Skip to main content
diversification.com
← Back to C Definitions

Card not present transaction

What Is Card Not Present Transaction?

A card not present (CNP) transaction is a type of payment card transaction that occurs when the cardholder and their physical credit card or debit card are not physically present at the point of sale. This falls under the broader financial category of Payments & Transaction Processing. Common examples of card not present transactions include purchases made online, over the phone (mail order/telephone order, or MO/TO), or through recurring payments22, 23. Unlike in-person transactions where a card is swiped, tapped, or inserted into a terminal, CNP transactions rely solely on the provision of card details, such as the card number, expiration date, and security code. This characteristic makes card not present transactions inherently more susceptible to fraud compared to card present transactions.

History and Origin

The concept of "card not present" transactions emerged long before the widespread adoption of the internet. Early forms included mail-order and telephone-order purchases, which allowed consumers to buy goods without physically visiting a store. The first electronic money transfer, setting a precedent for remote payments, occurred in 1871 with Western Union20, 21. However, the landscape of card not present transactions was truly transformed with the advent of e-commerce and the internet in the 1990s18, 19. As online shopping gained momentum, the need for secure methods to process payments remotely became critical. The U.S. Census Bureau's data reflects this shift, with e-commerce retail sales in the U.S. growing significantly, accounting for 15.9% of total retail sales in the first quarter of 202516, 17. The rise of payment gateway services, digital wallets, and online banking further facilitated the growth and evolution of these remote payment methods14, 15.

Key Takeaways

  • A card not present (CNP) transaction occurs when the cardholder and their physical card are not present during the payment, typically for online, phone, or mail orders.
  • CNP transactions are generally associated with a higher risk of fraud compared to card present transactions.
  • Merchants face increased liability for chargebacks resulting from fraudulent card not present activities.
  • Security protocols like Address Verification Service (AVS), Card Verification Value (CVV), and compliance with the Payment Card Industry Data Security Standard (PCI DSS) are crucial for mitigating CNP fraud.
  • The widespread adoption of e-commerce has significantly increased the volume and importance of card not present transactions in global commerce.

Interpreting the Card Not Present Transaction

Interpreting a card not present transaction primarily involves understanding its inherent risk profile within a payment processing system. Because the physical card is not presented, merchants cannot visually inspect the card or verify the cardholder's identity through traditional means like signature comparison. This means that the burden of fraud prevention often shifts more heavily onto the merchant and their acquiring bank. Businesses engaging in CNP transactions must implement robust security protocols and authentication measures to confirm the legitimacy of the payment. Effective risk management in this context involves scrutinizing various data points associated with the transaction, such as billing and shipping addresses, IP addresses, and previous transaction history, to identify potential red flags.

Hypothetical Example

Consider a scenario where Sarah, living in New York, wants to purchase a custom-made necklace from a small artisan's online store based in California.

  1. Initiation: Sarah visits the artisan's website, selects her necklace, and proceeds to checkout. This begins a card not present transaction.
  2. Data Input: Instead of swiping her credit card, Sarah enters her credit card number, expiration date, and the Card Verification Value (CVV) into the secure payment form on the website. She also provides her billing and shipping addresses.
  3. Processing: The artisan's payment gateway securely transmits Sarah's card details to their acquiring bank, which then routes the request to Sarah's card-issuing bank for authorization.
  4. Verification: During this process, the card-issuing bank might perform checks like Address Verification Service (AVS) to ensure the provided billing address matches the one on file.
  5. Authorization: If all details are valid and funds are available, the transaction is authorized, and the artisan receives confirmation of the payment.

In this example, the entire purchase occurs without Sarah physically presenting her card, making it a classic card not present transaction.

Practical Applications

Card not present transactions are fundamental to modern commerce, appearing in numerous practical applications across various sectors. The most prominent application is in e-commerce, where consumers purchase goods and services entirely online. This includes everything from retail shopping on major platforms to digital content subscriptions and online courses. Another significant area is remote service payments, such as utility bills paid online or over the phone, and booking services like travel or appointments without needing to be physically present.

