A Card-Not-Present (CNP) transaction refers to any payment where the physical card is not presented to the merchant at the point of sale. This includes e-commerce, mobile app, mail order, and telephone order payments  any situation where the cardholder provides their payment details remotely.

‍

In CNP environments, the merchant doesn’t swipe, dip, or tap the card. Instead, the transaction is processed using card information (e.g. PAN, expiry date, CVV) entered by the customer. CNP transactions are the backbone of online commerce, offering convenience and reach  but they also come with elevated fraud risk.

‍

Since neither the card nor the cardholder is physically verified, CNP transactions are more vulnerable to stolen card data. As a result, payment providers and merchants must deploy stronger fraud prevention measures such as:

• 3D Secure (e.g., EMV 3DS)
  
• CVV/CVC checks
  
• Address Verification Service (AVS)
  
• Device fingerprinting and behavioral analysis

‍

From a risk perspective, CNP transactions are often subject to higher interchange fees to reflect the additional fraud exposure. Liability for fraud in CNP transactions typically falls on the issuer, unless the merchant adopts certain security protocols  at which point liability may shift to the merchant or be shared, depending on the scenario and card brand rules.

‍

For acquirers, PayFacs, and ISOs supporting merchants with online sales, CNP risk is a key focus. Ensuring merchants implement proper authentication tools and monitoring is critical to reducing fraud losses, minimizing chargebacks, and maintaining compliance with network requirements.

‍