Card not present vs card present transactions differ in one fundamental way: whether the physical card is at the point of sale. That distinction drives a 15x difference in fraud rates, higher processing fees for online transactions, and different liability rules when fraud occurs.
For businesses operating both in-store and online channels, understanding these differences matters for budgeting, risk management, and security investment decisions. The data is clear on where the risks concentrate.
What is the difference between CNP and card present transactions?
The core distinction determines how authentication works and where risk concentrates:
| Dimension | Card-present (CP) | Card-not-present (CNP) |
|---|---|---|
| Physical card | Required at terminal | Not present |
| Authentication | EMV chip cryptogram (unique per txn) | Static data (card number, expiry, CVV) |
| Transaction types | Retail POS, restaurants, face-to-face | Online, phone orders, mail orders |
| Fraud verification | Proves physical possession | Cannot verify possession |
| Global share | 37% of transactions | 63% (37% online + 26% mobile) |
Source: eMarketer data from the Nilson Report
The difference matters because card-present transactions can verify physical possession. When a customer taps an EMV chip card, the chip generates a one-time cryptogram that proves the authentic card was present. CNP transactions rely on static data (card number, expiration, CVV) that can be stolen and reused from anywhere in the world.
Fraud risk comparison: CNP vs card present
CNP transactions are 15x riskier than card-present: 0.93% fraud rate versus 0.06% (Chargebacks911). Why the disparity? Card-present fraud requires obtaining a physical card or creating a convincing counterfeit. CNP fraud requires only stolen card data, which is available in bulk on dark web marketplaces. A criminal in another country can use stolen card details to make purchases without ever possessing the card.
The Nilson Report quantified U.S. CNP fraud losses at $10.16 billion in 2024, representing 74% of all card payment fraud despite CNP transactions representing a smaller share of total volume. Globally, CNP fraud losses are projected to reach $28.1 billion by 2026, a 40% increase from 2023 levels according to Chargeflow’s industry analysis.
Card-present fraud, by contrast, has declined sharply since EMV chip adoption. Visa reports that card-present fraud dropped 87% since EMV chip launch in the U.S. Counterfeit fraud at chip-enabled merchants specifically fell 80% between September 2015 and September 2018. Today, 96.2% of U.S. card-present transactions use EMV chip technology.
The Federal Reserve Bank of Kansas City tracks debit card fraud rates separately. Their data shows debit card CNP fraud increased from 26.1 basis points in 2019 to 41.6 basis points in 2023, confirming the upward trend in CNP risk even as card-present fraud declines.
One fraud category affects CNP merchants particularly hard: friendly fraud, also called first-party fraud. This occurs when legitimate cardholders dispute valid purchases to get refunds while keeping the merchandise. Visa’s 2025 Global eCommerce Fraud Report found that first-party fraud now represents 36% of all reported fraud, up from 15% in 2023. That’s a $132 billion risk to ecommerce merchants. 3D Secure authentication helps with true fraud but cannot prevent friendly fraud since the actual cardholder authorized the transaction.
Chargeback rates and financial impact
Chargeback rates follow the fraud rate pattern. CNP chargeback rates range from 0.6% to 1.0% compared to approximately 0.5% for card-present transactions (Chargeflow, 2025). CNP chargebacks are 81% more likely than point-of-sale disputes according to Chargebacks911 data.
The raw numbers are substantial. U.S. consumers disputed 105 million charges in 2024 worth $11 billion, up from $7.2 billion in 2019. Globally, chargebacks cost merchants $117.47 billion in 2023 according to Mastercard data cited by Chargeflow.