The growth of CNP transactions has been substantial. According to data tracked by the Federal Reserve, the value of core noncash payments, which heavily include CNP transactions, grew faster from 2018 to 2021 than in any previous measurement period since 200013. The increasing reliance on digital channels for everyday transactions underscores the importance of secure and efficient processing of these payments. Businesses must adopt advanced fraud prevention tools and adhere to industry standards to manage the associated risks effectively. This includes implementing strong authentication methods and employing sophisticated data security measures to protect sensitive cardholder information.

Limitations and Criticisms

Despite their convenience, card not present transactions come with notable limitations, primarily centered on increased vulnerability to fraud. Since the card's physical presence cannot be verified, it is more challenging for merchants to confirm the cardholder's identity, making CNP transactions a major route for credit card fraud12. This heightened risk often leads to higher interchange fees for merchants, as payment processors and card networks price in the increased potential for fraud and chargebacks11.

When a fraudulent card not present transaction is reported, the merchant typically bears the liability for the loss through a chargeback. This can result in significant financial losses and administrative burdens for businesses. For example, in 2024, card not present fraud was projected to make up 74.0% of all card payment fraud loss, a significant increase from 57.0% in 201910. The Federal Trade Commission (FTC) also reports substantial losses due to fraud, highlighting the pervasive nature of these challenges [22, https://www.ftc.gov/news-events/news/press-releases/2024/02/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024]. While compliance with standards like PCI DSS helps mitigate some risks by ensuring robust data security practices, fraudsters continue to evolve their methods, employing tactics such as phishing, data breaches, and identity theft to acquire card details8, 9. This ongoing battle against sophisticated fraudulent schemes presents a constant challenge for businesses accepting remote payments.

Card Not Present Transaction vs. Card Present Transaction

The primary distinction between a card not present (CNP) transaction and a card present (CP) transaction lies in the physical interaction with the payment card. In a card present transaction, the cardholder physically presents their credit card or debit card to the merchant at the time of sale. This typically involves swiping, inserting (dipping), or tapping the card on a point of sale (POS) terminal, allowing the terminal to read the card's data, often including an EMV chip7. The physical presence of the card and often a signature or PIN verification provides a higher level of security, as it's harder to counterfeit physical cards and easier to verify the cardholder's legitimacy.

Conversely, in a card not present transaction, the physical card is not used. Instead, the transaction relies on the card's details (number, expiration date, CVV) being provided remotely, such as during online purchases, phone orders, or recurring payments6. This absence of a physical card and direct cardholder verification makes CNP transactions more susceptible to fraud. Due to this higher fraud risk, merchants often incur higher processing fees for CNP transactions, and they generally assume greater liability for chargebacks if the transaction turns out to be fraudulent.

FAQs

What are common examples of card not present transactions?

Common examples of card not present transactions include online purchases (e-commerce), telephone orders (where you provide card details over the phone), mail orders (where you send card details via mail), and recurring payments like subscription services5.

Why are card not present transactions riskier than card present transactions?

Card not present transactions are riskier because the merchant cannot physically examine the card or directly verify the cardholder's identity, such as through a signature or PIN. This makes it easier for fraudsters to use stolen card details obtained through data breaches or phishing schemes.

What measures can merchants take to reduce card not present fraud?

Merchants can implement several fraud prevention measures, including using Address Verification Service (AVS) to check if the billing address matches the card's registered address, requiring the Card Verification Value (CVV), employing multi-factor authentication, and utilizing fraud detection systems that analyze transaction patterns3, 4. Adhering to the Payment Card Industry Data Security Standard (PCI DSS) is also crucial for protecting cardholder data2.

What happens if a card not present transaction is fraudulent?

If a card not present transaction is found to be fraudulent, the cardholder can typically dispute the charge, leading to a chargeback. In most CNP fraud cases, the merchant is held liable for the loss and must reimburse the cardholder's bank, in addition to potentially incurring chargeback fees.

Do card not present transactions cost more for merchants?

Yes, generally, card not present transactions can incur higher processing fees for merchants compared to card present transactions. This is due to the increased risk of fraud and chargebacks associated with remote payments, which payment processors factor into their pricing1.