditional in-person transactions, this method does not require the physical presence of the card during the purchase process, offering a convenient and flexible payment option. From online shopping to virtual services, CNP transactions have become a prevalent and hassle-free way of conducting transactions in today’s digital age.

Common purchases considered CNP transactions

Here are various scenarios encompassing CNP transactions:

  • Online Shopping: A customer selects items on an e-commerce website, adds them to a digital shopping cart, and completes the transaction by entering their card information.
  • Buy Online, Pickup In-Store (BOPIS): Similar to online orders, but the customer can retrieve their purchase from a physical store rather than having it delivered.
  • Phone Orders: Customers place orders via telephone, verbally relaying their credit card details to a sales representative who subsequently processes the payment.
  • Mail-Order Transactions: Payments made through traditional mail services, such as ordering products from a physical catalog and sending payment by post.
  • Recurring Payments: For subscriptions or products requiring regular replenishment, customers’ payments are automatically deducted based on the stored payment card data within the retailer’s system.
  • Invoice Payments: Customers settle invoices issued to them through an online payment system, facilitating remote transactions.
  • Card-on-File Payments: Customers grant authorization for merchants to retain their credit card information for future transactions, which can be used when making remote purchases at a later time.

Card Not Present Transaction Costs

Card-not-present (CNP) transactions entail higher processing costs due to their increased susceptibility to various failure points compared to card-present transactions. This heightened risk encompasses potential issues like chargebacks, friendly fraud, and malicious fraud, which in turn amplify vulnerabilities and escalate expenses when complications arise. Issuing banks and credit card processors, in an effort to safeguard against potential losses, impose elevated fees for handling these types of transactions.

Irrespective of the processing rate plan employed by your service provider, it is inevitable that CNP transactions will incur higher charges. Under flat-rate or tiered pricing structures, CNP transactions are subject to a heftier fixed fee, encompassing both an augmented percentage rate and an elevated fixed authorization fee. Similarly, interchange-plus or membership pricing schemes impose a more significant markup on CNP transactions. It’s important to note that, within these pricing models, the underlying interchange fees for card-not-present transactions also tend to be higher.

Card Not Present Transaction Processing

Understanding transaction fees is a crucial aspect of financial transactions, as they can vary based on the fee structures and transaction type of payment processors. To gain a better understanding of this topic, we’ll delve deeper into the fees associated with popular payment processors for both online and in-person payments.

Payment Processor Transaction Fees:

  • Square: Online Transactions: 2.9% + $0.30 per transaction.In-person Transactions: 3.5% + $0.15 per transaction.
  • Stripe: Online Transactions: 2.9% + $0.30 per transaction. In-person Transactions: 3.4% + $0.30 per transaction.
  • PayPal: Standard: 2.99% + $0.49 per transaction. Advanced: 2.59% + $0.49 per transaction. PayPal Digital Payments: 3.49% + $0.49 per transaction. Virtual Terminal: 3.09% + $0.49 per transaction. Keyed-in: 3.49% + $0.09 per transaction.
  • Shopify: Transaction Fees: 2.4%-2.9% + $0.30 per transaction (Depends on plan).
  • Helcim: Transaction Fees: Interchange + 0.50% + $0.25 per transaction (Volume discounts available).

It’s important to note that card-not-present transactions come with differing levels of risk. Keyed-in entries tend to be more expensive compared to online transactions because the latter has built-in security measures, including address and CVV verification. Conversely, keyed transactions do not have any security measures in place.

Card Not Present (CNP) Fraud

Given that CNP transactions lack the physical presence of the customer or the credit card for verification, it creates an opportunity for fraudulent activities to occur. CNP fraud occurs when unauthorized individuals gain access to a cardholder’s billing information and exploit it to make unauthorized purchases. In this type of fraud, the perpetrator illicitly acquires the cardholder’s payment credentials, including the card number, CVC/CVV code, and expiration date, which are then used to initiate transactions.