The true cost of fraud exceeds the face value. LexisNexis research on the True Cost of Fraud shows merchants lose $4.61 for every $1 of fraud when accounting for merchandise, transaction fees, chargeback fees, and operational costs of dispute handling.
| Cost factor | CNP | Card-present |
|---|---|---|
| Fraud rate | 0.93% | 0.06% |
| Chargeback rate | 0.6% – 1.0% | ~0.5% |
| Interchange rate | 2.25% – 2.65% | 1.70% – 2.05% |
| Liability for fraud | Merchant (without 3DS) | Issuer (with EMV chip) |
| True cost per $1 fraud | $4.61 | $4.61 |
Sources: Chargebacks911, Chargeflow, Merchant Cost Consulting, LexisNexis
For a business processing $5 million in annual volume across both channels, the CNP fraud exposure is roughly $43,000 higher than card-present based on the 0.87% rate differential. That calculation assumes equal volume split; businesses with higher CNP concentration face proportionally greater exposure.
Processing fees compound the cost difference. CNP interchange rates average 2.25% to 2.65% compared to 1.70% to 2.05% for card-present transactions according to Merchant Cost Consulting. The 0.55% to 0.60% premium reflects the higher fraud risk that card networks price into CNP transactions. On $10 million in CNP volume, that’s $55,000 to $60,000 in additional processing costs annually compared to card-present rates.
Liability differs too. For card-present transactions with EMV chip, liability for counterfeit fraud shifts to the card issuer. For CNP transactions without 3D Secure, merchants bear full fraud liability. Successful 3D Secure authentication shifts liability back to the issuer, which is why 3DS adoption matters for CNP merchants beyond its fraud reduction benefit.
Security technologies for each channel
Card-present and CNP transactions use different security technologies, though some protections apply to both.
| Security technology | Channel | What it does |
|---|---|---|
| EMV chip | Card-present | Generates unique cryptogram per transaction; eliminated counterfeit fraud |
| Point-to-point encryption (P2PE) | Card-present | Protects card data during transmission from terminal to processor |
| 3D Secure | CNP | Adds cardholder verification; 45% fraud reduction on authenticated txns |
| CVV verification | CNP | Confirms access to physical card; cannot be stored post-authorization |
| Tokenization | Both | Replaces card numbers with tokens; 28-30% fraud reduction (network tokens) |
| Real-time fraud scoring | Both | Analyzes patterns and behavior to flag suspicious activity |
| PCI DSS compliance | Both | Security standards covering card data handling |
Visa data on 3DS: 11 basis points fraud rate vs. 20 basis points for non-authenticated transactions
3D Secure authentication adds cardholder verification to CNP transactions. When triggered, the cardholder completes an authentication step (password, SMS code, biometric) before the transaction processes. Visa data shows 3DS-authenticated transactions have 45% lower fraud rates and a 9% lift in authorization approval rates.
Despite these benefits, only 3% of U.S. ecommerce transactions use 3DS as of May 2025 (FraudNet data). In contrast, Japan mandated 100% 3DS authentication for all online card transactions as of March 2025, and European markets have high adoption due to PSD2 Strong Customer Authentication requirements.
CVV verification remains a baseline CNP control, confirming the customer has access to the physical card. However, CVV codes cannot be stored post-authorization under PCI DSS requirements, which limits their utility for stored credential transactions.
Tokenization replaces actual card numbers with non-sensitive tokens, protecting stored card data whether used for in-store repeat customers or online subscription billing. Network tokens from Visa and Mastercard reportedly reduce fraud by 28-30%, though granular public data is limited.
PCI DSS compliance requirements cover both transaction types. PCI DSS v4.0, with future-dated requirements mandatory as of March 31, 2025, introduces new CNP-specific controls:
- Requirement 6.4.3 mandates a complete inventory of all payment page scripts with authorization and integrity controls
- Requirement 11.6.1 requires detection and alerting on unauthorized payment page changes at minimum weekly intervals
How payment orchestration reduces both CNP and CP risk
Payment orchestration addresses fraud risk through processor-agnostic routing, unified security controls, and reduced failure exposure:
- Diversified risk scoring across multiple processors, so no single fraud detection gap creates systematic exposure
- Automatic transaction routing to alternatives when one processor’s fraud rules flag unusual activity or experience elevated decline rates
- Gateway failover capabilities that maintain transaction flow without security gaps from manual intervention or degraded states
- Consistent 3DS authentication across all processor connections without per-processor integration work
- Tokenization that reduces PCI scope for CNP transactions to SAQ A (card data never touches merchant systems)
- Market-specific routing rules that apply appropriate security measures based on regional risk profiles and regulatory requirements
The U.S. represents 26.31% of global card volume but accounts for 41.87% of fraud losses according to the Nilson Report. Businesses with international operations face varying fraud patterns by market. Orchestration enables routing rules tailored to each region’s risk profile.
