By Dr. Manfred Mueller and Louis Modell
CNP vs. CP Fraud
While payment fraud in the card-present (CP) world has seen a decline over the last 20 years, it has risen steadily in the card-not-present (CNP) world. Fraud is not going to just stop occurring. Initiatives by card associations will help curb the epidemic, but as a merchant today, you have to be prepared to fight the ongoing battle.
Visa estimates online fraud to be approximately seven times that of CP fraud. Some independent analysts have the estimate as high as 12 times.
The 2016 report, “3-D Secure: The Force for CNP Fraud Prevention Awakens”, prepared for RSA by Boston-based researcher Aite Group, forecasted that online fraud in the U.S. would grow from $2.8 billion in 2014 to $7.2 billion in 2020.
In 2016, 6.15 percent of consumers became victims of identity fraud, an increase by more than two-million victims from the previous year.
The introduction of EMV cards has shifted fraud away from brick and mortar stores (CP) to purchases on the Internet. The overall growth of Internet purchases in general has further boosted the financial damage created by CNP fraud, and this year marks the first time that Internet sales are greater than those in-store.
What Does This Mean for Consumers?
On the surface, consumers seem to be fairly protected as fraud is generally covered by merchants and issuing banks. Nevertheless, it is a cumbersome process. Any type of identity theft results in the repeated change of access data and passwords. Stolen credit card data results in banks issuing new cards on the fly. That having been said, most of us have received a new card in the mail because the old one “may be compromised” — then the fun begins with dozens of online accounts needing to be updated with new credit card information. If you do not keep record of all such accounts, it’s easy to miss one and frustration ensues.
What Does This Mean for Merchants?
CNP transactions occur online (or via other non-present channels, like mail) where the merchant is unable to confirm the identity and validity of the purchase in-person. These merchants are liable for the acceptance of any fraudulent order, and the cardholder’s issuing bank will collect the customer’s refund from the merchant should a cardholder request a chargeback. If the merchant processes a large volume of fraudulent orders, and thus receives a large number of chargebacks relative to their orders, their acquiring bank will likely take steps to raise fees to penalize the merchant.
Is this the end of the world? Are we supposed to sit back and watch fraud continue to grow and merchants continue to be punished and penalized? Certainly not! At some point, reducing or altogether avoiding the damage created will justify the investment in a system or an infrastructure to fight against online fraud.
Stay tuned next week for The Rise and Potential Fall of Fraudulent Card Not Present (CNP) Transactions: Part 3!