CNP fraud not only impacts the customer but also has financial repercussions for businesses, as fraudulent charges often lead to chargebacks. When a customer identifies an unauthorized transaction on their card, they may opt to dispute the payment with their issuing bank and request a refund. Consequently, the business not only loses the revenue generated by the sale but also provides a product or service free of charge to the fraudulent actor. Additionally, the business may be subject to fees if it accumulates too many chargebacks.

Card Not Present Fraud Detection

Red flags indicating CNP fraud

Advanced technology plays a pivotal role in the identification and prevention of numerous instances of attempted card-not-present fraud. For instance, credit card companies employ sophisticated algorithms to identify credit card transactions that deviate from the account holder’s typical usage patterns, flagging potentially fraudulent activities.

Merchants have adopted various strategies to combat card-not-present fraud. These include leveraging biometric data such as fingerprints or voice patterns to authenticate customers and employing personal information, such as mailing addresses, to verify the identity of cardholders.

It is important to acknowledge that specific forms of fraud, such as online shoplifting and friendly fraud, bring about distinct hurdles in the business landscape. In these cases, perpetrators make online or phone purchases, receive the merchandise, and subsequently file disputes with their credit card issuer, claiming subpar product quality or non-delivery. This initiates a chargeback process, compelling the merchant to refund the deceptive customer. Detecting and mitigating such forms of fraud can be considerably more complex.

Card Not Present Fraud Prevention

Protecting your financial interests and ensuring the security of online and remote transactions is paramount. Join us as we delve into the strategies, technologies, and best practices that empower individuals and businesses to thwart CNP fraud effectively. Explore the comprehensive measures you can implement to fortify your defenses and enjoy secure and seamless online financial interactions.

Utilize a Secure Payment Gateway

It’s essential to route your website payments through a secure gateway. Investing in technology that guarantees the safety of your customers’ information is a prudent long-term decision for your business. This step not only enhances security but also safeguards card-not-present transactions, instilling confidence in both you and your customers.

Collect Vital Customer Information

It’s important to gather comprehensive customer information at the checkout stage, extending beyond the mere solicitation of a credit card number.

Customer Contact Information: It’s imperative to secure contact details such as phone numbers, email addresses, billing addresses, and shipping addresses, particularly for high-value transactions.

Card Information: To enhance security and minimize customer disputes, make it mandatory to collect the following card details:

  • Name as it appears on the payment card
  • Expiration date
  • Credit card number
  • CVV (Card Verification Value), commonly known as the card security code

By gathering this comprehensive information, you not only verify the customer’s possession of the credit or debit card but also reduce the likelihood of unnecessary disputes.

Adhere to PCI Compliance

Regardless of whether a payment is conducted in a card-present or card-not-present manner, it is imperative for businesses handling credit card information to maintain PCI compliance. Compliance with the security standards established by the payment industry is essential for all aspects of business operations.

To achieve compliance, business owners can swiftly complete a questionnaire. For the convenience and security of all our members and their customers, Chargebackhit offers guided assistance through this process, facilitated by their dedicated account manager. This ensures that rigorous compliance measures are in place to guarantee safety and security.

Implement Address Verification Service (AVS)

An Address Verification Service (AVS) does precisely what its name suggests: it’s a fraud prevention tool designed to validate that the billing address provided by the shopper aligns with the one linked to the cardholder’s account.

Address Verification Services function as an additional security layer to combat credit card fraud. Here’s the process:

  • When the customer enters their credit card details, the merchant employs an AVS service to request authorization for these card-not-present transactions from the card issuer.
  • Subsequently, the payment processor sends an AVS code in response, indicating the degree of conformity between the entered address and the one on record. Below are the codes for your reference.

Establish a Transparent Return and Exchange Policy

Place a strong emphasis on providing a transparent return and exchange policy that offers clear options and processes for customers who may not be satisfied with their purchase. Clearly outline the steps involved in returning a product for a full refund or exchanging it for an alternative color, size, or any other applicable options. By doing so, you not only facilitate smoother customer interactions but also encourage dissatisfied customers to reach out to your business for resolution rather than resorting to initiating a charge dispute with their card issuer. This approach fosters better communication and customer satisfaction.

