Mastercard's Chip Authentication Protocol (CAP), like VISA’s Dynamic Passcode Authentication (DPA), allows EMV compliant smart cards to be used in a card-not-present application to authenticate the user.
A purchase, using an e-Commerce application over the Internet, is a typical card-not-present application. In this kind of transaction, the customer inserts the EMV compliant credit card into a small, calculator sized reader. The card’s owner types the PIN on the reader’s keyboard and receives a one time password to be used with the Internet or telephone transaction. This transaction provides two factor authentication because it proves that the card was in possession of the buyer and the buyer knew the PIN.