The Card Not Present conference drew more than 1,000 people to Orlando to talk about fraud detection and deterrence. Curiously enough, the focus was less on just
Some of the challenge of fraud prevention, or fraud control, is getting the balance right. At a session in the Kount conference before the official CNP start, one speaker, who will go unnamed, complained that credit card companies were too strict.
Other merchants whose margins might not be quite as robust shared his concern about losing sales or customers through overly aggressive fraud scoring. They were looking for the most sophisticated technology that could evaluate fraud potential and approve transactions fast, before customers would turn away from a sight because of delays.
Laura Park, sales operations specialist at Other World Computing, home of MacSales.com said sales agents there were stopping about three percent of transactions over fraud concerns even though they were instructed: “When in doubt, let it go,”. The company did intensive manual reviews of the rejected orders and found the majority were valid; they had turned down $2 million worth of good business. The company decided to move to automated evaluation for fraud.
EMV and fraud growth
Now that the United States is finally getting chip cards — the last country with paved roads to adopt EMV (Europay, MasterCard, Visa) — as one critic put it, online fraud has been rising. Experts had predicted it would once the more secure cards made point of sale fraud more difficult. But it’s turned out to be a matter of correlation rather than causation.
CNP fraud has been rising steadily through 2015, but don’t blame the switch to EMV; the increase in online and mobile fraud predates the changeover to chip cards, said Julie Conroy, senior analyst for the Aité Group. “There’s still plenty of counterfeit fraud opportunity out there for criminals,” she added because only 20 percent of credit card and 10 percent of debit card transactions are on EMV cards.
Jacob Bennett of the National Merchants Association, said that the nation was seeing increased CNP fraud because of the massive migration to mobile and online.
“Compared to other regions expect some EMV-related increase, but it’s important to know it was happening before EMV.”
EMV has proven to be very slow at checkout compared to just swiping a mag stripe card.
Jim Houlihan, a co-founder and principal consultant at the Paladin Group, thinks EMV could boost payments by mobiles.
“Friends come to me to complain about how long it takes to check out,” he said. They ask why they need a chip card at one store but not another, he added.
“I think EMV is the best thing to happen to mobile sale digital wallets. The time it takes to check out with chip functionality will drive more consumers to digital.”
Although CNP fraud hasn’t exploded, merchants on the panel expect it will.
“Christmas is traditionally when fraudsters comes out,” said one. “It is going to happen. When does the hockey stick make the big upturn? I would say in the next year or two we will have all-out assault on ecommerce because physical stores will have machines that can take EMV chip cards.”
The good news, said Bennett, is that the fraud detection tools have gotten better and easier to use, so they are available to smaller merchants, and with the growth of online marketplaces, there is now more data to authenticate a shopper.
The U.S. may finally be getting chip cards, but for the most part they will operate with signatures rather than PINs, to the annoyance of more than a few card experts who think the country missed the opportunity to make cards more secure. Conroy said PINs are a bit of a controversy. The U.S. has one of the most competitive card markets in the world with individuals carrying an average of 3.5 cards. PINs protect against lost and stolen cards but they threaten to make the customer experience more difficult — a customer who can’t remember a PIN will put that card at the back of her wallet.
“One of the big Canadian banks screwed up their PIN process and went from being one of the top in transaction volume to the second lowest overnight,” Conroy said. Lost and stolen cards make up about 8 percent of total card fraud, she added, so when the two major credit card companies said they couldn't support it, most of the others dropped PINs, although a few card providers, including some credit unions whose members travel extensively, offer PIN cards.
Catch fraud early
Michael Hagen, corporate ID strategist at Mitek, said merchants are using more and more technology to make the user experience better. Biometrics and using photos from a smartphone — both selfies and photographs of documents such as driver licenses — are examples of applying technology to ease authentication of users at the beginning of an interaction.
“More and more the emphasis is on detection upfront,” he explained. “Five or 10 years ago it was all about the risk engine. Now we are moving away from risk to catching problems during the initial contact with the customer.”
The change isn’t just based on smartphones but also relies on improvements to compute power, he added.
“Five years ago maybe the CPU wasn’t strong enough.”
To learn more about card not present fraud and how you can say yes to more good customers in the mobile channel check out our new white paper Account Takeover & Creation Fraud: Genesis, Fallout and Solution by DJ Murphy of CardNotPresent.com.