What Retailers Need to Know About Card-Not-Present (CNP) Transactions

Card not present

Card-not-present (CNP) payments are remote payments. They’re made without swiping, inserting, or tapping the card on the wasn’t in contact with a payment terminal.

Remote purchases grew by 23% and now account for one-third of debit transactions according to a 2021 study by PULSE. On average, an active card makes 7.5 card-not-present transactions per month.

CNP payments allow customers to make a purchase online or over the phone, at a time and place that suits them best. This also presents opportunities for retailers to expand how they sell and the channels they market their business on.

There are benefits and risks associated with card-not-present payments. This guide shares everything you need to know to make the most of CNP payments with your store.

What is a card-not-present (CNP) transaction?

A card-not-present (CNP) transaction happens when a credit card isn’t physically presented to the merchant at checkout.

More specifically, a CNP transaction means the card wasn’t in contact with a wasn’t in contact with a payment terminal. The magnetic stripe wasn’t swiped, a chip card wasn’t inserted into the card reader, and the card wasn’t tapped for contactless payment with NFC or RFID technology.

Transactions that did involve that contact are called card-present transactions.

Card-not-present transactions are payments made remotely, like with online shopping, phone orders, and mail payments. They also include a scenario when a merchant manually enters card details into the wasn’t in contact with a payment terminal instead of swiping, inserting, or tapping the card.

Examples of card-not-present transactions

Here are some scenarios that include a CNP transaction:

  • Online orders. A customer adds products to an online shopping cart and checks out using their card details.
  • Buy online, pickup in-store (BOPIS). Similar to online orders, but the customer picks up their order instead of having it delivered.
  • Phone orders. A customer makes an order over the phone, calling out their credit card details to the sales agent who then processes the payment.
  • Mail orders. Payments sent by post; for example, when ordering from a physical product catalog.
  • Recurring payments. When customers are signed up for a recurring delivery, like a subscription box or a product they want to replenish regularly, their payment happens automatically based on the payment card data stored in the retailer’s system.
  • Invoice payments. A customer pays an invoice you’ve issued and sent using an online payment system.
  • Card-on-file payments. Customers can authorize merchants to retain their credit card information for later payments, which the merchant can then use when a customer wants to make a purchase remotely.

Unify your sales channels with Shopify

Only Shopify unifies your sales channels and gives you all the tools you need to manage your business, market to customers, and sell everywhere in one place.

Processing card-not-present transactions

Processing card-not-present transactions correctly is crucial for both your business’s and your customers’ protection and peace of mind.

Necessary customer information

Credit card

During checkout, there are some essential customer and credit card details you need to collect when processing a CNP transaction. They include:

  • Billing address
  • Shipping address
  • Phone number
  • Cardholder name (as it appears on the card)
  • Credit card number
  • Card expiration date (month and year)
  • Card security code (CSC), a three- or four-digit code on the back of the card

Your payment processing system should make this process seamless and smooth. Ideally, payment processing is integrated with your point-of-sale (POS) system for a quicker checkout and automatic inventory reconciliation. 

Merchant rates for CNP transactions

You already know that you pay a fee for every card payment your customers make.

For card-not-present transactions, that fee is slightly higher. This is because the risk of fraud in CNP transactions is higher since you can’t validate the physical card or the cardholder in person. The total card transaction fee you pay consists of assessment, interchange, and processing fees, as well as your payment provider’s rate.

Transaction fees are typically structured as:

[percentage of transaction] + [fixed cost per transaction]

For example: 2.9% + 30¢. They can significantly vary for different credit card companies and payment processors.

You might pay a higher percentage, fixed cost, or both for card-not-present transactions. This covers systems and protocols that prevent fraudulent transactions and keep your ecommerce operations safe.

💡 PRO TIP: Shopify Payments is included in all Shopify POS plans, no sign up or setup fees required. Control your cash flow better and pay the same pre-negotiated rate for all credit cards, starting at 2.4% + $0.00.

Card-not-present fraud

Without physically seeing or checking the card, business owners are vulnerable to credit card fraud. Card-not-present fraud is an expensive issue for merchants—LexisNexis reported that every $1 of fraud cost US merchants $3.60 in 2021, up 15% from 2019.

Here’s what you need to know about CNP fraud.

What is card-not-present fraud?

