The industry analogy is that fraud is like a balloon, you squeeze the fraudsters in one area and they pop out somewhere else.
Sometimes it’s predictable like when chip & PIN was introduced, already high CNP fraud rose still further and x-border fraud levels rose (though not as sharply and as quickly as had been forecast)
Often, however, the fraudster is lurking in the shadows examining where there are weaknesses in the system generally, or a card organisation specifically; for example about 7 years ago when I was heading up the UK & RoI fraud management unit at Visa Europe
we discovered that a UK card issuer system had been responding to multiple authorisation requests against a card account where, on each request, the CVV2 was being advanced incrementally on each submission until the right number was provided and the transaction
Go a few years down the road with 3D Secure adoption more widespread and we find that when merchants and acquirers had implemented the technology and were benefitting from the liability shift they were turning off all of their previously employed fraud prevention
tools and that resulted in higher levels of fraud than would have been the case if they had kept those tools ‘turned on’.
Fraud management and prevention is a tough job. Fraudsters are quick to spot weaknesses, do not have to endure long lead times to take their initiatives to market (unlike the banks working in the opposite direction) and they know that card crime is not
the highest priority for law enforcement agencies.
Constant vigilance, utilising every tool at your disposal is very much the order of the day in the fight against fraud.