Think You Understand Card-Not Present Fraud? Think Again.

For online merchants, card-not-present fraud is a viable threat to their revenue. Unfortunately, most eCommerce merchants don’t fully understand the realities of this ever-present danger.

The recently released True Cost of Fraud report revealed that for the first time, card-not-present merchants lost over 1% of revenue to fraud.

The bad news? The situation is only going to get worse.

The Top 10 Things You Need to Know about CNP Fraud

Any merchant considering card-not-present transactions or currently immersed in the eCommerce environment must know these ten things about fraud.

No-1 Fraud is a broad term.

Ask five merchants to define ‘fraud’ and you’ll likely get five different definitions—and they’ll all be right. That’s because fraud covers a wide range of activity and can include various methods employed by criminals to steal from others. Some of the activities under the ‘fraud umbrella’ include:

  • Friendly fraud
  • Lost/stolen merchandise
  • Unauthorized transactions/stolen identity
  • Fraudulent requests for returns

Merchants who focus solely on preventing unauthorized transactions are leaving the door open to criminals who engage in one of the other types of fraud. More than simply dealing with ‘fraud,’ merchants need to engage in a systematic, comprehensive approach to protecting their profits from each type of fraudulent behavior.

No-2 Fraud rates can change.

Every year, agencies such as LexisNexis release detailed reports outlining the incidence of fraud and its effect on merchants. The 2015 report details what financial experts have suspected: card-not-present fraud rates are growing.

The current amount of revenue lost to fraud was a 94% increase over the previous year. If this trend continues, profit loss will grow exponentially over the next five years. Some experts estimate as much as $2.1 billion in losses by the year 2018.

The 2015 report also shows that, while the rate of overall revenue loss has escalated, the costs per fraud incident has declined to the lowest rates in six years. Costs are now just $2.23 per dollar of fraud (a drop from $3.16 the previous year).

The reality is that if fraud is declining in one area, it almost certainly is growing in another. Fraud rates and statistics fluctuate. Merchants shouldn’t relax their prevention standards just because it seems like risks and liabilities seem to be decreasing. Constant vigilance is essential.

No-3 Fraud filters aren’t a comprehensive solution.

Merchants often use fraud filters to help reduce their risk. These tools can be useful, however they aren’t an all-encompassing solution.

Fraud filters are based on automatic programming that can only flag transactions that meet particular criteria. It is up to the merchant to verify a majority of the transactions through a manual process. With up to 75% of transactions identified as potential fraud, merchants must engage in a time consuming process of determining the validity of each transaction.

Even with a merchant’s manual review, a significant portion of declined transactions are actually false positives. This causes unnecessary revenue loss. Professionals can provide intelligence that helps fine-tune fraud filter rules, improve the efficiency of the review process, and experience fewer false positives.

No-4 Ineffective solutions are needlessly expensive.

It’s the antithesis of the adage, “You’ve got to spend money to make money.” Merchants have to spend money to save money.

Some large ecommerce merchants use as many as five fraud mitigation systems and spend hundreds of thousands of dollars a year for protection. However, the industry in general is still seeing record-breaking fraud liabilities. This proves one thing: the only expensive solution is the one that doesn’t work.

Paying for fraud prevention that works is one thing. Paying for fraud prevention that doesn’t work is quite another.

No-5 EMV can hurt card-not-present merchants.

For card-present merchants, the Europay MasterCard Visa (EMV) chip cards will make it virtually impossible for criminals to use counterfeit cards. While this is good news for traditional brick-and-mortar merchants, it’s bad news for online businesses.

Criminals will look elsewhere to use their ill-gotten card numbers, bringing them straight to the card-not-present merchant’s door.

Countries already utilizing the EMV technology experienced staggering growth in card-not-present fraud, some reports indicating as much as a 79% leap in fraud costs once the new card processing standards were in place.

As the United States finalizes the transition to the new card processing standards, merchants should be prepared for what could be a barrage of fraudulent attempts on the card-not-present environment.

No-6 Chargebacks result from three types of fraud.

All fraud can be organized into three categories. When chargebacks are issued, one of these three triggers is to blame.
merchant-fraud

    • Merchant Fraud: Merchant fraud can happen as a result of merchant error, mistakes in processing, or purposeful misleading of customers. This type of fraud was the basis for the development of the chargeback process, and can typically be prevented through the adherence to best business practices.

criminal-fraud

    • Criminal fraud: The most talked about form of fraud, criminal fraud occurs when a criminal steals either a cardholder’s identity or account information. This information is used to purchase items or services at the expense of another. The cardholder appears to be the victim in this type of fraud, but cardholders can initiate a chargeback, eliminating their financial loss. In this case, merchants are the unwitting victims of criminal fraud, losing the revenue from the sale, forfeiting the items sold, and paying additional chargeback fees.

friendly-fraud

  • Friendly Fraud: The most common form of fraud, friendly fraud is the result of an otherwise loyal customer contacting the bank to dispute a credit card charge. A variety of reasons can lead a consumer to engage in friendly fraud, and merchants must address each of these reasons to prevent unnecessary revenue loss.

No-7

Outdated standards can’t keep up with the growing fraud problem.

 

Originally established in the 70’s, chargeback guidelines haven’t changed much in the last forty years. In an era that gave us cell phones, online banking, Apple Pay, mobile commerce and other technological advances, the commerce industry has seen dramatic changes in how payments are handled.

A process that was designed before the internet was even a consideration have no possible way of keeping up with the fraud that has developed with the new technologies.

As technology continues to evolve, criminals will continue to find new ways to exploit that technology for their own gain, leaving merchants with outdated policies as their only backup.

No-8 Consumers have identified loopholes.

Consumers are looking for solutions that fit their lifestyle. Often, this means that the inconvenience of making a return becomes more than a consumer is willing to deal with.

Research conducted by payment industry experts found cardholders admitted that 81% of chargebacks were filed out of convenience, as a method of forcing a return without the hassle of contacting the merchant.

Additionally, 86% of chargebacks are filed fraudulently. Consumers initiate a chargeback without first contacting the merchant in an attempt to resolve the problem.

No-9 Banks aren’t helping the situation.

In an effort to placate consumers, banks offer zero liability coverage. While this is a bonus for consumers, it often inadvertently incentivizes friendly fraud.

Banks don’t engage in sufficient due diligence when illegitimate chargebacks are requested. Under the guise of “the customer is always right,” friendly fraud continues to flourish.

No-10Merchants trying to fight fraud alone are facing a losing battle.

In-house, DIY chargeback management is, by far, the least effective option available to merchants. There are several reasons why their efforts don’t produce sufficient ROI.

  • Merchants fighting fraud are forced to use their own resources to deal with this growing problem. These resources should be spent growing the business.
  • To keep up with card networks’ changing regulations, merchants must spend time verifying current standards and learning the new processes.
  • Automated programs are unable to detect professional fraud rings that cause an otherwise successful business to flounder. Automation is also susceptible to errors, errors that need human analysis to detect.
  • The rapidly changing ecommerce market leaves merchants vulnerable to criminals seeking new avenues in the card-not-present marketplace.

For merchants trying to maintain revenue and hold on to profits, cost effective methods of preventing fraud and fighting chargebacks can be as simple as contacting a professional.

If you need help managing card-not-present fraud, now is the time to act.