Card Not Present Transactions: Meaning, Examples, and Costs

Card-not present (CNP) transactions are payments made without a physical card. They offer a wide range of convenience for customers who are far away from the merchant.

Payment convenience today is more vital than ever, particularly because of the rise of e-commerce and online shopping. This is where card-not present transactions can make a difference.

But what exactly are CNP transactions and are they safe? Find out in this blog post.

What Is a Card-Not-Present Transaction?

Card-not-present transactions take place when the customer is at a physical distance from the merchant. In this case, the merchant doesn’t see or have any physical access to the card and only enters the details provided by the customer on a “virtual terminal”.

CNP can include online purchases, mail order transactions, and recurring payments.

Examples of Card-Not-Present Transactions  

Card-not-present transactions are a big part of everyday payment scenarios. 

Here are a few popular examples:

• E-commerce checkout payments – the shopper provides their card details online via payment gateways, including the CVV code for cardholder verification. These are one of the most popular e-commerce transactions.
  
• Telephone bookings – hotels, tradespeople, and other similar businesses take card details over the phone for deposits or full payments. In most cases, these payments are processed as manual entry transactions.
  
• Subscription payments – recurring charges for different services, where the card details are stored and billed automatically.
  
• Mail orders or MO/TO – standard mail or phone orders where the customer provides their payment details remotely.
  
• Remote invoice payments – businesses can sometimes send digital invoices or payment links, enabling customers to pay online without being present. 

These transactions can carry higher payment risk management concerns as they don’t involve a physical card. They can be associated with higher exposure to credit card fraud and potential chargeback fees.

How Do CNP Transactions Work?  

Card-not-present transactions follow a structured process from data entry to payment approval and settlement. Each step verifies the cardholder’s details, confirms available funds, and applies fraud checks.

The step-by-step process works as follows: 

1. The shopper provides their card details (card number, expiry date, and CVV code for cardholder verification) online or shares it via phone or email.
   
2. The merchant enters or captures the data through a payment gateway or a virtual terminal.
   
3. The payment system sends a request to the customer’s issuing bank through merchant banking systems to check if the funds are available and the transaction is valid.
   
4. If there are available funds and the information passes fraud prevention checks, the payment is approved.
   
5. Once approval has been granted, the payment is completed and the money is sent to the merchant’s account.

This process allows businesses to accept remote payments while reducing risk and maintaining transaction security.

Why Are Card-Not-Present Transactions Riskier?  

MO/TO and CNP transactions have increased over the past decade. This growth has also raised the risk of fraud.

These transactions carry a higher fraud risk for several reasons: 

• They do not use Chip and PIN. 
• The merchant accepts full liability. 
• The merchant cannot confirm that the card is genuine. 
• The merchant also cannot verify the cardholder’s identity.

As these payments do not require a physical card, a fraudster can use stolen card details without detection at the point of sale. This lack of physical verification increases the risk for merchants.

In fact, in the UK, statistics show that in 2024, £572.6 million were stolen in card fraud, with seven in ten pounds lost through card-not-present purchases – an 11% jump from 2023.

However, the risks are not as severe as they may seem. Many businesses, such as hotels and car rental agencies, rely on card-not-present transactions.

You can also reduce fraud risk by using the right security measures and controls.

Who Is Liable for Fraud in CNP Transactions?  

In most cases, the merchant is responsible for fraud in card-not-present transactions. The card is not physically verified, which increases the risk of credit card fraud. 

If a customer disputes a transaction and reports it as unauthorised, the bank can reverse the payment through a chargeback. The funds are then taken from the merchant, and additional fees may apply.

The merchant can challenge the claim, but they must provide clear evidence to support the transaction.

How to Reduce Fraud in Card-Not-Present Transactions  

Merchants can limit their exposure to fraud through fraud prevention and a variety of fraud screening tools that help identify suspicious activities or high-risk transactions.  

Let’s take a closer look at some of these tools to help you minimise your risk.

1. 3D Secure Authentication (Visa Secure, Mastercard Identity Check, Amex SafeKey)

In a CNP environment, the world’s major card issuers provide solutions for authenticating cards. 

American Express uses a solution called “SafeKey”, while VISA offers “Visa Secure”, which helps authenticate the identity of cardholders while making a purchase over the internet. They use risk-based payment authentication. This method may request a one-time passcode, biometric check, or app approval to confirm the transaction.

On the other hand, Mastercard offers the “Mastercard Identity Check” service.

Through these added tools, the risk of fraud passes from the merchant to the card issuer.

2. Address Verification Service

Address Verification Service (AVS) is a fraud prevention tool used in card-not-present transactions to verify the cardholder’s billing address.

