How payments fraud is becoming more complex—and expensive

October 2, 2019 10:41 AM

Recent reports that counterfeit card fraud is markedly down in the U.S. since the introduction of EMV chip cards in 2015 is fantastic news, except for retailers that also sell goods sells online. In that case fraud has merely moved from an in-store payment attempt to a card not present (CNP) one. For e-commerce only stores the rise in payments fraud attempts has been a deluge.

According to data from Visa as of June 2019 there were over 3.7 million merchant locations that accepted EMV cards, up almost 10 fold from September 2015, representing about 80% of U.S. storefronts. This shift to EMV has allowed merchants who have completed the chip upgrade to see an 87% drop in counterfeit card-related fraud dollar losses between September 2015 to March 2019.

While some thieves have moved to online channels due to the advent of EMV, others have not because they have just gotten smarter. Thieves are now applying for and receiving real credit cards with active EMV chips from banks. They are able to obtain real cards by creating synthetic identities that combine real social security numbers with fake ages and addresses. In doing so, thieves can obtain legitimate payment cards and continue to defraud banks, merchants, and the consumers whose identities they steal thereby making fraud prevention a more complex and costly problem to solve.

The media often reports on just the dollar losses a bank issuer or merchant suffers at the hands of a fraudster such as the value of the merchandise stolen when in reality the total associated costs are much greater. According to a LexisNexis Risk Solutions’ recent 2019 True Cost of Fraud study retailers spend an incremental amount of money related to fraud which it calls the “LexisNexis Fraud Multiplier.” These are expenses related to each dollar of fraud incurred which includes chargebacks, fees, merchandise redistribution, labor/investigation, legal prosecution and IT/software security.

In 2019 each dollar of fraud suffered by a retailer cost an incremental $3.13 in fraud related expenses. This is up 6.5% from 2018 and up over 30% since 2016 demonstrating that the cost to fight fraud and recover from it is becoming increasingly expensive.

“This is our tenth year of the study and we are seeing unprecedented volumes of fraud attacks. While the magnitude of these fraud attacks is surprising, what may be more surprising or concerning is the limited adoption of those solutions shown in our study to lower an organization’s cost of fraud and successful fraud attempts such as digital identity intelligence, behavioral biometrics, identity authentication and automated transaction scoring,” commented Kimberly Sutherland, vice president of fraud and identity management strategy at LexisNexis Risk Solutions.

Fraud committed using authentic payment cards, checks, bank transfers, etc., are a major source of attacks for many types of retailers, especially ones that focus on e-commerce. Based on data from the LexisNexis Risk Solutions’ 2019 True Cost of Fraud study 86% of fraud losses suffered by mid-to-large e-commerce retailers with digital goods was as a result of payments made through friendly (1^st party) and synthetic ID accounts.

“Reports of synthetic identity fraud are growing in the U.S. and even neighboring countries like Canada, as businesses often associate this type of fraud with the magnitude of incomplete consumer data available from data breaches. Rather than relying on identity theft and account takeovers, fraudsters continue to find success in the difficulty of detecting the creation of synthetic identities that may use a combination of real and fictitious data,” added Sutherland.

In the case of “friendlies” these are real people with legitimate accounts, a type of attack that is is almost impossible to stop since transactions are conducted with the assumption that the consumer will pay. Synthetic IDs are created by fraudsters to obtain legitimate bank cards and checks for the purpose of committing a crime. Since their payment accounts are authentic and not stolen, retailers need to use more complex software and verification methods to ferret out these criminals.

Despite the significant efforts being made by the financial services industry, risk and fraud mitigation vendors and the global law enforcement community merchants are reporting that their fraud losses have risen in the past year. According to an Experian blog which highlighted its 2019 Global Identity and Fraud report which surveyed 1,000 businesses in 21 countries over half of businesses reported that their fraud losses had grown in the past 12 months compared to a year earlier. Additionally, one-quarter (27%) of businesses stated that losses had stayed the same over the same time period.

“The dark market is full of criminals selling real data that others are buying for the purposes of committing fraud and it’s only getting worse as we have more breaches and synthetic identities are being created,” stated Tim Yunusov, head of banking systems security at Positive Technologies, a digital security firm offering solution to combat cyber threats.