CNP fraud card not present fraud

With the ongoing rollout of chip-and-PIN (also known as EMV) cards in the U.S., there are high expectations that card payment fraud occurring at the retail point of sale (POS) will finally begin to see a decline during this year’s holiday shopping season. This is welcome news, as a Barclays research note issued in May 2015 found that the U.S. is responsible for 47 percent of the world’s card fraud while contributing to only 24 percent of overall global card transactions.

The disproportionately high volume of card payment fraud originating in the U.S. has grown over the years as other countries have been replacing easily counterfeited magnetic stripe cards with EMV technology. As more card payment networks around the world have become more secure, fraudsters have increasingly turned to the U.S. as an easy target due to its lack of strong security measures. However, there is hope that this trend will start to reverse as American card issuers and merchants upgrade their systems.

Card-Not-Present Fraud on the Rise

Although POS payment fraud is expected to decline, there are still concerns about card-not-present (CNP) transactions, such as in the growing eCommerce sector. After EMV is implemented within a country, there is typically a noticeable spike upward in the rate of CNP fraud that occurs. This is not surprising, since criminals will generally seek the path of least resistance when it comes to maximizing their fraudulent returns for their efforts. As it becomes more difficult to counterfeit payment cards as a result of EMV, the investment of time, energy, and resources required makes POS fraud far less appealing.

The proof of this pattern can be seen in countries like Canada and the UK, where EMV has been in use for some time. In Canada, CNP fraud cost card issuers $265 million in 2014 compared to $94 million in 2008, an increase of over 180 percent. The UK saw a year-over-year rise in CNP fraud of 22 percent from 2012 to 2013, with the share of total card fraud losses increasing from 64 percent in 2008 to 66.8 percent in 2013.

Emerging Types of Online Fraud

As online fraud will likely increase this holiday season because of CNP attacks from cybercriminals, noticeable patterns are already emerging. According to ACI Worldwide, some of the most popular avenues for CNP fraud in 2015 are digital downloads (such as virtual gift cards and eGifts), online orders with express and/or international shipping, and online purchases that are picked up in-store. The last option is seeing greater adoption among fraudsters because of the EMV rollout in the U.S. and the fact that retailers do not run payment cards through the system for verification for online orders picked up in the store.

Forter, a company that provides fraud detection solutions for online retailers, has found that online fraudsters are drawn to luxury items with high resale value. These items include Rolex watches, Louis Vuitton handbags, MacBook Air laptops, and the Apple Watch. In addition, some unlikely and unsuspected purchases are increasingly falling into favor with fraudsters. Services like hosting, logo and website design, and search engine optimization have become attractive targets. By using these services, cybercriminals can create more professional-looking and convincing phishing emails and fake websites that allow them to launch more effective attacks on unsuspecting online consumers.

The Need for Prevention and Detection

With CNP fraud on the rise, what can retailers do to protect themselves? Traditional fraud prevention methods can sometimes be too aggressive and result in legitimate customers having their purchases declined. When this happens, the incident is called a false positive. When too many false positives occur, customers may switch to another payment option or abandon their cart altogether out of frustration.

The best approach for online businesses to take in order to reduce their risk from fraud is to use a multi-faceted solution. Fraud has fewer borders than ever before and implementing a systematic, multi-layered approach using complementary tools that work together to create a robust fraud reduction program offers your business a powerful system to protect against CNP fraud.

“This holiday season will be an especially busy one for online fraud,” said Jon Jones, President at Trulioo. “When eCommerce retailers use online identity verification as part of their fraud prevention process, they keep legitimate customers happy with fewer false positives while shutting out fraudsters.”

How is your business protecting itself from card-not-present fraud this holiday season?