More cooperation is needed to battle fraud's channel migration

Register now

In contemporary commerce, there’s a massive push to provide options, ease of use and convenience for consumers. Everyone wants to deliver new ways to simplify the buying process. For example, Mastercard recently unveiled plans to streamline on-the-spot retail financing with its acquisition of Vyze.

Even something as simple as card networks dropping the need to capture a cardholder’s signature to authorize a transaction at the point of sale helps simplify and speed up processes. But what about fraud risk? Did card-present fraud suddenly spike without the security of a signature capture?

Not really.

Signatures were always a rather unreliable security method. A signature is easy to fake, and inconsistent in-store practices meant due diligence was not always exercised in verifying the signature. Even before the rule change, it was common to walk into a store, make a purchase, sign, and walk out with no need to verify the signature with a form of ID.
Even with EMV chip cards, a signature is less than reliable. Chip-and-PIN, on the other hand, is a much stronger anti-fraud mechanism.

The U.S. was a latecomer to EMV adoption. But even once chip cards finally became standard in the U.S., we adopted a chip-and-signature method. In contrast, most countries around the world that migrated to EMV technology before us embraced PINs for added security.

Despite the lack of chip-and-PIN security card-present fraud in the U.S. still decreased from $3.68 billion to $2.91 billion between 2015 to 2016. The main reason: Because of EMV, fraudsters were looking elsewhere for opportunity.

Introducing EMV technology was successful in reducing card-present fraud. However, fraud didn’t go away. It simply moved. We achieved a reduction in card-present fraud by pushing fraudsters to the online market.

Fraudsters want to make a quick buck as easily as possible; the methods aren’t personally important. Card-not-present fraud is simply the path of least resistance, as verifying users’ identities online is even harder than in-person. This explains why, during the same period in which card-present fraud in the U.S. declined by more than 20%, card-not-present fraud increased by nearly 35%, from $3.4 billion to $4.57 billion.

Of course, even that’s a very low projection, including only positively identified CNP fraud. It’s likely that the cost of online criminal fraud is much, much higher.

Clearly, fraud is still a major concern, and we’re going to need to be wiser about how we try to address it.

Card-present and card-not-present commerce are obviously very different. So it makes little sense to try to manage fraud across different channels as if it’s one monolithic problem. We can’t persist in applying the same standards we relied on decades ago. It’s clear that something needs to change, and to be fair, different parties are trying.

If we look at recent policy updates like Visa Claims Resolution and Mastercard Dispute Resolution, we see signs of positive movement. The card schemes openly acknowledge the need for change in the way we respond to and manage fraud e-commerce. However, even overhauls at the card scheme level aren’t enough.

We need a consistent set of guidelines for how to handle fraud and chargebacks that is standardized across the marketplace. This demands a coordinated effort between merchants, banks and card schemes if we’re going to have real, significant change.

A coordinated effort would make it possible to develop the widely applicable standardized processes we need by collecting perspectives from every dimension of the payments process. It would allow us to put more emphasis on consumer and merchant education, and speak with a unified, consistent voice. Lastly, it would allow for more open communication, making it possible to identify new threats faster, develop solutions and avoid simple errors resulting from misinterpretation of industry policy.

Without standardized guidelines to handle fraud and chargebacks, fraud prevention will remain an abstract, subjective and ultimately ineffective practice.

For reprint and licensing requests for this article, click here.
CNP Payment fraud Chip and PIN EMV ISO and agent