According to the Merchant Risk Council, fraudsters already have the information they need to make a purchase from more than 80% of the credit cards in existence. Given that shocking statistic, it’s little wonder that card not present fraud costs almost $10b to US consumers. In fact, it’s almost shocking that the figure is not higher.
Card not present fraud (CNP fraud) is when someone makes a purchase with a debit or credit card online without the permission of the legitimate card owner. In this article we discuss:
- How Do Fraudsters Steal Credit Card Information?
- Different Types of Card Not Present Fraud
- The Impact of Card Not Present Fraud on Businesses
- How to Detect and Prevent Card Not Present Fraud
- What are the Best Card Not Present Fraud Prevention Tools?
How Do Fraudsters Steal Credit Card Information?
According to the latest U.S. census, roughly 13.6% of all sales occur online. This figure has more than doubled over the past decade, and it will likely increase at an even faster rate in the coming years. Since making purchases online is so prevalent (and requires very little information), it’s now easier than ever for cyber-criminals to use your credit card — without ever laying a finger on the card itself.
While there are various ways that criminals can commit CNP fraud, there are three primary avenues that allow fraudsters to steal and use your credit card information:
- Phishing Attacks: A phishing attack is a fraudulent message in which the sender poses as another person or institution in order to gain your trust. For example, you might receive an email that appears to be from your bank. The email will contain a link to a separate website where you would be instructed to provide sensitive information, like your address, credit card number, security code, and so on. However, the site will be designed by the fraudster to steal your information without your knowledge. Then, the fraudster could either use this information to make purchases, sell the data to a third party for a profit, or both.
- Malware: Malware is often a much more direct attack on your personal information. For example, if you visit a suspicious website over an unsecured network, you could expose your device to malware. Once the malware has gained access to one of your devices, hackers gain the ability to steal personal information stored there — including banking or credit card information.
- Physical theft of credit applications: Card not present fraud is an online phenomenon, but it does have a real-world component. As discussed on the ‘To Catch a Fraudster‘ podcast, thieves will break into any physical store location that offers credit and steal applications (either physical paper copies, or entire computers they will hack into later)—which have all the personal information they need to fraudulently take out credit cards.
- The Dark Web: The Dark Web essentially consists of private or otherwise concealed networks. While not all activity on the Dark Web is illegal, it does provide an environment for cyber-criminals to commit fraud anonymously. Hackers use it to sell the credit card information they steal to other fraudsters.
Different Types Of Card Not Present Fraud
There is no single type of card not present fraud. In reality, CNP fraud occurs in a number of ways, including the creation of fake identities, the use of card-based payment methodologies other than credit cards, and even some instances where no credit card information is stolen at all.
- Synthetic Identity Fraud: Synthetic identity fraud is often one of the most complex, as it requires criminals to acquire your personal information (banking info, Social Security number, etc.) and use it to create a false identity. Not only will this allow the criminal to spend your money under a false identity, but they can also commit other crimes using your information, putting you in a potentially frightening legal situation.
- Gift Card Fraud: Rather than simply using your credit card info to make purchases online, many criminals use your funds in exchange for gift cards which they then sell. Why? Because gift cards are easy to acquire and difficult to track. Moreover, there are various companies online that will buy gift cards for a percentage of their face value, allowing cyber-criminals to turn your credit line into cold hard cash even if they are partially used.
- Friendly Fraud: Friendly Fraud is a unique (and common) form of fraud in which someone makes a seemingly legitimate transaction and then requests a chargeback from the issuing bank for the funds. In doing so, the purchaser can keep the product or service in question, while also getting a refund for the cost. This kind of fraud ends up costing businesses and banks billions of dollars every year.
- Account Takeovers: As the name implies, account takeover fraud occurs when a third party takes over your financial account by stealing your login credentials. This allows criminals to have complete access to your finances, which they can then use to make purchases, withdraw money, or convert funds into less traceable assets — like cryptocurrency.
