As security gets tighter, fraudsters get sneakier
With the advent of EMV chip cards and digital wallets, card-present transactions (those that take place at a brick-and-mortar location with a physical payment method or digital wallet) have become almost fraud-proof. As a result, scammers and hackers have turned their attention to online and mobile commerce processes. While encryption and tokenization offer some measure of security, these processes are still vulnerable. The more consumers and business owners understand about these risks, the better they’ll be able to defend against fraudsters.
Every year, the amount of transactions taking place online (eCommerce) and via mobile device (mCommerce) increases exponentially. Last year, mCommerce transactions generated $208.1 billion, which accounted for 39.6% of total retail eCommerce sales in the United States. Unfortunately, increased traffic means increased fraud risk, and many businesses are learning too late that fraud prevention tools for eCommerce don’t necessarily prevent fraud in the mCommerce space. In addition, while the majority of consumers default to desktop or laptop for large-scale purchases, fraud attempts for digital goods (e.g., gift cards) are much higher on mobile platforms.
Prevalence of fraud types
Javelin Strategy and Research’s 2018 Identity Fraud study found that card-not-present (CNP) fraud is now 81% more likely than card-present or point of sale fraud. Account takeover (ATO), a form of identity theft that involves the collection of personal data in order to gain access to various accounts, saw a significant increase in 2018. Checking and savings, credit card, and online accounts like Amazon Prime and Starbucks carry the highest takeover rates. And the damage doesn’t stop with the account holders: a fraudster can use a stolen account to make credible purchases from merchants with whom the account holder has successful transaction history.
*a fraudster can hack more than one type of account owned by the same consumer, which is why the percentages add to more than 100%
**statistics from digitalcommerce360.com
Then there’s friendly fraud, wherein customers make legitimate purchases but dispute the charge for various reasons—maybe the item was stolen in transit, a return was attempted but not completed, or the customer doesn’t recognize the merchant’s name on their credit card statement. Whatever the reason, friendly fraud leaves the merchant with a loss of both the sale revenue and the product or service. On the flip side, credit card companies’ zero-liability policies (guarantees that cardholders won’t be held responsible for unauthorized charges on their cards or accounts) don’t always protect cardholders from these new kinds of fraud. Of the $14.7 billion lost to fraud in 2018, the liability of $1.7 billion fell on fraud victims.
It’s a bleak landscape, but not a hopeless one. Consumers and small businesses can lower their susceptibility to fraud with the following preventative steps.
The future of virtual transactions
The global consortium of financial companies known collectively as EMVCo. developed the EMV chip to combat card-present fraud, and is now working to develop a safer payment method for virtual transactions. Secure Remote Commerce will combine tokenization and 3D Secure 2.0 authentication (a verification process that requires customers to approve their banks’ authorization of a purchase) to create a virtual payment terminal that offers “secure and interoperable card acceptance established through a standard technical framework.”
Sounds promising, right? But the question remains: how will fraudsters exploit cardholders next?