Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
February 14, 2011
Can mobile address the rising tide of fraud in card-not-present transactions?
Combating fraud in credit and debit card payments is a challenge for all payment system participants, from the banks that issue the cards to the merchants that accept those cards as payments for goods and services. One particularly troubling channel, with a rising incidence of card fraud, is on the Internet. Retailers are increasing their efforts to attract customers online with discounts, online-only specials, and free shipping and returns. While the use of cards for website payments, also known as card-not-present (CNP) transactions, is inherently riskier than face-to-face transactions at a merchant's point-of-sale, the dramatic rise in e-commerce suggests it is a trend that is here to stay. As the mobile channel develops for card payments, can the security capabilities of mobile handsets protect consumers against CNP fraud?
CNP fraud: The U.K. experience
While data regarding fraud loss and mitigation costs are hard to come by in the United States, the U.K. Card Association gathers information that we can use as a good proxy for gauging experiences in other markets. This organization found that as the Internet environment has become an increasingly hospitable environment for commerce, CNP has risen dramatically, from just 16 percent in 1999 to 60 percent of total card fraud losses in 2009.
As we noted in an earlier 2010 post, CNP fraud escalated when the U.K. migrated from magnetic stripe technology to credit cards with microcomputer chips. Consequently, the more secure technology at the point of sale drove fraudsters to the more vulnerable online channel.
However, the U.K. took quick action against CNP fraud, implementing better screening and detection tools and, in 2009, U.K. CNP fraud actually declined 19 percent.
Though not directly measurable, CNP fraud, industry experts agree, has made its way to the United States, where the magnetic stripe card technology remains prevalent. In fact, according to the U.K. Card Association's 2010 report, the majority of online payment fraud involves the use of card data obtained through illicit means such as card skimming, a crime that is actually mitigated with chip technology.
Growing Internet sales and CNP: A perfect storm?
According to a report by Javelin Strategy & Research, which forecasts online retail payments, the United States has fostered a robust online transaction market in recent years despite the economic downturn. This trend is expected to continue as consumers and merchants alike become increasingly comfortable conducting e-commerce for everyday goods and services.
The proliferation of smartphone applications for retailer websites along with a broader use of social media to distribute coupons and loyalty rewards are working together to drive consumers to shop online where card payments are widely accepted.
As merchants embrace a rise in retail sales, how do we mitigate the growing threat of CNP fraud in the United States?
Mobile security advantages
One benefit of a contactless mobile payments system is the potential to reduce fraud by eliminating magnetic stripe technology in favor of more intelligent chip technology, which has better security features for combating CNP fraud. The future mobile payments system introduces the ability to layer security tools unique to both the hardware and software resident in the mobile handset. Furthermore, the chip that enables the payment can contain account credentials and additional authentication factors, including location awareness applications, which can enhance the security of the payments transaction.
It is time that merchants, issuers, and payment regulators seriously consider the growing threat of CNP fraud in the debate on how and when to move to more secure payment methods.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Can mobile address the rising tide of fraud in card-not-present transactions?:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud