A rudimentary precaution like comparing card numbers against a zip code is easily fooled by routing an order through a hacked computer that supplies the IP address of the intended victim.
The single greatest threat facing e-commerce merchants today is the ubiquitous card-not-present (CNP) transaction. As more and more commerce has gone online, all the advances in physical card security are increasingly irrelevant.
Paradoxically, while EMV chips have drastically reduced in-person fraud, they have increased CNP fraud. This kind of fraud rose 34% between 2015 and 2016. It now stands at $4.57 billion according to the most recent Federal Reserve Payments Study.
Far from being a decentralized effort, criminals are organized and using much the same technology to steal access to accounts and identities that are used by card issuers to improve the customer experience.
The dirty tricks are endless. Even when you are physically present for a transaction, your card can be swiped through a skimmer—a reader that does not instigate a charge but merely records all the data about your card…and you.
At one end of the scale is the skimmer, operated clandestinely by a waiter, or another salesperson, or fitted surreptitiously to a gas pump or ATM. At the other end is the organized, massive data breaches that routinely expose hundreds of thousands of customers in one attack. These huge data thefts are on the rise—has become the rule rather than the exception.
Customers’ personal data can be used for everything from relatively minor purchases—which are still a vulnerability—to the creation of fake accounts, to full-on identity theft that ruins lives.
There is even a growing middle-man market. These are the people who steal data with no intention of using it themselves. Instead, they sell it. This inserts another complicated and confusing step into an already shady process. No wonder only 0.14% of fraudsters are ever caught and prosecuted.
The sad fact today is that law enforcement typically lacks the technology and, frankly, the inclination to pursue this type of crime. They’re set up to chase people, after all-not data. These blindspots are inhabited by fraudsters, who have become extremely good at staying behind the curtain.
So who bears the brunt of the cost of all this fraud? Small to medium-size businesses.The largest organizations have the best fraud protection systems available. At the other end of the scale, many small e-commerce retailers have nothing. A major fraud event could put them out of business at any time.
In many ways, retailers were ahead of the credit card issuers in recognizing the potential of online sales. And they accepted the increased liability in order to tap this burgeoning new revenue source. But in the early days of the Internet fraud was easier to catch. Simple things like mismatched billing and shipping addresses, and an IP address that matched neither, were easy red flags to spot.
As technology, in general, has progressed, so has the sophistication of cybercrime and fraud, in particular. As is so often the case, the things that are meant to make our lives better have been bent toward more nefarious purposes.
Consider one example: A historically disenfranchised rural population finally gets high-speed cell service. To a cyber criminal, that means someone (or rather someone’s identity) in that part of the world can now easily open a bank account in any US city. Good and bad sides of the same coin
The true cost of fraud is landing squarely in the laps of merchants. Law enforcement isn’t willing to investigate except in the most egregious fraud cases, and card issuers looking for anyone but themselves to blame. Cardholders are also protected by card companies’ policies of offering no liability on fraudulent charges.
What can e-commerce merchants do? The true cost of fraud is landing squarely in the laps of merchants. Law enforcement isn’t willing to investigate except in the most egregious fraud cases, and card issuers
looking for anyone but themselves to blame. Cardholders are also protected by card companies’ policies of offering no liability on fraudulent charges. Merchants have no choice but to tackle the problem head-on.
We do not believe that robust, adaptive, future-proof fraud prevention should be limited to only the largest of retailers. An affordable solution is needed for businesses of all sizes. So we built it, using bleeding-edge artificial intelligence and machine learning, in concert with deep integration and expert oversight, we can offer a holistic, cost-effective, enterprise-grade fraud prevention platform to businesses of any size and shape. Find out why Vesta is your new secret weapon against CNP fraud. Find Out How.