What Does a Card Not Present Transaction Mean?
Uncover the complete picture of card transactions made without a physical card, including their operation and security.
Card Not Present (CNP) transactions are a significant part of modern commerce, enabling purchases without the physical exchange of a payment card. These transactions occur when the cardholder and their card are not physically present at the point of sale. The rise of digital platforms and remote purchasing has made CNP transactions increasingly prevalent.
Understanding Card Not Present Transactions
A card not present transaction occurs when a payment card, such as a credit or debit card, is used without being physically swiped, dipped, or tapped at a point-of-sale terminal. Instead, the card’s credentials are provided through alternative means, with payment information transmitted remotely. This distinguishes CNP transactions from traditional in-person purchases.
Common examples include online shopping, where card details are entered into a website’s checkout form, and purchases made over the phone, where customers verbally relay their card information to a merchant. Recurring billing for subscription services or mail-order transactions, where card details are sent via mail or fax, also fall into this category.
Even if a customer is physically present but manually keys in card details into a system that does not read the card electronically, the transaction is still considered card not present. The primary characteristic is the reliance on credential input rather than physical interaction with a card reader.
How Card Not Present Transactions are Processed
Processing a card not present transaction begins when a customer submits their payment card details. These details are securely transmitted from the merchant’s system to a payment gateway, which encrypts the sensitive information before sending it to the payment processor.
The processor forwards the encrypted transaction data to the acquiring bank, the financial institution holding the merchant’s account. The acquiring bank then routes the request to the cardholder’s issuing bank for authorization. This involves checking for sufficient funds or credit and verifying the card’s validity.
Once the issuing bank approves the transaction, an approval message is sent back through the same chain to the merchant. This entire process typically occurs within seconds, allowing for quick confirmation of the purchase. The approved funds are then settled between the banks, eventually reaching the merchant’s account.
Protecting Card Not Present Transactions
Multiple security measures are employed to verify and protect card not present transactions. One common tool is the Card Verification Value (CVV), also known as Card Verification Code (CVC). This three or four-digit security code, typically found on the back of the card, is not stored by merchants after the transaction, making it more difficult for fraudsters to use stolen card numbers without the physical card. Requiring this code helps ensure the person making the purchase has access to the actual card or its details.
Another protective measure is the Address Verification Service (AVS). AVS checks whether the billing address provided by the customer matches the address on file with the card issuer. This service helps merchants identify potentially fraudulent transactions by flagging discrepancies in address information. Merchants receive a response code indicating the match status, which helps them decide whether to proceed with the transaction.
3D Secure protocols, such as Verified by Visa or Mastercard SecureCode, add another layer of security. These systems require cardholders to complete an additional verification step, often by entering a password or a one-time code sent to their mobile device. This multi-factor authentication helps confirm the cardholder’s identity directly with their issuing bank, enhancing the security of the transaction.
Key Differences from Card Present Transactions
The fundamental distinction between card not present and card present transactions lies in how cardholder data is captured and verified. In card present transactions, the physical card is read electronically by swiping, inserting, or tapping it on a point-of-sale device. This electronic capture provides direct evidence of the card’s physical presence and often incorporates chip technology (EMV) for enhanced security.
Conversely, card not present transactions involve the manual entry of card details or their transmission through remote channels. The absence of the physical card means merchants cannot visually inspect it or utilize chip-based security features.
This difference impacts the security protocols employed; card not present transactions rely more heavily on data verification services and authentication steps to confirm the cardholder’s legitimacy. The presence of the physical card in a transaction generally leads to lower interchange fees for merchants due to reduced risk, while card not present transactions typically incur higher fees reflecting the increased verification challenges.