By Andrew Reszka, Regional Head APAC
The way we make a payment has significantly changed in the last few years, and the rate of change today is accelerating. Rapid advancements in technology have created a digitally connected environment, and more and more consumers are choosing digital payment options over cash and cheques. As Australians jump on to the bandwagon of ‘contactless’ cards, online shopping and mobile payments continue to grow. In fact, the steady rise in online shopping effectively illustrates the changing payments landscape. Globally, by 2020, forecasts estimate that online shopping will have doubled since 2015 and will account for 14.6% of all retail sales. Meanwhile, in the Australian market, online spending is growing five times faster than traditional retail spending.
While there are many benefits to advances in technology, there is also a downside. The rise in online shopping has also seen a rise in online payment fraud. Card-not-present (CNP) fraud accounted for 78% of all fraud on Australian cards in 2016, the Australian Payments Network Fraud Report 2017 shows. A CNP fraud occurs when valid card details are stolen and then used to make purchases or other payments without the card, usually online or by phone. CNP transactions provide increased scope for fraud, as there is greater potential for the transaction to be facilitated by someone other than the cardholder. As a result, the significant increase in e-commerce and online transactions has corresponded with a substantial increase in payments fraud.
Payment fraud, especially for a CNP transaction, can arise from different contexts as fraudsters use a variety of techniques to illegally obtain sensitive data. These include malware and phishing attacks to capture sensitive card data or cardholder passwords, hacking merchant databases, intercepting communications systems, or even by using masking tools to bypass fraud analytics products.
CNP fraud is concerning both across the larger payments industry as well as for consumers as they are impacted by online payments transaction fraud in four important ways:
1. Consumers pay for the cost of fraud via increases in the price of goods and services purchased online
2. The inconvenience that consumers face when they have to meet the cost of the fraudulent transaction, contacting the issuer to reverse the same transaction, obtain new credit cards, etc.
3. There is a loss of confidence in issuers and payment systems
4. There is a significant risk in losing personal, sensitive data
Issuers face huge financial losses which are increased when legacy security systems are used. When CNP fraud does occur, the consumer whose information has been stolen may switch banks or stop using their credit card altogether for online purchases. Keeping in mind the rising cost of acquiring one customer, issuers are under increasing pressure to ensure their customers are protected.
Merchants, on the other hand, face the full liability of loss for fraudulent CNP transactions. This means the payment processor will charge the full value of the fraudulent purchase back to the merchant. Therefore, it is important that merchants properly understand regulatory requirements and industry best practices in order to be better equipped to navigate the complex CNP payments landscape.
There are a few steps that can be taken by merchants to mitigate CNP fraud risk:
• Maintain effective protection, especially as the business grows and expands across borders and sales channels
• Ensure that tokenisation and encryption technologies are adopted to increase payment security
• Ensure compliance with the Payment Card Data Security Standard (PCI DSS) to strengthen data security
• Utilise tools and services that will enable fraud prevention in real time, and a capability for adaptive machine learning within the transaction authorization path
The good news is that there are a number of technologies available to merchants and issuers that have the potential to mitigate future threats. A solution that helps secure online channels without placing huge demands on the merchants and consumers is what financial institutions need.