Online retail fraud is projected to rise by 30 percent for the holiday shopping season.
ACI Worldwide, whose software processes $13 trillion each day in payments and securities transactions for more than 300 leading global retailers and 18 of the top 20 banks worldwide, expects significant increase in card-not-present fraud attempts over 2014. ACI’s data shows that fraud rates by volume have increased in 2015, with one out of 86 transactions constituting a fraudulent attempt, compared with one out of 114 transactions last year. Attempts by volume have grown by 30 percent compared with last year as consumers shop with more devices online. Further the shift to more secure EMV chip cards is expected to divert fraudsters to e-commerce channels, ACI said.
Michael Grillo, director and marketing line leader at ACI, said, “Research shows this is an interesting time for merchants and retailers. In general, here in the U.S., EMV [chips] and the liability shift has a lot of retailers still not ready, or won’t be ready, in time for the holiday season, and the bad guys will try to take advantage of the market place confusion.”
Grillo said 30 percent of the large retailers are expected to be ready to accept and process EMV transactions, but noted that while many others may have the equipment on hand, they haven’t yet received the certification required to process EMV transactions. With more consumers shopping online, many are also hurting themselves by not taking advantage of security protocols on their devices, such as leaving their smartphones unlocked, Grillo said.
That’s not to say merchants aren’t focused on keeping data secure during a transaction. Grillo said retailers have worked on point-to-point encryption for when data moves electronically from place to place since the high-profile, brick-and-mortar breaches at Target and Neiman Marcus in 2013. That means crooks will be looking elsewhere to attack.
“Fraudsters will exploit the weakest link,” Grillo said, noting that card-not-present is why online shopping could be most vulnerable during 2015’s holiday season.
Grillo said fraud prevention solutions that merchants can tap into include capturing “transaction information about consumers, such as device identification and IP addresses for tablets, smartphones and laptops. Over time, merchants can build profiles of users,” he said, noting that a new device ID or IP address from a different location could be used to flag possible unauthorized orders when monitoring card-not-present transactions.
ACI identified two possible new paths to fraud in 2015: Digital downloads of virtual gift cards, which have a 9.6 percent fraud rate, and buy online and pick up in-store, where attempted fraud rates is projected to increase by 28 percent this holiday season.
According to ACI, one major reason for the jump in fraud attempts for when pick up is in-store is because retailers generally do not require consumers to re-run cards when they pick up products.
According to Grillo, the reason is that merchants continue to try to make shopping from them more convenient and frictionless. Currently, consumers generally only need to provide a code sent via e-mail that is used for picking up an order in a store, even though crooks could reroute the e-mail to a different address in order to intercept the code for use in picking up an order in-store.
“Once merchants start asking customers to rerun a card to show more information, that will create more friction with the customer experience. But if merchandise goes out the door and merchants later find out they’re not going to the right people, [the retailers] may rethink the strategy,” he said.