Brazil Is a Trove of EMV Era Security Lessons
To survive and thrive in the rapidly evolving post-magnetic stripe landscape, U.S. merchants may do well to look to Brazil – a flourishing e-commerce market that completed its EMV liability shift in 2011.
The US e-commerce market faces a fresh set of challenges. More retailers are completing the switch to EMV point of sale terminals so fraudsters are increasingly turning to CNP fraud, just as they have in other post-EMV markets. Automated botnet fraud also increased dramatically during 2015, now accounting for more than 80% of e-commerce fraud attacks. Sophisticated fraud is on the rise too, as thieves develop new ways to leverage identity theft and malware.
Brazil is Latin America’s dominant e-commerce market. B2C e-commerce sales are projected to top $40 billion this year, more than half the total for the region. Brazilian consumers are comfortable shopping online from domestic and cross-border merchants and overwhelmingly prefer to pay by credit card. The country has Latin America’s highest card penetration rate.
With those upsides come hazards. One third of Brazilian cardholders have experienced fraud in the past five years. Unprotected Wi-Fi networks are common, and many consumers use them to make purchases without realizing the potential consequences.
Merchants that succeed in Brazil’s complex market use all the tools at their disposal to counteract fraud. This includes algorithms and machine learning, human intelligence, customer contact and verification, and comprehensive dataset analysis. Using all of these tools helps businesses to spot nascent fraud trends and predict new fraud attempts instead of only reacting to a never-ending stream of ever-changing fraud tactics.
The key to truly comprehensive fraud abatement is working with complete datasets. Including all orders in the fraud screening program yields a high-quality database that reflects the behavior patterns of everyone who places an order with the merchant. The more complete the data, the more refined the screening model becomes and the more accurately human analysts can tailor fraud protocols to the merchant’s profile. Incomplete data, which results when merchants only screen some of their orders for fraud, can skew the fraud-prevention model and mask other problems such as false declines.
Comprehensive fraud protection saves e-retailers money by denying fraud attempts and by reducing false declines. This is important because, as we’ve seen in recent Javelin research, merchants lose far more revenue to false declines than they do to completed fraud. Because about a third of consumers who experience a falsely declined transaction never shop with that retailer again, addressing false declines is important in the long run too.
By reducing the number of customers who are unfairly alienated by false declines, retailers can raise their customer-retention rates. If the false decline reduction program includes professional, polite customer contact to verify flagged orders, the fraud prevention program can also build trust and more positive engagement with those customers. If the program accomplishes this screening and verification quickly, it minimizes cart abandonment and increases customer satisfaction without sacrificing fraud protection.
All of this is important as botnet and CNP fraud against US-based e-retailers continues to rise, especially in the luxury, electronics, and clothing categories. Based on Brazil’s experience with the EMV liability shift, which took place from 2008 to 2011, CNP fraud in the U.S. market is likely to go through several stages as merchants change their technology and upgrade their fraud protection programs at different rates. The most efficient US retailers have already implemented stronger CNP fraud programs, and fraudsters are already focusing more on CNP retailers and POS retailers who have yet to complete the EMV changeover.
If the fraud patterns that took hold in Brazil continue to play out in the U.S., we’ll see a migration of fraud from high-end and mass-market e-commerce targets to smaller retailers. These merchants may assume thieves will only focus on bigger targets, and they may not have the resources to run a comprehensive internal fraud control program or coordinate multiple outside fraud-control products. As we’ve seen in Brazil and in other post-EMV markets in the EU and elsewhere, CNP fraud protection is now the key to surviving and reducing revenue loss for merchants of all sizes, to guard against the relentless evolution of e-commerce fraud.
Bernardo Lustosa is COO of ClearSale.