What Is Card-not-present? Definition, Payment Flow, and Examples
Card-not-present (CNP) occurs when the physical card is not read in front of the merchant, as in most online and phone orders. This guide focuses on CNP's real role, boundaries, and common points of confusion.
Key points
- Definition: Card-not-present (CNP) occurs when the physical card is not read in front of the merchant, as in most online and phone orders.
- Flow position: A card-present transaction uses a terminal to read chip, contactless, or other in-person data.
- Do not confuse: CNP / Card-present
How it fits into the payment flow
For CNP, the relevant process is as follows: A card-present transaction uses a terminal to read chip, contactless, or other in-person data. Card-not-present credentials are submitted in e-commerce, apps, mail order, or telephone order. Channel indicators affect authentication, risk, and processing rules without proving safety or fraud.
A practical review of CNP should account for this: E-commerce is a common CNP form, while MOTO is a distinct remote-order channel. Merchants should transmit the real channel, and customers should verify the page, caller, merchant, and order details.
Practical example
A shopper enters card credentials on a website without a physical card read, making it card-not-present. The merchant supplements missing in-person signals with 3DS, device, and order data.
How it differs from related terms
| Term | Definition |
|---|---|
| Card-not-present | occurs when the physical card is not read in front of the merchant, as in most online and phone orders |
| Card-present | occurs at a physical acceptance point where a card or device credential is read by chip, contactless, or another supported method |
| E-commerce Transaction | is a remote purchase through a website or app, usually card-not-present and supported by gateways, risk checks, and authentication |
CNP focuses on the fact that it occurs when the physical card is not read in front of the merchant, as in most online and phone orders. Card-present, by contrast, occurs at a physical acceptance point where a card or device credential is read by chip, contactless, or another supported method. They can appear in one transaction while answering different questions.
Use cases and limits
A key limit of CNP is the following: A CNP environment cannot inspect the physical card's in-person security features, so other data, authentication, and controls matter. Mislabeling MOTO as e-commerce can also affect authorization and disputes.
Frequently asked questions
These answers address two common search questions about CNP.
Is it the same as Card-present?
No. Card-not-present (CNP) occurs when the physical card is not read in front of the merchant, as in most online and phone orders. Card-present (CP) occurs at a physical acceptance point where a card or device credential is read by chip, contactless, or another supported method. Compare the object, processing stage, and responsible party.
Are e-commerce and all card-not-present transactions identical?
For CNP, no. E-commerce is a major CNP subset, while MOTO and other remote channels are also CNP and can carry different data and processing requirements.
These primary sources support the definition and process for CNP. Current product, network, and local rules still control a real transaction.