How Should E-Commerce Merchants Fight Back Against CNP Fraud?
Adequate layers of fraud screening and manual review of flagged orders, can help business owners stay ahead of the rising tide of card-not-present (CNP) fraud.
The latest fraud news is not great for merchants who sell in card-not-present (CNP) environments. A new Juniper Research report projects that CNP fraud will grow by 14 percent each year through 2023. That’s faster than the year-over-year growth of CNP transactions.
The cost of CNP is increasing, too. LexisNexis found that fraud costs as a percentage of revenue have been on the rise since at least 2013 and jumped by 13.9 percent from 2017 to 2018.
Juniper says that CNP fraud is rising so quickly because it’s big business for criminal gangs who are getting more sophisticated with the schemes they launch against online and mobile merchants. There are also millions of consumer records for sale now on the black market, after years of data breaches at retailers, banks, and government agencies, that fraudsters can use to impersonate real consumers.
Merchants, Juniper says, have not adapted to the threat landscape yet by investing in stronger fraud protection, and many remain focused on transaction screening to the exclusion of other fraud indicators. It’s also true that while more merchants are comprehensively monitoring fraud attempts and successes in all their sales channels, many merchants still operate in the dark when it comes to understanding and reducing their specific fraud risks.
This is dire-sounding news, but there is a bright spot: Merchants can protect themselves, if they’re willing to adopt best practices tailored to the new fraud landscape. Here are the most important steps to take.
Add layers of fraud protection
Screening transactions for flags like address mismatches, known stolen card numbers and other data discrepancies is an important part of the fraud prevention process, but it’s not the only solution. Because so much consumer data has been breached and put up for sale on the dark web, it’s possible for criminals to place orders with data that’s complete and accurate enough to get past basic transaction screening tools. It’s also possible for criminals to simply hijack customer accounts and go shopping without raising any transaction flags.
That’s why it’s important to look at additional elements to assess each order’s risk of fraud. The user’s IP address, device identity and behavior on the site can all provide clues. Is the customer placing orders from an IP address or device that’s been used for fraud in the past? Are they located in or shipping to a zip code that’s a known hotspot for fraud? Is a repeat customer suddenly ordering from another country or making much larger purchases than in the past?
All these factors and more help determine the likelihood that an order is legitimate. With each additional layer of real-time screening, merchants stand a better chance of weeding out even sophisticated fraud. But it’s also important for merchants to look at their big picture, too.