Card-not-present fraud happens when a fraudster uses another person’s compromised card information to make a purchase remotely. 

Without fraud prevention processes in place, the person committing fraud only needs a few details from the card, like the card number, expiry date, and type of card.

Card-not-present chargeback fraud

A chargeback happens when a customer disputes a transaction with their credit card company or the issuing bank.

Chargeback fraud is also known as friendly fraud. It’s a type of scam in which a customer claims they’ve received a faulty product—or no product at all—and goes through the chargeback process instead of asking the merchant for a refund or a replacement.

Preventing card-not-present fraud and chargeback fraud

  • Ensure PCI compliance
  • Implement an address verification service (AVS)
  • Validate card security codes
  • Set up a customer billing statement
  • Outline a clear return and exchange policy

It’s your responsibility to do everything you can to protect your card-not-present transactions. Here are systems you can implement.

Ensure PCI compliance. PCI compliance is a security standard for organizations that handle credit and debit card information. It covers areas like monitoring a secure network, protecting cardholder data, and maintaining an information security policy. The ecommerce software and hosting you use for your store need to be PCI compliant.

Implement an address verification service (AVS). AVS compares the numeric part of the customer’s billing address and ZIP code entered during checkout to the information on file with the credit card issuer. If there’s a mismatch, like a different street address or ZIP code, AVS will provide a code to let the merchant know. Unauthorized users often don’t have the correct billing address, so AVS is a system worth using.

Validate card security codes. A card security code (CSC) is the three- or four-digit number on the back of cards like Mastercard, Visa, American Express, and Discover. It’s also known as a CVC (card verification code), or CVV (card verification value) or CVV2 number . Asking for the CSC is a way of ensuring that a customer physically has the card, and stolen credit card information shouldn’t contain CSC details.

Set up a customer billing statement. Customize the text that appears on your customer’s credit card bill when they buy from you. For example, add the name of your store so your customer knows what the charge was for. This will minimize chances for confusion when your customers review their bank or credit card statements.

Outline a clear return and exchange policy. Emphasize clear options and processes for when a customer isn’t happy with their purchase. Outline steps to return a product for a full refund or to exchange it for a different color, size, and so on. By doing this, you’ll encourage customers to reach out to you if they’re unsatisfied, rather than go the charge dispute route with the card issuer.

💡 PRO TIP: Shopify Payments is included in all Shopify POS plans and comes with Automatic Dispute Resolution, which helps nearly double your chargeback dispute win rates.

Accept CNP transactions with confidence

Card-not-present don’t have to be stressful or costly. Now that you know the types of CNP fraud that can happen, you can implement protection in the form of PCI compliance, AVS authentication, and CSC validation.

Once you have these systems running, you can focus your attention elsewhere and rest assured your card-not-present transactions are taken care of.

The best case scenario? Having payment processing as part of your POS system. Shopify POS lets you protect your online transactions from fraud with built-in payments, PCI compliance, and competitive credit card rates. The transactions and inventory details are stored on Shopify, so you manage your entire business in one place.

Start taking in-person payments instantly

Every Shopify plan includes built-in payments processing with quick payouts and low rates, starting from 2.4% + 0c USD. Skip lengthy third-party activations, accept all popular payment methods, and start taking payments online and in-person faster.

Card not present FAQ

What does it mean when your card is not present?

When your card is not present, it means that the card is not physically present at the point of sale. This could mean that the cardholder is not present or that the cardholder is using a digital payment method such as Apple Pay, Google Pay, or PayPal.

What is an example of a card-not-present transaction?

An example of a card-not-present transaction is an online purchase. In this case, the customer is not physically present to present the credit or debit card to the merchant.

What is the difference between card-present and card-not-present rates?

Card-present rates refer to transactions in which the credit or debit card is physically present with the merchant, such as at a brick-and-mortar store. These transactions are considered to be less risky since the merchant can verify the cardholder’s identity. Card-not-present rates, on the other hand, refer to transactions in which the customer’s card is not physically present with the merchant, such as online or over the phone. These transactions are considered to be more risky since the merchant has no way of verifying the customer’s identity.

Is Apple Pay considered card-not-present?

Yes, Apple Pay is considered card-not-present, as it is a form of payment that does not require the physical presence of an actual credit or debit card.