A card present transaction is just like it sounds: the card used for the purchase is physically swiped through a terminal machine. The information on the magnetic strip of the card passes through the reader and into the payment processing system, where it is checked against an authorized list of credit or debit accounts to ensure that there are sufficient funds or available credit to complete the purchase.
The payment application then confirms that the card is valid, creates an authorization code and relays it to the merchant POS system for final approval. This communication can take place either by phone or Internet if the retailer does not have a local connection.
A card not present transaction (CNP) , sometimes called “card-not-present fraud” is any purchase made where the card is not physically present. This could be a purchase made online, over the phone or by mail order. In some cases, the physical card may never even leave the owner’s possession – for example, when using a virtual credit card generated only for a one-time use.
The main differences between card-present and card-not-present transactions are the way that the information is input into the payment processing system, how the authorization code is created and what kind of documentation can be processed.
Card present transactions usually require proof of identification to complete the transaction through several methods, including:
- Signature – By signing for the purchase with their card, the cardholder verifies that they are the rightful owner of the account.
- By signing for the purchase with their card, the cardholder verifies that they are the rightful owner of the account. PIN – A personal identification number is a 4-digit code that is used to authorize transactions and access account information.
- A personal identification number is a 4-digit code that is used to authorize transactions and access account information. Chip and PIN – Many countries, like the UK and Canada, have moved to an EMV chip card standard for their credit cards. This type of card requires the user to enter a PIN when authorizing a purchase; it also includes other enhanced security features.
- Many countries, like the UK and Canada, have moved to an EMV chip card standard for their credit cards. This type of card requires the user to enter a PIN when authorizing a purchase; it also includes other enhanced security features. Bio – Biometric authentication uses physical characteristics of the authorized user to validate their identity. This could be a fingerprint, iris scan or facial recognition.
Card not present transactions usually do not require any of these methods of identification, but can instead rely on the shipping address and other information about the cardholder that is stored in the payment processing system. Because there is less risk of fraud with a CNP transaction, the authorization code is usually generated immediately and no physical documentation is needed.
The increasing popularity of card not present transactions, especially online, means that merchants need to be aware of the different ways that these purchases can be authenticated. It is important to have systems in place to verify the customer’s identity and ensure that the payment information is correct before completing the sale. In order to reduce the risk of fraud, retailers should also consider implementing additional security measures, like two-factor authentication or transaction monitoring.
The bottom line is that card present and card not present transactions are both important parts of the payments landscape. By understanding the differences between the two, merchants can better protect themselves from fraud and ensure that they are fulfilling their responsibilities under the PCI DSS.