What is CNP Commerce? Why Are Card-Not-Present Sales More Vulnerable to Fraud?
Most shoppers have no problem keying in their credit card numbers to make purchases online. Many complete multiple card-not-present transactions every day, and even allow their favorite merchants to keep their card information on file.
Few consumers, however, could likely define “CNP purchase,” or recognize how often they engage in them.
That’s okay. For the most part, your customers don’t need to know and couldn’t care less. As a merchant, though, you need at least a basic understanding of card-not-present charges. In this post we examine the meaning of CNP transactions, uncover hidden risks you might not be aware of, and offer some strategies for protecting your revenue.
Recommended reading
- Key Stripe Statistics & Indicators for 2026
- Top 15 Customer Returns Reasons in 2026 & How to Avoid Them
- Key Shopify Statistics & Indicators for 2026
- They’re Here — Cyber Week 2025 Stats & Analysis!
- 10 Tips to Instantly Reduce Shopping Cart Abandonment
- Holiday Shopping Statistics: Essential Retail Data for 2026
What Does “Card-Not-Present” Mean?
- Card-Not-Present
Card-not-present (or “CNP”) transactions are any purchases, refunds, or other card transactions that take place when neither the cardholder nor the payment card are physically present with the merchant.
[noun]/kard • nät • prez • nt/
In simple terms, a “card-not-present transaction” is pretty self-explanatory: a payment-card sale where the card itself isn’t in the merchant’s presence.
The actual plastic doesn’t physically interact with a terminal at the point of transaction. In other words, the sale or refund happens using the card’s account credentials only.
While the bulk of card-not-present transactions come from mail orders or telephone orders (commonly grouped together under the acronym MOTO) and eCommerce sales, CNP applies in a range of scenarios.
| Payment Method | Use | Transaction Type |
| Credit Card Terminal | In-Store Purchase | Card-Present |
| Tap/Digital Wallet | In-Store Purchase | Card-Present* |
| Online Payments | Bill Pay, Recurring | Card-Not-Present |
| Phone /Mail Orders | Catalog, TV Ad | Card-Not-Present |
| Card-on-File | Repeat Customers | Card-Not-Present |
| Mobile or Merchant App | Mobile Commerce | Card-Not-Present |
CNP sales offer great convenience for consumers, and they allow you to take orders 24 hours a day, seven days a week. The downside is that these orders can be a little risky, as CNP transactions are more vulnerable to fraud than in-person transactions. We’ll explore this point in more detail a little later in the article, though.
Retailers and other industry professionals commonly use the terms card-not-present or CNP. Card brands like Visa or Mastercard tend toward fancier labels like “card absent environment,” but it means the same thing.
Examples of CNP Transactions
Online purchases, phone orders, and card-on-file purchases are all common examples of card-not-present transactions.
It’s fine to talk about different types of CNP scenarios, but putting them in context can make things easier to understand. Here are some real-world examples of how card-not-present transactions work:
37%
Source: Ethoca
26%
Source: Ethoca
43%
Source: Marqeta
63%
Source: Marqeta
Why Conduct Card-Not-Present Transactions?
The explosive growth of CNP payments over the last two decades was no coincidence. These transactions offer compelling advantages that have made them indispensable for businesses of all sizes.
Unlimited Market Reach
Geography is no longer a barrier. That boutique in Brooklyn can sell handmade jewelry to customers in Bangkok just as easily as to neighbors down the street. CNP transactions eliminate physical boundaries, transforming local businesses into global enterprises overnight. You can access millions of potential customers, rather than just those who walk through your door.
Round-the-Clock Revenue
Most brick-and-mortar stores have to flip their signs to “closed” at some point during the evening. CNP merchants can keep selling long after night falls. Your online store never sleeps, capturing sales from night owls, early birds, and customers in different time zones. This 24/7 availability can be a boon to your revenue.
Reduced Operational Costs
Running a physical store is expensive. You have rent, utilities, staff, insurance, etc. Going online slashes your overhead costs dramatically. Without the need for prime retail space or full-time floor staff, you can invest more in inventory, marketing, or simply enjoy higher profit margins. A successful retail business can operate from a warehouse or even a home office.
Enhanced Customer Convenience
Shoppers expect frictionless experiences. CNP options let customers shop from their couch, set up automatic bill payments, and reorder favorite items with a single click. This convenience translates directly into customer loyalty and increased lifetime value. Customers who store their payment information with you will tend to make purchases more frequently.
