Breadcrumb

Best practices for card not present transactions

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedNov 20222 min read

Modern retail businesses have a new challenge to get to grips with in the form of card not present transactions. With so many recent innovations in payment technology, people no longer need to carry cash or their bank card around with them to make purchases.

Digital wallets contained within an app on a smartphone are the rising payment trend among consumers. Transactions without a bank card being physically involved have been a part of online purchasing for a long time, but now bricks-and-mortar shops must figure out the best practices for card not present transactions.

Online transactions are also evolving, with the traditional entering of bank details also being usurped by digital wallets. Here we look at the best practices for card not present transactions.

What is a card not present transaction?

A card not present (CNP) transaction is processed via the internet, telephone, email or mobile device. Such transactions do not require the physical presence of a credit or debit card. This doesn’t mean the bank details contained in the card aren’t involved, just that the merchant receives the bank details remotely.

Such CNP payments are good news for your small business as they provide you with a reliable cash flow to boost your overall revenue. This is because a customer no longer needs to abandon their purchase due to insufficient cash or negative card balance. With a digital payment, a customer has the money right there in their device.

Of course, with every new innovation in payment technology comes a number of new concerns about security. That’s why there are some best practices to prevent card not present fraud.

Card not present (CNP) best practices

Every kind of payment system is prone to fraud, and a CNP transaction is no different. There is also the risk of innocent confusion causing chargebacks, in cases where someone disputes a charge they do not recognise on their statement. To avoid these issues, adhere to these CNP best practices:

protect your customer
identify your business
save proofs of purchase
use the address verification system
comply with PCI security standards

Protect your customer

You must always safeguard your customer’s sensitive card details. This means never writing their details down or entering any of their card information into unsecured drives. Data leaks happen and can be devastating for you.

Identify your business

Chargeback disputes can be innocently intentioned, with the customer simply not recognising where the charge they see on their bank statement comes from. Avoid such misunderstandings by ensuring your merchant details and billing descriptor accurately describe who you are.

Save proof of purchase

Save every bit of proof of purchase information for each transaction you conduct, apart from the sensitive bank details. This will be most helpful when it comes to defending your business against chargeback attempts. Save information such as the time and date of the purchase, total amount charged, mode of payment, the order placed and customer contact details.

Use the address verification system

All merchants accepting CNP transactions should use the Address Verification System (AVS) to verify the billing address of their customer. AVS ensures the billing address provided by the customer matches up with the shipping address provided. There will be plenty of instances where the addresses don’t match for legitimate reasons (someone sending a gift, for example), but these can be figured out pretty easily.

Comply with PCI security standards

Make sure your business is PCI-certified and that you are complying with all the PCI security standards. Also check for updates regularly, and make sure you only use a PCI-certified payment processor as well.

We can help

As a merchant, you need reliable payment options that offer customers the protection they need.

GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with.

GoCardless bypasses the card networks entirely, using bank payments to securely collect payments instantly or to your schedule, with anti-fraud feature Protect+ adding extra protection. Find out how GoCardless can help you with one-off or recurring payments.