Europol: Barriers to Data Breach Investigation Hamper CNP Fraud Efforts 

Jan. 10, 2013

The European Union’s continent-wide investigative force, Europol, said this week in a new report that illegal data from data breaches around the world—mostly from the U.S.—is the main source of card-not-present fraud. The report noted that CNP fraud accounted for 60 percent of payment card fraud losses totaling €900 million ($1.18 billion) in the EU in 2011. The law enforcement agency’s Situation Report – Payment Card Fraud 2012 said its investigations are hampered by a lack of regulation for reporting data breaches to the police and a lack of trust that investigators can be effective.

“One of the key factors making industry reluctant to report incidents to law enforcement authorities (LEAs) is the lack of trust in investigative possibilities as well as the need to maintain the reputations of the respective private entities,” the report said. “On the other hand, the lack of reporting leads to a small number of international investigations and a low level of prioritization of such cases within LEAs. The problem ends up with the situation where, despite a dynamic increase in CNP fraud, it is not reflected in the statistics of cases reported and investigated by EU police forces.”

Efforts to secure CNP transactions in the EU by implementing 3D Secure technology suffer from inconsistent implementation, according to the report.