Card Not Present Fraud: an eCommerce Nightmare

Understanding Card Not Present Fraud and How to Mitigate its Risks

Not all forms of fraud are created equal. While more malicious forms of fraud, such as identity theft, may be well-reported, card not present fraud covers an expansive range of practices. Retailers lose billions of euros each year to fraud, and only a fraction of that is the kind of fraud with which you are probably most familiar.

What is Fraud?

In the broadest sense, fraud includes everything from identity theft and lost or stolen merchandise to so-called “friendly fraud.” Focusing on only a few forms of fraud means that merchants are leaving themselves open to a wide range of approaches fraudsters might use to steal from them.
In 2014, merchants lost €2.23 for every dollar in fraud. While this is a considerable decrease over the previous year, the percentage of revenue lost to fraud rose sharply. That same year, merchants lost an average of 1.32% of annual revenue to fraud, a 94% increase since 2013.

Losing the Fight Against Fraud

Merchants take different approaches to managing fraud risk. Digital fraud filters are somewhat effective, though most of the transactions which these programs flag as potential fraud require manual review, a very time-consuming process. Even still, 25% of declined transactions flagged by fraud filters will turn out to be false positives, which translates into untold sums in lost revenue.
Despite the best efforts of merchants, successful instances of card not present fraud are on the rise. Though the average merchant spends more than €100,000 a year on fraud prevention services, over 155 fraudulent transactions, costing an average of €113 each, will still slip through the cracks every month.

Card Present vs. Card Not Present Fraud

Thanks to recently introduced EMV chip technology, the risk of card present fraud has decreased sharply; however, this has only made the situation more tenuous for online retailers, as fraudsters who formerly relied on in-person fraud strategies have been forced to move to the internet. According to the LexisNexis® study, card not present fraud is roughly seven times more difficult to detect than fraud conducted via in-person transactions.

Identifying Fraud

The different forms of card not present fraud can be roughly divided into three different categories: criminal, friendly and merchant.
• Criminal fraud, the most widely known form of fraud, occurs when a criminal commits identity theft and uses another cardholder’s identity illegally in order to purchase goods online.
• Merchant fraud occurs when a merchant defrauds a customer. When this occurs, it is usually the result of an accident or error, such as double-charging a customer’s account. The 1974 Fair Credit Billing Act introduced a tool for consumers to help mitigate this rick: the chargeback.
• Friendly fraud, the most common form, occurs when a customer contacts their bank to demand a chargeback without first contacting the merchant for a refund.

Friendly Fraud

As you can see, the safeguard devised to protect consumers against merchant fraud, the chargeback, has become the primary tool in the hands of friendly fraudsters. In the case of friendly fraud, a customer can call their bank and demand a chargeback for any number of reasons, including:
• the goods they ordered never arrived
• the item which they received was not as it was described
• they would like to return the item, but cannot contact the merchant
The bank can then forcibly withdraw the funds from the merchants account and return them to the cardholder. The merchant will also be responsible for additional chargeback fees, and the cost of the item shipped, as well as potential future profits from selling that item, will be lost.
Given the rise of online retailing, as well as ease of committing friendly fraud, it is not surprising that the practice is on the rise. In order to protect themselves from fraud, merchants will need to employ a much more holistic approach to fraud fighting and detection than ever before.