Card-Not-Present Transactions Offer Rewards...and Risks
Card-not-present transactions are exactly what they sound like: a transaction in which a credit- or debit-card account was used, but no physical card was present at the point of sale. This occurs whenever a customer makes a purchase from a location that is different than that of the merchant which, in this day and age, usually occurs via eCommerce.
Card-not-present (CNP) transactions differ from card-present transactions in both risk and reward. Having no physical access to the card in question greatly increases the opportunity for fraud. However, the potential reward of eCommerce is huge: consumers spent over $517 billion online in 2018, up 15% from the year before. This growth shows no signs of slowing down.
The Basics: Card-Present Transactions
When customers purchase goods or services using cash, they do so in a personal, physical way: one person hands currency to the other. Paying by check involves the same sort of exercise, but instead of involving actual currency, the buyer substitutes a signed piece of paper that can be then be exchanged for the amount indicated on the check.
This system has served society for a long time, and it’s the basis for card-present transactions: when a customer purchases goods or services with a credit or debit card, the buyer hands the card to the seller to complete the transaction...IF the two people are physically in the same place at the same time.
Just as a check must be deposited before the seller has access to the funds, a credit card purchase must be processed. Processing a card-present transaction starts at the transaction, and could include one of the following methods:
- The cardholder hands the cashier a credit card to swipe.
- The cardholder uses a self-service terminal, either swiping the card or inserting the card into a chip reader.
- An imprint of the card is captured using a manual machine.
Basically, as long as the customer, the card, and the merchant are all present for payment, the transaction is considered card-present. The most obvious difference between using a card (versus using cash or a check) is that the card is returned to the customer after the transaction.
In most cases, when reading either the chip or the magnetic stripe of the card, the merchant’s system instantly records the information; the transaction process begins and ends in a matter of seconds. If the issuing bank and card association approve the transaction, it means the customer made the purchase and the merchant made a sale.
Enter: Card-Not-Present Transactions
All sales that occur while the buyer and seller are not in the same place are considered card-not-present transactions. As the name implies, CNP transactions occur when the merchant cannot physically see the credit or debit card used to make the purchase.
This can include transactions conducted through the mail or over the phone. These days, however, the most common type of card-not-present transactions are purchases made over the internet, or eCommerce, as it’s come to be known. eCommerce transactions typically involve a computer, although consumers are increasingly shopping from phones or tablets as well.
All CNP transactions require the same credit card information. For a purchase using the internet, customers fill out an online form that will send the data to the merchant’s payment gateway to be processed. Non-internet orders require the customer to provide the credit card data either over the phone or through the mail, meaning merchants must key the data to the gateway themselves.
Generally, the payment card information used in this process includes:
- The card number debossed across the front of the card.
- The card’s expiration date.
- The card security code.
- Personal billing information.
The payment processor, issuing bank, and card network then review the information in the request and either approve or decline the transaction.
What are the Risks Involved with Card-Not-Present Transactions?
As we mentioned earlier, the level of risk is much higher for card-not-present merchants than it is for card-present merchants. There’s an obvious reason for this: CNP transactions require less hard evidence, thus opening the door to fraud.
When a purchase is made using card-present technology, the merchant can verify the transaction personally. The actual credit card can be compared against a driver’s license, the signature on the back can be compared to a signature provided at checkout, and/or a PIN can be required.
Any of these methods—and there are others—offer the merchant immediate evidence that the cardholder is who he or she claims to be. Merchants processing card-not-present transactions, however, don’t have the same opportunity to verify the purchaser.
Accepting payment cards remotely allows merchants to reach more consumers...but again, it also makes their transactions far more vulnerable to fraud. Two key types of fraud that card-not-present merchants confront are credit card fraud and chargeback fraud.
Credit Card Fraud
Criminals can use stolen credit cards or card numbers to make purchases that the cardholder did not authorize...and often doesn’t even learn about until after the fact. Identity theft of this type can impact every aspect of the cardholder’s financial life. Unfortunately, it also typically leads to chargebacks filed against the merchant.
Chargeback fraud, also known as friendly fraud, is another risk involved in CNP transactions. This occurs when a customer orders and receives a product or service from a merchant, but then calls the bank and reports a problem with the transaction. Chargeback fraud costs merchants millions of dollars each year, and is growing rapidly.
Credit card fraud is a pretty cut-and-dry matter: a fraudster deliberately uses stolen information to get something for free. Chargeback fraud, though, it more complicated.
In some cases, consumers commit chargeback fraud unintentionally. The cardholder should always contact the merchant before calling the bank, but some customers may not be aware of this, or may mistakenly think a chargeback is the same as a return. In an increasing number of cases, however, customers are filing the chargeback as a deliberate way of getting something for nothing (a practice called cyber shoplifting).
Either way, the end result is a chargeback filed, and money removed from the merchant’s account. That means the merchant will lose both the product (or service) provided to the customer, and also the revenue attached to the product. They may choose to dispute the chargeback, but that requires time and effort on the part of the merchant, with little real hope of success. Whether the merchant wins the case or not, a chargeback fee will be assessed for each disputed transaction.
Protect Your Business
Fraud is a dramatic and growing threat, not only to consumers, but to merchants as well. Although you can mitigate the risk of card-not-present chargebacks, you can’t prevent them all. Contact us today for a free ROI analysis. We’ll show you how much more you could earn through effective chargeback management.