In recent years, the widespread adoption of EMV technology across the payments industry, coupled with rising e-commerce sales, has caused a significant shift in the nature of fraud. It used to be common practice for criminals to use stolen cards in physical, in-store transactions, in what is known as card-present (CP) fraud.
But beginning in 2014, the U.S. started migrating to EMV technology. Merchants began installing POS terminals with EMV capabilities, and it became harder for criminals to make CP transactions. By March 2019, 99% of U.S. payment volume was on EMV cards, up from 1.6% in September 2015.
As EMV adoption picked up, e-commerce sales also began to increase rapidly. This resulted in card-not-present (CNP) transactions proliferating, as more consumers paid for goods and services online. Luckily for criminals, CNP transactions are less secure than CP payments relying on EMV technology.
“Almost on cue, fraudsters focused their criminal activity on e-commerce purchase transactions, taking advantage of making a purchase remotely without having to show the plastic,” explained Raymond Pucci, director of Merchant Services at Mercator Advisory Group.
As CNP fraud continues to increase, the liability of fraud is shifting to acquirers and their merchants. A recent Ebook from Brighterion surveyed this shifting fraud landscape and detailed the various ways merchants and acquirers are impacted and what solutions exist to fight back.
CNP fraud is getting worse, acquirers bear the liability
The amount of money being lost to CNP fraud is enormous.
In 2014, CNP fraud cost companies a combined $2.8 billion, according to data cited in the Ebook. This number rose to a striking $5.5 billion by the end of 2018, and is predicted to top $6.4 billion by the end of 2020. If that isn’t bad enough, this estimate may, in fact, be too low.
“E-commerce is on an accelerated growth path due to COVID-19, and fraudsters will take advantage of unsuspecting merchants and those without robust fraud management systems,” predicted Pucci.
Increased rates of CNP fraud is bad news for acquirers and their merchants. As the Ebook explained, this is because “merchants and their acquiring banks are the ones carrying the liability,” unlike in CP transactions, where issuers “have reduced their fraud exposure with EMV cards.”
The common types of transaction-level fraud
Acquirers must contend with different types of CNP transaction fraud, with each type having its own unique challenges and associated risks. The three most common types of transaction-level fraud identified in Brighterion’s Ebook are:
- Unauthorized/stolen credentials: A fraudster uses stolen payment credentials to purchase goods or services.
- Friendly fraud: A consumer makes an online purchase then contacts their credit card company to dispute having made the charge. This can arise from miscommunication, forgetfulness, or even ignorance, such as a parent not realizing that their child had made the purchase.
- Chargebacks: A consumer intentionally disputes a legitimate transaction in order to keep the goods or services without paying. This fraud type can prove costly; acquirers paid almost $4 billion to protect U.S. merchants in 2019.
Many fraud prevention solutions are unable to keep up
There are numerous rules-based fraud prevention solutions available to merchants, but the Ebook explained how many have serious problems.
One common issue is false declines. This refers to when fraud prevention platforms are too aggressive in identifying and declining transactions suspected of being fraudulent, resulting in a significant amount of legitimate transactions getting rejected. The Ebook, citing a report from Ethoca, indicated that “over half of orders [52%] flagged as fraud are false declines and lost revenue for merchants.”
Another issue is that some fraud prevention solutions introduce too much friction into the transaction process. “Consumers can be very impatient when shopping online,” explained Pucci. “If they encounter a lot of webpage friction by having to use multiple clicks or answer too many questions, they will often leave the site, something known as cart abandonment.”
Similar to false declines, cart abandonments result in lost sales for merchants.
Proactive fraud prevention solutions are needed
To limit false declines and cart abandonment, acquirers should turn to proactive fraud prevention solutions. Brighterion noted in the Ebook that a central component of an effective solution is artificial intelligence (AI).
As the paper put it, “an advanced AI acquiring fraud solution provides real-time decisioning to protect acquirers and their merchants against fraud losses in real time before the transaction completes.” Such a solution should entail the following AI tools:
- Machine learning
- Supervised learning
- Deep neural networks
Pucci agreed that AI is an essential component of any effective fraud prevention solution. It “gives merchants and acquirers the ability to consume a firehose of data on historical purchase activity and then make approve/reject purchase decisions by machine learning algorithms that are written to recognize patterns of fraud,” he explained.
For example, Brighterion’s AI models are based on a plethora of data points, including transaction and user history, current activity information, and account events. The models are constantly and automatically updated based on new data, without the need for manual intervention, in a process known as adaptive learning.
As a result of the real-time analysis, the platform will flag suspicious transactions almost immediately and communicate directly to the merchant that suspicious activity is in progress. The Ebook noted that such an approach means that “merchants can intervene before the transaction completes, preventing the expensive chargeback process.”
Those interested in learning more about how fraud prevention solutions such as Brighterion’s can benefit merchants and acquirers can access the Ebook here.