- Loyalty Point Fraud: Loyalty Point Programs are a common way for credit card companies to incentivize consumers to sign up for new cards and make purchases. However, criminals will hack into customers’ accounts and then sell off the loyalty points for cash.
The Impact of Card Not Present Fraud on Businesses
Though people often focus on the way Card Not Present fraud affects individuals, it’s also important to step back and look at the impact on businesses and the economy at large. When businesses lose money due to fraud, they have to raise prices, cut wages, or reduce their workforce to account for the losses. Though it’s difficult to track the exact financial costs, fraudulent chargebacks alone are estimated to cost businesses roughly $40 billion per year. That number is expected to rise dramatically over the next few years.
While the direct financial impact of fraud cannot be ignored, there are also other consequences at play. False-positive decline rates are on the rise, as merchants are desperate to protect themselves and their customers from fraudulent purchases. Consequently, when many innocent customers go to the checkout, their cards get declined by stringent card not present fraud prevention rules. These declines not only cause a headache for cardholders, but they also prevent millions of legitimate transactions from taking place every year.
CNP fraud also creates a disconnect between businesses and their customers. When a data breach occurs, it costs businesses a lot of money to try to rectify the issue. Moreover, the loss of consumer trust and loyalty can cause even greater revenue decline over the long term. This means that Card Not Present fraud can cause devastating losses due to loss of brand reputation—especially if a consumer goes onto social media to tell other potential customers to avoid a merchant because their data wasn’t secure.
Merchants with too many chargebacks end up in the high-risk merchant accounts pool. At a minimum this raises the merchant’s card processing fees. At worst, the merchant can lose their ability to process credit and debit card transactions entirely.
How to Detect and Prevent Card Not Present Fraud
While Card Not Present fraud is a real and dangerous threat to individuals, businesses, and banking institutions, there are ways to fight the problem before it starts. However, even under the best of circumstances, there’s always the chance that your sensitive data could be leaked or hacked without your knowledge. Therefore, it’s also important to know how to both detect and prevent card not present fraud:
- 3D Secure: 3D Secure is a financial protocol designed to provide an added layer of security between the purchaser, the merchant, and the card issuer. This protocol requires you to submit additional verification when making purchases online, thereby reducing the risk of fraudulent purchases.
- Two-Factor Authentication: Two-factor authentication makes it much more difficult for non-authorized people or entities to access your accounts or devices. There are three forms of authentication: something you know (password), something you have (a code or authentication app), and something you are (biometrics). Two-factor authentication requires you to provide two of them to access your account.
- Device Fingerprinting: Nowadays, many devices (particularly smartphones) feature built-in fingerprint scanners. With fingerprint logins in place, you can ensure that you — and only you — can access sensitive information on your mobile device.
- Machine Learning: While it may not seem like you can use machine learning to your own advantage, the advancement of machine learning allows the best e-commerce fraud prevention solution to analyze billions of data points to detect “suspicious” activities on your accounts.
- Network Effects: E-commerce fraud prevention solutions will use the data they gather by analyzing orders across their entire network to protect your account. If a fraudster or fraudulent transaction pattern is detected at one merchant, all merchants in the network will be protected.
- Human Fraud Analysts: With the increasing prevalence of CNP fraud, human fraud analysts can use datasets to detect fraud as soon as it happens, reducing the financial consequences for both individuals and businesses.
- Chargeback Guarantees: When you work with a card not present solution that provides a chargeback guarantee, the solution reviews orders for you, and then offers a full refund for orders it told you to approve that turned out to be fraudulent and came back as a chargeback.
What Is the Best Card Not Present Fraud Prevention Tool?
Card not present fraud is a major problem for consumers and merchants alike. However, the scope of the issue has given rise to a number of solutions merchants can use to protect their stores against fraudsters.
The top e-commerce fraud prevention tools all use advanced machine learning algorithms, large consumer networks, and expert human fraud analysts to detect and prevent card not present fraud. They also offer complete chargeback guarantees that will reimburse merchants for chargebacks they receive on approved orders.
For a full list of the card not present fraud prevention tools currently available, click here.