As all investors know, there can be no reward without risk. With volumes rocketing, card-not-present (CNP) payments offer the potential to generate handsome rewards. But in parallel, the risk of fraud is escalating and CNP fraud now accounts for around
73% of total card fraud. This blog considers how payment providers can balance the risks and rewards of a flourishing market.
The ubiquity of online and remote shopping has driven the exponential increase in CNP transactions. Although the pandemic forced the pace, CNP transaction volumes continue to rise and are estimated to reach $5.2T by 2023. People have grown accustomed
to CNP transactions and value the convenience of paying for goods and services remotely. In parallel, merchants and banks have adopted and encouraged mobile wallet and card-on-file solutions that remove the need for a card to be present. The truth is that
CNP payments offer benefits all round and are here to stay. But this progress comes at a cost.
Criminals have also seized CNP as an opportunity and with an almost 10 basis point fraud rate, meaning that CNP fraud contributes to 73% of total fraud loss volume. While it may be tempting to consider that loss as a cost of doing business, it is much
worse than that. A rise in fraud is a major threat to a payment intuition’s brand and reputation. Customer trust that has been hard earned over a long period of time, can disappear overnight as can the customers themselves. Banks with high rates of fraud experience
higher customer attrition, higher cost of customer acquisition, and lower customer spend.
Fraud Comes in Many Forms
All payment providers have duty to protect customers from fraud and they need to step up step up their efforts to identify and combat CNP fraud. However, most existing fraud models are not tested for CNP transactions on secondary networks and many banks
need to upgrade their fraud solutions. Always prevention is better than cure and many banks need to make this a priority. Although fraud comes in many forms, bank need to address five major categories:
Phishing. A type of social engineering, phishing occurs when attackers deceive cardholder into revealing sensitive information that can be used to commit fraud. Phishing is the most common type of cybercrime and financial institutions are the most
frequently attacked account for 27.7% of phishing scams.
Chargeback Fraud. Also known as a “friendly fraud” because the fraudster is also a customer, this occurs when a customer makes a false chargeback claim. For example a customer may claim not to recognise a payment on their credit card statement and
pursues a chargeback with their bank, despite having made the purchase.
Triangulation Fraud. This is a type of CNP fraud that is increasing by 10% every year.Typically the fraudster sits between a legitimate customer and a retailer. The fraudster intercepts the customer’s payment while they are making a purchase. They
take the money and often steal the customer’s credit card details and other personal data. Triangulation fraud can involve several parties and happens in several ways. However, the unique aspect of this sophisticated crime is that customer orders and receives
an item and so is unaware they were involved in a scam.
Card Application Fraud. This crime is at its highest ever level and in the UK alone it increased by 18% in the fourth quarter of 2022. The increase is partly due to the acceleration of credit approval processes. Criminals apply for credit using
a stolen identity the max out of the credit agreement. By the time the crime is detected the criminal is long gone. Although not a new crime, the incidence of application fraud is increasing, and criminals are using an array of sophisticated tools and technologies
that make prevention more difficult.
Fraud Is Not a Victimless Crime
Increasing CNP fraud has a very negative impact on the customer experience. But winning the battle against fraud requires commitment, persistence the right technology. Success is a moving target and it’s always necessary to strike a balance to minimize losses
from CNP transaction fraud, while minimizing fraud risk and false declines.
Research suggests that 20% of cardholders stop card use after more than one false decline within six months. Moreover, statistics reveal a 15% drop in average monthly spend after a second false decline. Banks with higher rates of false declines experience
increased rates of customer attrition, and a reduction in average customer spend. As fraud rates increase, everyone loses.
Card Security Checks
To help reduce fraud for CNP transactions, the major credit card companies implemented authentication systems to ascertain if the credit card used in a transaction is actually in the possession of the owner. Knowledge of the card security value – known as
CVV/ CVC (Card Verification Value/Code) is essential to complete a transaction. In many countries it is now mandatory to provide this code when the cardholder is not present during the transaction.
While card security checks offer a step-change improvement in fraud prevention, minimizing losses from CNP fraud requires a solution focused on ID verification and advanced analytics. In order to drive maximum value from processing solutions, every bank
must choose a processing partner that can combine competitive pricing with the ability to optimize authorization rates.
At FIS, we are committed to optimizing the digital, ecommerce experience, while securing the ecosystem for financial institutions and merchants. We have invested in additional fraud rule and innovative predictive modelling capabilities focused on card enumeration
attacks on card Issuers. Ecommerce threat disruption tools have been rolled out to merchants to help identify and prevent malware on ecommerce websites that can often become the attack surfaces for various CNP fraud schemes. Bringing both sides of the ecosystem
together, we have created trusted consumer programs with e-commerce merchants who share additional data to validate and streamline authorization approvals for legitimate transactions with no incremental fraud risk to payment providers and card Issuers. Additionally,
FIS is working closely with the industry, network partners, and public authorities to share fraud intelligence, trend data, and best practices in an effort to quickly identify emerging threats and shut them down.
 Federal Reserve, 2023 values projected on historical Fed analysis
 Federal Reserve and E-Marketer
 Federal Reserve and E-Marketer