A new study from payment security firm Retail Decisions Inc. (ReD) indicates card-not-present (CNP) fraud levels are rising in the United States but declining in the United Kingdom - trends that might be correlated.
Based on fraud data gathered from the first six months of 2010, ReD projects CNP fraud (which includes Internet and MO/TO purchases) will reach $2.83 billion in the United States by the end of 2010. That would be a 32 percent increase over the $2.14 billion such fraud totaled in 2009, according to the firm's report. Conversely, the report projects a 9 percent drop in CNP fraud in the U.K.
A number of possible explanations exist for rising fraud levels in the United States, according to ReD Chief Executive Officer Carl Clump. One is the use of sophisticated malware that's evolving ahead of the defenses employed against it.
"They are using automated attacks which clamp malware into people's laptops and are activated at some point," Clump said. "[Victims] receive an innocuous looking email [with the virus attached] that's sent out sometimes to hundreds of computers. ... The virus is executed and turns these infected machines into web robots under the control of the fraudster. It's very, very clever."
Clump said high unemployment is another driver of fraud, noting that fraud tends to go up during periods of economic distress. Yet whether unemployment is affecting fraud levels - and to what degree - remains a point of contention.
"I think there's probably some correlation, but I'm not sure it's really that strong, and I also think it's very hard to read those signals," said Tim Cranny, President and CEO of Panoptic Security Inc.
What is certain is that a thriving online black market for stolen card numbers has made it easier for the average person to enter the fraud game.
Clump noted that most fraudsters are not hackers; relatively few numbers of computer whizzes, online scam artists and skimmers do the dirty work of extracting card numbers for use among a much larger pool of buyers.
One more possible reason for rising fraud rates in the United States is the adoption of Europay MasterCard and Visa (EMV) chip and PIN technology outside of the United States. "It is a bit more difficult to perpetrate credit card fraud in the U.K. because of EMV, but you might as well try it in the U.S.," Clump said. "Also, Canada has stated it is going to EMV as well, so, again, fraud will migrate south of the border. ... Fraud gravitates toward those countries that don't have quite the same level of control."
However, the ReD report focuses on CNP transactions And under EMV, only in-person transactions make use of the chip and PIN; CNP transactions do not. Thus, experts are debating whether the use of EMV has a significant impact on CNP fraud.
To the extent that it does, the reason may be that different kinds of fraud, such as in-store, online and MO/TO, tend to migrate together, according to Clump.
Because the mag stripe system makes it easier, through card cloning, to perpetrate in-store fraud, markets for stolen card numbers in countries that use the mag stripe are more likely to flourish. And the more buyers there are for stolen numbers, the likelier it is that fraud rates of all kinds will be high, Clump said.
Cranny feels that, while the morphing and migration of fraud causes fluctuations in the fraud rate from one country to the next, the overarching global trend is that fraud is increasing. "You might get wiggles in the curve, but if you step back even a foot, you see a pretty strong upwards trend," Cranny said.
ReD noted that, in addition to developing more sophisticated attack methods, fraudsters have grown smarter about what they buy. According to the company's fraud report, the average transaction value for attempted fraud was 34 percent higher ($149, up from $111) in the first six months of 2010 than during the same period in 2009. Clump said fraudsters' favorite items to purchase are gift cards, which are the closest thing to cash on retail shelves.
Cranny believes the tendency for fraud to migrate between countries is mirrored by myriad smaller migrations from one type of target to the next, be it a different player on the electronic payment chain or a different category of merchant or vertical. The most significant trend right now is toward targeting smaller merchants, he said.
Cranny noted that real progress has been made in getting "the processors, the high-volume visible players - to clean house." But he added that if one part of the ecosystem tightens up, the focus shifts elsewhere, and "we're already seeing increased emphasis on attacking and trying to exploit the lack of expertise" of small and midsize merchants.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next