There is no devilishly craftier person than the fraudster. According to a report from FICO, despite greater efforts combating domestic fraud, Europe card fraud losses rose by 6%, both in Europe and the UK. Patrick Brusnahan speaks to Martin Warwick on the rise and what can be done to stop further losses
A persistent trend, according to FICO, is the rise of card-not-present (CNP) fraud. Counterfeit cards, the primary threat ten years ago, represent a tenth of the total plastic card fraud market in the UK and this is similar across many European countries.
The big question: Is the financial sector winning the battle against CNP fraud?
The report suggests that it might be. Using the UK as an example, CNP fraud in 1998 represented a mere 10% of total card fraud losses, but by 2008 (the last peak in UK and European card fraud) the losses had increased by approximately 24 times the 1998 figure and represented 54% of total fraud losses. In 2014, CNP fraud represented 70% of total losses. On the other hand, the losses in the UK stood at only £3m ($) more than in 2008.
Put into the context of spending changes over this period, it can be argued that UK banks and retailers have made great strides in combating CNP fraud. EMV had been fully implemented by 2006 and fraud was, not surprisingly, migrating to CNP and cross-border. E-commerce spend in the UK in 2007 was £41bn ($63.9bn) and it more than doubled to hit £91bn in 2013.
This exponential rise in online spending attracted criminals, but if CNP fraud losses had grown at the same rate as CNP spending, losses in the UK would have been close to double 2008’s figure of £328m. However, in 2014, it was a slight £3m higher at £331m, an increase of less than 1%.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataMartin Warwick, FICO’s fraud chief in Europe, the Middle East, and Africa, says: "Initially, you think the banks and the retailers are losing this fight against CNP fraud. What happened was [the banks] did drive the fraud down. A lot of work has been done, but in that time, the actual capability for people to spend on the internet was driven to £91bn in 2013. You’ve got a massive growth of everybody having digital devices that are internet-enabled and suddenly everybody is shopping online.
"I wasn’t one of those digital people, but even I shop online at Amazon. I’m probably one of the most nervous people when it comes to shopping online because I know so much about fraud and the risk of fraud."
Dynamic Authentication
Authentication of customers and their devices will need to play a larger role in combating fraud. Customers now have more devices than ever that criminals can get into and collect data to commit fraud.
In the UK alone, 11 million internet-enabled devices were received as presents at Christmas in 2013. The report states that only 44% of those people will implement internet security on those devices. Less than one in three will use complex passwords to protect the devices.
In addition, 57% of people in the UK do not check if a website is secure before making a purchase.
Warwick says: "I hate weak authentication. Somebody mentions a static password and I think that’s just an opportunity to do fraud. The banks want to give their customers the great experience when they shop. Nobody wants to buy something and be interrupted by a screen that asks you to fill in a password.
"Balancing that customer experience and making the difference in the fraud world does cause a few issues. I think the criminals jump on top of this as well."
However, being dynamic in customer authentication has many advantages, mainly making data theft less worthwhile to criminals. Good authentication, such as cryptograms, already exists in online banking, which is why it represents a mere 12% of the UK’s card fraud losses.
Evolving EU regulation, such as the recent SecuRe Pay mandate, is also bringing authentication into the limelight. Alongside industry initiatives such as tokenisation, FICO believes that advances in analytics assessing consumer behaviour will help the industry win the war against fraud across Europe.
The US adopting EMV
The US will have adopted EMV in October this year for Point of Sale, closely followed by ATM and unmanned petrol terminals in 2017. This comes at a crucial point as FICO recorded a 25% increase in cross-border fraud on debit cards in 2014, compared to 2013. More importantly, 47% of the fraudulent transactions took place in the US, due to the slow adoption of EMV in the country.
While most banks in Europe stopped using mag-stripe years ago, fraudsters are targeting any European plastic card they can get their hands on. Criminals seem to be doing as much as they can get away with before the US closes down skimming fraud.
Warwick says: "The US has always been targeted for fraud, but not at this level. If you’re a merchant, you need to get the [EMV] terminals in place and if you’re an issuer, you have to get all of the cards out there. There’s a struggle to get everything in place so people don’t lose out. It happened in the UK, it happened in Europe, and it’s going to happen in the US.
"What we’ve noticed is that there’s a massive drive from criminals to compromise US cards in their own right. Not only are they compromising US card, but UK cards also. The US just seems to be that spike, that’s where the criminals are doing it. They’re doing the fraud anyway; they might as well add European cards on top of that."
Warwick concludes: "The next stage is making authentication stronger and moving towards dynamic security. The problem is that you can only do it within your own border, which makes it a migration issue. When the UK stopped all the fraud in 2008, it migrated across Europe and attacked the other countries. The fraud went up in those countries and yet, in the UK, it dropped."