A card-not-present transaction (CNP, mail order / telephone order, MO/TO) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over the Internet, but can also be used with mail-order transactions by mail or fax, or over the telephone.
Card-not-present transactions are a major route for credit card fraud, because it is difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase.
If a fraudulent CNP transaction is reported, the acquiring bank hosting the merchant account that received the money from the fraudulent transaction must make restitution to the cardholder, which is called a chargeback. In addition, the merchant account would be assessed a chargeback fee by the acquiring bank.[1]
This is the opposite of a card present transaction, when the issuer of the card is liable for restitution.[2] Because of the greater risk, some card issuers charge a greater transaction fee to merchants who routinely handle card-not-present transactions.
The card security code (in this case, CVV2) system has been set up to reduce the incidence of credit card fraud arising from CNP.[3]
If a credit card is physically swiped in the transaction, the bank that issued the card is on the hook for fraudulent charges. If it is a phone or Internet purchase — called a card-not-present transaction — the bank that hosted the merchant account that received the ill-gotten charges must make restitution, said Ms. Litan, the Gartner analyst.