What is a Card-Not-Present Transaction? Why Do CNP Transactions Matter?

Being able to offer your in-store and online customers multiple ways to make payments is extremely important. Your consumers want options, and it’s essential to meet their needs in order to reduce friction in the shopping process. But did you know that not all forms of payment are created equal?

Payment types are split up into two categories – card-present transactions (CP) and card-not-present (CNP) transactions. The differences between these two types of payments are more important than many retailers realize, and which ones you choose to accept could have a big impact on your business.

Learn More

What is the Difference Between Card-Present Transactions and Card-Not-Present Transactions?

A card-present transaction is done in-person when a magnetic stripe is swiped, the EMV chip is inserted, or a mobile wallet is tapped. Conversely, a card-not-present transaction is any transactions where the magnetic stripe isn’t swiped, the EMV chip isn’t inserted, or a mobile wallet isn’t tapped against a physical terminal. This means that any payment transaction facilitated over the phone, online, or through fax would be considered a card-not-present transaction.

A common misconception when it comes to card-not-present payments is that as long as the customer is present with their card, the payment is considered a card-present transaction.

For example, when the customer’s card information is manually typed into the credit card terminal, even if the customer is standing there with their credit card, this is still considered a card-not-present transaction by the credit card companies. This is because the physical credit card itself did not come in contact with the machine even though the transaction took place at the point-of-sale

Types of Card-Not-Present Transactions Include:

  • eCommerce shopping carts
  • Online invoices
  • Automatic billing
  • Phone orders
  • Website payments
  • Mail order purchases
  • Card-on-file transactions

How Much Do CNP Transactions Cost?

Interchange costs (charged by credit card brands like Visa and Mastercard) vary slightly from card to card across hundreds of card types. Generally speaking though, interchange costs for card-not-present transactions are higher than card-present. This is simply because the risk is higher. There is a certain level of confidence that comes along with physically inserting a card into a reader, therefore interchange costs are lower for these types of transactions.

A surprising number of companies are paying these higher interchange costs and processing fees without even having to. If you’re finding yourself taking a physical card from a customer and then manually typing in the card information into a terminal or mobile device, you’re paying card-not-present CNP interchange rates.

Avoid this by investing in a mobile card reader to be able to swipe those cards in the moment instead of entering them manually.

Card-Not-Present Fraud Risk

A study conducted by the Federal Reserve in 2018 demonstrated the decline in card-present fraud from $3.68 billion in 2015 to $2.91 billion in card-present fraud in 2016. However, during that same time, eCommerce card-not-present fraud increased by $1.17 billion. And card-not-present fraud is on the rise – with the widespread adoption of EMV or chip technology across the country, EMV chip cards make card-present fraud more difficult, and thieves are moving their fraudulent transactions from brick and mortar stores to online. Higher processing fees are a direct result of this increased risk of card-not-present fraud.

Since cardholder data is more difficult to verify in card-not-present transactions, there is a higher risk of chargeback fraud as well. When a product or service is delivered to a customer, the customer can argue that they never authorized that charge or they didn’t receive the product.

In these cases, the liabilities and fraud costs rest with the company. However, there are steps you can take to increase the security of your card-not-present transactions and continue protecting cardholder data.

1. Use a Secure Payment Gateway

First, ensure your website payments are made through a secure gateway. Investing in technology that will keep your customer’s information safe is well worth it in the long run for your business and will help secure these card-not-present transactions.

2. Capture Important Customer Information

Next, make sure you’re capturing all of the necessary information from your customer (that is more than simply requesting a credit card number) at the point of checkout.

  • Customer Contact Information: Phone number, email address, customer’s billing address, and shipping address are especially important for high-value transactions.
  • Card Information: Name as it appears on the payment card, expiration date, credit card number, and CVV (i.e., card security code) should all be required. Collecting this information helps you further determine that the customer is in possession of the credit or debit card and helps to eliminate unnecessary customer disputes.

3. Maintain PCI Compliance

Whether a payment is a card-present transaction or card-not-present transaction, businesses that handle credit card information must be PCI compliant. All business practices need to be compliant with the security standards set forth by the payment industry.

Business owners can become compliant by taking a quick questionnaire. Members with Stax are guided through this process by their account manager so all of our members and their customers stay safe and secure.

4. Use an Address Verification Service (AVS)

An Address Verification Service (AVS) is exactly what it sounds like. It’s a fraud prevention tool that verifies that the billing address entered by the shopper matches the one associated with the cardholder’s account.

These Address Verification Services serve as another layer of security against credit card fraud. Here’s how it works:

When the customer enters their credit card details, the merchant uses an AVS service to request the card issuer for authorization of these card-not-present transactions.

The payment processor then sends an AVS code back to indicate how well the entered address matches the one on file. Here are the codes for your reference.

AVS Code Description
A The street address is a match, zip does not match
G Non-U.S. card issuing bank
N Street address and zip code do not match
R Retry – system time out / unavailable
U Address data not available
W The 9-digit zip code is a match, street address does not match
X Street address and 9-digit zip code both match
Y Street address and 5-digit zip code both match
Z The 5-digit zip code is a match, but the street address does not match

Based on the degree to which the billing address matches, the merchant can decide whether or not to approve an order.

