More Channels, More Payment Options, More Fraud

Payment fraud is one of the greatest threats to global commerce today, yet it remains one of the hardest to quantify and or course, prevent. That is why I found the recent webinar hosted by LexisNexis and Javelin Research to be so fascinating, yet chilling.

The 2014 LexisNexis True Cost of Fraud webinar entitled “More Channels. More Payment Options. More Fraud Schemes” is the sixth annual comprehensive research study on U.S. retail merchant fraud prepared by LexisNexis. The research study featured the results of a comprehensive survey of 1,142 risk and fraud executives from a variety of large and small merchants and 5,634 consumers serving as the potential “victims.” The research looked at number of important factors including payment channel (physical, online or mobile) and payment method (debit or credit card, online, check or virtual currency such as bitcoin or Amazon Coin) across a number of dimensions including type of merchant (mCommerce, large eCommerce, etc.) and location (domestic US or International).

From my perspective, some of the more important findings from the research includes:

• Merchants are paying more per dollar of fraud (reflecting customer service, investigation and collection expenses, etc.) in 2014 ($2.79 in 2013 to $3.08 in 2014), driven by an increase in costs associated with mobile‐channel fraud as more physical‐goods retailers begin to accept mobile payments.

• mCommerce, despite being a new payment method, is a primary driver for the rise in fees as merchants who accept mobile payments are paying $3.34 for each dollar of fraud losses compared to $2.62 for the online channel.

• Fraud loss as a % of total revenue for large eCommerce merchants rose dramatically in 2014 to 0.85% from 0.53% in 2013.

• Merchants in general are also losing a significantly higher percentage of revenue to fraud, at 0.68%, compared to 0.51% in 2013.

• Forty‐two percent of merchants who support online channels are reporting an increase in fraud.

• We should not expect to see the elimination of payment card fraud as a consequence of EMV implementation since skimmed card fraud will continue in the domestic US market until such time as the EMV roll-out is complete, a process that is likely to take several years. Furthermore, assuming a similar experience as other markets that have deployed EMV, whilst card present fraud declined, card not present fraud increased significantly.

• Verifying customer identity (authentication) remains the top challenge for International Merchants

In short, the bad news is that fraud is increasing significantly overall, with mCommerce experiencing the highest levels of fraud. So the question is, what can we do to stem the continued growth in fraud? The research makes a number of important recommendations, many of which I have long-supported, including:

• We can’t fight what we can’t see – so we need to “track fraud and its related costs by channel and payment method” allowing the industry to “invest efficiently and effectively in fraud prevention solutions.”

• Multilayer authentication - “eCommerce merchants should utilize a layered approach to fraud prevention” because “an overreliance on CVVs (Card Verification Value) and AVS (Address Verification System) fail to consider the threat of data breaches and the capabilities of fraudsters.”–The report recommends layering forms of authentication that are not based on static card account data, and identifies technologies such as geo‐location, and device identification. Biometrics should also be considered.

• Don’t be reactive, be proactive! “Becoming complacent in an age of massive data breaches is both a financial and reputational hazard. Data breaches can result in considerable costs to a merchant because of not only remediation, but also lost customers.”

In summary, if you can’t measure it, you can’t manage it, and while the report paints a fairly bleak picture regarding the current state of payment fraud, I take comfort in the knowledge that through research and education such as this, we are all taking the first step to understand and quantify fraud which will hopefully lead to the industry finally eliminating this plague. The next step is to put that education into practice now, and start aggressively building a holistic approach to multilayered payment and transaction security.

Are we ready to take that next step?