What Is a Card Not Present Transaction?
Explore card not present transactions. Understand how these remote payments function and the critical measures ensuring their security.
A card not present (CNP) transaction occurs when neither the cardholder nor the payment card is present at the point of sale. This type of transaction differs from traditional in-person purchases where a card is swiped, tapped, or inserted into a terminal. These transactions have become common, forming a significant part of modern commerce as digital payment methods expand and integrating deeply into daily financial activities.
Understanding Card Not Present Transactions
Payment processing distinguishes between “card present” and “card not present” transactions. In a card present scenario, the payment card interacts with a terminal via swipe, chip, or tap. This interaction allows for immediate electronic data capture and provides security verification at the point of sale.
Conversely, a card not present transaction occurs when the physical card is not presented or processed by a terminal. This categorization applies even if the cardholder is present but the card details are manually entered into a system without the card itself being read electronically. The absence of the physical card for direct verification defines a CNP transaction.
Common examples of card not present transactions include online purchases, where card details are entered into a website. Purchases made over the telephone or via mail order fall under this category, as the card details are communicated verbally or in writing rather than through a physical device. Recurring payments for subscription services or online invoices where card details are stored or entered remotely are also considered CNP transactions.
The Mechanics of Card Not Present Transactions
A card not present transaction begins when a customer initiates a purchase remotely, such as online, over the phone, or via mail. The customer provides payment details: card number, expiration date, Card Verification Value (CVV), and billing address. For online transactions, this data is entered into a secure web form, with sensitive information encrypted during transmission to the merchant’s system.
The merchant’s payment system or gateway transmits these details to a payment processor. This transmission uses encryption to protect data from unauthorized access. The processor forwards the transaction data to the card network, which routes the authorization request to the issuing bank.
The issuing bank verifies the card’s validity, checks for funds or credit, and conducts security checks, including validating the CVV and billing address against its records. The bank then sends an approval or decline response back through the card network and payment processor to the merchant. This multi-step process, while complex, completes in seconds, allowing for efficient remote transactions.
Protecting Card Not Present Transactions
Card not present transactions carry higher fraud risks due to the lack of physical card verification, increasing merchant chargeback liability. To mitigate these challenges, several security measures protect consumers and businesses.
The Card Verification Value (CVV), also known as CVC or CID, is a three or four-digit code not stored on the card’s magnetic stripe or chip. Requiring this code confirms the customer physically possesses the card, reducing fraud from stolen card numbers.
The Address Verification Service (AVS) compares the customer’s provided billing address with the card issuer’s records. A mismatch signals potential fraud, allowing the merchant to assess risk before approving the transaction. This helps prevent criminals from shipping fraudulently purchased goods to unauthorized addresses.
Technologies like tokenization and encryption secure sensitive card data. Tokenization replaces actual card numbers with a meaningless placeholder. Encryption transforms data into an unreadable format during transmission.
3D Secure adds an extra layer of verification for online purchases. This involves the customer completing an additional step, like entering a one-time password, directly with their card issuer. Successful 3D Secure authentication can shift liability for fraudulent transactions from the merchant to the card issuer, reducing financial exposure.