Payment processing can seem like a complex area for business owners and merchants to navigate, especially as there are more ways than ever before for customers to make purchases today.
For processors, payments tend to be divided into two different categories:
- Card Present (CP)
- Card Not Present (CNP)
In this post, we are going to help you to understand Card Not Present transactions and why they are more expensive.
What is a Card Not Present (CNP) transaction?
Let’s begin by explaining what a Card Not Present (CNP) transaction is. This is a transaction whereby one of the following does not happen:
- Payment is accepted using a contactless or NFC reader
- An EMV chip is inserted
- A card is swiped
If one of these actions does happen, it is a Card Present (CP) transaction. However, if one of these actions does not happen, a card is not present during the purchase, making it a Card Not Present transaction.
Some examples of Card Not Present (CNP) transactions
There are a number of CNP transactions that you may come across on a daily basis. Examples include:
- Invoices that you pay for online
- Recurring payments that are set up for automatic billing
- Phone orders whereby a consumer provides the debit or credit card information over the phone to your business
- Online purchases whereby a customer will purchase an item on the Internet or via an e-commerce transaction
As you can see by the examples mentioned above, a CNP transaction is one whereby the consumer’s card information is typed into a terminal. Even if the customer does have their debit or credit card in their hand, the transaction is deemed CNP because the card itself did not come into contact with the terminal.
CNP transactions come with greater fraud risks
The main reason why you are charged higher fees for accepting CNP payments is because of the higher fraud risk associated with them. From the perspective of the issuing banks, card brands, and payment processors, these sorts of transactions are more likely to succumb to fraud because the equipment did not verify the card.
We only need to look at the statistics to see that this is the case. On average, 45 percent of all instances of credit card fraud in the United States involve CNP transactions. There are a number of different reasons why this is the case.
When the card is not present, cardholder data is a lot more challenging to verify. Another reason is that consumers can argue they did not receive the items in question or that the charges were not authorized. Both of these scenarios could result in chargebacks to your company.
This results in heightened risk for all parties involved, and it can cause some companies to be identified as high-risk merchants in the future, particularly if you do not put preventative measures in place to manage chargebacks.
Understanding how CNP fraud happens
There are a number of different ways that CNP fraud can happen. Scammers can steal information like the consumer’s name, security code, address, card number, and more. The hackers that get this data don’t even need to see your card in order to extract this information. Phishing schemes are often used to steal this data electronically.
Since a merchant is not able to physically examine a stolen card for indicators of fraud, such as a missing hologram or altered account numbers, CNP fraud is deemed even more difficult to prevent when compared with CP fraud.
CNP transactions tend to be commonly targeted with cloned or stolen debit and credit cards. This is something that merchants need to be aware of. Adding extra security layers will make sure that fraudulent payments are kept to a minimum.
Different types of CNP fraud
To give you a better understanding of CNP fraud, we are going to take a look at five common examples below:
- Application and identity fraud – Firstly, we have application and identity fraud. Just like fraudsters can steal anyone’s financial and private details to pretend to be someone else to buy products, they can also do this to apply for a credit card or loan.
- Triangulation fraud – This type of fraud happens when a criminal sets up a fake site to get consumers to purchase cheap goods. This is simply a ploy. The products never arrive, and the fraudsters steal the consumers’ debit and credit card data to utilize for their own ends.
- Clean fraud – Clean fraud could happen quickly after triangulation fraud has occurred. Clean fraud occurs when transactions appear legitimate, yet they are being made using debit card information that has been stolen to impersonate the cardholder.
- Friendly fraud – Friendly fraud happens when a legitimate customer requests an illegitimate chargeback. Friendly fraud, which is also commonly known as chargeback fraud, is when a consumer raises a chargeback directly with their bank, resulting in them receiving a refund. A common reason for this is because the service or product was not delivered. It is then up to the merchant to showcase otherwise, consequently obtaining the reimbursement.
- True fraud – Finally, we have true fraud, which happens when a credit card is utilized without the consent or the knowledge of the cardholder. CNP transactions are an easy target for fraudulent payments mainly because security checks are fewer than those of face-to-face payments, such as using a chip and pin machine. True fraud involves utilizing fake details to complete these sorts of card payments.
These are the different types of fraud committed, but how do fraudsters go about acquiring this sort of information to begin with? Some of the most common methods are as follows:
- Phishing attacks – A phishing attack happens when a sender poses as another company or person in order to acquire your trust. For instance, you may get an email that looks like it has been sent by your bank. The email will then feature a link to another website where you will be instructed to supply sensitive data, such as your security code, credit card number, and address. Nevertheless, the site has been designed by a fraudster for the purpose of stealing your data without your knowledge. Then, the fraudster can either use this information to make purchases, sell the data to a third party to make money, or both.
- Physical theft – CNP fraud may be an online phenomenon but it does have a real-world element as well. Thieves can break into any physical store location that provides credit and steal applications, which all have the personal information that is required to fraudulently take out a credit card.
- Malware – Malware tends to be much more a direct attack on your personal information. For instance, if you visit a suspicious site over an unsecured network, you could end up exposing your device to malware. After the malware has gained access to one of your devices, the hacker will gain the ability to steal personal data stored there, such as credit card and banking information.
Liability for CNP fraud
Fraud liability falls on the shoulders of the merchant for any CNP transaction until proven otherwise by a chargeback case.
Because of the risk that is associated with accepting these sorts of payments, a processing bank is not going to accept liability. This is something that is stated clearly in terms and conditions.
