CNP fraud worse than figures show

Chip and Pin allows fraudsters to fleece consumers

Dinah Greek, Computeract!ve 23 Apr 2008

Credit not present (CNP) fraud is far higher than official figures suggest and is getting worse, according to The 3rd Man.

The fraud protection specialist said figures from Apacs that put CNP fraud in 2007 at £290.5m don’t reflect how serious the problem is becoming. It said when losses on non-UK issued cards are included, the real figure is more than £500m, including attempted fraud.

The 3rd Man chief executive officer Paul Simms said: “Card not present fraud is a major problem that is not going away and is clearly getting worse as criminals increase their efforts to steal from retailers.

“We're not just talking about petty thieves and opportunists. This money also funds illegal drugs, organised crime and terrorism.”

Apacs doesn’t dispute the fact that card fraud overall is up, with CNP crime accounting for the biggest losses. It said this is because of the success of Chip and Pin in protecting face-to-face transactions. This type of card fraud fell from £218.8m in 2004 to £73m last year.

However it said that it stands by its figures for CNP. It said they were accurate, transparent and robust and relevant for the UK.

“We are the UK payments association so we get our figures from UK banks, which are our members. They get the figures from their customers and collate them. We have no way of collating the losses on non-UK issued cards.

"Also The 3rd Man’s figures include attempted fraud as well as actual fraud. Our figures only reflect actual fraud,” Apacs told us.

Internet and mail order retailers have become a soft target for fraudsters since the introduction of Chip and Pin dealt a massive blow to criminals. Changing their focus to card not present fraud, where the buyer does not have to be physically present at the point of transaction, means fraudsters have evolved their techniques.

Although consumers are usually reimbursed for any losses by their bank or credit card company, the charges are then passed on to the retailers. Ultimately this means they either have to swallow the losses or pass them on to consumers in higher prices.

However, Simms said many responsible retailers are now fighting back by using behavioural data screening techniques and by sharing their data through initiatives such as Supersearch, which scans millions of live transactions for retailers each month.

“Behavioural analysis detects about 80 per cent of all attempted frauds, but retailers can be stung by exactly the same fraud committed with another retailer. By sharing their data they are protecting each other and in doing so will already save more than £100m in 2008.

“But more can be done. We have a good opportunity to get on top of this problem through managed collaboration, involving retailers, consumers and banks.”

Shared databases contain clearly fraudulent and highly suspicious data, including listings of bad or questionable details such as email addresses, delivery addresses, phone numbers, IP addresses and card numbers.

Shared databases are not restricted to retailers as banks can also integrate their systems with services such as Supersearch. “When fraud is detected a data feed is sent to the respective bank informing them that their cardholder has had details compromised,” explains Simms.

“They can then act to re-issue the account number and possibly block the card. In the same way the banking community succeeded with Chip and Pin, this is another key way to protect retailers from card not present fraud.”

See also: