Is There Really A Battle Between Card Present and Card Not Present?

Is There Really A Battle Between Card Present and Card Not Present?

July 29th, 2019 - Payments, ATMs and Unattended

By Dan Billsdon, Chief Technology Officer, ADVAM

In the payment industry there are many terms that get referred to that everyone is expected to know and understand; two of these are Card Present (CP) and Card Not Present (CNP). Their descriptions alone seem self-explanatory but as often is in this industry, there is more to them than what appears on the surface. This blog will explain and highlight the differences between CP and CNP, as well as what their respective roles are in the payment space.  

The Names Say It All (or Not)

Card Present (CP) transactions are exactly that; the customer’s credit/debit card is physically present during the transaction. This includes, but not limited to, inserting or tapping your card into/on a payment terminal. This is the most common payment method. Growing in popularity are mobile payments. These automated CP transactions are embodied primarily by Apple Pay or Google Pay. In these cases, the information on a physical card has been validated and encrypted on the device ensuring that the payment information belongs to the card holder.

Note: This is assuming that the transaction is a Euro, MasterCard, Visa (EMV) CP. A regular CP transaction requires a payment terminal to read card data. When an EMV CP transaction occurs, dynamic data is created by the card, which when passed through the payment networks, is verified by the issuer whether or not it is a ‘Real’ card and not from a ‘Fake’ card with copied card data.

As the issuer can trust that this transaction is coming from a validated card and not a copy/reproduction, the risk profile is reduced. This translates into a lower merchant service fee (MSF) and thus the transaction is cheaper.

CP transactions can also take this authentication a step further by including a validation of the owner referred to as Cardholder Verification Method (CVM). There are different verification options for different risk profiles which drive differing MSFs.

The different CVMs are:

  • No CVM
    • This is where no verification is completed; while a seeming contradiction, it is still classified as a CVM
  • Signature
    • This is where the card holders’ signature is visually verified against the one on the back of the card
  • Offline PIN
    • The customers PIN is collected by the payment terminal and the terminal verifies the PIN using the embedded chip. The PIN is securely stored on the customers card via encryption
  • Online PIN
    • Primarily used in Australia, New Zealand and the United States, Online PIN is the most secure CVM. In this case, the PIN is verified by the card issuer instead of the payment terminal. All the data is securely passed over the payment network so that the issuer can validate the transaction
  • Consumer Device CVM
    • This version of CVM is employed when a mobile phone is used as the payment card. In this instance, the phone itself verifies the transaction via biometric authentication like facial recognition or finger print. An example of this is Face ID or Touch ID employed by Apple’s iPhones and some iPads. It can also validate through a PIN code that is physically typed-in

Let’s Look at the Other Side

Card Not Present (CNP) transactions are where a payment terminal is not physically used, but where the card information has been transferred or entered remotely. Prime examples are online, eCommerce transactions, in-app purchase on a phone or a Mail Order Telephone Order (MOTO).  In each of these cases, a physical card is not presentor used for payment. These transactions have a much higher risk profile and have the highest incident of fraud. Because the card visually displays all of the account information, anyone who has access to a physical card can make a purchase just by entering or voicing the information remotely.

To reduce the risk profile slightly some extra information can be requested:

  • Card Verification Value (CVV)
    • This is an additional number that in theory proves you have the card in your possession.
    • This is a 3-digit number on the back, signature panel for Mastercard, Visa, Diners & Discover cards.
    • For American Express, it is a 4-digit number on the front of the card.
  • Address Verification System (AVS)
    • These are extra details are collected about the cardholders’ address and location. These details are verified with the issuing bank when a transaction is processed

CNP transactions do not have as many security measures in place as CP transactions. But with the explosion of eCommerce and mobile payments, CNP transactions have become a very large segment of the payments ecosystem. Consumers like the convenience of being able to make purchases quickly. They have embraced storing their card info online because it eliminates the need to present it every time they make a transaction. But with this convenience comes challenges such as increased fraud which exploits the vulnerabilities in the CNP transaction. This is the reason why the MSF rates are higher on CNP transactions.

Everything Has A Role to Play

CP vs CNP; this isn’t a competition since both are important parts of the payment ecosystem.  

CP has a lower risk profile since the card issuer knows that they are communicating directly with the physical card. This lower risk translates into a lower MSF rate. The self-service industry is a common example where payment terminals are present, and cards are physically required.

Conversely, eCommerce is ubiquitous for CNP transactions. With CNP’s limited verification methods, and associated higher risk, these transactions come with higher MSF fees. But eCommerce is all about convenience and speed. Due to its mobile or virtual presence, merchants accept the higher processing rate in order to remain competitive and retain customer share.

The payments industry acknowledges the role that each of the transaction types play in the payments ecosystem and there are continuous improvements happening in this area. Security and convenience are the two competing forces at work in payments and the proliferation of online and mobile devices mean that the industry will continue to develop new methods and solutions to enhance verification and reduce fraud.

Find details for your appropriate TNS representative on our contact page