Combatting CNP fraud

cnythzl/Getty Images/iStockphoto

Combatting CNP Fraud with Data Intelligence
EMV 3-D Secure aims to reduce card-not-present (CNP) fraud and false declines to enable a frictionless customer experience for online shoppers

E-commerce continues to grow at an astounding rate—and so does online fraud. Billions of dollars are lost to CNP fraud each year, and the numbers keep rising. In the next five years, merchants are expected to lose upwards of $71 billion. According to Javelin Research, CNP now accounts for 81% of total fraud losses.^[1]

Issuers have implemented fraud detection tools to combat CNP fraud with varying degrees of success. But a number of these solutions can negatively impact legitimate customers. For example, some solutions unnecessarily require genuine customers to undergo multiple authentication requests, despite there being enough information at the time of the transaction to distinguish whether it’s fraudulent or not.

For merchants, the false declines mean lost sales, frustrated customers, increased call volumes, and mounting costs. In fact, false declines can often cost merchants even more than CNP fraud. Aite Group estimates that false declines for payment card transactions will exceed $330 billion in 2018.^[2]

Welcome to EMV 3-D Secure

In the same way that chip cards were needed to reduce fraud at the point of sale, combatting CNP fraud requires a more modern authentication protocol. That protocol is EMV 3-D Secure (EMV 3DS). This next-generation industry standard was recently finalized by EMVCo, the global body that manages the chip card specification. EMV 3DS should be widely accepted in 2019, and CA Technologies has already processed the first EMV 3DS transactions in a live production environment.

EMV 3DS is a complete overhaul of the original EMV protocol in that it, among other things, allows risk-based authentication to verify the customer—only asking for additional authentication if the risk assessment deems the transaction suspicious.

“EMV 3DS provides significant improvements to the legacy 3DS solution which are expected to increase authorization rates, improve the customer experience, and reduce CNP fraud,” says Julie Conroy, research director for Aite Group’s Retail Banking practice.

Data-Driven Fraud Reduction

Data is the key to fraud detection. The more that issuers and merchants know about the transaction, the better able they are to identify transactions that are suspicious and more confidently approve or decline a transaction and ask for additional authentication only when necessary.

Compared to the original 3DS protocol, EMV 3DS supports up to 10 times more data fields, including payment history, merchant category, and shipping and billing address comparisons.

This additional data also expands the foundation for innovative data science and allows merchants and issuers to collaborate and make better decisions. By applying innovative data analytics, these additional data fields can feed more information into the risk scoring models to better identify fraud and thereby help decrease fraud losses, but also significantly reduce false declines.

Merchants in the Driver’s Seat

Merchants can rely on the issuer’s decision—which shifts liability to the issuer—or they can use EMV 3DS in non-challenge mode, using their own decision making/programming models to make allow/deny/step-up decisions. EMV 3DS supports strong authentication at the merchant’s discretion. This additional authentication does not have to be intrusive. For instance, merchants can use dynamic authentication such as push notifications, one-time passcodes (OTP) sent via email, or biometrics such as facial and fingerprint recognition.

Not only does this improve the customer experience—particularly on mobile devices with small screens—it also simplifies compliance with regulations like the European Banking Authority’s (EBA’s) revised Payment Service Directive (PSD2).

Reduced Fraud for Mobile and In-App Purchases

The mobile experience is hugely important. According to Pew Research, more than nine-in-ten millennials and 85% of Gen Xers own smartphones.^[3] As a result, shopping on mobile devices—and mobile fraud—has increased, whether in-app or mobile purchases. More than one-third (35%) of successful fraudulent transactions among large merchants occur on the mobile channel.

It’s critical that merchants control fraud—but it’s also critical that customers have a good shopping experience regardless if they tap or swipe to pay or open an app on their phone. EMV 3DS supports both mobile and in-app purchases.

Combatting Fraud…on the Merchant’s Terms

Reducing fraud and protecting the customer’s shopping experience are not mutually exclusive. Merchants can still deliver the customer shopping experience they want, but with fewer declines, less transaction abandonment, and lower chargeback costs. But EMV 3DS also allow merchants to set the rules based on customer insights combined with their business model and risk tolerance.

About CA Technologies
CA Technologies, a Broadcom company, is an industry leader in payment and identity fraud prevention, with friction-free transaction authentication powered by patented artificial intelligence. As a pioneer in data analytics for online fraud, CA delivers a unique 360-degree view of transactions for issuers, processors, and merchants, across all payment schemes. Learn more at ca.com/merchants

^{[1] https://www.javelinstrategy.com/coverage-area/2018-identity-fraud-fraud-enters-new-era-complexity#
[2] https://www.thepaypers.com/thought-leader-insights/yesterday-it-was-fraud-today-it-s-false-declines-collaboration-s-latest-challenge/772089
[3] http://www.pewresearch.org/fact-tank/2018/05/02/millennials-stand-out-for-their-technology-use-but-older-generations-also-embrace-digital-life/}