The U.S. is in a recession, millions of Americans remain out of work, and many continue to steer clear of the grocery store, never mind the mall. Remarkably, consumer spending remains strong. History may prove that the internet was its saving grace. Online access has been essential to supporting remote work, but it has also afforded people the opportunity to leverage point-and-click shopping far beyond the holidays. Indeed, the internet has allowed for weekly grocery deliveries, retail pick-ups and Amazon sprees, providing Americans with an outlet to maintain some sense of normalcy in their spend patterns.
Unfortunately, fraudsters have capitalized on the dramatic growth in online card use, as card-not-present fraud has surged over the past year.
"CNP fraud rates have proliferated not just in the U.S., but worldwide."
According to calculations from the Aite Group and obtained by ATM Marketplace, CNP fraud rates have proliferated not just in the U.S., but worldwide. Indeed, the report found that CNP fraud rose more than 16% in the 2020 calendar year compared to the previous 12-month period.
What are CNP transactions?
As its name more or less implies, a card-not-present purchase is one in which the physical payment card itself isn't used at the point of sale, as it would be during a traditional in-person transaction. Instead, the alphanumeric details from the card are typed into a computer or mobile device so the transaction can be processed and verified. CNP is the primary way shoppers spend when they log on from their preferred devices.
While there are traditionally built-in security solutions designed to protect shoppers from having their credit card information stolen, the sheer amount of CNP transactions over the past year has given fraudsters more opportunity to seize on data that slips through firewalls. Crooks also obtain users' credit card data by buying it from aggregators who sell it on the dark web.
CNP fraud is a multi-billion industry
CNP fraud is not a new phenomenon. Several years before the pandemic, the crime was already gaining traction. In 2016, for example, remote card fraud losses rose 34% on an annual basis, totaling $4.5 billion, according to the Federal Reserve. Meanwhile, in-person card fraud fell 24% to $2.9 billion over the same period.
Security experts attribute the decline of in-person fraud to the more widespread use of microchips, which improves and enhances authentication capabilities. Since a microchip isn't needed for online purchases, however, fraudsters have been able to take advantage of weaknesses in online security networks and/or firewalls.
Juniper Research believes CNP fraud losses are poised to balloon, potentially reaching $130 billion worldwide by 2023.
Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, told The Washington Post that credit fraud in general has become somewhat of a cottage industry.
"In my estimation, there are at least 2 million people and this is what they do for a living — they steal credit cards from Americans," Warner explained. He added that American businesses in particular are in fraudsters' crosshairs, with many of the attacks originating from Eastern Europe and West Africa.
"The best way business owners can protect themselves is through preventive measures."
The best way business owners can protect themselves from being affected by this crime of opportunity is through preventive measures. SecurityBoulevard.com offers the following recommendations which we urge all banks and credit unions to share with their commercial customers:
1. Verify the cardholder's identity
Multi-factor authentication has worked wonders for companies that do any amount of business.
While there are many different ways to corroborate that a cardholder is who they say they are, potential options include asking a buyer to upload a copy of their driver's license (or any identification that contains a picture of themselves), and/or requiring a link to their social media profile. Sellers may also set up dual-authentication with another device with the card holder's agreement.
2. Require registration to buy
Setting up a registration program not only gives business owners an idea of how many unique visitors and buyers they have, but it also provides a paper trail for tracking down fraudulent CNP purchases. Part of this registration process for buying online may include their need to upload a recent photograph.
3. Take longer to deliver
From two-day to next-day to same-day shipping, it seems like every business is upping the ante when it comes to getting orders out the door as quickly as possible. However, delaying delivery can make a lot of sense because the time in between gives authorized card users the extra time they need to spot a potentially fraudulent purchase on their bank statement. Card-issuing banks are also keeping cardholders in the know by providing them with real-time updates as to when transactions are recorded, such as by email or text message.
4. Get in touch with authorized cardholders directly
Perhaps the best defense against CNP fraud is ongoing communication. Whenever a CNP transaction is identified, you may want to consider apprising the cardholder of the purchase by contacting them directly, such as by texting or emailing them. Confirmation may involve asking them to call you back and answering a security question they answered during the registration process.
Providing cardholders with tips and suggestions on how they can sell safely online can enhance consumer satisfaction and improve retention for your bank and credit union commercial customers. Be the resource that they need by providing them with this good advice.