What is a Face-to-Face (F2F) Payment?

A face-to-face (F2F) payment, also called a card-present transaction, is one where the cardholder physically presents their card or device to a terminal in front of the merchant. That covers chip-and-PIN, contactless tap, mobile wallet, and the older magnetic-stripe swipe. Because the card is verified at the point of sale, F2F transactions carry lower fraud rates, attract lower interchange fees, and give the merchant the most favourable chargeback protection.

A face-to-face (F2F) payment, sometimes written as card-present, is any card transaction where the customer hands over the card or taps a device at a terminal the merchant controls. The card is read by chip, contactless, or magnetic stripe, and the cardholder authorises the payment with a PIN, a biometric on their phone, or a signature. F2F is the counterpart to card-not-present (CNP) payments, and the rules around fees, fraud liability, and PCI scope are very different between the two.

The phrase face-to-face payment is mostly used by card schemes and acquirers to classify how a transaction was taken. It's the same thing the industry means by card-present: the card is in the room, the terminal reads it directly, and the cardholder is standing there to authorise it. That physical step is what makes F2F transactions the cheapest and least risky kind of card payment a business can take.

How an F2F Transaction Works

The customer presents their card -- inserted into the chip reader, tapped against the contactless field, or in older systems swiped through the magnetic-stripe slot. The terminal reads the card data, contacts the acquirer, and asks the issuing bank for an authorisation. If the issuer approves, the terminal prints or displays a receipt and the transaction is captured for settlement later in the day.

The cardholder confirms the payment in one of three ways:

  • A PIN entered on the terminal (chip-and-PIN)
  • A biometric on a wallet device -- Face ID, Touch ID, or the equivalent on Android
  • A signature on a printed slip (rare in the UK now, still used in some markets)

For low-value contactless payments, the issuer often skips cardholder verification entirely up to a country-specific limit -- £100 in the UK at the time of writing. Above that limit, the terminal will ask for a PIN or step up to a biometric on the wallet.

F2F vs Card-Not-Present

The card schemes split every transaction into one of two buckets: face-to-face or card-not-present. The bucket determines the interchange fee, the chargeback rights, and how much PCI DSS scope the merchant ends up carrying.

F2F transactions are the gold standard. The chip cryptogram or contactless token proves the real card was used. The PIN or biometric proves the real cardholder authorised it. If the customer later disputes the charge claiming it wasn't them, the issuer has a hard time defending that claim -- which is why fraud liability on a chip-and-PIN transaction sits with the issuing bank, not the merchant. CNP transactions don't get that protection. The merchant is on the hook unless they've used something like 3D Secure to shift liability back.

Interchange fees follow the same logic. F2F is cheaper because it's safer. The card networks charge a lower percentage on a chip-and-PIN sale than on the same sale taken over the phone or online, sometimes by a meaningful margin.

Why F2F Fraud Rates Are Lower

EMV chip technology made cloning nearly impossible. The chip generates a unique cryptogram for every transaction, so a copy of the card data captured from one sale can't be replayed at another terminal. Magnetic-stripe cloning was the workhorse of card fraud in the 1990s and early 2000s; chip-and-PIN essentially killed it off in the UK by 2006.

Contactless adds another layer. The tokens exchanged between a phone wallet and the terminal are one-time-use, and the device-bound key never leaves the secure element on the phone. Even if someone intercepts the radio traffic, they can't replay it.

The fraud that does still happen at F2F terminals is mostly social engineering -- distraction theft, shoulder-surfing PINs, or stolen cards used contactless before the cardholder cancels them. It's a small fraction of total card fraud, and most of the loss falls on the issuer rather than the merchant.

F2F and PCI DSS Scope

F2F payments still touch card data, so they're still in scope for PCI DSS -- but the scope is usually small. A modern terminal that handles encryption end-to-end keeps the cardholder data away from the merchant's network entirely. The card number is encrypted at the point of swipe or tap and only ever decrypted at the payment processor.

That setup typically lets the merchant qualify for SAQ B or SAQ B-IP -- the lightest self-assessment categories. Compare that to a contact centre taking phone payments without DTMF protection, where the same business might be looking at SAQ D and a much heavier compliance burden.

