What Is a Card-Not-Present (CNP) Transaction and Why Do They Cost More?
Many people in today's digital world, seldom buy from a local business, they will often scour the web to find the right product at the right price, regardless of where the business is located. It is therefore essential that businesses can accept Card-Not-Present transactions. So what are they?
Card-Not-Present transactions, are also offered referred to as Cardholder-Not-Present or CNP for short.
A CNP transaction occurs when neither the cardholder nor the credit card is physically present at the time of the transaction. This would include transactions processed over the internet, over the telephone, via mail order, or even fax. In the payments industry, these are sometimes also called remote payments.
Examples of CNP remote payments:
There are a number of CNP transactions that you probably come across everyday. They include:
Online purchases, when a customer buys goods on the internet or through an e-commerce transaction.
Telephone payments, when a customer reads out their credit card information over the phone to your business.
Recurring payments adhoc and subsequent payments, that are set up to bill automatically.
Invoices that are paid online.
Because the card nor cardholder are present, merchant service providers, consider these transactions to be of higher risk of fraud and fraud related chargebacks.
Chargebacks are when a cardholder disputes a transaction for some reason and attempts to regain the money they have been charged.
Whilst there are a number of reasons why the cardholder may be trying to obtain a chargeback, often it is because their card data has been compromised and goods or services have been purchased, without their knowledge or authorisation.
Last year (2019) in the UK, over £620.6m was lost to fraudulent transactions using UK payment cards. Because of the associated risk of fraud, acquirers will tend to charge you a higher rate to process the transaction. This is often referred to as a 'non-secure' transaction rateand merchants should check their merchant statements to understand how this could effect their bills.
Whilst online, e-commerce transactions can be 'secured' by authenticating the cardholder with 3D Secure and/or Secure Customer Authentication (SCA) methods such as biometrics or a one-time-passcode (OTP), the same cannot be said for telephone transactions that are processed using a physical card terminal or a Virtual Terminal.
Because, the business has no idea of whether the voice on the other end of the phone, is indeed the genuine cardholder or a fraudster using compromised/stolen data, they become liable for fraud related chargebacks, should the cardholder challenge the transaction, claiming that they never authorised the payment. Merchants are therefore often advised to only deliver goods to the 'registered cardholders address', which can hinder customer service and cause basket abandonment.
Even if the merchant does deliver the goods to the 'registered cardholders address', they can still be liable for fraud related chargebacks.
A common misconception is that Address Verification Services (AVS) where you check the address matches, where the card is registered to and CVC - the 3 digits on the back of the card, shift liability for fraud. Simply put, they do not.
Another consideration, is that when asking the cardholder to read their details out to you, over the telephone, this triggers additional PCI DSS requirements to protect them and increases your risk of reputational damage. If you cannot evidence to your acquirer that you are PCI DSS compliant, you may be charged additional fees each month.
To understand merchant services charges further, please view our guide here
If you wanted to process 'secure, authenticated and PCI DSS compliant' CNP transactions over the phone then you could consider our multi-award winning, SOTpay technology.
How does our innovation help?
Our cloud-based technology does not require any additional hardware or amendments to existing telephony ornetwork set up and is Acquirer and Payment gateway agnostic. Totally eliminating the need for capital expenditure, SOTpay can support businesses of all shapes and sizes in any sector.
SOTpay eliminates the risk of fraud related chargebacks for businesses, by authenticating MOTO andOmni channel CNP transactions and processes the payment in a PCI compliant manner, converting a risky ‘non-secure’ transaction into a ‘secure, authenticated, compliant’transaction in the eyes of the acquiring partner, the merchant can see significant savings in theirMerchant Service Charge's. We have seen businesses save in excess of £40,000 per annum,following the deployment of SOTpay.
SOTpay enables you to send out an electronic payment request in real time, via email, SMS, web chat or electronic invoices.
The flexibility of the SOTpay technology enables the merchant to accept secure and compliant transactions across numerous channels, boosting business by allowing cardholders to complete transactions in their desired channel of engagement. For example, if someone is engaging with the business on Facebook, SOTpay allows the business to take payment within the Facebook Messenger environment.
By preventing cardholder data in its entirety from entering the merchant environment, SOTpay makes achieving andmaintaining PCI DSS compliance easier and more manageable for your business. With liability for fraud related chargebacks eliminated the merchant can also deliver to an alternative delivery address, instead of just to the registered cardholder’s address.
As a disruptive payment technology, the PCI SSC updated their Global ‘Protecting Telephone Payments’ guidelines to include our innovative approach, which gave us tremendous credibility within the acquiring industry. We have subsequently become partners to some of the largest payment organisations in the world, helping to protect and support their merchants against the challenges that business face.