Site icon Merchant Fraud Journal

Card Not Present Fraud: How Companies Lose Nearly $10 Billion Per Year

Card not present fraud (CNP fraud) is when someone makes a purchase with a debit or credit card online without the permission of the legitimate card owner.

According to the Merchant Risk Council, fraudsters already have the information they need to make a purchase from more than 80% of the credit cards in existence. Given that shocking statistic, it’s little wonder that card not present fraud costs almost $10b to US consumers. In fact, it’s almost shocking that the figure is not higher.

In this article we discuss:

[optin-monster-inline slug=”dvzjzd6yfp77f5n85mxn”]

What Is Card Not Present Fraud?

Card not present fraud is a type of transaction where a credit card is used to make a purchase without presenting the physical card to the merchant at the point of sale.

E-commerce fraud is the most common type of CNP fraud. However, the term refers to any credit card transaction where the card is not physically presented to the merchant in order to complete the transaction — such as mail order fraud and phone fraud.

Preventing card not present fraud is difficult because merchants cannot use the card’s physical safety features, such as the chip and pin EMV security features, and point of sale PCI compliance standards that are used in card present fraud.

Moreover, in a card present transaction where a fraudster successfully bypasses EMV technology, the merchant is generally not liable due to the EMV store owner fraud liability shift. This is in contrast to CNP fraud, where merchants are forced to return the money from a transaction when a card holder successful claims it was fraudulent, a process commonly known as a chargeback.

The Impact of Card Not Present Fraud on Businesses

Though people often focus on the way Card Not Present fraud affects individuals, it’s also important to step back and look at the impact on businesses and the economy at large. When businesses lose money due to fraud, they have to raise prices, cut wages, or reduce their workforce to account for the losses. Though it’s difficult to track the exact financial costs, fraudulent chargebacks alone are estimated to cost businesses roughly $40 billion per year. That number is expected to rise dramatically over the next few years. 

While the direct financial impact of fraud cannot be ignored, there are also other consequences at play. False-positive decline rates are on the rise, as merchants are desperate to protect themselves and their customers from fraudulent purchases. Consequently, when many innocent customers go to the checkout, their cards get declined by stringent card not present fraud prevention rules. These declines not only cause a headache for cardholders, but they also prevent millions of legitimate transactions from taking place every year.

CNP fraud also creates a disconnect between businesses and their customers. When a data breach occurs, it costs businesses a lot of money to try to rectify the issue. Moreover, the loss of consumer trust and loyalty can cause even greater revenue decline over the long term. This means that Card Not Present fraud can cause devastating losses due to loss of brand reputation—especially if a consumer goes onto social media to tell other potential customers to avoid a merchant because their data wasn’t secure.

Merchants with too many chargebacks end up in the high-risk merchant accounts pool. At a minimum this raises the merchant’s card processing fees. At worst, the merchant can lose their ability to process credit and debit card transactions entirely.

How Does Card Not Present Fraud Work?

Successful fraud attempts have increased by an average of 44%-48% since 2019, according to research from LexisNexis.

Card not present fraud works by tricking merchants into believing a transaction is legitimate when in fact the person initiating it does not intend to pay. Two broad categories of CNP fraud exist: Traditional e-commerce fraud which is performed by unauthorised cardholders, and friendly fraud which is performed by the authorised card holder.

Traditional e-commerce fraud occurs when a fraudster steals enough information about a cardholder’s account to use it for online purchases. This type of information is commonly available on the dark web. Fraudsters use the dark web to dump credit card information illicitly obtained via hacking, trade information about how to successfully prosecute individual attacks against merchants, and even franchise out known models of committing large-scale fraud operations.

Friendly fraud is when the authorised cardholder makes a purchase, but then fraudulently claims they did not authorise the transaction. Friendly fraud is difficult to detect because all of the the order details look exactly like a legitimate order.

Either type results in a chargeback.

The cost of chargeback fraud is passed onto the merchant because the bank is financially incentivised to indemnify card holders from fraud in order to encourage their use, and because e-commerce merchants have no choice but to accept credit card payments regardless of the potential fraud risk.

How Do You Prevent Card Not Present Fraud?

Fraudsters are sophisticated, and so the best defense against card not present fraud is an omnichannel ecommerce fraud prevention strategy that uses an algorithmic e-commerce fraud prevention solution, combined with a strong team of human analysts that specialize in knowing your specific industry trends and system vulnerabilities.

One of the biggest mistakes made by merchants is ignoring the effect of false declines (declining legitimate orders incorrectly labeled as fraudulent) and friendly fraud. Chargebacks feel like theft, so there is a natural tendency to focus on preventing them. However, turning away legitimate orders, and failing to identify and stop repeat friendly fraud attacks, is far more costly. Not only is the absolute value of dollars lost higher, but there is a huge knock-on effect due to the loss of good will with legitimate customers and the virality of poor customer experiences as a drag on corporate reputation.

It is far more important for companies to focus on fraud prevention measures that achieve business objectives. The goal should not be to prevent theft — it should be to maximize overall profit.

No card not present fraud defenses are foolproof, but setting up any type of card not present solution creates a deterrent effect. Fraudsters like the path of least resistance, and there are millions of potential targets on the internet that don’t take fraud prevention seriously. If your store presents friction, thieves will often choose to find a softer target.

How Do Fraudsters Steal Credit Card Information?

According to the latest U.S. census, roughly 13.6% of all sales occur online. This figure has more than doubled over the past decade, and it will likely increase at an even faster rate in the coming years. Since making purchases online is so prevalent (and requires very little information), it’s now easier than ever for cyber-criminals to use your credit card — without ever laying a finger on the card itself.

While there are various ways that criminals can commit CNP fraud, there are three primary avenues that allow fraudsters to steal and use your credit card information:

Different Types Of Card Not Present Fraud

There is no single type of card not present fraud. In reality, CNP fraud occurs in a number of ways, including the creation of fake identities, the use of card-based payment methodologies other than credit cards, and even some instances where no credit card information is stolen at all.

How to Detect Card Not Present Fraud

While Card Not Present fraud is a real and dangerous threat to individuals, businesses, and banking institutions, there are ways to fight the problem before it starts. However, even under the best of circumstances, there’s always the chance that your sensitive data could be leaked or hacked without your knowledge. Therefore, it’s also important to know how to both detect and prevent card not present fraud:

What Is the Best Card Not Present Fraud Prevention Tool?

Card not present fraud is a major problem for consumers and merchants alike. However, the scope of the issue has given rise to a number of solutions merchants can use to protect their stores against fraudsters.

The top e-commerce fraud prevention tools all use advanced machine learning algorithms, large consumer networks, and expert human fraud analysts to detect and prevent card not present fraud. They also offer complete chargeback guarantees that will reimburse merchants for chargebacks they receive on approved orders.

For a full list of the card not present fraud prevention tools currently available, click here.


Sources:

https://www.washingtonpost.com/business/think-your-credit-card-is-safe-in-your-wallet-think-again/2019/09/11/05e316e4-be0e-11e9-b873-63ace636af08_story.html

https://www.census.gov/retail/mrts/www/data/pdf/ec_current.pdf

https://www.businesswire.com/news/home/20190102005011/en

 

Exit mobile version