The perfect theft: the increase in card-not-present fraud

Fraud has always been an issue in the world of transactions, but since the pandemic, fraud has been on the rise, especially in regards to credit cards.

Digital card-not-present transactions have grown rapidly in popularity because it is an easy and convenient payment method for online shopping. The pandemic and safety concerns have increased contactless card use, accelerating the growth in popularity of CNP transactions around the world. Unfortunately, this has also led to CNP fraud rates increasing. In fact, an Aite Group report projects a 16.4% increase in U.S. CNP fraud this year.

With so much sensitive data readily available on the black market and given the difficulty merchants face when attempting to validate a consumer's identity online, digital CNP transactions provide fraudsters with the perfect opportunity for theft. Cybercriminals typically make fraudulent transactions with stolen consumer credit card information. Some methods by which criminals steal consumer data include skimming, phishing, or purchasing data on the dark web.

How can a card user prevent CNP fraud?

CNP fraud has been exacerbated by two factors: an increase in organized crime schemes and the fact that most widely used anti-fraud tools are not built to look for organized fraud at scale.

Consumers also need to be educated continually on what to look for in regards to fraud so they can protect themselves against the misuse of personal data. Consumers need to be reminded continually to create unique, hard-to-hack passwords across different sites; change existing passwords after a breach; take advantage of free credit monitoring and ID protection services and monitor their credit reports to check for fraud. To avoid falling victim to CNP fraud, consumers must check for safe URLs that begin with with "https://." They should also avoid clicking on email links with sketchy promotions and refrain from providing their credit card information over the phone unless it's an encrypted system.

How can online retailers reduce CNP fraud on their site?

To overcome screening challenges and new organized fraud schemes, merchants should opt for more sophisticated fraud prevention solutions. Having an awareness of security risks is essential as well. It's critical that merchants do their best to verify every online consumer's identity. If possible, merchants should consider partnering with a trusted fraud protection solution that screens every online transaction for fraud.

Online retailers can further reduce CNP fraud by using authentication/fraud prevention systems with rule-based fraud scoring programs to verify customer information, card numbers and CVVs, any history of fraud associated with that data, and other factors to rate the likelihood of a fraudulent order.

Other best practices include limiting the number of times a customer can attempt to enter a matching card and CVV numbers; using geolocation to reduce mobile fraud, and manually reviewing orders. By layering anomaly detection and individual order scoring, merchants can also better protect themselves against both organized fraudsters and lone scammers.

How does monitoring KPIs help in combating fraud?

Monitoring fraud KPIs like order approval rates, chargeback rates, total decline rates etc., helps merchants determine where their fraud prevention solution is falling short and what is effective and working well.

Authentication systems increase the security of transactions and reduce data breaches by making it harder for fraudsters to do their job. Authentication adds extra hoops to jump through for fraudsters looking to compromise customer accounts, making it more difficult for them to use passwords and other card-specific details purchased on the dark web. However, authentication systems can be compromised too since many retailers use the 'knowledge' factor as the preferred layer of security, but unfortunately, that makes it easier to be comprised. All it takes is a little bit of patience and research, and cybercriminals can crack passwords, PINs and even challenge questions.

How do you know if a URL isn't safe?

URLs that start with http:// indicate to consumers that they are not secure, whereas websites that begin with https:// are secure. The difference is the "s" in the address. For popular browsers to consider a web page to be secure, the images and videos must also use secure URLs. Otherwise, popular browsers will not consider the web pages secure.

There's no way for the consumer to know if a web page's images and videos are secure. They would have to trust the company they are dealing with. In the case of providing payment information over the phone, for example, what the consumers can check is if they are being transferred to an automated system (that should be encrypted) instead of providing info directly to the agent.

From a trend perspective as we enter this new year, companies and card holders should be aware of the trends that are increasing when it comes to fraud.

One of the biggest trends which has been increasing since the start of the pandemic is BOPIS (buy online pick up in store). Fraudsters have capitalized on this trend, and fraud rates in this channel rose 250% over the previous year. To reduce BOPIS in 2021, merchants need to implement quicker communication between order systems and store staff and quickly manually review orders that raise any flags.

Another rising trend is call center and mail order/telephone order transactions, which have increased since the pandemic shutdowns among customers who may not have internet access or who aren't comfortable ordering online. These are riskier channels for fraud because telephone and mail orders don't give merchants access to device fingerprints or the user's behavior on the website. Merchants should take extra precaution like asking for extra contact information and taking extra time to verify the transaction in these cases.

As this new year unfolds, organized fraud will keep rising as criminal enterprises continue to exploit the chaos created by the pandemic. Individual fraud will increase as well since the pandemic shutdowns have caused a multitude of individuals to be hurt financially, causing them to commit fraud.

Fraudsters will continue capitalizing on BOPIS habits since there's no shipping address to compare to the customer's billing address and not a lot of time for companies to analyze orders that raise fraud flags.

And old saying used to be "Let the buyer beware" but now should be revised to "Let's all be aware" especially of fraud.