Fraudsters are flying high on card-not-present fraud attacks, which are estimated to result in $200 billion in losses by 2025. Banks need a strong card-not-present (CNP) fraud prevention strategy to help keep eCommerce safe for customers and their bottom lines.
What is Card-Not-Present Fraud?
Card-not-present fraud is a sneaky crime where criminals use stolen card information to make unauthorized purchases online, by mail, or over the phone. By collecting stolen credit or debit card information, including CVV numbers), fraudsters do not need a physical card nor present one to a merchant for verification to buy goods or services.
CNP fraud is a significant concern in today’s digital world, where online shopping reigns supreme. Customers no longer have a real-life person to physically check their card at the point of sale, meaning criminals can make illicit and illegal purchases without disruption.
The State of CNP Fraud
As customers shop increasingly online, card-not-present fraud is expected to rise sharply. Recent data shows that 57% of customers said they did more than half of their shopping online following the pandemic, a large jump from the 31% who said the same thing before the pandemic.
Losses from eCommerce-based CNP fraud are expected to reach a staggering $200 billion by 2025. The trend is being observed in multiple global markets. For example, CNP fraud accounts for the highest share of unauthorized fraud losses in the UK at £395.7 million. Meanwhile, Latin America has seen some of the highest rates of CNP fraud transactions since 2020.
The rate of CNP fraud soared due to the exponential rise of online shopping during the pandemic, mixed with efforts to serve unbanked and underbanked populations. Banks need card-not-present fraud prevention solutions to keep their customers safe while protecting themselves from lost revenue due to chargebacks.
How Card-Not-Present Fraud Prevention Addresses Key CNP Challenges
Here are the three factors driving CNP fraud, plus four solutions for banks to implement card-not-present fraud solutions.
Challenge 1: Fraudsters are undeterred by failure
One of digital banking’s top selling points is how easy it is for consumers to access and transact. Fraudsters are also flocking to the digital banking arena for the same benefits—although for more sinister reasons.
Digital banking has made it easier for fraudsters to commit transaction fraud at scale while facing few consequences. Fraudsters can obtain credit card or debit card information – including credit card numbers, CVVs, and billing addresses – under false pretenses or purchase stolen credentials on the dark web.
What’s most troubling is the speed at which fraudsters can operate in the digital banking environment. Fraudsters can make hundreds of CNP fraud attempts in very little time, putting in little effort and gaining considerable rewards. Even if they only succeed two or three times, they yield significant benefits with few, if any, consequences from law enforcement.
Fraudsters have a wealth of CNP schemes available to them and aren’t discouraged by failure. That’s a dangerously potent combination for financial institutions (FIs) to address.
Solution: Employ Customer Segmentation
A one-size-fits-all approach to fighting fraud adds unnecessary friction for legitimate customers and risks driving them to another FI. Segmentation solutions can ensure that FIs employ different monitoring methods for different types of customers.
Customer segmentation can define customers within an established risk profile. For example, you can split risk profiles into high, medium, or low risk based on how much they typically spend regularly. Every bank should segment clients based on its own risk appetite, products and services, and the type of customers it serves.
Segmentation considers a customer’s industry, spending patterns, history, and profession to establish their level of risk. By understanding how much a customer normally spends per month, banks can more accurately flag unusual patterns as signs of a CNP attack.
Problem #2: New payment schemes enable faster CNP transaction fraud
The speed of payments also works in fraudsters’ favor. Instant payment schemes and new payment types launched in many regions enable fraudsters to make faster transfers. In LATAM, this includes PIX and Boleto Bancário in Brazil, Cobro Digital (CoDi) in Mexico, Transfers Now and ACH Colombia in Colombia, and Yape in Peru.
The US recently launched FedNow, the nation’s real-time payment system. Meanwhile, Canada has its Real-Time Rail payment system, Australia has NPP, the UK has Faster Payments Service, and Hong Kong has TME-1.
The rise of faster payment systems worldwide enables fraudsters to move money faster than ever. What’s more, they can easily sidestep common card-present transaction restrictions. These systems have made CNP transaction fraud more accessible and given scammers more avenues to monetize their activities.
Solution: Implement Behavioral Biometrics or 2FA
Latin America is home to one of the largest unbanked populations in the world. Recent data found that 122 million adults in the region lacked access to a bank account.
