How Safe Are Card-Not-Present Transactions?

Mobile payment

Card-not-present transactions (CNP) have increasingly become popular among many businesses these past couple of years. More and more companies are embracing online shopping, and card-not-present transactions are a big part of this sector.

In a nutshell, cash-not-present transactions are credit card transactions where the credit card holder isn’t there to present their credit card to be swiped, inserted, or tapped on the seller’s POS machine to initiate the credit card processing procedure. So, the transaction happens online or over the phone.

With that being said, how safe are card-not-present transactions? Read on to find out.

Types Of Card-Not-Present Transaction Frauds

Since card-not-present transactions do not involve the cardholder physically presenting the credit card to be swiped, tapped, or inserted into the merchant’s POS machine to start the payment processing procedure, sellers and credit card holders are at a higher risk of being victims of fraud.

There are several types of card-not-present transaction frauds that merchants and credit card holders are likely to be victims of. The first type of fraud is identity/true fraud.

This type of fraud occurs when a hacker illegally obtains a credit card holder’s details, that is, their name, account number, the 3-digit security code, and billing address. Once they have this information, they use them to make purchases without the credit card holder’s permission or knowledge.

With this type of fraud, merchant accounts are more likely to suffer a loss than credit card holders.

Usually, when identity/true fraud occurs, the seller must provide evidence that it was actually the credit card holder who made that particular purchase (s). The merchant accounts are automatically liable if they can’t, and the credit card holder will receive their money back.

Another common type of card-not-present transaction fraud is chargeback fraud. With this type of fraud, the actual credit card holders request chargebacks from the issuing banks even after receiving the goods and services they purchased.

When it comes to chargeback frauds, merchants are automatically liable if they cannot provide evidence that the credit cardholder received and was satisfied with the goods and services. What’s more, if the chargeback is accepted, the merchant is usually charged a chargeback fee which is also a loss. That is why sellers need to keep accurate records of transactions made by their customers.

How to Prevent Card-Not-Present Transaction Fraud

Since card-not-present transactions come with a handful of risks, especially on the merchant’s side, many sellers have implemented fraud protection strategies to prevent this from happening. Here are some valuable tips on how to prevent card-not-present transaction fraud.

Obtaining As Much Customer Information As Possible

An excellent card-not-present transaction fraud protection strategy merchants can implement is to obtain as much of their customer’s information as possible.

Details such as the credit card holder’s billing address, phone number, type of device used to make the purchase, and so on can significantly help the merchant quickly identify if there are any fraudulent purchases.

Watch Out for Unusual “Small” Transactions

This is another great card-not-present transaction fraud protection strategy as it enables merchants to stop fraudsters before they make huge purchases.

Typically, hackers will test stolen credit card details by making small purchases. If it goes through, then they will proceed to make huge purchases.

So, merchants should look for unusually small purchases and verify them as soon as possible.

Watch Out for Unusual Credit Card Activities

Apart from the unusually small purchases, merchants should also watch out for other suspicious credit card activities like several account login attempts and an unusual number of password reset requests, to mention a few.

Utilizing 3D Secure Safety Feature

Also known as the three domain safety feature, this security protocol adds an extra layer of protection during online credit card payment processing. It does so by adding authentication steps into the credit card processing procedure. That way, no unauthorized individuals can use stolen credit card details.

This safety protocol was created by Visa and MasterCard and is now recognized by many credit card networks like American Express.

It is called the “three domain” safety feature because three domains/parties are involved during the credit card processing procedure to make this feature effective.

These domains include the acquirer domain (the acquiring bank), the issuing domain (the issuing bank), and the Interoperability domain(the system that acts as an intermediary between the issuing and acquiring bank.) So, how does it work?

The first step is for the online buyer to enter their credit card details in the payment section to start the credit card processing procedure. Then, the system verifies the card details and checks whether the card is registered for the 3D Secure safety feature. Once the card is verified, the buyer will be redirected to the 3D Secure authentication page.

In that section, the purchaser will be required to enter a one-time password or verification code sent to their confirmed email address or phone number. So, at this point, if it is a fraudster using stolen credit card details, they won’t be able to provide the code or password since they don’t have access to the actual credit card holder’s email address or phone number.

If the authentication protection process is successful, the buyer will be redirected back to the original payment page, where the normal credit card processing procedure will continue.


So, how safe is the card-not-present transaction? There is no clear-cut answer to this question. While it does come with its risks, the credit-card present transaction also comes with its fair share of risks, so both methods aren’t completely safe.

However, the main problem lies in the credit card processing procedure, as fraudsters have found ways to go through the process without being noticed.

That is why merchants should implement fraud protection strategies between credit card processing procedures to enhance card-not-present transactions.

Interesting Related Article: “Can Blockchain be Used for Accepting Merchant Payment?