CNP fraud is a bad gift that keeps on taking
Fighting card-not-present (CNP) fraud is an eternal challenge for merchants, and it's a problem that will continue in the next year.
As merchants and fraud prevention specialists develop new strategies for fighting fraud, organized criminals find new vulnerabilities to exploit. And merchants must manage these threats while maintaining fast decision times on orders, decent margins and excellent customer experience.
To do all this, merchants need to know what they’ll be facing in the year ahead. Here are the trends we’re watching.
For merchants in mature e-commerce markets, cross-border selling is key to faster growth—but managing risk is the key to successful growth. For example, the North American market is growing much slower than the Mexican e-commerce market, which is growing about 35% year over year. As consumers in booming markets develop e-commerce habits, their appetite for cross-border shopping will also grow.
This opportunity comes with risks. Developing markets have traditionally been risky for cross border orders. But merchants have a history of managing this risk poorly, by blocking orders from entire regions or falsely declining far more good orders than they do in their home market. A more precise and data-driven fraud prevention strategy can help merchants get the benefits of selling across borders while minimizing fraud and false declines.
Billions of consumer data points, like email addresses and passwords, have already been stolen and exposed in previous data breaches. As more apps and technology adopt biometric security measures, unique, impossible-to-change data like our faces, voices and fingerprints can be stolen and exploited for account takeover fraud that targets merchants. Any merchant planning to use biometrics must take extreme measures to secure that data, protect customers, avoid ATO fraud and avoid regulatory penalties like GDPR fines.
Not all CNP fraud targets items with high resale value. Donation websites, merchants who sell small items and online service providers should also watch for fraud. That’s because fraudsters often need to test their stolen data, like card numbers, to see if it’s valid before they move on to scamming another merchant out of handbags or laptops. Tight limits on the number of data entry attempts a customer can make at checkout, along with a data-driven fraud prevention strategy, can reduce card-testing fraud.
There’s been a lot of press about ransomware targeting cities and government agencies, but less on the 66% of retailers who have been hit by ransomware. This trend will likely continue because it works, and smaller retailers are at greater risk. That’s because larger retailers usually have more backed up databases and backup servers they can switch to in case of an attack, while smaller retailers more frequently rely on a single server.
Merchants who want to avoid ransomware attacks should invest in backup servers, develop a database backup plan and implement strict email security to screen out the phishing messages that start most ransomware attacks.