When F2F Isn't an Option

Plenty of legitimate businesses can't take F2F payments at all -- mail-order retailers, online stores, contact centres, subscription services, B2B invoicing. Anything where the customer isn't standing at a counter is by definition card-not-present. That's why the CNP category exists, and why so much of the payment-security industry is built around closing the gap between F2F and CNP risk levels: 3D Secure for online, DTMF masking for phone, tokenisation for stored cards.

For businesses that can take F2F payments and currently don't -- or take them badly -- the case for fixing it is straightforward. Lower fees, lower fraud, less PCI DSS work. The difference shows up on the bottom line every month.

How Paytia Uses This

Most of what we do at Paytia is the opposite of an F2F payment -- we make phone-based card-not-present transactions safer. But the F2F comparison matters because it sets the benchmark our customers are trying to reach.

When a contact centre takes a card payment over the phone, the agent ends up in the middle of the transaction by default. They hear the card number, see it on screen, and it gets captured in the call recording. That's the worst of both worlds: full PCI DSS scope on every system the call passes through, plus none of the fraud-liability protection that F2F gives the merchant. DTMF masking changes the shape of the transaction. The customer keys their card on their phone keypad, the tones are intercepted before they reach the agent, and the card data is routed straight to the processor.

The transaction is still classified as CNP -- it has to be, because the card isn't physically presented -- but the data path now looks much closer to an F2F payment. The agent never sees or hears the card details, the contact centre falls out of PCI DSS scope, and the merchant gets the fraud protection of 3D Secure-style authentication where the issuer supports it. That's the gap we're closing.

Card Not PresentDTMF MaskingPCI DSS Compliance

Frequently Asked Questions

What's the difference between F2F and card-present?

Nothing -- they're two names for the same thing. "Card-present" is the older industry term used by card schemes and acquirers; "face-to-face" is the newer, more customer-friendly version. Both describe a transaction where the cardholder physically presents their card or wallet device at the merchant's terminal.

Is contactless an F2F payment?

Yes. Contactless taps -- whether from a card or a phone wallet -- are face-to-face transactions because the device is physically presented at the terminal. The chip cryptogram and the device-bound token make them as secure as chip-and-PIN, sometimes more so when biometrics are involved.

Why are F2F interchange fees lower than CNP fees?

Card networks charge interchange based on transaction risk. F2F transactions verified by chip-and-PIN or biometric have very low fraud rates and low chargeback rates, so the network charges the merchant a lower percentage. CNP transactions carry more fraud risk, so they sit in higher interchange tiers.

Who's liable for fraud on a chip-and-PIN F2F transaction?

Liability sits with the card issuer, not the merchant. The chip cryptogram and PIN entry are treated as proof that the real card and real cardholder authorised the transaction. If the cardholder later disputes the charge, the issuer can't easily push that back to the merchant. This liability shift is one of the biggest financial advantages of F2F over CNP.

Can a phone payment ever be classified as face-to-face?

No. By definition, a phone payment is card-not-present -- the card isn't physically at the terminal. Some products narrow the security gap (DTMF masking, IVR payments, agent-assisted IVR) but the transaction is still coded as CNP at the network level. The merchant gets the data-protection benefits of removing the agent from the flow, but not the lower interchange or the issuer-liability shift that F2F gives.

Does PCI DSS apply to F2F payments?

Yes -- but typically with a much lighter scope than CNP. A merchant using a modern point-to-point-encrypted terminal usually qualifies for SAQ B or SAQ B-IP, which are the shortest self-assessment categories. Compare that to a contact centre handling unprotected phone payments, which often ends up on SAQ D with hundreds of controls to satisfy.

Related Terms

Card Not PresentEMVContactless PaymentsChargebackIVR PaymentOpen Banking

See how Paytia handles face-to-face (f2f) payments

Book a personalised demo and we'll show you how our platform works with your setup.

PCI DSS Level 1
Cyber Essentials Plus
Book a demoContact us

Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia