Card fraud rises across Europe - ECB

Card fraud rises across Europe - ECB

The European Central Bank (ECB) has reported an eight percent increase in fraud among cards issued or acquired within the Single Euro Payments Area (Sepa) for 2013.

The total value of fraudulent card transactions amounted to $1.44 billion and is the highest in absolute terms for five years, according to a report issued this week by the ECB.

The 2013 figures also showed changes in the type of frauds committed with 66% of the total value (€958 million) resulting from so-called card-not-present (CNP) payments made via the internet, post or phone. Indeed, CNP fraud was the only type of fraud loss to record an increase from the previous year, a rise of 20.6% compared to ATM and PoS fraud which both fell by 13.7% and 7.9% respectively.

The ECB report attributes the fall in card present fraud to the near complete adoption of EMV standards within Sepa and the growing adoption rate among terminals outside of Europe. The report also warns that CNP fraud could continue to rise unless necessary mitigation measures were adopted, such as the guidelines issued by the European Banking Authority (EBA) and the Eurosystem for secure internet payments and card payment oversight respectively.

The ECB's recommendations are supported by a recent report issued by analytical software company FICO based on data from Euromonitor International that recorded a 6% increase in card fraud across Europe for 2014. The FICO report also cites the positive influence of EMV technology in reducing card fraud, highlighting the fact that 47% of fraudulent cross-border debit transactions from the UK involved the US where migration to EMV standards has been beset by delays. The majority of US business must employ EMV technology by October 1st or else face liability for any losses from magnetic strip technology.

“Banks in the UK and most of Europe adopted EMV technology years ago, so it may appear that they have little to worry about from mag-stripe fraud,” says Martin Warwick, FICO’s fraud chief for Europe. “However, the trends suggest that any European plastic card can be targeted, as criminals try to ‘fill their boots’ before the US finally shuts the door on skimming fraud.”


Comments: (10)

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 22 July, 2015, 16:23Be the first to give this comment the thumbs up 0 likes

Does anyone know how the actual loss is distributed between cardholders, issuers, acquirers and merchants? I assume the merchants take the biggest hit for CNP due to not using enough fraud protection and getting chargebacks.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 22 July, 2015, 17:03Be the first to give this comment the thumbs up 0 likes

Does anyone how much extra revenues merchants gained by not being overzealous about security, causing too much friction and suffering from shopping cart abandonment?

Mitigating Fraud Does Not Pay The Bills

A Finextra member
A Finextra member 22 July, 2015, 18:27Be the first to give this comment the thumbs up 0 likes

Although just 2% transactions were acquired outside SEPA they accounted for 22% of all fraud. Although EMV conversion may help, I don't believe that's all that needs to be addressed.

Sorry to be looking at data that is a year old though ..

Adam Nybäck
Adam Nybäck - Anyro - Stockholm 23 July, 2015, 10:05Be the first to give this comment the thumbs up 0 likes

The Stripe approach seems to be quite successful and a good balance between security and convenience. Is this the recommended method to prevent fraud while keeping revenue for CNP transactions?

https://support.stripe.com/questions/does-stripe-support-3d-secure-verified-by-visa-mastercard-securecode

James Bell
James Bell - IBM UK LTD - London 23 July, 2015, 10:55Be the first to give this comment the thumbs up 0 likes

@Adam - I can see where Stripe are coming from with that but I think there is something quite missing from their answer there - liability shift. If fraud occurs and the merchant used 3DSecure then the liability for the fraud switches away from the merchant onto the consumers card issuer bank (e.g. by authenticating the transaction with 3DSecure, the card issuing bank is directly saying it is 'ok' to proceed). CVV/AVS check does not provide liability shift so presumably if using Stripe, merchants are liable and take the losses/fines from any Fraud?

As a general comment on this article, any idea why we are looking at 2013 data rather than anything more recent?

 

James Bell
James Bell - IBM UK LTD - London 23 July, 2015, 10:56Be the first to give this comment the thumbs up 0 likes

N.B. I'm not advocating that 3DSecure usage would result in a better deal for the merchant given the negative impact on conversion for which Stripe have a fair point but liability shift should be part of the conversation

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 July, 2015, 11:16Be the first to give this comment the thumbs up 0 likes

@AdamN: TY for sharing this Stripe link. I've added it as a comment below my post. I'm glad that I'm not the only one harping about how the push for greater security can result in lost revenues. Well before Stripe, other PSPs have advocated CVV / AVS checks as a tradeoff between security and convenience. Just that regulators in some countries (e.g. India) pushed ahead with 3DS and stuck to their stand despite receiving feedback about loss of revenues caused by 3DS friction whereas regulators in some other countries (e.g. USA) didn't. In extreme cases, the Indian regulator actually went on record saying "security first, convenience later". There are examples of SaaS and ecommerce companies who relocated outside India just to avoid the burden of 2FA / 3DS.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 July, 2015, 14:25Be the first to give this comment the thumbs up 0 likes

@JamesBell: I know you're stating the "party line" but banks have as much to lose (interchange fees) due to friction as merchants (revenues), so I'd support merchants if they made a case for shared liability when 3DS is absent. On a side note, I've often wondered the same thing about lack of recent fraud data as you.

James Bell
James Bell - IBM UK LTD - London 23 July, 2015, 15:431 like 1 like

Haha I wasn't meaning to tow the party line, was just meaning to point out its another thing in the consideration of 3DS on top of Stripes FAQ. Personally I am no fan of 3DS however the 'passive' 3DS does not intercede on the UX as much (it only challenges if it considers it risky)

Balasubramaniam Gd
Balasubramaniam Gd - DBS - singapore 31 July, 2015, 07:42Be the first to give this comment the thumbs up 0 likes

Mobile wallets will only increase avenues and scope for this menance of CNP Fraud increasingly and disrupting the entire philosophy of the mobile wallet. It is believed  globally only 4% of these alerts are actually looked at by banks. Others choose to write it off because of (1) Volumes (2) transcation value (3) Cost of chargeback which unfortunately still manual

Featured Job
All Jobs »