Sign in 

What are card-not-present (CNP) transactions? Here’s what businesses need to know

Last updated May 19, 2023
  1. Introduction
  2. What is a CNP transaction?
  3. Why CNP transactions are a fraud risk
  4. How to accept CNP transactions securely
    1. Online
    2. Over the phone
    3. In person and manually
  5. CNP transaction processing fees and costs
  6. Get started with Stripe 

A card-not-present (CNP) transaction is a purchase made remotely, without processing a physical card via a card reader or terminal (and without manually entering a PIN). An increasingly popular purchasing method, CNP transactions grew 23% in 2021, so it’s important that businesses that sell online understand how to accept them securely.

We’ll cover the different types of CNP transactions, why they might present a fraud risk, and how to accept them securely.

What’s in this article?

  • What is a CNP transaction?
  • Why CNP transactions are a fraud risk
  • How to accept CNP transactions securely:
    • Online
    • Over the phone
    • In person and manually
  • CNP transaction processing fees and costs

What is a CNP transaction?

To be considered a CNP transaction, neither the credit card nor the cardholder can be present during payment.

Many common purchases are considered CNP transactions, including:

  • Online shopping: A customer buys goods or services through a website or payment link by entering their card details and billing address. Orders can be shipped to the customer’s address of choice or picked up in-store.

  • Phone orders: A customer makes a purchase over the phone by giving their card details and billing information to a salesperson who processes the charge.

  • Card-on-file payments: A customer pays for a purchase using a payment method that they previously submitted to the business and approved for future use.

  • Mail orders: A customer buys goods or services through the mail by filling in their billing information on a physical order form and sending it to the business. Historically, customers placed mail orders through a store catalog.

  • Recurring payments: These are automatic payments deducted from a customer’s credit card or bank account at agreed-upon intervals for goods and services purchased as part of a subscription. When the customer makes the initial payment, their billing information is stored in the business’s system and used for each subsequent payment.

  • Online invoices: A customer uses an online payment system to pay an invoice from a business. These can be paid using either stored or new payment methods, including credit and debit cards, bank transfers, and digital wallets.

Why CNP transactions are a fraud risk

Since CNP transactions are processed without the customer (or the credit card) physically present for verification, this opens a window of opportunity for fraud. CNP fraud happens when a cardholder’s billing information is compromised and obtained by an unauthorized individual who uses it to make purchases. The person committing the fraud steals the cardholder’s payment credentials, such as the card number, CVC/CVV code, and expiration date, and uses the information to make purchases.

CNP fraud not only affects the customer, it also causes the business to lose revenue, since fraudulent charges often result in chargebacks. When a customer notices a fraudulent transaction on their card, they may choose to dispute the payment with the issuing bank and request a refund. This means the business has not only lost the value of the sale, they have also provided a free product or service to the fraudulent actor. The business may also need to pay a fee if they incur too many chargebacks. For businesses that have a higher risk of card fraud, Stripe offers additional chargeback protection.

How to accept CNP transactions securely

Because of the many issues caused by CNP fraud, it’s essential for businesses to build the most secure payment process possible.

Here are different ways CNP fraud can be avoided for different payment methods:

Online

On your online checkout page, capture as much accurate customer information as possible, such as card type, account number, expiry date, and CVC. Requiring additional information helps ensure that the customer has the physical card in their possession, which means it is more likely they are the legitimate cardholder. It also helps to establish an address verification system (AVS), which asks your customer to verify their billing address and ZIP code during a transaction (since most fraudulent actors won’t have access to this information).

Radar for Fraud Teams, a suite of tools integrated with Stripe, is a powerful option that helps business owners tackle fraud head-on. The platform’s machine learning system analyzes vast sets of data from customer transactions—such as geolocated IP addresses and checkout times—to gain insights about potential fraudulent users. You can set a list of criteria, using a combination of your own fraud data and Stripe’s behavioral information, to block suspicious transactions and perform manual reviews. By approving these filtered transactions yourself, you are better equipped to detect and stop fraudulent activity.

Stripe’s Checkout page enables you to capture all the necessary billing information during a transaction. It significantly speeds up and simplifies the checkout process for the customer, thanks to smart features such as address look-up, real-time card validation, and credit card issuer recognition.

Rules is another Radar feature that can help fight fraud. It allows you to set up filters with your own criteria, so payments that meet specific high-risk criteria (for example, the payment comes from a geographic location where fraudulent charges are frequent) can be automatically blocked.

Over the phone

If you are taking an order over the phone, it’s important to secure the information you receive from the customer in compliance with PCI requirements. If you’re a Stripe customer, you can manually enter a charge with information received over the phone via the Dashboard.

In person and manually

For in-person transactions, businesses can put in place additional identity verifications to mitigate the risk of fraud, such as asking for a photo ID. Business owners should also use encryption services to protect all stored card data.

CNP transaction processing fees and costs

While businesses are charged a fee for every successful credit card transaction, CNP processing fees are generally higher than those for transactions with physical cards, since they carry additional risk. The fees vary based on industry and the payment processor’s markup. In general, the fees and costs follow the formula below:

Percentage of transaction + Fixed cost per transaction

For US-based Stripe customers, the rate is 2.9% + 30¢ per successful card charge. Read our pricing guide to learn about your market’s fees and included features.

More articles

Ready to get started?

Create an account and start accepting payments—no contracts or banking details required. Or, contact us to design a custom package for your business.