Definitive Guide to Card Not Present (CNP) Transactions

card not present transactions

Table of Contents

  1. What are Card Not Present (CNP) Transactions?
  2. Who Commonly Commits Card Not Present Fraud?
  3. Who’s Liable for the Loss in Card Not Present Fraud?
  4. What are the Most Common CNP Fraud Methods?
  5. How Much Do Card Not Present Transactions Cost?
  6. What Should You Do if You Suspect CNP Fraud?
  7. How to Prevent Card Not Present Fraud
  8. Conclusion
  9. Frequently Asked Questions

While the internet has certainly done wonders for small businesses – allowing them to reach customers all over the world – it also exposes business owners and merchants to additional risks. One such risk involves fraudulent credit card transactions, and Card Not Present (CNP) fraud in particular.

What is Card Not Present Frau? It's what happens when fraudsters use stolen card numbers to make purchases with specific merchants, typically online merchants.

As a business that accepts credit card transactions over the internet, it’s important that you understand what CNP fraud is, how to spot it, and what to do when you encounter it.

What are Card Not Present (CNP) Transactions?

"Card Not Present" simply means the merchant has received the consumer's card information remotely.

New call-to-actionCard Not Present (CNP) transactions are transactions that happen using credit or debit card information without requiring the presence of the physical card or the cardholder.

For example, if a fraudster stole a credit card, its expiration date, and security code, they could potentially make Card Not Present transactions through online stores. In many instances, the victim retains possession of their card and is totally unaware of the fraud until the unauthorized activity is spotted on a monthly bill statement.

Unfortunately, CNP fraud encompasses up to 54% of all fraud losses worldwide as of 2018. Obviously, this is something that credit processors and merchants are taking seriously. 

The difference between a card present and a card not present transaction is that the for the former, the cardholder (or a user in general) must physically be at the point of sale and swipe the card.  Obviously, this method is much more secure than CNP transactions because POS systems can use tech like EMV chips or simple verifications to discourage fraudsters. 

Years ago, most Card Not present fraud took place through call center operations and mail orders. Now, the large majority involves ecommerce websites and internet transactions. The term “card not present” describes the fact that the transaction is approved without the physical presence of the card. The merchant follows certain protocol that – if met – indicates the cardholder is authorized to make the purchase. Unfortunately, criminals and fraudsters frequently discover ways around these protocols.

Who Commonly Commits Card Not Present Fraud?

Card Not Present Fraud

While independent criminals do occasionally commit CNP fraud, it’s typically the work of a larger criminal enterprise. These enterprises may steal thousands or millions of dollars worth of goods and services before they’re discovered and their networks can stretch across international borders.

In many cases, these enterprises gain access to legitimate corporations through employment. After infiltrating the company, they can then access customer information and relay it to third-party sources that commit Card Not Present fraud. All it takes is a credit card number, the cardholder’s name and address, and applicable security codes.

Who’s Liable for the Loss in Card Not Present Fraud?

Common CNP Fraud Methods

In the United States, federal law clearly limits a consumer’s credit card fraud exposure to $50. The credit card company or the merchant then bears the risk for the remaining amount. When determining who is responsible, there are two important categories of transactions. The first involve situations in which the card is physically present – such as paying for a meal at a restaurant. The second involve purchases over the internet or phone.

In the first situation, the card is obviously present. Generally, this means the liability falls to the issuing financial institution and not the merchant. However, in the second case (CNP), the risk falls to the merchant. In other words, the merchant is required to reimburse the cardholder for the full amount. For merchants that rely on selling expensive products with small margins, too many Card Not Present transactions can ultimately result in a company death sentence.

What are the Most Common CNP Fraud Methods?

For merchants, it’s important to understand how criminals gain access to customer information and through which methods they use that information to commit Card Not Present fraud.

The most common methods of obtaining credit card information involve phishing and skimming.

