Card not present (CNP) debit transactions are growing swiftly during the pandemic as many consumers limit their in-store shopping and leverage services such as curbside grocery pickup, meal delivery apps and online retail to meet their needs while social distancing. Merchants and financial institutions (FIs) that had previously witnessed strong card-present purchasing flows must, therefore, cater to CNP shopping trends.
This shift entails substantial strategy changes, as sellers and card issuers alike must ensure that they are addressing the unique security and fraud concerns that CNP transactions entail. This month’s Deep Dive examines the fraud risks inherent in CNP purchases as well as how merchants and FIs work to combat them.
The Rise Of CNP Purchasing
The pandemic has pushed more shoppers to leverage CNP transactions, especially as many go online to acquire goods they formerly purchased in stores or spend more on digital services. This latter trend is illustrated by more consumer interest in offerings like video game downloads and streaming TV subscriptions as individuals seek entertainment while spending time at home. Such new purchasing habits may be contributing to the rise of CNP transactions, which represented 27 percent of prepandemic debit payments but now account for 40 percent of them.
A recent survey also reflected the growing interest in CNP purchasing methods, finding that 64.9 percent of FI respondents are observing their customers making more of these transactions. It also revealed that 48.7 percent of FIs reported an increase in debit transactions, while a similar portion reported a decline in credit-based payments. This suggests that much of the elevated CNP activity is being conducted via debit.
Fending Off CNP Fraudsters
Merchants and FIs must adjust their security strategies to fit consumers’ new CNP debit purchasing preferences, yet preventing payment fraud that targets such methods requires different approaches from those used to protect card-present transactions. Merchants conducting in-store purchases can examine consumers’ physical debit cards to determine their legitimacy as well as ask customers to enter PINs or provide signatures to verify ownership. Retailers cannot utilize these security measures for orders placed online, but various other tools can help.
Online merchants and their payment processors must secure customers’ debit card data during checkout to prevent hackers from seizing and using or selling the details. One method that enables them to do so is tokenization, in which randomly generated codes — rather than actual card details — are transmitted during transactions. These codes can be used just once and authorize only specific purchases, which prevents them from being exploited if fraudsters steal them.
Issuers can also detect potential debit card thieves by collaborating with consumers to implement stricter security controls, such as limits on the value of card purchases that can be approved. Banks can also ask customers to supply phone numbers and then text them to confirm suspicious-seeming transactions.
3D Secure 2.0
Some eTailers looking to upgrade their CNP protections may adopt 3D Secure 2.0 protocol. This security measure sees card issuers collect and evaluate various data points on customers who are attempting to make transactions, helping the FIs better determine whether purchases could be fraudulent. Issuers that believe transactions are suspicious can then prompt potential consumers to follow links to secure webpages where they must enter one-time passcodes or undergo biometric authentication to verify their identities.
Retailers were lukewarm on the original version of 3D Secure, with many complaining that card issuers were often too cautious and rejected legitimate transactions. Some also argued that prompting certain consumers to visit separate webpages and enter more details added frictions that led to cart abandonment. A new version of the protocol came out in 2019, however, and is intended to result in fewer false positives as well as work more smoothly with mobile-conducted eCommerce.
Facing Friendly Fraud
The 3D Secure 2.0 protocol may also help merchants fight another painful form of fraud: false chargebacks. Cardholders sometimes reject transactions on their billing statements and ask their banks to refund them by extracting the money from merchants — a process known as “chargebacks.” This protection measure is intended to reassure customers that they have recourse if thieves steal their card data and use it online. Still, some shoppers either deliberately or mistakenly make inaccurate chargeback claims. These consumers may forget that they had made purchases, did not recognize billers’ names or maliciously attempt to avoid paying for orders.
Retailers can try to fight unwarranted claims, but they often struggle to provide sufficient evidence for their assertions or face difficulty determining whether the claims are legitimate. Thirty-one percent of merchants said in 2019 that identifying false chargebacks was the greatest difficulty they faced in managing friendly fraud, while 29 percent said they struggled to contest consumers’ claims.
The losses retailers suffer from unwarranted chargebacks could be reduced by 3D Secure 2.0; however, because card issuers receive many details about the transactions in question and can use this information to understand the situation better. More-informed FIs may be better able to determine whether contested transactions match consumers’ normal purchasing behaviors — which might indicate the chargeback is due to customers forgetting the transactions — or are abnormal and likely conducted by fraudsters.
The pandemic is spurring more customers to take their shopping online, and consumers who have formed new CNP purchasing habits could continue to use these methods long after the health crisis has ended. Merchants and FIs must, therefore, be ready to cater to customers’ increasing demands for CNP debit transactions while keeping them secure.