Choosing security strategies for your business
Security investment should reflect your actual channel mix and risk exposure.
| If your business is… | Priority investments |
|---|---|
| Primarily card-present | EMV chip terminals, staff training, skimming device inspection |
| Primarily CNP | 3DS implementation (45% fraud reduction + liability shift), fraud scoring |
| Both channels | Unified fraud monitoring across in-store and online purchases |
| Expanding internationally | Market-specific authentication (SCA in EU/UK/Japan, optional in U.S.) |
If card-present transactions dominate your volume, EMV chip acceptance and terminal security are the priorities. The fraud risk is manageable at 0.06% with proper equipment and staff training. Ensure all terminals are chip-enabled and implement regular equipment inspection to prevent skimming device installation.
If CNP transactions represent significant volume, 3DS implementation delivers measurable fraud reduction (45% on authenticated transactions) plus liability shift to issuers. The authentication friction concerns that delayed U.S. adoption have largely been addressed with 3DS 2.0’s risk-based authentication, which challenges only high-risk transactions rather than every purchase.
For merchants operating both channels, unified fraud monitoring across in-store and online purchases catches patterns that channel-specific systems miss. A customer making a large online purchase from a location that doesn’t match their card-present purchase history warrants additional scrutiny.
Regional expansion introduces new fraud considerations. Markets with SCA requirements (EU, UK, Japan) mandate strong authentication. Markets without mandates (much of the U.S.) give merchants choice but also liability. Understanding regulatory requirements by market prevents compliance gaps that create both fraud exposure and regulatory risk.
The data supports prioritizing CNP security investment. Card-present fraud is a solved problem for most merchants using EMV chip technology. CNP fraud continues growing, driven by ecommerce expansion and increasingly sophisticated fraud techniques. The 15x fraud rate differential, combined with 0.55%+ higher processing costs and full merchant liability, makes CNP security the higher-ROI investment for most businesses today. For a deeper look at the challenges specific to card-not-present transactions, including tokenization and authentication strategies, see our dedicated guide.
Frequently asked questions
What is the difference between card present and card not present transactions?
Card-present transactions require the physical card at a terminal (tap, dip, or swipe). Card-not-present transactions process without the card being present, covering online purchases, phone orders, and mail orders. The physical card verification in CP transactions enables cryptographic authentication that CNP transactions cannot replicate.
What is the chargeback rate difference between CNP and card present transactions?
CNP chargeback rates range from 0.6% to 1.0% compared to approximately 0.5% for card-present according to Chargeflow data. CNP chargebacks occur 81% more frequently than point-of-sale disputes, driven by higher fraud rates and the difficulty of proving the cardholder authorized a remote transaction.
Why are card not present transactions higher risk?
Without the physical card, merchants cannot verify possession. Stolen card data can be used from anywhere in the world without obtaining the actual card. CNP fraud rates run at 0.93% of transaction value compared to 0.06% for card-present, a 15x differential (Chargebacks911).
Does 3D Secure eliminate CNP fraud?
No. 3D Secure reduces fraud by 45% on authenticated transactions according to Visa data and shifts liability to card issuers for successful authentications. However, 3DS cannot prevent friendly fraud (where the actual cardholder disputes a valid purchase), account takeover using legitimate credentials, or fraud on transactions that bypass authentication.
Do card not present transactions cost more to process?
Yes. CNP interchange rates average 2.25% to 2.65% versus 1.70% to 2.05% for card-present transactions (Merchant Cost Consulting). The 0.55% to 0.60% premium reflects the higher fraud risk that card networks price into CNP transactions.