Fight & Recover Chargebacks - Get The GuidePhishing takes place when criminals attempt to acquire sensitive customer information by contacting customers via electronic communication and posing as trustworthy companies or organizations. Email is the preferred channel, but savvy fraudsters will use phone contact.

Skimming occurs when employees actually lift customer information directly from the card. This typically happens in physical settings where an employee obtains the customer’s card and takes it out of sight (such as a restaurant). The individual then sells this card information to a criminal enterprise, or uses it themselves.

As a merchant, you always have to be on the lookout for signs of Card Not Present fraud. It can be difficult to spot, but you can’t afford to turn a blind eye. In most cases, the responsibility will fall on you.

How Much Do Card Not Present Transactions Cost?

Any credit card processing requires a fee on the part of the merchant. These include items like assessment fees, interchange fees, and fees for PCI Risk and Compliance.

Fees for CNP transactions are usually higher than Card Present transactions. Since chances of chargeback fraud are higher with CNP transactions, the associated fees are higher and the cost is passed to the merchant. 

There are the overhead costs of fraud as well. As of 2020, LexisNexis reported that every $1 of fraud costs for U.S. retailers ends up costing those retailers up to $3.36

What Should You Do if You Suspect CNP Fraud?

As the United States begins to adopt new chip-based cards, sources say Card Not Present fraud rates will dramatically increase for a period of time – that is until the 41 percent of stores without chip-capable systems in place begin to catch up. “There’s going to be nowhere else for fraudsters to go but online, says Sean Curran, an industry expert. “That’s where they’ll go. Online retailers have to be ready.”

As a business owner, it’s important to recognize the warning signs of CNP fraud and to have a pre-established plan in place for how you’ll handle fraudulent charges.

If you wait until you suspect Card Not Present fraud, it may be too late to avoid losing money and wasting time.

As a merchant, you should keep careful and meticulous records of all transactions. You need the cardholder name exactly as it appears on the card, the expiration date of the card, the billing and shipping addresses, and the CVV2 code. You should also record the cardholder’s contact information, the date of the order, and details regarding any conversations you’ve had with the buyer. It’s a good idea to keep copies of order forms and proof of delivery, too. The more information you have, the better protected you’ll be in the long run.

How to Prevent Card Not Present Fraud

Preventing Card Not Present fraud is a proactive operation. You must take every precaution for security and verification for any CNP transactions. 

The most basic of steps is to be compliant and secure. The next step is to make sure that you are verifying cardholders in CNP situations. Address Verification Services can weed out potential CNP fraud because fraudsters with stolen card information may not have correct address or contact information. 

Likewise, working with alert providers and chargeback management can help you proactively determine your weak spots to get ahead of online CNP fraud.

Contact Chargeback Gurus to Help Manage Chargebacks from Card Not Present Fraud

The unfortunate reality of the current financial landscape is that credit card companies look out for their customers first and foremost. As such, customers rarely have to take the blame or accept responsibility for CNP fraud. It’s also rare for fraudsters and criminals to be discovered. That means it comes down to you or the credit card company – and they’ll try their hardest to place the blame on your shoulders.

At Chargeback Gurus, we fight for your business and help you recover lost revenue. You simply send us the information and we’ll serve as your liaison to the credit card companies. After helping you recover your lost revenue, we’ll also work closely with your team to identify weaknesses and optimize your review process to reduce Card Not Present  fraud risk and minimize chargebacks. 


What are card present transactions

Card Present transactions are when a cardholder physically swipes or inserts a card into a POS for payment at a physical processing or retail location.


Is CVV required for Card Not Present Transactions?

Not necessarily. Secure merchants use CVV verification to discourage CNP fraud, but not everyone uses CVV codes.


Is Apple Pay Considered Card Not Present?

If Apple Pay is used in-store at a terminal, it is considered Card Present. Payments on a phone or for in-app purchases are considered Card Not Present.


Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to:

Get the guide, Chargebacks 101: Understanding Chargebacks & Their Root Causes