Card-not-present (CNP) refers to any payment transaction where the physical card is not present at the point of sale and cannot be read by a card reader. Online purchases, phone orders, and mail orders are all card-not-present transactions. The merchant accepts card credentials — typically the card number, expiration date, and CVV — submitted by the customer rather than read from the card itself.
Because the card cannot be physically verified, CNP transactions carry higher fraud risk than card-present transactions. Card networks reflect this risk in their interchange rate structures, charging higher rates for CNP transactions, and issuers apply more scrutiny to CNP authorization requests.
CNP fraud accounts for the majority of card payment fraud by dollar value, making fraud prevention tools such as AVS, CVV verification, 3D Secure, and device fingerprinting essential components of any CNP payment stack.
Diving Deeper into Card-Not-Present
Card-not-present transactions emerged as a meaningful category with the growth of telephone ordering in the 1980s and expanded dramatically with the rise of e-commerce in the 1990s. The defining characteristic is the absence of the physical card at the point of transaction — the merchant cannot inspect the card, verify the signature, or confirm that the person presenting the card credentials is the actual cardholder.
This creates a fundamentally different risk environment compared to card-present transactions. In a card-present environment, a fraudster needs a physical counterfeit card to commit fraud. In a card-not-present environment, stolen card credentials alone are sufficient to initiate transactions, which is why CNP fraud has grown in parallel with the expansion of online commerce and the proliferation of data breaches exposing card credentials at scale.
CNP Transaction Types
Card-not-present is a broad category that encompasses several distinct transaction types, each with slightly different characteristics and risk profiles.
E-Commerce Transactions
E-commerce transactions are initiated by the cardholder through a web or mobile interface. The cardholder enters their card credentials directly, typically with the assistance of fraud prevention tools such as AVS, CVV verification, and 3D Secure running in the background. E-commerce represents the largest and fastest-growing segment of CNP volume.
Mail Order and Telephone Order
MOTO transactions — mail order and telephone order — are initiated by a merchant employee who keys card credentials provided by the customer via phone or written form. MOTO transactions cannot use 3D Secure and typically do not have access to the same behavioral fraud signals available in e-commerce environments, making them higher risk by default.
Recurring Transactions
Subscription businesses and recurring billing models store cardholder credentials and initiate subsequent charges without the cardholder actively participating in each transaction. The initial transaction is a standard CNP e-commerce or MOTO transaction, but subsequent recurring charges use stored credentials and are processed under specific card network rules governing credential-on-file transactions.
CNP Fraud Risk
The elevated fraud risk in CNP environments is reflected throughout the payments ecosystem. Card networks charge higher interchange rates for CNP transactions than for card-present transactions of the same card type. Acquirers and processors apply more stringent underwriting to merchants with high CNP volumes, particularly in categories prone to fraud or chargebacks. Issuers apply more aggressive fraud scoring to CNP authorization requests.
Fraudsters specifically target CNP environments because they require only stolen card credentials rather than physical card counterfeiting. Large-scale data breaches, phishing attacks, and card skimming operations all ultimately produce card credential data that is monetized primarily through CNP fraud.
CNP Fraud Prevention Tools
Merchants operating in CNP environments are expected to deploy multiple layers of fraud prevention. No single tool is sufficient, and effective CNP fraud prevention requires combining signals from different sources.
CVV Verification
Card verification values are three or four digit codes printed on the card but not stored in the magnetic stripe or chip data. A fraudster who obtains card credentials from a database breach may not have the CVV if the compromised system did not store it. CVV mismatch is a strong fraud signal.
Address Verification System
AVS compares the billing address submitted by the cardholder against what the issuer has on file. A mismatch between submitted and stored addresses is a meaningful fraud indicator, though not definitive on its own.
3D Secure
3DS2 adds an authentication layer that allows the issuer to verify the cardholder’s identity and provides liability shift to the merchant when authentication passes. It is the most effective single fraud prevention tool available in CNP environments but adds friction for a subset of transactions that trigger explicit challenges.
Device Fingerprinting and Behavioral Analytics
Device fingerprinting identifies characteristics of the device being used to initiate the transaction. Behavioral analytics evaluates how the user interacted with the checkout flow. These signals are invisible to the cardholder but provide meaningful fraud detection capability, particularly for detecting account takeover and automated fraud attacks.
CNP and Chargeback Liability
In card-not-present transactions without 3D Secure authentication, chargeback liability for fraud disputes sits with the merchant. When a cardholder disputes a CNP transaction as unauthorized, the merchant must provide evidence that the transaction was legitimate — and in most cases, absent 3DS authentication, that evidence is difficult to produce convincingly. This is why CNP chargeback rates tend to be significantly higher than card-present chargeback rates, and why acquirers monitor CNP merchants’ chargeback ratios closely.