Seven card-not-present fraud trends and ways to manage risk
E-commerce continues to thrive, even as COVID-19 restrictions lift on traditional brick and mortar businesses. However, as e-commerce grows, so do opportunities for cybercriminals to perpetrate new and increasingly complex CNP fraud schemes.
Payments fraud requires a holistic, integrated approach. There are a variety of solutions that leverage and share global anonymized and aggregated data in real time, reporting and providing risk scores to protect issuers, acquirers, merchants and consumers while stopping fraud in its tracks. Even with friendlier forms of fraud – including the accidental kind – it’s still preventable with the right tools and access to the right data.
We identified seven significant CNP fraud trends that financial institutions (FIs) and merchants should watch for.
Seven CNP/e-commerce fraud trends to know
Trend 1: CNP/e-commerce transactions continue to increase
It seems the world has developed a new appreciation for e-commerce, and we’re not willing to let it go. As we return to work, travel and a somewhat normal life, consumers are focusing their spending on experiences, such as travel and entertainment, as well as card-present purchases, according to the September 2023 Mastercard Spending Pulse.
The Spending Pulse reports “While digital shopping habits became the new normal during the pandemic, this season’s shopper is looking to make purchases anytime, anywhere – in-store and online. With this omnichannel approach in mind, consumers are anticipated to shop across channels, with e-commerce expected to increase +6.7%, and in-store sales to increase +2.9% YOY.”
Trend 2: CNP/e-commerce fraud keeps pace with transactions as governments step in to mitigate the risk
By 2030, when total payment card volume is expected to hit a whopping $79.14 trillion worldwide, Nilson predicts the industry will lose an estimated $49.32 billion to fraud, plus $180 billion in chargebacks.
CNP crime accounted for almost 7 in 10 fraud losses to merchants and acquirers in 2020, totaling $19.43 billion worldwide.
Merchants added to their expenses in 2020 by continuing “the practice of manually reviewing questionable CNP sales, particularly as the average value of those purchases grew throughout the year,” Nilson reported.
According to PYMNTS.com, 93 percent of acquirers surveyed reported they saw more fraudulent transactions in 2021 than in the previous year. In an effort to circumvent this growing problem, e-tailers in the United Kingdom and Europe are now required use two-factor authentication (2FA) for online purchases.
Trend 3: Identity theft cost $43b in the U.S. in 2022
With more transactions taking place over the phone or online, there’s more opportunity for credit card fraud. Credit card fraud is the most common type of identity theft, according to the Federal Trade Commission, reporting 1.1 million cases of identity theft in 2022.
Losses from identity theft reached $43 billion in 2022 in the U.S. alone.
Of course, once identity theft has taken place, fraudsters are armed with the information they need to continue the fraud cycle. Organizations can keep their consumers’ data safe with risk assessment tools that can assess a company’s risk on multiple levels from enterprise level to third-party and supply chain risk.
Trend 4: Synthetic identity and new account fraud are on the rise
The Federal Reserve last updated its synthetic identity fraud mitigation toolkit in 2022 to help merchants and banks battle this rapidly growing scheme. It reports that synthetic identity resulted in an estimated $20 billion in losses for U.S. banks and financial institutions in 2020 alone.
“Synthetic identity fraud is the use of a combination of personally identifiable information to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.”
This fictitious identity may contain all the elements of a real person or use some real information combined with fictional elements, in both cases creating a realistic profile for illegal purposes.
According to FIS/Worldpay, more than half of merchants in 11 countries experienced increases in synthetic identity fraud and identity theft/new account fraud in 2020. The largest increase in synthetic identity fraud was reported by Asia-Pacific (APEC) countries.
As more companies embrace e-commerce they need to be prepared to accept online account applications. Identity verification is paramount here as according to Consumer Affairs almost half of accounts fraud occurs in accounts less than a day after they are opened.
Fraudsters use stolen documents to set up new accounts, get the money and leave the victim with the outstanding debt. Alternatively, cybercriminals set up new accounts, behave for a while and earn credit limit increases or apply for additional cards. With their new high limits, they max out all the cards and disappear.
Fake accounts can be detected with access to the right anonymized and aggregated data sets and the right tools. Access to trusted identity data and behavioral biometrics capabilities are effective at recognizing the difference between actual customers and fraudsters.