Superior Data & Insights
Every CNP transaction generates valuable data. Unlike cash sales, digital payments create detailed records of customer behavior, preferences, and patterns. This information enables personalized marketing, accurate inventory forecasting, and strategic business decisions based on real customer insights rather than guesswork.
With these advantages, it's no wonder that CNP transactions now account for over 30% of all credit card purchases globally—a figure that continues to climb. However, merchants need to understand that accessing these benefits requires managing unique security challenges that don't exist in face-to-face transactions.
Why Are CNP Transactions Considered Riskier for Merchants?
Because the card is never actually produced during the transaction process, it’s harder for the seller to validate the buyer’s identity. And, the buyer could be conducting the transaction from anywhere on earth.
If there’s a downside to CNP transactions, it can be summed in one word: fraud.
So, what is CNP fraud? Why exactly are card-not-present transactions considered riskier than card-present ones? Well, think about it: while credit cards are generally considered safe and secure, the inability to see the card or buyer will necessarily create opportunities for fraud.
For example, with CNP scams, the fraudster typically doesn’t need the physical card. They just need the account info, or in some cases, even just part of the information. Other differences exist as well:
| Card-Not-Present Fraud | Card-Present Fraud | |
| Common methods | Stealing card information | Stealing card information or the physical card |
| Verification method | Password, PIN, CVV, strong customer authentication | Physical ID, PIN, Chip |
| Fraud Vulnerability | Greater risk (Merchant doesn’t interact with buyer) | Lower risk (Requires a physical card and directly dealing with merchants) |
| Liability | Least-secure party | Issuer |
Here’s another quick rundown on how a typical CNP fraud incident might work:
By simultaneously performing this with multiple cards, or at multiple vendors, the fraudster can rake in a huge profit and start over with new cards. And, that’s just one scenario, of course; fraudsters are inventing new techniques daily.
Compliance Requirements for CNP Transactions
As a card-not-present merchant, you’re gonna face stricter compliance obligations than your card-present counterparts.
The Payment Card Industry Data Security Standard (PCI DSS), for instance, applies to all merchants. But, CNP businesses face heightened scrutiny. Since you're collecting sensitive card data through websites, phone systems, or mail orders, you have to implement additional safeguards.
And, if you process transactions from EU shoppers, then PSD2 regulations require additional authentication for most CNP purchases. This means implementing 3-D Secure 2.0 for online transactions, or deploying two-factor authentication on all transactions. Non-compliance results in declined transactions; European banks will simply reject non-authenticated payments.
The exact requirements for you will depend on a lot of factors. Get with your processor to get clarification about what you need to stay in compliance given your specific situation.
And remember: ignore these requirements at your peril.
The average cost of a data breach in 2024 was $4.88 million, including forensic investigations, legal fees, and lost business. For CNP merchants already operating on thin margins, non-compliance isn't just risky; it's potentially fatal.
What are CNP Compliance Best Practices?
Your best bet for compliance is to partner with a payment processor that keeps you informed of changing requirements and provides the tools you need to maintain compliance without disrupting your business. But, that being said, here are a few specific best practices to keep in mind:
Fraud Prevention Strategies for CNP Transactions
Preventing credit card fraud is largely about authenticating the buyer at the time of the sale. Strong customer authentication, requiring CVV security codes, and using AVS can help verify customers.
If you do any type of online business at all, CNP purchases are a non-negotiable requirement. Not offering it isn’t even an option. So, the question is: how do you go about minimizing the risks of fraud?
Whether you’re talking about CNP sales or in-person purchases, preventing credit card fraud is largely about authentication. Authentication is trickier when the customer isn’t right there for you to eyeball, though. So, you need a few other tricks for CNP transactions.
Being able to see the card and the customer lowers the risk of fraud, which is why card-present transactions are typically charged lower interchange fees compared to CNP sales.
Crooks always find a way to exploit shifts in the retail/financial landscape. That’s why it’s important to have a risk management strategy in place.
We can help. At Chargebacks911®, we keep a close eye on fraud trends and new technology so you don’t have to. We can work with you to create an end-to-end fraud strategy that lowers chargebacks and protects revenue. Contact us today to learn more.
