Tag: ecommerce

E-commerce digital transactions are rapidly increasing as online shopping becomes more convenient. In fact, e-commerce is projected to exceed 17% of all retail sales worldwide by 2027. As a result, opportunities for fraudsters to exploit businesses and consumers for monetary gain are reaching high levels. Businesses must be aware of the risks associated with card not present (CNP) fraud and take steps to protect themselves and their customers. What is card not present fraud? CNP fraud occurs when a criminal uses a stolen or compromised credit card to make a purchase online, over the phone, or through some other means where the card is not physically present at the time of the transaction. This type of fraud can be particularly difficult to detect and prevent, as it relies on the use of stolen card information rather than the physical card itself. CNP fraud can yield significant losses for businesses — these attacks are estimated to reach a staggering $28 billion in losses by 2026. Many have adopted various fraud prevention and identity resolution and verification tools to better manage risk and prevent fraud losses. Since much of the success or failure of e-commerce depends on how easy merchants make it for consumers to complete a transaction, incorporating CNP fraud prevention and identity verification tools in the checkout process should not come at the expense of completing transactions for legitimate customers. What do we mean by that? Let’s look at false declines. What is a false decline? False declines occur when legitimate transactions are mistakenly declined due to the business's fraud detection system incorrectly flagging the transaction as potentially fraudulent. This can not only be frustrating for cardholders, but also for merchants. Businesses may lose the sale and also be on the hook for any charges that result from the fraudulent activity. They can also result in damage to the business's reputation with customers. In either case, it is important for businesses to have measures in place to mitigate the risks of both. How can online businesses increase sales without compromising their fraud defense? One way to mitigate the risk of CNP fraud is to implement additional security measures at the time of transaction. This can include requiring additional verification information, such as a CVV code or a billing zip code to further authenticate the card holder’s identity. These measures can help to reduce the risk of CNP fraud by making it more difficult for fraudsters to complete a transaction. Machine learning algorithms can help analyze transaction data and identify patterns indicating fraudulent activity. These algorithms can be trained on historical data to learn what types of transactions are more likely to be fraudulent and then be used to flag potentially fraudulent transactions before it occurs. Businesses require data and technology that raise confidence in a shopper’s identity. Currently, the data merchants receive to approve transactions is not enough. A credit card owner verification solution like Experian Link fills this gap by enabling online businesses to augment their real-time decisions with data that links customer identity to the credit card being presented for payment to help verify the legitimacy of a transaction. Using Experian Link, businesses can link names, addresses and other identity markers to the customer’s credit card. The additional data enables better decisions, increased sales, decreased costs, a better buyer experience and better fraud detection. Get started with Experian Link™ - our frictionless credit card owner verification solution. Learn more

Online transactions face a higher chance of being declined because face-to-face transactions come with a higher degree of confidence. Businesses who fail to address this problem run the risk of losing the customer permanently, damaging their reputation and bottom line. What can e-commerce marketplace merchants do to increase the approval rate of online payments without making fraud worse? Here are three tips: 1. Broaden access to data beyond what’s in the authorization stream. Merchants use a variety of solutions to prevent fraud and verify identities, but typically use very limited data to approve a transaction through the authorization stream between a merchant and issuer. The issuing bank often only compares the purchase data to the address listed on the card owner’s account, which can create discrepancies when a customer is trying to send an order to an alternate address from their primary home. That’s why it’s important for merchants to augment their decisioning with additional data sources to help inform the true customer risk profile. 2. Leverage capabilities that can assess risk for both the transaction and the individual behind it. Today, merchants leverage limited data including email address data, device information and other technologies in silos to augment their address verification capabilities. The challenge with these tools is that each judge the risk of a specific component of the transaction or the individual. Where integration is lacking, false positives are amplified. 3. Collaborate and share expertise and data across merchants and issuers. How can Experian help? Leveraging our multidimensional data, technical expertise and advanced analytics capabilities, we can help businesses frictionlessly authenticate valid customers, thus increasing revenue by increased approval rates, without increasing fraud or operating expenses. Only Experian Link™, our frictionless credit card owner verification solution can associate payment card with its owner. This solution combines Experian’s vast data assets – including over 500 million credit card account numbers on file in the U.S. across 250 million consumers – with our advanced analytics capabilities to match and assess the risk of the identity attributes presented to the merchant to the identity attributes contributed by the credit card’s issuer and to Experian’s network of credit and identity inquiries. The result: Experian Link’s patent-pending REST API simply and frictionlessly improves a merchant’s customer experience and helps increase revenue while reducing their fraud and operating expenses. Get started with Experian Link™ now. Experian Link

