If a data breach is a sprint — where a fraudster grabs as much data as he or she can, as quickly as possible, in an effort to maximize ill-gotten gains — the fight against fraud is a marathon.
A marathon that never ends.
Fraud varies country to country, region to region. Just as payment methods are varied, so too are the ways that people pay, and whether, given a certain locale, they prefer paper (cash) over plastic (via mag stripe or chip card), or mobile over interactions with the cashier — these differences color fraud as well.
Europe may offer a tell on the fraud to come. As has been widely noted, the region has paved the way for the adoption of EMV, and its embrace by merchants in the EU, mandated though it has been, has steered hackers and criminals to online methods of siphoning funds from consumers and cheating companies. European countries led the adoption of EMV, with 86 percent of cards and 99 percent of transactions complying with EMV rules. By way of contrast, only 51 percent of cards in the United States are chip cards, and only 20 percent of transactions go by way of EMV mandates.
No mag strips, and so … when it comes to fraud, no swipe, no sweat?
In a recent whitepaper by TSYS, research revealed some rather troubling news: Europe remains a leading indicator of the less-desired sort, a harbinger of fraud battles to come here in the United States. The data shows that overall, gross reported fraud was up to €154 million, up 25 percent from the year before. Of more than half a dozen types of fraud, ranging from stolen cards to counterfeiting, card-not-present (CNP) fraud remained the dominant conduit to fraud losses, at 80 percent of the tally.
And in looking across the pond at the EU, CNP fraud leads the way, with numbers stretching from a low of a “mere” 75 percent to a high of 82 percent, depending on the country, and the average stood at 79 percent.
Amid the things to note about fraud as it is done in European nations:
- Credit where it is (not) due: TSYS noted that one recent development that bears watching centers on the fact that application fraud as a percentage of overall fraudulent activity doubled between 2015 and 2016. This may be the toughest fraud to do battle against, as once someone gains access to credit, transactions are not recoverable. The numbers are rather small as measured by percent of transactions, but the impact can be outsized. In the United Kingdom, application fraud is 6 percent of the total; in other countries, such as Italy and Switzerland, the tallies stand at 1 percent or less.
- Looking toward the New World: TSYS found that the United States is “the leading recipient” of fraudulent transactions from countries as diverse as Germany and the Netherlands, with as much as 22 percent of fraudulent payments headed to the States. That may make sense, said TSYS, when one considers that many larger retailers and merchants make their home in North America. For other nations, conversely, including Italy and the United Kingdom, 27 percent and 20 percent of “bad” transactions are done domestically.
- Fraud likes to go on vacation: OK, it doesn’t really, and as we noted above, online fraud, and the battle against it, are constants, seen 24/7/365. The fact remains, though, that among the top merchant types that are targeted by fraudsters, travel agencies and tour operators dominate, as do hotels and resorts. The method of choice for “getting away with it” can be traced to eCommerce primary account numbers (or PAN) entry, which TSYS found accounted for more than half of transactions.
- PSD2 no panacea: Card issuers and financial firms are girding for 2018, when third-party providers (Google and others) will be among the choices consumers can use for bill payment and the like through APIs. There are technological requirements to be satisfied, to be sure, but as always, regulation tends to make things more complex and for issuers and others, TSYS warns that the bad guys now have a new “entry point for fraud.”