Note that the above steps all take place during the authentication step of the transaction, and they add very little friction to the process. But they go a long way in preventing card-not-present fraud and reducing fraudulent transaction numbers.

Card-Not-Present Transaction Phone And Laptop Online And Why Cnp Transactions Matter

How to Accept CNP Transactions

Although card-not-present transactions might sound a little scary, many business models require them in order to be successful. The specific method you need to use to accept card-not-present transactions depends on how you obtain your customers’ credit card details.

At Stax, we offer various ways to securely accept card-not-present transactions.

eCommerce Shopping Carts

If you’re looking for an online gateway for your eCommerce business and accept online payments for online shopping, we’ll build you one of the most trusted payment gateways in the industry – our partner Authorize.net. Card-not-present transactions are required for eCommerce, since the customer is not physically present at a brick and mortar store.

Online Invoices

The Stax Platform helps businesses send invoices and accept online payment options. Users can also set up recurring payments and schedules to automated billing through the platform, getting you paid faster for those online transactions.

Virtual Terminal

A virtual terminal is an application that can turn any device with a web browser into a payment terminal. Simply launch the software and enter the customer’s credit card information. Virtual terminals are a handy tool for taking credit card payments over the phone or inputting payment data sent by customers (for instance, when they fill out a paper form.)
Most modern payment processors (including Stax) provide virtual terminal solutions, so be sure to ask your provider about their offerings.

Payments API

Many businesses find it highly effective and beneficial to create their own payment acceptance application. The Stax API provides your developers with the tools and resources they need in order to create a payment flow that’s perfect for your unique business.

Now more than ever, card-not-present CNP transactions have become a very popular way for customers to make payments. That is why it’s important for you to work with a payment processing company that offers secure and hassle-free ways to accept those card-not-present payments.

Stax offers the greatest level of PCI security to guarantee that sensitive information is held to PCI compliance standards.

To understand how Stax’ payment solutions can support your card-not-present payment needs, contact us for a custom savings quote today. We will be glad to discuss your needs and how Stax’ integrated solutions can help.

Request a Quote


FAQs about CNP Transactions

Q: What is a Card-Not-Present (CNP) transaction?

A Card-Not-Present transaction is a type of payment that occurs when neither the cardholder nor the physical card is present at the time of the transaction. This typically involves payments made over the phone, online, or via fax.

Q: What is the difference between Card-Present and Card-Not-Present transactions?

A Card-Present transaction happens when the payment is made in-person where a magnetic stripe is swiped, the EMV chip is inserted, or a mobile wallet is tapped. In contrast, a Card-Not-Present transaction occurs when the physical card does not interact with a physical terminal, as in the case of online purchases or phone orders.

Q: What are some examples of Card-Not-Present transactions?

Several examples of Card-Not-Present transactions include eCommerce shopping carts, online invoices, automatic billing, phone orders, website payments, mail order purchases, and Card-on-file transactions.

Q: Why are the interchange costs for Card-Not-Present transactions higher?

Interchange costs for Card-Not-Present transactions are generally higher than Card-Present ones because of the increased risk. As the cardholder data is more difficult to verify in Card-Not-Present transactions, there is a higher risk of fraud and chargebacks, which leads to higher processing fees.

Q: How can businesses protect against Card-Not-Present fraud?

Businesses can protect against Card-Not-Present fraud by using a secure payment gateway, capturing important customer information, maintaining PCI Compliance, and using an Address Verification Service (AVS) which verifies the billing address provided by the shopper matches the one associated with the cardholder’s account.

Q: What solutions does Stax offer for accepting Card-Not-Present transactions securely?

Stax offers various ways for businesses to accept Card-Not-Present transactions securely, such as eCommerce Shopping Carts, Online Invoices, Virtual Terminal, and Payments API. Additionally, Stax guarantees the highest level of PCI security, ensuring sensitive information stays safe.

Q: What measures can one take to reduce the cost of Card-Not-Present transactions?

Businesses can reduce the cost of Card-Not-Present transactions by investing in a mobile card reader to swipe cards directly, thereby avoiding the higher interchange fees associated with manually entering card information.

Q: What is the impact of EMV or chip technology on Card-Not-Present transactions?

The widespread adoption of EMV or chip technology has made Card-Present fraud more difficult, causing fraudsters to shift their fraudulent transactions from brick and mortar stores to online, thereby increasing the risk and occurrence of Card-Not-Present fraud.

Q: What role does PCI compliance play in Card-Not-Present transactions?

PCI compliance is crucial in Card-Not-Present transactions as businesses handling credit card information must adhere to the security standards set by the payment industry, irrespective of whether the payment is a card-present or card-not-present transaction.

Q: How has the popularity of Card-Not-Present transactions increased in recent years?

With the advancement and convenience of online shopping and remote transactions, the popularity of Card-Not-Present transactions has grown significantly, making it a common method for customers to make payments. As such, it’s crucial for businesses to provide secure and hassle-free ways to accept these kinds of payments.