Pre COVID-19, operations functions for retailers and financial institutions had not typically consisted of a remote (stay at home) workforce. Some organizations were better prepared than others, but there is a firm belief that retail and banking have changed for good as a result of the pandemic and resulting economic and workforce shifts. Market trends and implications When stay at home orders were issued, non-essential brick and mortar businesses closed unexpectedly. What were retailers to do with no traffic coming through the doors at their physical locations? The impact on big-box retailers like Best Buy, Dick’s Sporting goods, Sears, JCPenney, Nike, Starbucks, Macy’s, Neiman Marcus, Nordstrom, Kohl’s to name a few, has been unprecedented; some have had to shut their doors for good. Over the past several months global retail has seen e-commerce sales grow over 81% compared to the same period last year, according to Card Not Present. Some sectors have seen triple-digit growth year over year. Most online retailers have been ill-prepared to handle this increase in transactional volume in such a short amount of time, which has resulted in rapid fraud loss increases. A recent white paper from Aite Group reported that prior to COVID-19, a large financial institution forecasted an 8% decrease in fraud for 2020, but has since revised the projection to increase 10-15%. What does this all mean?  Bad actors are taking advantage of the pandemic to exploit the online retail channel. The increased remote channel usage—online, mobile, and contact centers in particular—continues to be an area where retailers are exposed. Account takeover, through phishing and relaxed call center controls, is rising as well. Increases in phishing attacks are leading to compromised and stolen identities and synthetic identity fraud. Account takeover (ATO) fraud has increased 347% since 2019 according to PYMNTS.com. A recent survey found more than a quarter of merchants (27%) admit that they don’t have measures to prevent ATO. 24% of merchants can’t identify an ATO during a purchase. 14% of merchants say they are not even aware that an ATO has occurred unless a customer contacts them. When criminals use these compromised accounts to make fraudulent purchases, the merchant loses revenue and the value of the goods. They can also suffer from damage to brand reputation and a loss of customer confidence. A lack of account security can have lasting effects as 65% of customers surveyed say they would likely stop buying from a merchant if their account was compromised, according to that same Card Not Present study. So how can retailers start to identify bad actors with malicious intent? This will be a constant struggle for retailers. Rather than a one size fits all solution, retailers must move toward a strategy that is nimble and dynamic and can address multiple areas of exposure. A fraudster could easily slip by one verification method—for instance with a stolen credential—only to be foiled by a secondary authentication tactic like device identity. A layered fraud strategy continues to be the industry best practice, where both passive and active authentication methods are leveraged to frustrate fraudsters without applying undue friction to “good” consumers. The layered solution should also utilize device risk, identity verification and fraud analytics, with tailoring to each businesses’ needs, risk tolerance, and customer profiles. Learn more about how to build a layered fraud strategy today. Learn more

    This article was updated on September 11, 2023. According to research, only 15% of American consumers have swapped out their go-to credit card in the past year and spend more money both online and offline with the card they designate as their top-of-wallet card. With over 578 million existing credit card accounts in the U.S., here are four top-of-wallet strategies to keep your card top of mind: Go digital In today’s digital world, the rules of customer engagement are changing – and card issuers must develop their digital capabilities, including identity resolution, to keep pace. Cardholders enjoy (and expect) the convenience of being able to apply for credit, track their purchases, make payments and view their monthly statements on-the-go. Another popular phenomenon? Digital wallets. Also known as e-wallets, these house digital versions of credit or debit cards and are stored in an app or a mobile device. Digital wallets can be used in conjunction with mobile payment systems, allowing customers to store digital coupons and pay for purchases with their smartphones. Financial institutions that digitally transform and adapt to these new dynamics can more efficiently service and retain their customers. Prioritize fraud prevention As customers’ affinity for e-commerce rises and cyberthieves grow smarter and more sophisticated, card issuers must improve their security measures and increase their focus on cutting-edge fraud management solutions. Not only should you be familiar with the many ways that criminals steal customer payment information, but you should ensure customers that you have multiple lines of defense against cyber threats. Many financial institutions have added digital “on/off switches,” allowing customers to remotely turn off their credit or debit card should they have misplaced it or suspect that they’re a victim of identity theft. With credit card fraud being the most prevalent in identity theft cases, failing to properly safeguard your customers impacts not only their experience but also your ability to grow revenue. Create a single customer view A single customer view is a consolidated, consistent and holistic representation of the data known by an organization about its customers. And according to Experian research, 68% of businesses are currently attempting to implement this type of strategy. By achieving a consolidated customer view, you can attain better consumer insight and fully understand your cardmembers’ needs and buying preferences. Careful tracking of all customer interactions enables you to target more accurately and implement effective marketing strategies. Provide incentives According to Experian research, 58% of consumers select credit cards based on rewards. The top incentives when selecting a rewards card include cashback, gas rewards and retail gift cards. Rewarding loyalty with ongoing benefits goes a long way to encourage customers to keep your credit card top of wallet but it’s also important to figure out what works – and what doesn’t. Bonus tip: Optimize credit limit management Managing credit limits is just as important as setting optimal credit limits from the get-go. Consumer credit needs will evolve over time along with their income and ability to pay. The key here is being able to identify qualified customers who can take on higher spending limits and also have a need. Leveraging advanced analytics models and a proactive credit limit management strategy can help you uncover areas of opportunity to increase wallet share and push your card toward that coveted top-of-wallet spot — or remain there. We recommend reviewing your credit limits at a regular cadence, but especially ahead of periods of increased spending such as the holiday season. In today’s competitive marketplace, getting your credit card top of wallet isn’t easy. That’s why we’re here to help. Experian’s comprehensive view of consumer credit data and best-in-class account management solutions help you target higher-spending customers and promote top-of-wallet use. Learn more

