Card not present transactions-A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time that an order is given and payment effected, such as for mail-order transactions by mail or fax, or over the telephone or Internet.
Card not present transactions are a major route for credit card fraud, because it is difficult for a merchant to verify that the actual cardholder is indeed authorising a purchase.
If a fraudulent CNP transaction is reported, the acquiring bank hosting the merchant account that received the money from the fraudulent transaction must make restitution; whereas with a swiped (card present) transaction, the issuer of the card is liable for restitution. Because of the greater risk, some card issuers charge a greater transaction fee to merchants who routinely handle card not present transactions.
The card security code system has been set up to reduce the incidence of credit card fraud arising from CNP.
How do Proximity Cards work
Card present transactions-A transaction is described as being ‘card present’ when the cardholder and the card are present at the same time. When the card that is presented is a chip card then it is placed into the terminal. If a card does not have a chip then the magnetic stripe on the reverse of the card is swiped through the terminal.
- Chip & PIN-When accepting a chip & PIN enabled card, it is placed into a PIN pad or terminal and prompts are provided on the action required. In most cases customers will enter their four digit PIN (Personal Identification Number) into the terminal or PIN pad – there are different procedures required for chip and signature cards and these details can be found below in the chip and signature section. When an authorisation has been given, the merchant is protected from cardholders claiming they did not take part in the transaction and the card issuer charging back the transaction.
- Chip and signature-As with a chip & PIN card, these cards should be inserted into the terminal and a merchant will then follow the terminal prompts on what action to take next. In most cases, this will be to request that the cardholder signs for the purchase. A merchant will need to carry out security checks such as “does the signature match the one on the back of the card?”.
- Contactless-It works by cardholders holding their contactless-enabled card up to a secure reader to make their payments. This provides a fast and effective alternative to cash that can reduce queues, and utilises the security built into a chip & PIN card.
- Magnetic stripe-To process a transaction using this type of card, you will need to swipe your customer’s card through the terminal and follow the instructions provided to complete the transaction. As part of the process, you’ll require the cardholder to provide a signature on the terminal receipt to authorise the transaction. In the case of a fraudulent transaction – for example, a forged signature – different chargeback rights exist for this transaction type compared to that for a chip & PIN transaction.
- PAN key entered-If you are accepting an overseas card with a magnetic stripe and this technology fails to work you may PAN Key Enter (PKE) the card account details (together with transaction amount) into the terminal. In these circumstances an authorisation request should be made.
- Paper vouchers-Where merchants are processing transactions on paper vouchers, they will be using a manual imprinter or ‘zip-zap’ machine. You should place your customer’s card into the machine with a paper voucher and makes an imprint of the card onto the voucher. You then manually complete the purchase details on the voucher and ask your customer to sign.
- Tokenization new story in Cards domain Vault-less
- Cards domain ISO8583 message details to know
- Digital wallet domain knowledge to manage money