Card-Present vs Card-Not-Present Processing: Fees, Fraud Risk, and Compliance Differences

Written by Tyler DurbinJune 15, 2026
Merchant Alternatives is reader-supported. When you make purchases through links on our site, we may earn a commission. This is always at no additional cost to you and helps us continue to provide accurate, transparent and up-to-date information on the things that matter most to your business, for free.

Card-present (CP) and card-not-present (CNP) payments run on the same card networks, but they behave like two different products once you look at pricing, fraud liability, and compliance scope. In general, CP transactions cost less and have lower fraud risk because the payment includes stronger, in-person verification signals, while CNP transactions carry higher interchange and a higher probability of disputes.

If you are building or reviewing a payments setup, the practical takeaway is simple: treat CP and CNP as separate risk lanes. Your processor setup, fraud tooling, PCI paperwork, and even how you read your statement will differ based on which lane dominates your volume.

In this guide, I will break down the real differences between CP and CNP processing, how they impact your effective rate, and what to do if you sell in both channels.

What is the difference between card-present and card-not-present transactions?

Card-present transactions happen when the cardholder and a physical payment device are at the point of sale, and the payment is captured using an in-person method like EMV chip dip, contactless tap, or swipe. Card-not-present transactions happen when the merchant cannot capture the card's chip in person, such as e-commerce checkout, phone orders, or recurring billing.

The networks and banks treat these differently because the data available at authorization is different. In CP, the terminal can provide EMV and contactless security data and confirm the card is physically present. In CNP, the merchant typically relies on data like AVS, CVV, device signals, and sometimes 3D Secure to prove the buyer is legitimate.

Why do card-not-present transactions usually cost more?

CNP transactions usually cost more because they are riskier for issuers and acquirers, and that risk is priced into interchange categories and program fees. In plain terms, online fraud and friendly fraud are more common than counterfeit card fraud at a chip-enabled checkout lane.

This does not mean you are stuck with expensive pricing forever. It means you need to understand what drives your effective rate and pick a pricing model and processor that can handle your risk profile without padding margins.

A quick way to sanity-check your effective rate

If you sell mostly online, do not compare your effective rate to a retail store down the street. Compare it to online merchants with similar ticket size, refund behavior, and fraud exposure.

A simple diagnostic is:

  • CP-heavy business with modern terminals: lower interchange mix, fewer fraud chargebacks, fewer manual reviews
  • CNP-heavy business: higher interchange mix, more fraud tooling cost, more disputes and representment work

Which fees change between CP and CNP processing?

Your processing costs are a stack. Some parts change a lot between CP and CNP, while others stay roughly the same.

Here is the stack most merchants see:

1. Interchange (paid to the cardholder's bank)
2. Network assessments and dues (paid to Visa, Mastercard, etc.)
3. Acquirer and processor markup (what your provider earns)
4. Gateway and software fees (often tied to e-commerce)
5. Risk and chargeback-related fees (often higher for CNP)

The main CP vs CNP swing usually shows up in interchange categories and in the add-on stack that online businesses need to operate.

Table: Common CP vs CNP fee differences

Cost component Card-present (CP) Card-not-present (CNP) What to watch
Interchange category Often lower when processed as EMV chip or contactless Often higher because the transaction is higher risk Your statement might label these as retail vs e-commerce categories
Gateway fee Sometimes included or not needed Common (monthly gateway, per-transaction gateway fee) Ask if the gateway markup is separate from processing
Fraud tooling Basic filters may be enough Often required (device fingerprinting, velocity rules, 3DS) Fraud tools can save chargebacks but also increase decline rates
Chargeback ratio pressure Often lower if EMV is working correctly Often higher due to fraud and subscription disputes A high ratio can trigger network monitoring programs
Terminal and hardware You buy or rent terminals Not applicable (mostly) Watch long terminal leases
PCI scope and validation Can be smaller with P2PE or well-segmented POS Often larger if your site touches payment page code Hosted checkout can reduce scope

What signals make a transaction qualify as "card-present"?

A transaction is usually treated as CP when it is captured through an in-person acceptance method and includes the right security indicators, such as EMV chip data or contactless data, along with terminal capabilities. Practically, this means:

  • An EMV dip or contactless tap is the best path for in-person acceptance
  • A swipe is still CP, but it is weaker and more likely to create liability issues if the card is EMV-enabled
  • Manual key entry at the counter is typically treated more like CNP in pricing and risk, even if the customer is standing in front of you

If you run a CP business, your biggest operational goal is to keep chip and tap working and to minimize fallback to swipe.

How does EMV change fraud liability for card-present sales?

For CP sales, EMV changes who eats counterfeit fraud when the right technology is not used. If a chip card is present but the merchant processes it through a weaker method like swipe, some fraud losses can shift to the merchant instead of the issuer.

In practice:

  • If your terminal is chip-capable and you successfully process as chip or contactless, you reduce counterfeit fraud exposure
  • If your store is still swiping EMV cards, you are taking on extra risk and can also trigger extra program fees depending on the network and your setup

This is one reason terminal selection and POS configuration matters. In CP, your hardware and how it is configured can be the difference between a manageable chargeback rate and an expensive problem.

How does fraud liability work for card-not-present sales?

For CNP sales, the merchant typically carries more fraud liability because the issuer cannot confirm the card was physically present. If you accept an online transaction that later becomes a fraud dispute, the default outcome often favors the cardholder unless you can show strong evidence.

The best way to improve liability position in CNP is to reduce fraud in the first place and use authentication methods that shift or share liability when available.