Knowing where e-commerce fraud takes place matters We recently hosted a Webinar with Mike Gross, Risk Strategy Director at Experian and  Julie Conroy, Research Director  at Aite Research Group, looking at the current state of card-not-present fraud, and what to prepare for in the coming year. Our biannual analysis of fraud attacks, served as a backdrop for the trends we’ve been seeing. I wanted to share some observations from the Webinar. Of course, if you prefer to hear it firsthand, you can download the archive recording here. I’ll start with the current landscape of card-not-present fraud. Julie shared 5 key trends her firm has identified regarding e-commerce fraud: Rising account take-over fraud Loyalty points targeted Increasingly global transactions Frustrating false declines Increasingly mobile consumers One particularly interesting note that Julie made was regarding consumer frustration levels towards forgotten passwords. While consumers are more frustrated when they’re locked out of access to their banking accounts (makes sense, it’s their money), forgotten passwords are more detrimental to e-commerce retailers since consumers are likely to go to another site. This equates to a frustrated consumer, and lost revenue for the business. Next, Mike went through the findings from our 2016 e-commerce fraud attack analysis. Fraud attack rates show the attempted fraudulent e-commerce transactions against the population of overall e-commerce orders. Overall, e-commerce attack rates spiked 33% in 2016. The biggest trends we saw included: Increased EMV adoption is driving a shift from counterfeit to card-not-present fraud 2B breached records disclosed in 2016, more than 3x any previous year Consumers reporting credit card fraud jumped from 15% in 2015 to over 32% in 2016 Attackers shifting locations slightly and international orders rely on freight forwarders 10 states saw an increase of over 100% in fraudulent orders Over 70 of the top 100 riskiest postal codes were not in last year’s list So, what will 2017 bring? Be prepared for more attacks, more global rings, more losses for businesses, and the emergence of IoT fraud. Businesses need to anticipate an increase of fraud over time and to be prepared. The value of employing a multi-layered approach to fraud prevention especially when it comes to authenticating consumers to validate transactions cannot be understated. By looking at all the points of the customer journey, businesses can better protect themselves from fraud, while maintaining a good consumer experience. Most importantly, having the right fraud solution in place can help businesses prevent losses both in dollars and reputation.

Has the EMV liability shift caused e-commerce fraud to increase 33% in 2016? According to Experian data, CNP fraud increased with Florida, Delaware, Oregon and New York ranked as the riskiest states. Miami accounted for the most fraudulent ZIP™ Codes in the US for shipping and billing fraud.

