What is a Card Not Present Transaction?
A card not present (CNP) transaction is any payment where the physical card is not presented to the merchant at the point of sale. This includes payments made over the phone, online, by post, or through a mobile app. CNP transactions carry higher fraud risk than in-person payments because the merchant cannot physically verify the card or cardholder.
How CNP Transactions Work
In a traditional card-present transaction, the customer inserts, taps, or swipes their card at a physical terminal. The terminal reads the card's chip or magnetic stripe, and the cardholder may enter a PIN or provide a signature. These physical checks make it difficult for someone to use a stolen card.
In a card not present transaction, none of these physical verification methods are available. Instead, the merchant collects card details -- typically the card number, expiry date, and security code (CVV/CVC/CV2) -- through an alternative channel such as a website form, phone call, or postal order.
Common Types of CNP Transactions
- Telephone payments (MOTO): The customer provides card details verbally or by entering them on their phone keypad during a call
- E-commerce: The customer types card details into an online checkout form
- Mail order: Card details are sent by post on an order form
- Recurring payments: Card details stored on file are used for subscriptions or repeat billing
- In-app payments: Card details saved in a mobile application are used to complete a purchase
Fraud Risks
CNP transactions account for the majority of card payment fraud. Because the merchant cannot see the physical card or verify the cardholder's identity through chip-and-PIN, stolen card details can be used more easily. Fraudsters who obtain card numbers through data breaches, phishing, or other means can attempt CNP transactions without needing the physical card.
According to UK Finance, CNP fraud consistently represents the largest category of card fraud losses in the United Kingdom, totalling hundreds of millions of pounds each year.
Security Measures for CNP Payments
Several technologies and processes help reduce CNP fraud:
Card Security Codes
The three-digit CVV, CVC, or CV2 code on the back of the card provides an additional layer of verification. Because this code is not stored on the magnetic stripe or chip, it is harder for fraudsters to obtain through card skimming.
3D Secure
For online transactions, 3D Secure (such as Visa Secure or Mastercard Identity Check) adds an extra authentication step where the cardholder verifies their identity through their bank -- often via a one-time code sent to their mobile phone.
DTMF Masking
For telephone payments, DTMF masking technology prevents card details from being exposed in the call audio, removing a key vulnerability in the payment chain.
Address Verification (AVS)
The merchant can check the billing address provided by the customer against the address registered with the card issuer. A mismatch may indicate fraud.
Telephone payments are one of the most common forms of card not present transaction, and they present unique security challenges. When a customer reads out their card number to an agent, or enters it on their phone keypad, that sensitive data passes through the call audio where it can be overheard or recorded.
Paytia's DTMF suppression technology solves this problem by intercepting the call audio and masking the keypad tones before they reach the agent. The card details are captured securely and sent directly to the payment processor, while the agent remains on the line to guide the customer through the transaction.
This makes telephone CNP transactions as secure as online payments with 3D Secure -- without any disruption to the customer experience or agent workflow.
Frequently Asked Questions
Why are card not present transactions higher risk?
Because the merchant cannot physically verify the card or the cardholder's identity. There is no chip to read, no PIN to enter, and no signature to check. This makes it easier for fraudsters to use stolen card details. Additional verification methods like CVV codes, 3D Secure, and DTMF masking help reduce this risk.
Are phone payments classed as card not present?
Yes. Any payment where the customer provides card details over the phone -- whether by speaking them to an agent or entering them on the keypad -- is a card not present transaction. These are sometimes called MOTO (mail order / telephone order) transactions.
See how Paytia handles card not present (cnp)
Book a personalised demo and we'll show you how our platform works with your setup.
Request a Demo