This movement has occurred as the importance and popularity of “always on” online commerce has increased. As the internet takes a larger role in the global economy, online payments grow alongside it.
" In recent years, consumers (and the merchants serving them) have placed significantly more emphasis on convenience over security."
Lance Blockley, Managing Director – Consulting at RFi Group
Households are directing a greater portion of their payments online, whether for shopping, booking travel or paying bills. Indeed, global eCommerce sales are reported to have reached $US1.5 trillion in 2014, an increase of 20.1 per cent over the prior year, with forecasts of $US2.0 trillion in 2016.
The vast majority of this purchasing is paid for using cards, meaning cardholders across the world are regularly entering their 16- or 15-digit card numbers into computers and mobile phones - at an increasing rate.
These “card not present” (CNP) transactions are more vulnerable to payment fraud than face-to-face transactions. Sixty six per cent of card fraud in the Single Euro Payments Area is now associated with CNP transactions. This is primarily online payments - totalling €958 million in fraud losses in 2013, up 20.6 per cent on the previous year and the only fraud category showing an increase.
Global losses to CNP fraud are estimated at over $US6.2 billion for 2014, not including related insurance costs. Based on published figures and industry estimates it appears CNP fraud is running at around 0.2 per cent to 0.25 per cent of CNP sales value in the West.
The United States stands out with its much lower CNP fraud rate, but this appears to be due to the ease with which Card Present (CP) fraud can be conducted in the USA compared with other countries – not that CNP fraud is harder there.
The US is unique as the major remaining market that has only just started the transition towards the mass issuance of more secure, chip-based EMV cards. CP fraud, made up mainly of counterfeit and skimming fraud of mag-stripe cards, continues to account for over 50 per cent of total US card fraud as of 2014.
It is expected as EMV issuance ramps up in the US, CP (especially counterfeit and skimming) fraud rates will decline as criminals switch to the newest low-hanging fruit.
In nearly all countries, CNP fraud rates are significantly higher for a domestic card used on an overseas website than for a domestic card on a domestic websites (in fact the offshore rate is 15 times higher than the domestic for Australian cards, in terms of bps).
The fraudsters clearly understand that they are safer to be out of jurisdiction when using the stolen card details and can also choose websites and markets where stronger authentication measures have yet to be deployed.
As the crooks move to focus on CNP transactions, online merchants can no longer write off fraud as something that only happens to others. Research by TeleSign and RSA in December 2014 found just 11 per cent of US companies have not recorded fraudulent incidents in the past 12 months.