Trend 5: Shipping fraud is the fastest growing CNP scheme
TransUnion reported that shipping fraud was up nearly 800 percent year-over-year, making it the fastest-growing fraud scheme in 2021, and a cumulative increase of over 1,500 percent compared to pre-pandemic levels.
Shipping fraud can either originate at merchant or consumer level. Using stolen or compromised payment credentials, buyers may supply merchants with incorrect addresses, receive goods and resell them. Merchants may receive payments but never supply the goods or services to buyers.
With COVID-19, shipping fraud also became a crime of convenience. Some shoppers who purchased items that didn’t suit their needs, such as clothing, denied receiving the items rather than figuring out how to return them. With issuer and online merchant staff working from home, the backlog was so huge that refunds were issued without investigating the losses.
Trend 6: Friendly fraud/first-party misuse
First-party misuse fraud, formerly known as friendly fraud, consists of legitimate purchases made online but later disputed. A common scenario is when a parent’s card is saved on file with a child’s gaming system, and the parent disputes the charges as unauthorized.
CNP fraud for streaming services is also booming, according to Nilson analysts, with an increase of password sharing for the same account.
Trend 7: Chargeback fraud exploded during the pandemic
According to Loss Prevention magazine, “for every $100 charged back, a merchant experiences $240 in expenses. Costs include card transaction fees, chargeback fees, operational costs (investigations) and brand damage. Current trends like the growth in digital payments due to the boom in e-commerce and increased fraud regulations are expected to add to the size and complexity of chargebacks businesses face in the future.”
End-to-end fraud prevention should include comprehensive chargeback solutions that enable merchants to eliminate chargebacks due to friendly fraud and customer disputes while reducing false claims and customer friction. And preventing fraud at the transaction level will essentially prevent the need for fraud-related chargebacks.
Reducing fraud while improving experience
Because brand experience is essential to keeping good customers, financial institutions need to welcome their digital users, anticipate their needs and keep friction to a minimum – all while preventing the bad actors from getting in.
The risk threshold to reduce false positives and therefore approve more transactions is dependent on the customer’s tolerance for risk.
Many fraud prevention systems create high levels of friction, resulting in false declines and cart abandonment. While caution is needed, a positive user experience is a competitive advantage.
Lloyds Bank in the U.K. reports false positives cost merchants 2.8% of revenue. Most banks report also conducting manual review, yet three-quarters of those transactions will be approved. Investigators are overworked and this leaves little time to work on organized crime and other major files.
PYMNTS.com reported 92 percent of acquirers were looking for AI platforms that were highly accurate in identifying fraud, while reducing false positives (49 percent).
These were key priorities for Worldpay when deploying Brighterion AI. They reported back that they’d achieved “astronomical” results and changed the way they do business: three times greater fraud detection, 20 times fewer false positives and 25 times fewer daily alerts while scaling up to 30 percent more transactions. Other successes included reducing business rules from 50,000 to 250 and replacing fraud prevention rules with supervised and unsupervised learning.
CNP and payments fraud require an “intelligence” approach
As CNP transactions increase and fraud expands, acquirers and merchants are losing billions of dollars worldwide. While they research new solutions for implementation, cybercriminals continue to create new schemes and discover new ways to steal money. Self-learning AI and ML integrated solutions cover the entire purchase lifecycle, evolving with CNP and other financial fraud schemes, including predicting future risk. By linking insights across the customer journey, fraud can be mitigated, providing a more frictionless experience. Mastercard calls this approach “Connected Intelligence.”
Brighterion’s superpower lies in its ability to identify anomalous patterns, in real time and at scale (150 billion transactions per year). With self-learning capabilities, AI gets stronger with every valid transaction and confirmed fraud attempt.
At the heart of Mastercard’s Decision Intelligence solution, Brighterion AI provides risk scores for each Mastercard transaction and is used by organizations worldwide. The sheer scale of transactions Brighterion AI can accurately process at any given time is what makes it so unique.
Learn more about what acquirers are saying about using AI for transaction-level fraud in AI in focus: The rise against payments fraud, a collaboration between Brighterion and PYMNTS.com.