It should come as no surprise to retail treasury and finance professionals that card-not-present (CNP) fraud has increased since merchants have been gradually rolling out EMV chip terminals. According to a new study by Javelin Strategy & Research, the use of stolen card data to make purchases online jumped 40 percent in 2016.
With identity fraud at the point-of-sale (POS) becoming more difficult, criminals have move online and the numbers have been staggering. Javelin reported that identity fraud was up 16 percent from last year, affecting a record 15.4 million Americans and causing $16 billion in losses.
Another alarming trend Javelin also uncovered is a rise in new account fraud, also believed to be tied to retailers rolling out EMV. Criminals have now taken to opening new credit accounts in an unknowing victim’s name, using stolen information purchased online. Perhaps most troubling about this newer breed of fraud is how long it can go undetected. Victims won’t see the charges on their statements and often only find out when reviewing their credit reports or after being contacted by debt collectors.
Expect the expected
A rise in CNP fraud was inevitable. Fraud always goes where the security isn’t, and nearly every nation that has implemented chip card technology has seen a spike in fraud online. For example, the UK, France and Australia all saw CNP fraud increase following EMV migration.
“Given what we have heard from other countries that have implemented EMV, I’m not surprised to hear that fraud has now begun to shift from POS to CNP transactions in the U.S.,” said Magnus Carlsson, AFP’s manager of treasury and payments.
It need not be this way, however. There is nothing stopping online retailers from implementing greater authentication for card purchases. Experts recommend that ecommerce merchants invest in tokenization to authenticate customers. Additionally, investing in fraud monitoring and behavioral analytics can help retailers see buying patterns.
Some retailers have adopted these methods. But with CNP fraud steadily rising, it’s gotten to the point where all ecommerce merchants should make some changes if they want to cut down on illicit transactions.
Still, fraudsters have found workarounds for this too. Javelin found that mobile phone hijacking nearly doubled last year. This is done to intercept email and text messages used to authenticate transactions. “It's because people get alerts and notifications and one-time passwords sent to their mobile phones,” said Al Pascual, research director and head of fraud and security at Javelin Strategy & Research. “Criminals know that, so they take over the phone account to intercept messages and passwords that let them compromise those people’s financial accounts.”
On a positive note, Javelin pointed out that while e-commerce shoppers are at a higher risk compared to other segments, 78 percent of victims detected fraud within a week of it occurring. So at the very least, people are being more vigilant in the current threat environment.