Verification for one and all? Combating the rise in CNP fraud: by Jane Crossley, consultant, JaywingDMG.
Retailers are battling a continuing rise in fraud cases. Whilst the introduction of chip and pin at the till has been successful in reducing card fraud on the high street, instances of card not present fraud (CNP) are on the increase. This rise, compounded further by the current recession, is having a huge impact on lost revenue not just for the obvious cost implication of fraud, but from the loss of sales that can be a side effect of more vigorous fraud prevention methods.
The annual APACS figures for 2008 demonstrate that cases of CNP now account for 54pc of all card fraud losses; that’s an increase of 13pc year on year and a staggering £328.4m. This increase may well be fuelled, in part, by the continued growth in online shopping, which is set to defy the economic downturn, with higher numbers of people buying goods online. In fact, a report from Verdict Research shows that total online spending is set to grow from £2.4bn this year to £30bn in 2013. If the forecast proves correct, it would mean that within four years, roughly £1 of every £10 spent on retail goods will be transacted via the internet.
Even with this huge growth in online shopping and CNP fraud, some e-tailers are reluctant to take up 3D Secure fraud prevention measures, in spite of the onus on them to stand the losses. Why? With reports of up to 30pc of sales lost at the checkout when 3D Secure processes are invoked, it stands to reason that the cost of fraud is more palatable than lost sales. So, when we consider that Mastercard had set a deadline (June end just passed) for all online Maestro transactions to be processed through Mastercard SecureCode, it isn’t surprising to learn that online retailers have been up in arms about the potential loss of sales. It does beg the question, is this blanket verification entirely necessary?
Perhaps not.
I’d suggest that an optimised approach, which uses a number of different tools, is the most suitable route for retailers to take. By that I mean employing a combination of background tools to test and identify likely fraud cases. Where the risk of fraud is highest, 3D secure systems can be invoked only for those transactions, keeping customers flowing and avoiding a great many of the chargeback nasties. This gives control back to the retailer, allowing them to set the parameters they’re comfortable with and balance the number of transactions that go to 3D Secure systems versus those where no enforcement is in place. What’s more, these parameters can be tweaked as the retailer learns what works best for them or crucially as fraud trends change.
Sounds complicated? It doesn’t have to be, although the more sophisticated you make your defences, the more fraud you will avoid.
At a simple level, targeting greater scrutiny at transactions where delivery and billing addresses differ can be a useful starting point. Moving on from here, we know from analysis of over 100,000 individuals – a combination of known frauds and genuine transactions – that fraudsters tend to live in clusters. Such a large sample of known fraudsters combined with sophisticated analytics makes for a powerfully predictive model.
Indeed, when we used our standard postcode look up fraud model for a leading online retailer, we detected 50pc of their fraud in the top 10pc of the postcode file (ranked from most likely to be fraudulent to least), and 80pc of frauds in the top 20pc. The model was further enhanced with their own known frauds and the upshot was that not only did they reduce the number of fraud cases, but the retailer was actually able to improve delivery times to the 80pc of customers who were considerably less likely to be fraudsters.
So, by adopting this methodology, retailers could potentially save 80pc of their customers from going through the additional verification stage. This avoids the potential drop-off that results, be it from consumer suspicion of the extra stage in the process, or simply that they’ve forgotten their password.
For even better fraud detection, fraud analytics can be applied. E-commerce platforms often contain fraud rules that use further information about the transaction, and potentially the transactor, to reject customers or mark them for further investigation, but these are deployed in ways that are neither transparent nor sophisticated. By applying fraud analytics to the key variables, more intelligent rules and processes can be derived that deliver more powerful results, leading to fewer missed sales and identifying more frauds.
The key here of course is that the more powerful model is translated into something that is simple to implement.
The good news is that some of the major high street banks are in the process of switching from Maestro to Visa Debit, which may lessen the impact of the June deadline for some. HSBC and First Direct are already replacing Maestro cards with Visa Debit, and it is rumoured that RBS is about to follow suit. This would account for the majority of UK debit cards and provide retailers with a choice as to when and how they use 3D Secure systems.
To some extent, this may be a case of ‘out of the frying pan, into the fire’ as The British Retail Consortium claims retailers will have to pay approximately 34pc more per transaction handled by Visa Debit than when processing Maestro payments. However, employing the method outlined above delivers the best of both worlds and largely avoids the bigger issue of lost sales, which is not to be sniffed at in the current market.
Clearly any opportunity to prevent fraud is welcome and fortunately further advances are taking place all of the time. For example, the recently announced Emue card emulates the effect of Chip and Pin on the high street and claims to have the power to stop CNP fraud completely.
But while such advances are in development and take up is not widespread, the use of analytical means to identify the most ‘at risk’ transactions is a good way to optimise the application of 3D Secure and other fraud defences. This is an achievable option that can make significant in-roads to preventing CNP fraud, and one with the least impact on the customer experience.
