Card-Not-Present (CNP)

A card-not-present (CNP) transaction is a payment where the physical card is not swiped, dipped, or tapped — including e-commerce, phone orders (MOTO), and recurring billing. CNP transactions carry higher fraud and chargeback rates than card-present transactions, resulting in higher interchange fees and increased merchant fraud-prevention obligations.

Card-not-present transactions dominate e-commerce and phone/mail-order (MOTO) channels. Because the merchant cannot verify the physical card or cardholder identity at point of sale, CNP transactions are inherently higher-risk — card networks, issuers, and acquirers assign them higher interchange rates and hold merchants to stricter fraud-prevention standards. ## Fraud and Chargeback Risk CNP fraud accounts for the majority of card fraud by dollar volume. The Federal Reserve's Payments Study and card network data consistently show CNP fraud rates 3-10× higher than card-present fraud. When CNP fraud occurs and a chargeback is filed, the merchant (not the issuing bank) typically bears the loss — unlike card-present chip transactions where liability shifts to the issuer. ## Merchant Authentication Tools To manage CNP risk, Visa and Mastercard require 3D Secure (3DS) authentication for many CNP transactions — a cardholder verification step (OTP, biometric) that shifts chargeback liability to the issuer when authentication succeeds. Additional tools: CVV2/CVC2 verification, Address Verification Service (AVS), device fingerprinting, and velocity checks. ## Business Impact For businesses with high CNP volume, merchant account underwriters assess: industry type (digital goods have higher CNP fraud rates than physical goods), chargeback history, fraud prevention tools in place, and return/refund policies. High-risk CNP merchants pay higher discount rates and may face reserve requirements (funds held back by the acquirer as a fraud buffer). The CFPB's guidance on payment processors addresses CNP risk in payment facilitation.

Examples

Frequently asked questions

Why do CNP transactions cost more to accept than card-present?

Card networks and issuing banks price interchange to reflect fraud probability. CNP transactions have higher fraud rates because there is no physical card verification — card data alone can be stolen and used remotely. Higher interchange compensates issuers for the higher fraud losses they absorb. Merchants also pay higher acquiring fees for CNP because acquirers bear fraud risk when merchants can't implement liability shift tools.

What is 3D Secure and how does it affect CNP chargebacks?

3D Secure (3DS) is a cardholder authentication protocol (Visa Secure / Mastercard Identity Check) that adds a verification step — OTP, biometric, or passive risk scoring — to CNP transactions. When authentication succeeds and the transaction is disputed as unauthorized, liability shifts from the merchant to the card issuer. 3DS reduces merchant chargeback liability for authenticated transactions. Merchants in the EU/UK face mandatory Strong Customer Authentication (SCA) requirements that mandate 3DS for most CNP transactions.

Does card-not-present fraud affect my merchant account?

Yes. Card networks and acquirers monitor chargeback rates. Visa's chargeback monitoring threshold is 1% of transactions; Mastercard's is 1.5% (by transaction count). Merchants exceeding these thresholds enter monitoring programs that impose fines, higher interchange rates, and reserve requirements. Persistently high chargeback rates can result in merchant account termination — potentially preventing the business from accepting any card payments.

Related terms

Further reading