Card Present vs. Card Not Present

Card-Present vs. Card-Not-Present Transactions: What every Merchant Needs to Know

The difference between card-present (CP) and card-not-present (CNP) transactions might seem straightforward: one happens in person, and the other doesn’t, right? However, with the rise of various payment methods, understanding these distinctions goes beyond just the location of the transaction. It affects fraud risk, compliance, transaction fees, and ultimately your bottom line. Merchants need a payment processor that provides valuable advice, scalable solutions, and 24/7 support to maintain compliance and address security concerns.

Card-Present Transactions

Card-present (CP) transactions occur when a customer physically presents their card in person. These transactions involve swiping a magnetic stripe, inserting a chip card (EMV), or tapping a contactless payment method, such as a card, phone, or smartwatch, at the point of sale. Each method offers distinct benefits and security features:

Common Card Present (CP) Transactions

• Dipping a Chip (EMV) Card: Thanks to the October 2015 liability shift, most payment cards in the U.S. now use EMV (chip card) technology. When a chip card is inserted into a terminal, it authenticates it and generates a unique token for each transaction, reducing fraud.
• Swiping a Card: Before EMV technology, payment cards relied on swiping a magnetic stripe to transmit cardholder information. However, the static nature of magnetic stripe data made it susceptible to theft.
• Contactless Cards: Many cards now offer contactless payment via near-field communication (NFC), which allows a card terminal to “read” the card from a short distance using radio-frequency identification (RFID). This technology has gained popularity for enabling touch-free transactions, especially during the COVID-19 pandemic.
• Digital Wallets: Digital wallets like Apple Pay and Google Pay use NFC for secure card-present payments, with an added layer of biometric authentication (e.g., fingerprint or face ID). This security, combined with the convenience of using smartphones and wearables like smartwatches, makes digital wallets a highly secure and flexible payment option.

Card-Not-Present transactions

Card-not-present (CNP) transactions cover an array of payment types, ranging from traditional remote purchases, such as phone and mail orders, to digital payment methods that are pretty crucial in our modern lives. When a transaction lacks the physical presence of the card and the cardholder, it’s categorized as CNP—meaning the payment details aren’t captured by a card reader at the point of sale. Today, subscription billing, “Buy Now” buttons on social media platforms, and one-click payment options are all recognized as CNP. Even within a physical store, if a customer uses a mobile app to purchase without directly interacting with a terminal, it’s still a CNP transaction. In the business world, invoicing and online payments from one business to another also fall under this designation, due to the lack of direct card interaction.

Common Card Not Present (CNP) Transactions

• Online Purchases: From eCommerce sites to social media marketplaces, when a customer completes a purchase by entering credit card details on a digital platform, this transaction is classified as CNP.
• Phone Orders: A customer provides credit card information verbally over the phone, a classic example of a CNP transaction.
• Recurring Payments: Subscription services and memberships, set up for automatic billing, are CNP transactions due to the remote nature of the payment.
• Invoices: In B2B transactions, when one company pays an invoice through an online portal or other digital platform, the card-not-present label applies, as there’s no direct, physical card validation.

Why It Matters to Your Business: Rates & Fraud

The distinction between card-present (CP) and card-not-present (CNP) transactions significantly impacts the costs and security measures associated with credit card processing. For businesses, understanding the unique aspects of each transaction type can help optimize operations and reduce processing fees.

Card-present transactions generally have lower interchange fees compared to card-not-present purchases, due to their lower risk of fraud. Interchange fees cover the secure movement of funds from the customer’s card to the merchant’s account and constitute the bulk of credit card processing costs. Interchange fees are adjusted according to the level of risk involved in each transaction type. In-person, or card-present, transactions allow the customer to physically present their card, adding extra layers of security like identity verification and the use of a secure terminal to authenticate the payment on the spot. By contrast, card-not-present (CNP) transactions do not provide the same level of direct interaction. Without the ability to authenticate the card through a reader in real-time, merchants are more vulnerable to fraud, chargebacks, and unauthorized card use—which can lead to higher interchange fees to compensate for the added risk.

Types of Card-Not-Present Fraud

• Phishing: Criminals create fake websites or send fraudulent messages to trick individuals into providing card details, which they then use for unauthorized CNP transactions.
• Chargeback Fraud: Fraudsters make purchases with stolen card information, prompting legitimate cardholders to file chargebacks, which leads to losses for merchants.
• Friendly Fraud: A customer makes a purchase and later disputes it, falsely claiming it wasn’t authorized or that they didn’t receive the item.
• Triangulation Fraud: Fraudsters set up fake online stores, using stolen card information to buy goods from legitimate merchants and fulfill fake orders.
• Payment Card Application Fraud: Using synthetic or stolen identities, criminals apply for credit cards to conduct fraudulent transactions.

National Processing Best Practices for Preventing Card-Not-Present Fraud

1. Adhere to PCI Compliance Standards: Following the Payment Card Industry (PCI) data security standards can greatly reduce the risk of CNP fraud. These standards include measures such as using firewalls, encrypting cardholder data, maintaining secure passwords, and ensuring regular software updates.
2. Monitor for Unusual Behavior: Implement systems that analyze customer information and detect patterns or anomalies, such as low-value transactions used to test stolen credentials.
3. Use Multi-Factor Authentication (3DS): Adding layers of verification through methods like one-time passwords, biometrics, or device-based authentication helps confirm the buyer’s identity.
4. Require CVVs: The card verification value (CVV2) is not always included in stolen card data, so requiring it adds a hurdle for fraudsters who don’t possess the physical card.
5. Require AVSs: An address verification service (AVS) cross-references the billing address provided with the address on file with the card issuer, flagging any mismatches that could indicate fraud.

Expert Guidance, Security, and Compliance for Safer CNP Transactions

In today’s digital economy, card-not-present fraud is a persistent yet manageable challenge. With the right approach, merchants can minimize risk and protect their bottom line. National Processing is committed to supporting businesses with industry expertise and actionable insights to help navigate complex CNP rates and fraud prevention strategies. Our scalable solutions are tailored to fit your business needs, ensuring secure, compliant payment processing.

With National Processing, you gain a proactive partner that helps you address security concerns, maintain compliance, and instill confidence in every transaction.