Common CNP liability tools include:

  • 3D Secure (3DS2) authentication for eligible card programs
  • Strong order verification and fulfillment controls for physical goods
  • Clear billing descriptors and cancellation flows for subscription merchants

If you run subscriptions, you should also understand the card network stored credential rules and how they impact disputes. We covered that in our stored credential framework guide: https://merchantalternatives.com/stored-credential-framework-mit-cit-subscription-billing-guide/

What is the difference between e-commerce, MOTO, and recurring CNP transactions?

All of these are CNP, but they behave differently:

  • E-commerce: website or in-app checkout; can use device signals and 3DS
  • MOTO (mail order / telephone order): keyed entry; often higher risk and higher interchange; limited authentication
  • Recurring: subscription or installment billing; disputes often revolve around cancellation clarity and descriptors

If your provider treats all CNP volume the same, you may end up with pricing that is too expensive for your best traffic and too permissive for your riskiest traffic. A better setup uses different fraud rules and sometimes different MID routing based on channel.

When does a "card-present" merchant still get priced like CNP?

You can be a retail merchant and still get priced like CNP when the transaction is processed in a way that looks like it has no reliable in-person verification. Common examples:

  • Keyed entry at the POS
  • Swipe fallback on an EMV-enabled card
  • Card-on-file transactions captured without proper stored credential indicators

If you see a lot of "keyed" or "manual" transactions, treat it as a cost leak. It often correlates with higher interchange, higher fraud, and higher chargeback pressure.

How does PCI compliance differ for CP vs CNP merchants?

The short answer: PCI scope follows how card data touches your systems, not whether the buyer is physically present.

But CP and CNP merchants tend to land in different PCI validation categories because the technology stack is different.

Typical patterns:

  • CP merchants using validated P2PE terminals can often keep PCI scope tight
  • CNP merchants can reduce scope with a hosted checkout page or redirect, but scope grows if your website serves the payment form or you handle card data directly

If you have an e-commerce site, pay attention to client-side script controls introduced in PCI DSS v4.0 (especially around payment page scripts). We wrote a deep dive on the ecommerce script requirements here: https://merchantalternatives.com/pci-dss-4-0-1-ecommerce-script-requirements/

If you are unsure which SAQ is right, this PCI SAQ explainer is a good starting point: https://www.checkout.com/blog/pci-saq

What does "mixed channel" processing look like for merchants who sell in-store and online?

Mixed channel merchants usually need a setup that keeps channels clean.

At a minimum, you should have:

  • Separate reporting for CP and CNP so you can see effective rate by channel
  • Fraud settings tuned for online, not copied from retail
  • A clear refund and fulfillment policy that covers both channels

Depending on your volume and risk profile, you may also want separate merchant accounts (separate MIDs) so that chargeback pressure in one channel does not poison the other.

If you have any kind of "marketplace" or multi-seller model, the separation question becomes even more important. Our marketplace payments compliance guide covers why: https://merchantalternatives.com/marketplace-payment-processing-payfac-kyc-kyb-compliance-2026/

What questions should you ask your processor about CP vs CNP pricing?

The short answer: you want transparency on what is fixed, what varies, and what triggers risk controls.

Ask these questions before you sign:

1. What pricing model am I on (interchange-plus, flat, tiered), and is it the same for CP and CNP?
2. Are gateway fees and fraud tools bundled, or separate line items?
3. What happens if my chargeback ratio rises for one channel?
4. Do you support 3DS2 and network tokenization, and what does it cost?
5. Can I have separate MIDs for online vs in-store if needed?

If your provider cannot answer these clearly, you will probably find surprises later in your statement.

How can you lower CNP processing costs without increasing fraud?

Lowering CNP costs is mostly about reducing unnecessary risk premiums and avoiding preventable chargebacks.

Tactics that usually help:

  • Use 3DS2 strategically (not on every order) to reduce fraud chargebacks and improve approval rates
  • Clean up descriptors and cancellation flows to reduce "I forgot" disputes
  • Use account updater and network tokenization to reduce declines and involuntary churn
  • Reduce manual keyed entry and move phone orders to secure payment links where possible

If you want the quick version on network tokenization and account updater, start here: https://merchantalternatives.com/account-updater-vs-network-tokenization-guide/

FAQ

Is a card-on-file transaction card-present or card-not-present?

Card-on-file is almost always CNP, even if the first purchase happened in person. Once you store credentials and bill later, you are in CNP rules around stored credentials, disputes, and fraud.

Are contactless "tap" payments considered card-present?

Yes. Tap to pay transactions are card-present, and in most cases they are treated similarly to EMV chip transactions for risk and acceptance, assuming they are processed properly through a certified terminal.

Why are keyed transactions so expensive?

Keyed transactions remove the strongest security signals of in-person acceptance. They are more likely to be treated like CNP, which can mean higher interchange and higher fraud liability.

Does 3D Secure reduce interchange?

Not directly. 3D Secure mainly impacts fraud outcomes and can help with liability shift in some cases, which reduces losses and can indirectly improve your effective cost if you are paying for chargebacks and refunds.

Do I need a separate merchant account for e-commerce vs retail?

Not always, but it can help if one channel has very different risk or refund behavior. Separate MIDs can keep chargeback pressure from spilling across channels and can make reporting cleaner.

Bottom line: Treat CP and CNP as separate risk lanes

You can accept cards in-store and online under one provider, but you should not assume the economics are the same. CP and CNP differ in how fees stack up, how fraud disputes play out, and how much work PCI compliance takes depending on your integration.

You can apply for a merchant account through Easy Pay Direct or another processor that fits your model. Other options worth a look:

Written by 

Tyler Durbin