Smartphones help fill this gap by bringing more consumers into the digital banking environment and boosting financial inclusion. In Brazil, for example, 155 million adults have access to smartphones as of 2023.
Given the high market penetration of smartphones and the constant threat of fraud, banks should work to implement tools like biometric solutions (like fingerprint scans or facial recognition) and two-factor authentication (2FA) to help keep their customers safe. Implementing these solutions will add a layer of friction to the online banking experience.
Some laptops and desktop computers offer biometric technologies like fingerprint or facial recognition. The most common biometric and 2FA technology is available on phones, allowing customers to log into their accounts using fingerprint readers or facial recognition. Users can quickly receive 2FA codes to transact on services like PIX in Brazil or MB WAY in Portugal.
However, the prevalence of smartphones among the population means consumers are likely to accept the new measures quickly – and may even feel more comfortable with their banking experiences. In other words, this mild level of friction will ultimately prove reassuring to customers.
Problem #3: New payment types vulnerable to fraud
The ease of use of many of the aforementioned new payment types creates another opening for fraudsters to exploit. Many payment methods launched in LATAM, like Brazil’s Boleto Bancário, use personally identifiable information (PII) like mobile phone numbers or email addresses to complete transactions or provide access to accounts.
While these authentication methods are designed to simplify digital banking and eCommerce, fraudsters can exploit them to commit CNP fraud. If a fraudster learns a consumer’s PII, they can easily breach the consumer’s account. This is a very real threat in Latin America, where recent data named Brazil and Chile as having the highest risks for fraud worldwide.
Authentication methods for these new payment types (mobile phone numbers and email addresses) are also payment methods. If fraudsters can crack one method, they can easily crack the other.
Solution: Utilize AI-enabled transaction monitoring solutions
As new customers join the digital banking environment, banks must monitor how exactly they transact. Machine learning systems can help banks track how often customers transact and the types of activities they engage in.
Banks can better understand if a customer’s recent activities are cause for concern using solutions that can access data from disparate sources. These solutions can review disparate data and highlight customer activities linked to suspicious entities. Monitoring these kinds of activities can help banks keep their organizations fraud-free.
LATAM: A Perfect Storm for CNP Fraud
These three factors create a perfect storm for CNP fraud to accelerate globally, particularly in the LATAM region. This means LATAM bank customers face a higher risk of fraud. Add the expansion of faster payment schemes in the region, and fraud is poised to increase and accelerate.
FIs should note that there is a precedent for fraud to increase when new faster payment schemes go online. In the UK, for example, online fraud increased by 132% following the launch of the UK’s Faster Payment System in 2008.
Banks Need a Robust Card-Not-Present Fraud Prevention Strategy
The fraud challenges that banks face today will eventually morph into new challenges in the future. Having a specific solution to address CNP fraud will be outdated once fraudsters find new weaknesses.
Banks should invest in flexible card-not-present fraud prevention systems that can both respond to the fraud challenges they face today and emerging ones. The experiences of other markets that have launched instant payment schemes can help banks prepare for these inevitable challenges.
Share this article:
Joel Carvalhais
With over 12 years of experience in risk strategy and operations, Joel excels in defining risk prevention strategies and managing fraud on a day-to-day basis. His expertise spans banking, acquiring, eCommerce, payments, and ethical hacking. Joel is passionate about working in the risk area, driven by the thrill of identifying abnormal behaviors and catching fraudsters. Currently, he works in Product to channel his experience into delivering top-notch products with the most helpful features. His goal is to become an integral part of our customers' toolkit, providing not only insights but also essential tools.
Related Posts
0 Comments4 Minutes
Feedzai’s AI Technology Earns Industry Recognition by Chartis
Feedzai, the world’s first RiskOps platform, has secured a pair of critical recognitions…
0 Comments6 Minutes
10 Fraud Prevention Tips for Businesses
Hopefully, you’ve had a chance to read Feedzai’s James Hunt’s insightful conversation…
0 Comments7 Minutes
Beyond the Face: Why Vietnam’s Banks Need Behavioral Biometrics to Fight the Rising Tide of Fraud
Financial transactions are increasingly virtual in today’s digital age, making fraud…