The COVID-19 pandemic has created a surge in online purchasing. New research shows card-not-present (CNP) transactions will grow 9% CAGR and are poised to overtake card-present transactions by 2023. Data from Ekata has shown that the volume of CNP transactions in the first three months of 2020 surpassed 2019 Black Friday volumes – far eclipsing predictions. As the default payment method switches from swiping a card in-person to an online transaction, what should businesses do to be prepared?
Prevent Fraud, Preserve a Positive Experience
By far the largest issue affecting the retail and payments industries when it comes to CNP transactions is finding the right balance between a frictionless customer experience and the need to thwart fraudsters. That’s especially true now. With so many new customers hopping on the web to make purchases, it can be challenging for merchants to determine which transactions are fraudulent and which are merely connected to a first-time online buyer. These days, thanks to frequent and massive data breaches, even shoppers that have yet to make many online purchases have likely had many details of their identity stolen. Nearly half of all consumers have had some of their personal data compromised. It’s important that businesses utilize more than one type of personally identifiable information (PII) when determining the validity of a transaction.
Update PII Methods
In the past, most credit decisions were made based on static PII (typically using a combination of data like a social security number or date of birth). However, with so many of these details compromised by data leaks, e-commerce sites can have a hard time verifying customers and ultimately end up leaving a lot of business on the table if they’re only analyzing transactions using the traditional data and methods.
Dynamic PII moves beyond the traditional static data set, looking at multiple dynamic linkages, metadata, history, and behavior with data points such as email, IP, phone, name, and address, along with device ID, behavioral analytics, and often biometrics. It provides a more sophisticated way to identify risk signals and get a better sense of whether the person behind the transaction is who they say they are.
Implement New Safety Standards
This year we saw a large spike in new shopping modalities given the pandemic restrictions that affected retailers. Now, buy online and pickup in-store or curbside pickup options are expanding beyond just the large retailers to include smaller businesses, as well. While these new methods of obtaining goods made things much more convenient for buyers and allowed sellers to keep their doors open, they also opened the door for more (and new) types of cybercrime.
Most mega brands have long-standing procedures to protect against this type of fraud, but smaller businesses need to be aware of the increased risk that comes along with offering a new type of transaction and be diligent about shielding themselves (and their customers) from data theft.
Utilize Manual Back-Up Protections
The change in purchasing volume and the spike in new account openings make relying on machine learning–which is designed to see patterns in historical data–to flag fraudulent purchases harder. Businesses can’t utilize pre-pandemic models to scan current purchases as it could lead to a lot of red-flagged transactions, which may merely be the result of increased volume. In general, CNP transactions have higher false decline rates than card present transactions, resulting in disgruntled customers and lost revenue. Not only do merchants lose the immediate revenue from falsely declined transactions, but the potential lifetime revenue from frustrated customers who are likely to head to a competitor and not come back.
Although more time-consuming, having a manual backup process in place can help allow for a higher rate of transaction approvals during this unprecedented time.
The biggest issue with CNP transactions in the online payments ecosystem is simply how unprepared most companies are to venture into unknown territory. Shifting fraud patterns keep merchants, issuers, and PSPs on their toes, while constant regulatory changes create confusion about compliance and liability.
The technology exists to meet the evolving needs of today’s online payments ecosystem, but there remains a lack of technical and process readiness throughout the industry. In order to meet the rising demand, all stakeholders in the online payments ecosystem need to stay up-to-date on best practices and address their own technical readiness.