Sign In Sign Up

What is Card Not Present (CNP) Transaction?

FinTekCafe FinTekCafe
2 min read

In an earlier post, we looked at Card Present (CP) transactions. In this post, we will cover Card Not Present (CNP) transactions.

If you have ever bought something online using your phone or computer, you have made a Card Not Present (CNP) transaction. In a CNP transaction, the merchant cannot directly read your card information from the chip or magnetic strip, as they would in an in-store purchase.

CNP transactions carry higher risk and liability for merchants. They also tend to have higher processing fees compared to CP transactions.

What type of transactions is CNP?

(a) Payments made over the phone (sharing credit card info by voice)

(b) Purchases and payments online (through websites or apps)

(c) Manually entering card details at checkout, even when a physical card is present

(d) Recurring payments or subscriptions

So, how do CNP transactions work?

Step 1: The customer completes a purchase online and arrives at the merchant's checkout page.

Step 2: The customer manually enters their card information on the merchant's website.

Step 3: The merchant's website uses a credit card payment gateway to process the transaction.

What are the common methods to mitigate CNP fraud?

CNP transactions only need card information, not a physical card. This makes them more attractive to fraudsters compared to CP transactions.

Fraudsters get credit card numbers and related details in several ways. They use hacking (through malware or other attacks on the cardholder's computer), phishing (sending fake emails to trick people into sharing their information), and skimming (stealing card data at places like restaurants or gas stations through dishonest employees).

A federal study showed that CNP fraud increased from $3.4 billion in 2015 to $4.57 billion in 2016.

Here is what consumers can do to protect themselves. Report a lost or stolen card to the credit card company right away and get a new card. Monitor billing statements for any suspicious activity. Sign up for free alerting services offered by the bank.

Merchants face high liability for CNP fraud chargebacks. Card networks and payment gateways provide best practice guidelines for merchants. Merchants should follow these guidelines carefully. Here are some of the most common recommendations.

(a) Collect detailed customer information during checkout. This includes the name, billing address, shipping address, and CVN (Card Verification Number -- the three or four-digit code on the credit card).

(b) Enroll in card network programs like VBV (Verified by Visa) and 3D Secure (Mastercard). These add an extra layer of authentication during checkout.

(c) Make sure you are PCI compliant. PCI compliance is a set of security standards for handling card data.

(d) Watch for unusual purchase patterns. These include a large number of small transactions for the same item or unusually high order quantities.

(e) Use the Address Verification System (AVS). This checks whether the address entered during checkout matches the one registered with the bank.

(f) Use geo-location checks. For example, use the IP address to detect simultaneous transactions from different locations.

(g) Use multifactor authentication to protect your e-commerce website.