Card fraud rises across Europe - ECB

Does anyone know how the actual loss is distributed between cardholders, issuers, acquirers and merchants? I assume the merchants take the biggest hit for CNP due to not using enough fraud protection and getting chargebacks.

Does anyone how much extra revenues merchants gained by not being overzealous about security, causing too much friction and suffering from shopping cart abandonment?

Mitigating Fraud Does Not Pay The Bills

Although just 2% transactions were acquired outside SEPA they accounted for 22% of all fraud. Although EMV conversion may help, I don't believe that's all that needs to be addressed.

Sorry to be looking at data that is a year old though ..

The Stripe approach seems to be quite successful and a good balance between security and convenience. Is this the recommended method to prevent fraud while keeping revenue for CNP transactions?

https://support.stripe.com/questions/does-stripe-support-3d-secure-verified-by-visa-mastercard-securecode

@Adam - I can see where Stripe are coming from with that but I think there is something quite missing from their answer there - liability shift. If fraud occurs and the merchant used 3DSecure then the liability for the fraud switches away from the merchant onto the consumers card issuer bank (e.g. by authenticating the transaction with 3DSecure, the card issuing bank is directly saying it is 'ok' to proceed). CVV/AVS check does not provide liability shift so presumably if using Stripe, merchants are liable and take the losses/fines from any Fraud?

As a general comment on this article, any idea why we are looking at 2013 data rather than anything more recent?

N.B. I'm not advocating that 3DSecure usage would result in a better deal for the merchant given the negative impact on conversion for which Stripe have a fair point but liability shift should be part of the conversation

@AdamN: TY for sharing this Stripe link. I've added it as a comment below my post. I'm glad that I'm not the only one harping about how the push for greater security can result in lost revenues. Well before Stripe, other PSPs have advocated CVV / AVS checks as a tradeoff between security and convenience. Just that regulators in some countries (e.g. India) pushed ahead with 3DS and stuck to their stand despite receiving feedback about loss of revenues caused by 3DS friction whereas regulators in some other countries (e.g. USA) didn't. In extreme cases, the Indian regulator actually went on record saying "security first, convenience later". There are examples of SaaS and ecommerce companies who relocated outside India just to avoid the burden of 2FA / 3DS.

@JamesBell: I know you're stating the "party line" but banks have as much to lose (interchange fees) due to friction as merchants (revenues), so I'd support merchants if they made a case for shared liability when 3DS is absent. On a side note, I've often wondered the same thing about lack of recent fraud data as you.

Haha I wasn't meaning to tow the party line, was just meaning to point out its another thing in the consideration of 3DS on top of Stripes FAQ. Personally I am no fan of 3DS however the 'passive' 3DS does not intercede on the UX as much (it only challenges if it considers it risky)

Mobile wallets will only increase avenues and scope for this menance of CNP Fraud increasingly and disrupting the entire philosophy of the mobile wallet. It is believed  globally only 4% of these alerts are actually looked at by banks. Others choose to write it off because of (1) Volumes (2) transcation value (3) Cost of chargeback which unfortunately still manual