September 1, 2016
In the 12 months from the beginning of Q2 2015 to the end of Q1 2016, the fraud rate on card-not-present transactions in the U.S. rose 137 percent, according to a report from antifraud technology provider Forter. The company looked at transactions crossing its network and found, on a quarterly basis, fraud attacks increased 27 percent from Q4 2015 to Q1 2016. While the fraud rate has been increasing steadily on a year-over-year basis, Forter found the fraud rate in Q4 2015 was significantly higher than normal. Because transaction volume in Q4 is so heavy, fraud rates usually drop and then rise again in Q1 as the number of transactions goes down after the holidays. This year, according to Forter CEO Michael Reitblat, the expected holiday decrease in fraud rates never happened and the bounce in January-through-March was more than expected. The culprit, Reitblat told CardNotPresent.com, is EMV.
“Ninety percent of the rise in online fraud in the last year can be explained by EMV alone,” he said. “This is not a surprise. It happened in every market where EMV was implemented. Fraudsters are very creative and very attentive. They knew EMV was coming. We monitor a lot of the sites on the dark Web where fraudsters congregate and share information. We saw more than a year ago a lot of new people come into those forums who used to counterfeit cards, and who knew they would not be able to do so for long, asking how to commit fraud online. The more people who join those circles of crime asking those questions, the more crimes will be attempted.”
Reitblat also pointed to two other trends of note. Nearly 80 percent of fraud attacks in Q1 2016 were deployed by botnets. Fraudsters are increasingly turning to automation to save themselves time and money. The other trend, while it only accounts for 4 percent of online fraud in the U.S., is a continued increase in the incidence of account takeover fraud outside of the U.S. and Europe. Reitblat said as merchants have begun to tokenize payment card data more and more, it has become harder for cyber thieves to steal that information. Therefore, while retailers are still at risk regarding data breaches, PII and username/password combos are more prized information.