Difference Between Card Not Present and Card Present Transactions

A card-not-present (CNP) transaction refers to any credit or debit card transaction completed without the electronic data of the physical card being captured at the time of sale. This category encompasses instances where the merchant manually inputs card details into a terminal, even if the card itself is physically present.

The key distinction lies in the requirement for digital data stored on a card’s magstripe or EMV/NFC chip to be read by a terminal or card reader to qualify as a card-present transaction. Failure to meet this requirement categorizes the transaction as card-not-present.

Card-present transactions offer unique advantages and scenarios:

  • In-Person Transactions with Mobile Card Readers: Businesses often employ mobile card readers that interface with smartphones or tablets. Services like Square provide small, portable card readers that allow vendors to accept card payments directly from customers. This flexibility is particularly useful for mobile businesses, pop-up shops, and events.
  • Digital Wallets and Tap-to-Pay: Modern payment methods, such as digital wallets like Apple Pay and Google Pay, as well as NFC-enabled credit/debit cards, enable contactless transactions. These methods facilitate quick and secure payments by simply tapping the card or device on a compatible reader. Card-present transactions in this context offer a frictionless experience for both customers and merchants.
  • Countertop Credit Card Terminals: Traditional brick-and-mortar stores often use countertop credit card terminals or point of sale (POS) systems. These devices are designed for high-volume, card-present transactions, ensuring swift and secure payment processing. They are equipped to read card data from the physical card’s magstripe or chip.

While card-present transactions offer efficiency and security, it’s essential for businesses to choose the right payment method based on their specific needs and customer preferences. Understanding the distinction between card-present and card-not-present transactions is crucial for managing payment processing effectively in a digital age.


Card-not-present fraud poses a significant threat to both your financial well-being and personal identity. Merchants can take proactive steps to thwart this type of fraud, such as employing biometric identification methods or confirming identities through details like mailing addresses.

In order to maintain financial security, regular credit monitoring and thorough review of credit card statements are essential practices. Keep an eye out for any suspicious activity, such as unauthorized purchases you didn’t make. Should you suspect that you’ve fallen victim to card-not-present fraud, take immediate action by contacting your credit card company without delay. Early intervention is key to mitigating potential damage.

Card Not Present Transactions FAQ

What Exactly Are Card-not-present (CNP) Transactions, and How Do They Differ From Card-present Transactions?

Card-not-present (CNP) transactions occur when a credit or debit card is used for payment without being physically presented to the merchant at the time of purchase. This means the card’s magnetic stripe isn’t swiped, the chip card isn’t inserted into a reader, and there’s no tapping for contactless payment. In contrast, card-present transactions involve direct physical contact between the card and a payment terminal, like swiping or inserting the card. Understanding this distinction is crucial in today’s digital payment landscape.

What Are the Risks Associated With Card-not-present Transactions, and How Can They Be Mitigated?

CNP transactions pose a higher risk of fraud, including chargebacks, friendly fraud, and malicious fraud. To mitigate these risks, businesses can implement security measures such as Address Verification Services (AVS), biometrics for customer identification, and adherence to PCI DSS security standards. Additionally, maintaining a transparent return and exchange policy can encourage customers to resolve issues directly with the merchant instead of resorting to charging disputes.

How Can Individuals and Merchants Optimize Card-not-present Transactions for Security and Convenience?

For individuals, monitoring credit card statements for unauthorized transactions and promptly reporting any suspicions to the credit card company is essential. For businesses, implementing secure payment gateways, tokenizing card information, and offering convenient customer-initiated transaction (CIT) options like 1-click payments can enhance security and streamline the CNP transaction experience. Staying informed about industry trends and compliance standards is also crucial for both parties.

Share article