What Is CP in Credit Card Processing?
Understand "CP" in credit card processing: a key distinction that shapes payment security and fraud responsibility.
CP in credit card processing refers to “Card Present,” a designation indicating that the physical payment card is physically present and interacts with a payment terminal during a transaction. This distinction is important for understanding the varying levels of security, fraud risk, and liability within the payment processing ecosystem. Card present transactions generally have lower processing costs for businesses due to reduced risk.
Understanding Card Present Transactions
A Card Present (CP) transaction occurs when the cardholder physically presents their payment card to a merchant at the point of sale. This involves using a physical device like a point-of-sale (POS) terminal to capture the card’s electronic data. Common methods include inserting an EMV (Europay, Mastercard, and Visa) chip card, swiping a magnetic stripe card, or tapping a contactless card or mobile device enabled with Near Field Communication (NFC).
During a CP transaction, verification often involves the cardholder entering a Personal Identification Number (PIN) or providing a signature. This physical interaction and real-time data capture add security, making it easier for merchants to verify the cardholder’s identity and the card’s authenticity. Digital wallets, such as Apple Pay or Google Pay, are also categorized as card present transactions when used by tapping a compatible terminal, as they leverage NFC technology for secure, in-person data transmission.
Understanding Card Not Present Transactions
Conversely, a Card Not Present (CNP) transaction occurs when neither the cardholder nor the physical credit card is present at the point of sale. These transactions rely on the cardholder providing their payment details remotely, without the card physically interacting with a card reader. Common scenarios for CNP transactions include online purchases through e-commerce websites, telephone orders, and mail orders.
Even if a customer is physically present but manually enters their card information into a system, such as a virtual terminal, the transaction is still classified as CNP because the card’s electronic data is not captured by a card reader. CNP transactions depend on information like the card number, expiration date, Card Verification Value (CVV/CVC), and billing address provided by the cardholder.
Transaction Security and Liability
The distinction between Card Present and Card Not Present transactions is significant due to its implications for security and fraud liability. CP transactions, especially those utilizing EMV chip technology, offer enhanced security because the EMV chip generates a unique, encrypted transaction code for each purchase, making it difficult to counterfeit cards. This dynamic data encryption, combined with authentication methods like PIN entry, substantially reduces the risk of in-person fraud. The Payment Card Industry Data Security Standard (PCI DSS) also encourages the use of tokenization, which replaces sensitive card data with a non-sensitive token, further protecting information during transmission and storage, especially in digital wallet transactions.
CNP transactions are generally considered higher risk because the lack of physical card presence means merchants cannot visually inspect the card or verify the cardholder’s identity in person. This vulnerability leads to a significantly higher fraud rate for CNP transactions compared to CP transactions. Without physical verification, fraudsters can use stolen card details obtained through various means, increasing the potential for unauthorized purchases.
This risk differential directly impacts fraud liability for merchants and card issuers. Historically, card issuers bore the liability for fraudulent card present transactions. However, with the EMV liability shift, effective in the U.S. in October 2015, liability for counterfeit card fraud in card-present transactions typically shifts to the merchant if they do not use an EMV-compatible terminal to process a chip card. This incentivizes merchants to adopt secure EMV technology. For CNP transactions, the liability for fraudulent activities often falls on the merchant if they cannot demonstrate that they followed proper security protocols, such as using Address Verification Service (AVS) or CVV codes, or implementing 3D Secure protocols for online transactions.