All Trick—No Treat. That would be Card-Not-Present (CNP) Fraud which has reared its ugly head in the U.S. from the perfect storm of rising E-commerce sales and EMV. As the following article indicates, online merchants are not entirely powerless in their ability to stop CNP fraud dead in its tracks.
Online shopping is expected to reach record levels this holiday season, with some reports suggesting it may even match — for the first time ever — physical store spending.
Along with the increase in digital transactions, many experts are also predicting a surge in online fraud. A couple of factors have experts concerned, starting with the EMV liability shift. With retailers focusing their attention on getting store-level equipment and networks compliant with the Europay, MasterCard, Visa mandate, many would-be thieves are now turning their attention to online retailing as a means of pilfering customers’ personal information — an easier task with non EMV-required card-not-present transactions.
Also causing concern are the promotional emails flooding inboxes that feature links designed to redirect users to a retail website through the simple click of a mouse. However, savvy fraudsters can easily create fake emails containing links to fraudulent sites all ready to obtain an unknowing shopper’s personal information.
As retailers head into their busiest season, they need to let consumers know their data is being protected. Here are three tips to help keep consumers’ holiday “card-not-present” purchasing smooth during the holidays and all year long
• Do not embed URLs into promotional emails. Currently, 55% of shoppers will click a link from a known source, even if they weren’t expecting anything, according to Arbor Networks’ study. Sure, it’s easy to embed links into emails. But a more secure solution is to send shoppers a promotion code redeemable online — and then re-quire shoppers to visit the site directly.
• Enhance online security methods. Firewalls are great. Two-factor authentication and tokenization are even better. However, why not consider another method to secure customer data? One option is three-domain (3D) security. Available through certain payment systems, the augmentative fraud prevention scheme authenticates payments using three-way validation: from the company where the purchase is being made from; the acquiring bank, and the card issuers themselves.
Online payment fraud continue to increase, primarily driven by the hockey stick-like increase in E-commerce. Even if there was no EMV transition, fraudsters would be still be driven to the Web due to its ease of use and anonymity. In addition to the article’s solutions, merchants need be extra vigilant in IT security by locking down back office and network servers. The card data used in CNP fraud originates from data breaches at merchant sites, and includes card skimmers installed at unsecured POS locations. Meanwhile a rising army of CNP fraud fighters has assembled in the form of software solutions vendors. For online merchants with major CNP fraud problems, that should be the first phone call.
Overview by Raymond Pucci, Associate Director, research Service at Mercator Advisory Group
Read the full story here