Retailers Must Adjust to Fraud's Faster Pace

In today’s fast-paced, digital age, when smartphones are “outdated” six months after they’re released, nothing stays the same for long, and that includes payments fraud.

Fraudsters have been busy adopting new techniques and adapting old ones to take advantage of weaknesses in payments systems. Credit cards and debit cards have become especially vulnerable. While checks remained the top payments vehicle for fraud in 2013, credit and debit card fraud jumped 48% compared to 2012, according to the 2014 AFP Payments Fraud and Control Survey.

What’s new in payments fraud? What’s ahead? Here’s a look at three ways that fraud is evolving—and how retailers can protect themselves.

Skimming.Thieves have been using card skimmers for years. The small electronic devices attach to credit card machines at ATMs, stores, gas pumps and other locations and gather account information, including PINs and CVV numbers. The stolen numbers are then used to make purchases or sold on the black market.

In recent years, skimmers have gotten even more sophisticated. Some thieves are using undetectable hidden cameras to record PIN numbers or placing phony keypads over real ones to record keystrokes. Sometimes, they’ll use Bluetooth technology to transfer and capture the information in real time, eliminating the risk involved in retrieving skimming devices.

Fortunately, the rollout of EMV in the United States will help combat skimming-related fraud. Unlike magnetic stripe cards, most EMV cards are “dipped” in machines, not swiped, and the chip-and-pin technology they contain makes it difficult for thieves to counterfeit cards based on stolen information.

After EMV was rolled out in the United Kingdom, card counterfeit fraud dropped 30% over the next 10 years. Skimming hasn’t been eliminated in countries where EMV has been widely adopted (U.K. fraudsters have begun exploiting weaknesses in POS terminals and shoddy algorithms) but retailers should expect to see a significant reduction in skimming-related fraud once EMV is fully rolled out in the United States.

Fast fraud. Unfortunately, while EMV adoption will significantly reduce skimming and other point-of-sale fraud schemes, it will likely lead to an increase in card-not-present scams, or “fast fraud.”

With fast fraud, scammers exploit weaknesses in online and mobile commerce security to steal digital goods—like e-books and music downloads—which can then be easily resold on the secondary market.

It’s a trend that has higher costs for retailers: every dollar lost to fraud in 2014 cost merchants $2.79, but every dollar lost to online fraud cost $3.10, according to a study from Lexis Nexus and Javelin. And things are only going to get worse. Card-not-present, or CNP, fraud in the United Kingdom rose 79% in the first three years after EMV adoption.

In the coming years, it’s expected that fraudsters will increasingly focus on goods and services that they can quickly monetize, especially digital gift cards and e-tickets to events.

Data breaches.An offshoot of fast fraud, data breaches have become a growing problem for organizations. The number of reported data breaches in the United States in 2014 hit a record high of 783, according to the Identity Theft Resource Center. That’s a 27.5% increase over the number of breaches recorded in 2013.

Similar to fast fraud, data breaches occur when fraudsters take advantage of weaknesses in online security systems, but the costs of a data breach—both monetary and reputational—can be much higher. In 2014, the average organization spent $1.6 million following a breach on response costs, such as legal and consulting fees and identity protection services for victims, according to a study by the Ponemon Institute. Additionally, the average organization loses another $3.2 million-worth of business following a breach due to abnormal customer turnover, reputational loss, diminished goodwill, and the increased customer acquisition activities that are often required.

With skimming scams on the decline and fast fraud and data breaches on the rise, how can retailers protect themselves? Combatting evolving fraud trends will require a new approach to payments security.

Many traditional systems are built to combat old fraud threats, when scammers used to target physical goods. Because orders took a few days to process and because physical addresses were associated with the shipments, these solutions had the time and the information they needed to spot and stop suspicious payments.

Those traditional prevention systems don’t work against fast fraud and data breaches, though. Fraudsters can quickly obtain digital goods and services as well as customer data, delivered digitally and instantaneously with no address requirement, and reap the financial benefits right away. Stolen digital goods and data can be re-sold extremely quickly on secondary markets.

Adopting a secure payments solution, one geared toward dealing with digital transactions, is key. Most retailers will be unable to build a competent in-house solution without pouring a lot of time, money and staff into the effort. For many, the ideal solution will mean partnering with a third-party provider, which can be anything from a do-it-yourself software program to a full-service payments platform.

Whatever route a retailer chooses, fraud is evolving, and transaction security must evolve with it. Choosing the right payments solution can help retailers thrive in today’s fast fraud ecosystem and better prepare for whatever comes next.

Chris Uriarte is chief payments officer for the Vesta Corporation.