AVS compares the address entered at checkout with the address on file with the card issuer. The system returns a match, partial match, or mismatch response, which helps merchants assess the risk of the transaction before approval.

This allows businesses to block or flag suspicious payments in real time. For example, a mismatch between postcode and street number may trigger a manual review or automatic decline. This reduces exposure to fraudulent transactions and chargebacks.

Get the perfect payment solution for your business

Enjoy 10% off your first order when you fill in the form below!

3. Card security code or CVV number

The CVV number is a usually three-digit code at the back of a card, which a merchant will request when receiving a CNP transaction.

Requiring the CVV from the customer is another way of minimising fraud as it ensures that the cardholder has the physical card in front of them. 

This may be difficult for some fraudsters who may only have the card’s front details available such as the card’s PAN number and the expiry date.

4. Customer Verification Best Practices  

To reduce the risk of credit card fraud in card-not-present transactions, use the following verification checklist:

• Cardholder details – confirm the name on the card, expiry date, and CVV code for basic cardholder verification.
  
• Billing address verification – collect and match the billing address with the card details (AVS checks where available).
  
• Contact verification – ask for a phone number or email address, and follow up on higher-risk orders to confirm legitimacy.
  
• Account and payment details – ensure consistency across customer information, especially for repeat transactions.
  
• Suspicious shipping patterns – be cautious of things like expedited or high-cost delivery requests, mismatched billing and shipping addresses, or unusual international shipping destinations.
  
• Repeat unusual orders – if a regular customer places an order that deviates from their normal behaviour (e.g. higher value or different location), verify it directly before processing.
  

These will help you validate the transaction and reduce the risks of fraudulent activity.

5. PCI DSS Compliance

PCI DSS compliance is a set of security standards that govern how businesses handle, store, and process cardholder data.

Merchants that accept MO/TO payments must follow these requirements to reduce exposure to fraud and data breaches. This includes securing payment systems, restricting access to sensitive data, and maintaining proper controls around how card details are captured and stored.

Compliance lowers the risk of card fraud and chargebacks by enforcing consistent security practices. It also protects customer data across all payment channels. Failure to comply can lead to fines, increased scrutiny from payment providers, and potential loss of the ability to process card payments.

What Are the Costs of Card-Not-Present Transactions?  

Businesses must pay fees to accept card-not-present payments, just as they do for card-present transactions.

However, CNP fees are often higher. They include payment processing costs, chargeback liability, and additional risk-related charges. For UK SMEs, understanding these costs is vital for managing margins. 

Here are the costs you need to prepare for:

• Higher payment processing fees – due to the fact that CNP transactions are usually riskier. In practice, UK businesses typically pay around 1.5%–3.5% per transaction online, compared to roughly 0.8%–1.8% in-store.
  
• Increased transaction fees – businesses may face higher costs for e-commerce and remote payments, including gateway fees (often £0.10–£0.30 per transaction) or extra charges for manual/keyed-in payments, which can reach 2.5%–4% + fixed fees.
  
• Chargeback risk and fees – vulnerabilities to credit card fraud mean disputes are more likely, potentially leading to £10–£25 per chargeback, plus the loss of the transaction value and operational costs.

In total, SMEs often see around 2.5%–4% per transaction in real costs once fees and risk are factored in, making it important to plan ahead and avoid margin pressure.

Using a Virtual Terminal for CNP Payments  

A virtual terminal is a practical and convenient solution businesses can use to accept card-not-present transactions without a physical card machine. It enables companies to manually process payments made over the phone, email, or other remote channels.

For example, the myPOS MO/TO Virtual Terminal offers a safe and secure way of accepting payments from around the world in your free myPOS account with a free IBAN.

There are several benefits to using a MO/TO Virtual Terminal with myPOS to accept payments:

• Browser-based access – payments can be processed directly through a secure web browser on a computer, tablet, or smartphone, allowing flexible use across locations.
  
• Mobile app tracking – transactions can be monitored in real time through a connected mobile app, giving businesses visibility over incoming payments and cash flow.
  
• Employee permissions – access can be assigned to specific team members, supporting controlled and secure payment processing across different staff roles.
  
• No additional hardware required – the system operates entirely online, removing the need for physical terminals or extra installation.
  
• Security and compliance standards – payments are processed within a secure environment aligned with industry requirements, helping reduce exposure to credit card fraud and supporting safer handling of CNP transactions.

In order to make use of this service in your business, you will need to go through a verification process for our team to determine if you’re eligible for it. Once done, you’re on your way to accepting safe and secure MO/TO payments.

And the best part is that at myPOS, we follow strict security standards and procedures, so any risk of fraud is minimised. 

Frequently Asked Questions