Some banks are going to hold a rolling reserve when companies process a high amount of these transactions, and this provides a safety net should there be an occurrence of fraud or chargeback.
This does not tend to be the way with CP transactions. As of October 2015, if a merchant utilizes EMV protection, they are not going to be deemed liable for CP fraud. If nevertheless, a merchant takes CP transactions without any EMV protection for chip cards, the fraud liability falls on their shoulders.
How can you avoid chargebacks at your business?
There are a number of different ways that you can prevent chargebacks at your business, including the following:
- Put together a clear returns policy – Make sure this is posted online and in your store so that customers understand their options.
- If you can swipe, do so – If it is possible to use an EMV chip or swipe a card, do so. Save your CNP transactions for those purchases whereby you do not have any other option.
- Included detailed product descriptions on your site – It is imperative to make sure your products are represented in an accurate and clear manner.
- Provide a phone number and an email address with your contact information – If customers are able to reach you directly, they will be more likely to do this before they file a dispute.
- Using shipping confirmation or shipping insurance to help you track the receipt of products – By doing this, you can make sure the goods have been delivered so that customers cannot claim they have not received their order.
- Make sure there is an accurate payment descriptor on your merchant account – For instance, include your phone number and business name. When a customer looks at their credit card bill, they should be able to recognize your company name.
How to prevent CNP payment fraud from happening
Luckily, there are a number of different things that payment card suppliers can do to stop CNP payment fraud. Here are some of the options:
Firstly, this is a standard fraud prevention tool used in the United States. Address Verification Service (AVS) means that a card issuer will authorize a card transaction via telephone authorization. They will check part of the billing address of the cardholder to generate a further hurdle for online hackers to try and bypass.
Work with a trusted and reputable payment partner
The greatest way to protect your company against Card Not Present fraud is to work with an experienced payment partner who has a range of sophisticated risk management tools.
They should be able to provide you with advice on the most effective way of handling consumer payment data to alleviate the burden of payment compliance. Added protective measures like security codes and AVS should also be put into place with the help of your payment partner.
Always require the Card Security Code
We are all familiar with flipping our debit cards around to try and locate our three-digit security code. This is helpful because it enables you to confirm that the cardholder who is making the payment is using a genuine card, rather than an old one. As this number is not related to the magnetic stripe, it is a lot more difficult for cybercriminals to get a hold of.
Use an external payment gateway
Finally, it makes sense to use a payment gateway to make sure your company does not need to collect and hold onto sensitive card data. Instead, this data is passed onto a large business that has invested monumental amounts of money into anti-fraud measures.
For example, Verified by Visa is one of the most popular, as it helps the card issuer banks authenticate the identity of registered cardholders. If the consumer’s card is registered with the Verified by Visa service, they will need to input a password that only the owner knows. This can be quite challenging for online fraudsters to find out.
This is not a service that is exclusive to Visa. There is almost an identical system at MasterCard, known as SecureCode. There is also SafeKey at American Express.
Could you simply avoid CNP transactions?
You could, but you would miss out on a huge number of sales! After all, you would not be able to open an online store.
With e-commerce sales expected to exceed $740 billion by 2023 in the United States, it really does not make sense to close yourself off from these sorts of transactions.
That said, if you are very risk-averse, you could set up a system for people to reserve on your website and pay-instore. However, do consider that this is going to add friction to the consumer shopping experience. It is also bound to increase your shopping cart abandonment rate.
In 2021, it is becoming incredibly difficult to run a company solely offline. For such merchants, there is no other option. Nevertheless, CNP transactions do not need to be feared, so long as you put effective security measures in place.
Options for high-risk merchants
If you are considered a high-risk merchant, there are still plenty of different options that are available to you. However, do note that there are greater variables to take into account, which means fees can be a bit more complicated.
Plus, if you are considered a high-risk enterprise, your account provider is likely going to ask you to keep a reserve. There are three different kinds of reserve accounts you can expect from merchant service providers, and these are as follows:
This is a type of risk management strategy that the acquiring bank utilizes to protect themselves from chargebacks, potential fraud, or other incidents whereby the acquirer could lose money. Consider it like an insurance plan or buffer on the high-risk nature of your company. Based on the terms of your merchant agreement, the payment provider is going to withhold a percentage of your daily revenue for a specified period of time, and then the funds will be released gradually.
Fixed or capped reserve
Another option is a fixed reserve, which is when a percentage of each transaction is withheld by the acquirer until the reserve reaches the cap that has been agreed on in your merchant agreement. Unlike a rolling reserve whereby the acquirer will indefinitely take a portion of each sale, in this model, once the cap has been reached, additional funds will not be taken by the acquirer. Nevertheless, should the MSP need to withdraw from the reserve for any reason, the withholding percentage will kick in once more until the cap balance has been replenished.
Last but not least, if you are a start-up or you have some less than ideal qualifying factors, some Managed Service Providers will require that you start with an up-front reserve. An up-front reserve will be based on your expected transaction volume, and it is an amount that you will need to put into an escrow at the beginning of the merchant agreement or you can enable the MSP to withhold all of your credit card funds until the reserve balance has been met.
Final words on CNP transactions and the charges associated with them
So there you have it: everything that you need to know about CNP transactions. We hope that this has helped you to get a better understanding of what CNP transactions are and why the charges associated with these purchases are higher.
In today’s online world, CNP transactions are becoming more commonplace, so it is important to manage the charges associated with them and to make an effort to prevent chargebacks from harming your business.