Card-Not-Present (CNP) Transactions and Why They Matter

Being able to offer your in-store and online customers multiple ways to make payments is extremely important. Your consumers want options, and it’s essential to meet their needs in order to reduce friction in the shopping process. But did you know that not all forms of payment are created equal?

Payment types are split up into two categories – card-present transactions (CP) and card-not-present (CNP) transactions. The differences between these two types of payments are more important than many retailers realize, and which ones you choose to accept could have a big impact on your business.

What are Card-Not-Present (CNP) Transactions?

CNP transactions are any transactions where the magnetic stripe isn’t swiped, the EMV chip isn’t inserted, or a mobile wallet isn’t tapped against a physical terminal. This means that any transaction facilitated over the phone, online, or through fax would be considered card-not-present.

A common misconception when it comes to card-not-present transactions is that as long as the customer is present with their card, the transaction is considered card-present.

For example, when card information is manually typed into the card terminal, even if the customer is standing there with their card, the transaction is still considered card-not-present. This is because the physical card itself did not come in contact with the machine even though the transaction took place at the point-of-sale

Types of Card-Not-Present Transactions Include:

  • eCommerce shopping carts
  • Online invoices
  • Automatic billing
  • Phone orders
  • Website payments
  • Mail orders
  • Card-on-file transactions

How Much Do CNP Transactions Cost?

Interchange costs (charged by credit card brands like Visa and Mastercard) vary slightly from card to card across hundreds of card types. Generally speaking though, interchange costs for CNP transactions are higher than card-present. This is simply because the risk is higher. There is a certain level of confidence that comes along with physically inserting a card into a reader, therefore interchange costs are lower for these types of transactions.

A surprising number of companies are paying these higher interchange costs and processing fees without even having to. If you’re finding yourself physically taking a card from a customer and then manually typing in the card information into a terminal or mobile device, you’re paying CNP interchange rates.

Avoid this by investing in a mobile card reader to be able to swipe those cards in the moment instead of entering them manually.

Card-Not-Present Transactions and Fraud Risk

A study conducted by the Federal Reserve in 2018 demonstrated the decline in card-present fraud from $3.68 billion in 2015 to $2.91 billion in 2016. However, during that same time, eCommerce card-not-present fraud increased by $1.17 billion. That number is on the rise with the widespread adoption of EMV or chip technology across the country. With EMV chip cards making card-present theft more difficult, fraudsters are moving their efforts online.

Since cardholder information is more difficult to verify in card-not-present transactions, there is a higher risk of chargeback fraud as well. When a product or service is delivered to a customer, the customer can argue that they never authorized that charge or they didn’t receive the product.

In these cases, the liability rests with the company. However, there are steps you can take to increase the security of your card-not-present transactions.

1. Use a Secure Payment Gateway

First, ensure your website payments are made through a secure gateway. Investing in technology that will keep your customer’s information safe is well worth it in the long run for your business.

2. Capture Important Customer Information

Next, make sure you’re capturing all of the necessary information from your customer (that is more than simply requesting a credit card number) at the point of checkout.

  • Customer Contact Information: Phone number, email address, billing address, and shipping address are especially important for high-value transactions.
  • Card Information: Name as it appears on the payment card, expiration date, credit card number, and CVV (i.e., card security code) should all be required. Collecting this information helps you further determine that the customer is in possession of the credit or debit card.

3. Maintain PCI Compliance

Whether a card is present or not, businesses that handle credit card information must be PCI compliant. All business practices need to be compliant with the security standards set forth by the payment industry.

Business owners can become compliant by taking a quick questionnaire. Members with Stax are guided through this process by their account manager so all of our members and their customers stay safe and secure.

4. Use an Address Verification Service (AVS)

An Address Verification Service (AVS) is exactly what it sounds like. It’s a fraud prevention tool that verifies that the billing address entered by the shopper matches the one associated with the cardholder’s account.

An AVS serves as another layer of security against credit card fraud. Here’s how it works:

When the customer enters their credit card details, the merchant uses an AVS service to request the card issuer for authorization of the transaction.

The payment processor then sends an AVS code back to indicate how well the entered address matches the one on file. Here are the codes for your reference.

AVS Code Description
A The street address is a match, zip does not match
G Non-U.S. card issuing bank
N Street address and zip code do not match
R Retry – system time out / unavailable
U Address data not available
W The 9-digit zip code is a match, street address does not match
X Street address and 9-digit zip code both match
Y Street address and 5-digit zip code both match
Z The 5-digit zip code is a match, but the street address does not match

Based on the degree to which the addresses match, the merchant can decide whether or not to approve an order.

Note that the above steps all take place during the authentication step of the transaction, and they add very little friction to the process. But they go a long way in preventing CNP fraud and reducing fraudulent transactions.

How to Accept CNP Transactions

Although CNP transactions might sound a little scary, many business models require them in order to be successful. The specific method you need to use to accept CNP transactions depends on how you obtain your customers’ credit card details.

At Stax, we offer various ways to securely accept CNP transactions.

eCommerce Shopping Carts

If you’re looking for an online gateway for your eCommerce business and accept online payments, we’ll build you one of the most trusted payment gateways in the industry – our partner

Online Invoices

The Stax Platform helps businesses send invoices and accept payment for them all online. Users can also set up recurring schedules and automatic billing through the platform, getting you paid faster.

Virtual Terminal

A virtual terminal is an application that can turn any device with a web browser into a payment terminal. Simply launch the software and enter the customer’s credit card information. Virtual terminals are a handy tool for taking credit card payments over the phone or inputting payment data sent by customers (for instance, when they fill out a paper form.)
Most modern payment processors (including Stax) provide virtual terminal solutions, so be sure to ask your provider about their offerings.

Payments API

Many businesses find it highly effective and beneficial to create their own payment acceptance application. The Stax API provides your developers with the tools and resources they need in order to create a payment flow that’s perfect for your unique business.

Now more than ever, CNP transactions have become a very popular way for customers to make payments. That is why it’s important for you to work with a payment processing company that offers secure and hassle-free ways to accept those card-not-present payments.

Stax offers the greatest level of PCI security to guarantee that sensitive information is held to PCI compliance standards.

To understand how Stax’ payment solutions can support your CNP payment needs, contact us for a custom savings quote today. We will be glad to discuss your needs and how Stax’ integrated solutions can help.

Sign Up Blog