By Ron Hynes, CEO of Vesta March 22, 2021
Global losses from payment fraud tripled from 2011 to 2020, and card-not-present (CNP) fraud is proving to be among the most pervasive. Some analysts estimate that retailers will lose $130 billion globally to CNP fraud by 2023.
This fraud problem eats away at merchant margins and leads to a poor consumer experience because retailers often decline legitimate transactions to stop fraudulent ones.
The sad reality is that as the pandemic continues to impact shoppers worldwide, CNP fraud will continue to increase.
Fraud jumps with e-commerce growth
At Vesta, we work with merchants across various industries. We have observed an average 30% increase in transactions in the e-commerce segment during this timeframe and twice as many fraud attempts. This creates a two-pronged challenge for retailers.
First, they have to fight the fraud itself and protect both current and future customers by securing their networks and declining fraudulent transactions. At the same time, they have to maximize approvals of legitimate transactions to protect the customer experience and their brand reputation.
Today’s consumers have extremely high expectations. One negative experience – whether falling victim to fraud and having their card information stolen or having a valid purchase rejected – can turn them away for life. So, what can merchants do to fight CNP fraud without sacrificing legitimate sales effectively?
Seven CNP fraud prevention tips
There are various fraud prevention solutions on the market that can handle every aspect of the process, but there are also measures merchants can take themselves if they don’t have the budget to partner with a third party.
Here are some of the most common red flags to look for that might indicate a transaction could be fraudulent:
- The IP address for the device from which the purchase is made doesn’t match the payment’s billing address.
- An unusual email address is associated with the order – this is often a series of random letters and numbers rather than an easy-to-remember email address that the average person would use.
- Requests to expedite the order, which is a common tactic for attempting to bypass transaction verification protocols.
- Multiple transactions on one card over a short period.
- Several transactions on one card, but with a different shipping address for each order.
- Several cards are used to place multiple orders from a single IP address.
- Orders that include several units of the same items.
Extra security guardrails
In addition to conducting a thorough review before approving any transaction with one of the red flags mentioned above, retailers should put guardrails in place to verify the customer’s identity.
One way of doing this is to employ two-factor authentication, sending a verification code to a customer’s email address or mobile device. The customer enters that code to complete the transaction.
You can take that a step further with biometric authentication through facial recognition or fingerprint analysis. And require that authentication every time a customer logs in – similar to how many mobile apps can be unlocked through facial recognition each time a user opens the app.
Another method is implementing Single Sign-On (SSO) authentication, which allows customers to verify their identity by logging into their accounts through well-known applications. Whichever way you choose, you must have a system in place for verifying the identity of customers.
Taking fraud prevention to the next level
Finally, end-to-end encryption and tokenization are proven ways to reduce CNP fraud. They require mixing up payment data as soon as it enters the point-of-sale system to prevent exposing sensitive data. From there, the data travels through a secure network and is decrypted by the payment processor.
This ensures fraudsters can’t access payment data while it’s moving through the payment network. To add another layer of security specifically for protecting stored payment information, merchants should consider tokenization. This swaps sensitive payment data with tokens that replace sensitive data with a series of characters generated at random – also known as a token. Merchants can then store the tokens and use them instead of the actual payment data for future transactions.
Future fraud proofing
Once merchants shore up their networks, it’s essential to look ahead and think about how fraudsters are likely to adjust their attack methods in the years to come. For example, buying online and picking up in stores (BOPIS) has become increasingly popular during the pandemic and is likely to remain popular post-pandemic and become a focus for fraudsters. Requiring photo IDs at pick-up is an effective and affordable way to prevent BOPIS fraud.
Account takeovers are also increasing rapidly and will continue to impact merchants during 2021 and beyond. A form of identity theft, account takeovers, occurs when a cybercriminal gains access to someone’s private account and personal information. Two-factor authentication helps prevent account takeovers, but the savviest companies collect as much user data as possible and run that data through advanced machine learning models to generate a complete and accurate picture of each customer’s digital identity.
Fighting CNP fraud often feels overwhelming, but it’s important to be pragmatic and implement solutions for fighting fraud rather than letting the fear of fraud stunt your company’s growth. Keep these fraud prevention tips in mind to maximize legitimate approvals while stopping CNP fraudsters in their tracks.
Ron Hynes is CEO of Vesta, a global leader in fraud protection and fully guaranteed payment technologies. Hynes previously led two fintechs, as CEO of UniRush and President of Global Markets at Mozida. He also served as Executive Vice President, Global Prepaid Solutions at Mastercard and SVP, Prepaid Solutions at JPMorgan.
Check out these recent PaymentsNEXT stories about fraud:
US identity theft jumps as e-commerce grows
Online transactions soared in 2020, fraud skyrocketed too
Research: Business fraud drops, consumer fraud jumps during pandemic
LET’S CONNECT