July 29th, 2019 - Payments, ATMs and Unattended
By Dan Billsdon, Chief Technology Officer, ADVAM
In the payment industry there are many terms that get referred to that everyone is expected to know and understand; two of these are Card Present (CP) and Card Not Present (CNP). Their descriptions alone seem self-explanatory but as often is in this industry, there is more to them than what appears on the surface. This blog will explain and highlight the differences between CP and CNP, as well as what their respective roles are in the payment space.
The Names Say It All (or Not)
Card Present (CP) transactions are exactly that; the customer’s credit/debit card is physically present during the transaction. This includes, but not limited to, inserting or tapping your card into/on a payment terminal. This is the most common payment method. Growing in popularity are mobile payments. These automated CP transactions are embodied primarily by Apple Pay or Google Pay. In these cases, the information on a physical card has been validated and encrypted on the device ensuring that the payment information belongs to the card holder.
Note: This is assuming that the transaction is a Euro, MasterCard, Visa (EMV) CP. A regular CP transaction requires a payment terminal to read card data. When an EMV CP transaction occurs, dynamic data is created by the card, which when passed through the payment networks, is verified by the issuer whether or not it is a ‘Real’ card and not from a ‘Fake’ card with copied card data.
As the issuer can trust that this transaction is coming from a validated card and not a copy/reproduction, the risk profile is reduced. This translates into a lower merchant service fee (MSF) and thus the transaction is cheaper.
CP transactions can also take this authentication a step further by including a validation of the owner referred to as Cardholder Verification Method (CVM). There are different verification options for different risk profiles which drive differing MSFs.
The different CVMs are:
Let’s Look at the Other Side
Card Not Present (CNP) transactions are where a payment terminal is not physically used, but where the card information has been transferred or entered remotely. Prime examples are online, eCommerce transactions, in-app purchase on a phone or a Mail Order Telephone Order (MOTO). In each of these cases, a physical card is not presentor used for payment. These transactions have a much higher risk profile and have the highest incident of fraud. Because the card visually displays all of the account information, anyone who has access to a physical card can make a purchase just by entering or voicing the information remotely.
To reduce the risk profile slightly some extra information can be requested:
CNP transactions do not have as many security measures in place as CP transactions. But with the explosion of eCommerce and mobile payments, CNP transactions have become a very large segment of the payments ecosystem. Consumers like the convenience of being able to make purchases quickly. They have embraced storing their card info online because it eliminates the need to present it every time they make a transaction. But with this convenience comes challenges such as increased fraud which exploits the vulnerabilities in the CNP transaction. This is the reason why the MSF rates are higher on CNP transactions.
Everything Has A Role to Play
CP vs CNP; this isn’t a competition since both are important parts of the payment ecosystem.
CP has a lower risk profile since the card issuer knows that they are communicating directly with the physical card. This lower risk translates into a lower MSF rate. The self-service industry is a common example where payment terminals are present, and cards are physically required.
Conversely, eCommerce is ubiquitous for CNP transactions. With CNP’s limited verification methods, and associated higher risk, these transactions come with higher MSF fees. But eCommerce is all about convenience and speed. Due to its mobile or virtual presence, merchants accept the higher processing rate in order to remain competitive and retain customer share.
The payments industry acknowledges the role that each of the transaction types play in the payments ecosystem and there are continuous improvements happening in this area. Security and convenience are the two competing forces at work in payments and the proliferation of online and mobile devices mean that the industry will continue to develop new methods and solutions to enhance verification and reduce fraud.