What you need to know?

E-commerce is a safe way to transact. It is one of the most secure environments to purchase and pay for goods and services, and one of the fast growing sales environments in the U.S.

“According to a report from the U.S. Department of Commerce, U.S. online retail sales nearly quadrupled in the decade from 2005-2015, and today account for roughly $340 Billion and 10.6% of total retail sales.”


How do payments work in the e-commerce environment?


What types of payments are considered e-commerce payments?

Payments that are initiated through an online web browser via a specific retail website, browser-based payments from a tablet or smartphone, and smartphone payments that are initiated through a mobile app are all examples of e-commerce transactions. Sometimes the last example is referred to as a m-commerce or mobile commerce transaction.

“Online transactions can take longer because there are several additional steps the payment ecosystem goes through, including fraud algorithms.”

Why do online payments take longer to process?

In brick and mortar stores, payment transactions take a mere three to four tenths of a second because the cardholder and card is present for the interaction. Online transactions can take longer because there are several additional steps the Payment ecosystem The current state of the payments infrastructure in the United States. goes through to account for the Card not present (CNP)When a credit or debit card is not present for the payment transaction. Most often used in the e-commerce environment.transaction. These include algorithms which look for fraud and risk scoring behind the scenes of the online transaction.

Because there is no open standard payment algorithm for online payments, merchants have been at the forefront of creating and implementing their own risk-based assessments to improve online security. Many have also filled the void by using their own EncryptionThe process of encoding a message so that it can be read only by the sender and the intended recipient and TokenizationTokenization is the process of replacing one number with another unrelated number. solutions.


Card Present (CP) v. Card Not Present (CNP)

As e-commerce is one of the fastest growing platforms, most merchants are taking some form of their business online. There are several security features we can know about a customer in the e-commerce space that we don’t know in-store, which results in a more secure environment. Additionally, there are different security technologies to mask and secure data in an online environment that have been tried and tested.

“A merchant needs to know that users, internal or external, are who they say they are, and that they have permission and the funds available to make purchases.”

Historically, merchants have paid higher fees on e-commerce (CNP transactions) despite having to bear the majority of fraud losses on those transactions. Nowadays, online and mobile commerce can be a more efficient platform to shop in and thusly, card acceptance shouldn’t be nearly as costly.

According to the October 2016 Nilson Report (#1096), “fraud losses to merchants occurred overwhelmingly from CNP transactions, and the problem is aggressively worsening. Losses to CNP fraud on general purpose card brands were $5.65 billion. This included 41.2% of all fraud among general purpose card brands in the U.S. . . . . By the first quarter of 2016, CNP fraud had already overtaken all other fraud among general purpose cards in the U.S.”

More Than 50% of All Fraud Losses Worldwide are Tied to CNP Transactions. However, CNP Volume Accounts for Less than 15% of Total Volume Worldwide.


The changing payments landscape where a customer might choose to buy something online and pick it up in store or purchase an item in store using a web-based mobile phone application is blurring the lines of CP v CNP. As commerce evolves so, too, will the paradigm between CP v. CNP payments need to transform.


Security features

E-commerce security

The basic needs of Web and regular brick and mortar card present security are similar. A merchant needs to know that users, internal or external, are who they say they are, and that they have permission and the funds available to make purchases.

Sometimes when you visit a website, you have the ability to store your credit card information or set-up a recurring payment (i.e. for utilities). In this instance the merchant has your card-on-file and can make your next shopping experience more efficient by not requiring you to re-enter all your information.  Credit card information is not stored in a readable format. It is always encrypted and passed through the merchant processing system.

Trending in Online Fraud

If the US follows the same trends as the UK did following the transition to EMV chip cards – which only help mitigate counterfeit in-store, or card-present, fraud – online fraud is expected to continue to grow by a staggering amount, with some experts estimating as high as 300%, according to Internet Retailer, referencing a report by Aite Group.

“Merchants bear anywhere from 70 to 100 percent of all e-commerce fraud losses according to multiple Federal Reserve studies.”

Trending in Digital Fraud

According to 2016 reports from Kount and respectively, fraud on mobile transactions is up over 12%, and fraud attacks on the US are up 11% overall, which includes an increase in fraud attacks in the digital goods space of over 300%.

Who pays for fraudulent e-commerce activity?

Merchants bear anywhere from 70 to 100 percent of all E-commerce fraud Fraud that exists in the e-commerce space. losses according to multiple Federal Reserve studies.

Sign Up

Want more information and to stay up to date about payments?

  • This field is for validation purposes and should be left unchanged.