“Publicly available estimates of the actual cost of CNP fraud vary considerably, with estimates of the global scale of e-commerce fraud losses ranging from $25 to $40 billion.”
Card not present (CNP) transactions are the primary payment method for e-commerce sales around the world, either used directly by the consumer, or via a virtual wallet. The convenience of online shopping has grown e-commerce sales globally. Unfortunately, e-commerce is equally attractive to fraudsters, particularly as the global rollout of the EMV (Europay, MasterCard and Visa) chip card standard has curtailed point-of-sale fraud.
According to the Global Fraud Index™ (a PYMNTS.com (What’s Next Media and Analytics, LLC) and SIGNIFYD Inc. collaboration), global e-commerce fraud peaked during the Q4 2015 and Q1 2016 period at 5.5% of sales and as of the Q1 2017 and Q2 2017 period stood at 3.85% of sales.1 Publicly available estimates of the actual cost of CNP fraud vary considerably, with estimates of the global scale of e-commerce fraud losses ranging from $25 to $40 billion. The US is currently facing a significant increase in CNP fraud due to the EMV rollout.
As reported, a series of mass compromise events at major retailers flooded the dark web with information necessary to perpetrate CNP fraud schemes. This data was further enriched using information from previous breaches (such as social media passwords, personally identifiable data from a credit reporting agency, or public records from a firm like LexisNexis®), effectively giving CNP fraudsters the keys to the credit card information including bank identity number, personal authorization number, expiration date and the card verification value (CVV – the three- or four-digit card security number). Fraudsters have also been able to obtain the personally identifiable card holder data and Knowledge- Based Authentication (KBA) questions and answers necessary to successfully pass step-up and/or out of band authentication and to evade detection logic software.2
Both merchants and card issuers invest significant resources in managing CNP fraud. Over time, recommended practices for preventing, identifying and mitigating CNP fraud have emerged. Our analysis of client experiences, vendor recommendations and independent assessments points to five common themes in designing a framework for fraud prevention among merchants and issuers:
- An operating model created by design for fraud management;
- Authentication that is customer-centric and multi-factor;
- Omni-channel investment in fraud detection;
- A multi-faceted customer service strategy; and
- Digitization of fraud management operations.
In this blog series, we will examine each of these best practices in detail and will make recommendations as to how companies can bring their own CNP fraud management practices up to date. In the next blog, we will look at different types of fraud management operating models.
- “Global Fraud Index,” PYMNTS.com and SIGNIFYD Inc., October 2017. Access at: https://cloud.kapostcontent.net/pub/0e602198-7647-4ff5-a4e8-9e16eeb1769a/global-fraud-index-q2-2017.pdf?kui=MuD47nlvGWDFbGY0Wg7lMw
- “Everybody Knows: How Knowledge-Based Authentication Died,” Forbes, January 22, 2018. Access at: https://www.forbes.com/sites/forbestechcouncil/2018/01/22/everybody-knows-how-knowledge-based-authentication-died/2/#2a50ff172422