That CNP fraud is growing is doubtless. Why it’s happening is a bit less certain to identify. The transition in the U.S. to EMV-compliant systems at the physical point of sale was expected to cause an increase in card-not-present fraud, which experts presume criminals will turn to (like they did in other countries that implemented EMV) as counterfeit card fraud becomes more difficult. But, some industry experts say surging CNP fraud is simply a function of the growth in CNP transactions. Two recent announcements illustrate the divide.
Antifraud technology provider ThreatMetrix, which tracks cybercrime quarterly, said in its Q1 2017 report released Thursday that growth in card-not-present fraud attacks in the first quarter of this year was 50 percent higher than growth in e-commerce transactions. That suggests that factors in addition to more people buying things on their phones and laptops are at play. The ThreatMetrix report (download here) also noted the increasingly international nature of fraud attacks (50 percent more attacks originating from Europe than from North America), how mobility is affecting fraud and that new account origination continues to rise significantly.
The U.S. Payments Forum disagrees. The industry group focused on contactless cards and EMV points to a 2017 report from Aite Group that said growth in CNP fraud was flat compared to transaction growth.
“Some of the reports of large rises in CNP fraud seem to be conflating consumer perception of fraud with actual fraud data,” said Randy Vanderhoof, executive director of the U.S. Payments Forum. “While industry data and corresponding media reports are stating an overall rise in CNP fraud, what we are actually seeing is that the overall proportion of CNP fraud is actually staying relatively even—and perhaps even decreasing—as a percentage of online sales.”
Regardless of the cause, it is a growing problem for merchants and banks. Both points of view agree CNP fraud is rising. ThreatMetrix said the 130 million fraud attacks identified across its network in Q1 was 35 percent higher than the same period in 2016. And, one area where transaction growth could be the main issue is mobile. ThreatMetrix is seeing 500 million more mobile transactions per month, on average, in 2017 than it did in 2015—a 400 percent increase.