Fraud is an issue as old as the banking industry, but it’s still one that companies cannot afford to be complacent about. And one area that needs to be a high priority in the near future will be card-not-present (CNP) fraud, which is on the rise.
A recent report from Research and Markets said that ecommerce providers in the US have been drawn into a “perfect storm”, where the rapid growth of online sales has coincided with the transition to EMV, which is making card-present fraud more difficult.
Therefore, fraudulent online transactions have become increasingly attractive for criminals, who have become highly adept at using technology and stolen payment card details.
No-one should be surprised by this, as this shift in tactics has been entirely predictable. Make it harder for fraudsters to use one particular method and of course they’ll switch their efforts elsewhere. Fraud is never going away completely, so it will be incumbent on everyone involved in the retail and payments industries to step up and make it as hard as possible for criminals to succeed.
What can merchants do?
Tackling this requires a collaborative effort, with both card issuers and merchants having parts to play. On the retailers’ side, the focus needs to be on improved authentication. Two-factor authentication tools, such as Verified by Visa or Mastercard SecureCode, can play an important role in this, as they ask for additional information that someone in possession of stolen card details is unlikely to have.
Other red flags for potential CNP fraud include where the billing and shipping addresses provided do not match, the use of multiple cards from a single IP address, or requests for urgent shipping.
Of course, there could be any number of legitimate reasons why a genuine customer might show this behavior, which is why it’s important that any efforts do not lead to false positives that inconvenience actual customers.
The role of issuers
For card issuers, taking advantage of technology is also vital. Financial institutions gather huge amounts of information on the usage habits of their customers, so the use of big data to identify potentially fraudulent transactions will be a must. While merchants may be able to spot deviations in spending patterns to some degree for repeat customers, the data banks have on their customers may be far more wide-ranging.
Other technology steps could also help. In 2016, for example, French bank Societe Generale started offering customer cards with dynamic CVV codes that use an e-paper mini screen and change every hour – so even if a fraudster gets hold of this information, it will quickly become useless.
Greater use of biometrics could be another option. Mastercard’s Identity Check Mobile, for example, is one such solution currently being trialled, which enables people to verify their identity via a fingerprint scan or even by taking a selfie to enable facial recognition.
With it becoming harder for criminals to successfully complete card-present fraud in the US, banks and merchants must ready themselves for higher number of attempted CNP attempts – and everyone involved in ecommerce has a duty to tackle it.