Adequate layers of fraud screening and manual review of flagged orders, can help business owners stay ahead of the rising tide of card-not-present (CNP) fraud.
The latest fraud news is not great for merchants who sell in card-not-present (CNP) environments. A new Juniper Research report projects that CNP fraud will grow by 14 percent each year through 2023. That’s faster than the year-over-year growth of CNP transactions.
The cost of CNP is increasing, too. LexisNexis found that fraud costs as a percentage of revenue have been on the rise since at least 2013 and jumped by 13.9 percent from 2017 to 2018.
Juniper says that CNP fraud is rising so quickly because it's big business for criminal gangs who are getting more sophisticated with the schemes they launch against online and mobile merchants. There are also millions of consumer records for sale now on the black market, after years of data breaches at retailers, banks, and government agencies, that fraudsters can use to impersonate real consumers.
Merchants, Juniper says, have not adapted to the threat landscape yet by investing in stronger fraud protection, and many remain focused on transaction screening to the exclusion of other fraud indicators. It's also true that while more merchants are comprehensively monitoring fraud attempts and successes in all their sales channels, many merchants still operate in the dark when it comes to understanding and reducing their specific fraud risks.
This is dire-sounding news, but there is a bright spot: Merchants can protect themselves, if they're willing to adopt best practices tailored to the new fraud landscape. Here are the most important steps to take.
Add layers of fraud protection.
Screening transactions for flags like address mismatches, known stolen card numbers and other data discrepancies is an important part of the fraud prevention process, but it's not the only solution. Because so much consumer data has been breached and put up for sale on the dark web, it’s possible for criminals to place orders with data that’s complete and accurate enough to get past basic transaction screening tools. It's also possible for criminals to simply hijack customer accounts and go shopping without raising any transaction flags.
That's why it’s important to look at additional elements to assess each order's risk of fraud. The user’s IP address, device identity and behavior on the site can all provide clues. Is the customer placing orders from an IP address or device that’s been used for fraud in the past? Are they located in or shipping to a zip code that's a known hotspot for fraud? Is a repeat customer suddenly ordering from another country or making much larger purchases than in the past?
All these factors and more help determine the likelihood that an order is legitimate. With each additional layer of real-time screening, merchants stand a better chance of weeding out even sophisticated fraud. But it’s also important for merchants to look at their big picture, too.
Track fraud and stopped attempts by channel.
The number of mid/large and large merchants who track their fraud costs by channel and by payment method increased substantially from 2017 to 2018, according to LexisNexis data. This is progress, but 60 percent of e-commerce and m-commerce merchants with less than $10 million in annual sales still don't track their fraud costs this way. The data is important for pinpointing the areas of highest risk for individual merchants and developing more effective fraud screening processes.
However, tracking fraud costs gives merchants only part of the picture. It's also important to track prevented fraud as well, to show what fraud-prevention methods are working well. In 2018, LexisNexis found that roughly half of large online and mobile sellers were tracking both completed and prevented fraud, and only 22 percent of small merchants were doing so.
Avoid false declines.
There's another important fraud-prevention metric to track: false positives. Mistaken declines of good orders cost merchants more than actual fraud and they can drive away customers permanently. Nearly 9 out of 10 customers take their business elsewhere if they feel poorly treated by a merchant. After all, who wants to be insulted with a rejection?
Often, false declines and legitimate declines are grouped together in tracking data, so merchants have no idea how much money and long-term customer value they lose to false declines. Proper tracking is a must to evaluate and reduce false decline rates. Another important tool for reducing false declines is manual screening of all flagged transactions to avoid rejecting loyal customers whose behavior (ordering while traveling, shipping to new destinations, ordering high-value items with rush delivery) may raise fraud flags.
Keep up with CNP fraud trends.
Because CNP fraud is an expanding criminal industry, tracking and prevention are not one-time or annual tasks. Fraudsters are always trying out new methods for exploiting the customer-merchant relationship, and when they find something that works, word spreads quickly among their associates. Methods that were a serious problem in one quarter may be replaced with a new threat in the next quarter.
Regular review of fraud tracking data and the news is a must for merchants who want to protect their revenue from organized CNP fraud. This knowledge, combined with adequate layers of fraud screening and manual review of flagged orders, can help merchants stay ahead of the rising tide of CNP fraud.