Happy holidays! It’s the holiday season and a festive time of year. Colorful lights, comfort food and holiday songs – all of these things contribute to the celebratory atmosphere which causes many people to let their guards down and many businesses to focus more on service than on risk. Unfortunately, fraudsters and other criminals can make one of the busiest shopping times of the year, a miserable one for their victims. The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses. For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign-up for a credit monitoring service to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. The good news is, in addition to the credit bureau, many banks and auto clubs now offer this as a service to their customers. For organizations, the focus should be on two fronts: data protection and fraud prevention. Not just to prevent financial theft, but to preserve trust — trust between organizations and consumers, as well as widespread consumer trust.  Organizations must strive to evolve data protection controls and fraud prevention skills to minimize the damage caused by stolen identity data. There are dozens of tools in the industry for identifying that a consumer is who they say they are – and these products are an important part of any anti-fraud strategy.  These options may tell you that the combination of elements is the consumer, but do you know that it is the REAL consumer presenting them? The smart solution is to use a broad data set for not only identity verification, but also to check linkage and velocity of use.  For example: Is the name linking to other addresses being presented in the past week? Is the phone number showing up to other addresses and names over the past 30 days? Has the SSN matched to other names over the past 90 days? Since yesterday the address matches to four phone numbers and two names – is this a problem? And it must be done in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate criminals.  Click here to learn more about Experian’s products and services that can help. As we go walking in the winter wonderland, remember, the holiday season is a time for cheer… and vigilance!

Device emulators — wolves in sheep’s clothing Despite all the fraud prevention systems and resources in the public and private sectors, online fraud continues to grow at an alarming rate, offering a low-risk, high-reward proposition for fraudsters. Unfortunately, the Web houses a number of easily accessible tools that criminals can use to perpetrate fraud and avoid detection. The device emulator is one of these tools. Simply put, a device emulator is one device that pretends to be another. What began as innovative technology to enable easy site testing for Web developers quickly evolved into a universally available tool that attackers can exploit to wreak havoc across all industry verticals. While it’s not new technology, there has been a significant increase in its use by criminals to deceive simple device identification and automated risk-management solutions to carry out fraudulent activities. Suspected device emulation (or spoofing) traffic historically has been difficult to identify because fraud solutions rely heavily on reputation databases or negative lists. Detecting and defeating these criminals in sheep’s clothing is possible, however. Leveraging Experian’s collective fraud intelligence and data modeling expertise, our fraud research team has isolated several device attributes that can identify the presence of an emulator being used to submit multiple transactions. Thanks to these latest FraudNet rule sets, financial institutions, ecommerce merchants, airlines, insurers and government entities alike now can uncloak and protect against many of these cybercriminals. Unfortunately, device emulators are just one of many tools available to criminals on the Dark Web. Join me at Vision 2016, where U.S. Secret Service and I will share more tales from the Dark Web. We will explore the scale of the global cybercrime problem, walk through the anatomy of a typical hack, explain how hackers exploit browser plug-ins, and describe how enhanced device intelligence and visibility across all channels can stop fraudsters in their tracks. Listen to Mike Gross as he shares a short overview of his Vision 2016 breakout session in this short video. Don’t miss this innovative Vision 2016 session! See you there.

Profile of an online fraudster I recently read a study about the profile of a cybercriminal. While I appreciate the study itself, one thing it lacks perspective on is an understanding of how identity data is being used to perpetrate fraud in the online channel. One may jump to conclusions about what is a good indicator for catching fraudsters. These very broad-brush observations may result in an overwhelming number of false positives without digging in deeper. Purchase value A single approach for understanding the correlation between purchase value and fraud does not work to best protect all businesses. Back in 2005, we saw that orders under $5 were great indicators of subsequent large-ticket fraud. For merchants that sell large-ticket items, such as electronics, those same rules may not be effective. To simply believe that the low dollar amount is the extent of the crime and not just a precursor to the real, bigger crime indicates a lack of understanding of how fraudsters work to manipulate a system. For some merchants, where fraudsters know they can go to do card testing against their business, low-dollar-amount rules may apply. However, for other businesses a different set of rules must be put into place. Time of day We have been tracking fraud time of day as a rule since 2004, but the critical point is a clear definition of which time of day. For the merchant, 3 a.m. is very different than 3 a.m. for a fraudster who is in Asia or Eastern Europe, where 3 a.m. merchant time is actually the middle of the online fraudster’s day. FraudNet is designed to identify the time from the user’s device and runs its rules from the user’s time. We find that every individual business will have a very specific threat profile. Businesses need to build their individual fraud strategy around their overall attack rate taking into account the strength of the defense and the ability to be flexible to accommodate the nuances for individual consumers. A general approach to fraud mitigation inevitably results in a system that begins to chase broad averages, which leads to excessive false positives and mediocre detection. That’s what drives us to do the job better. The proof of every fraud solution should lie in its ability to catch the most fraud without negatively impacting good customers.  

What the EMV Shift means for you I recently facilitated a Webinar looking at myths and truths in the market regarding the EMV liability shift and what it means for both merchants and issuers. I found it to be a very beneficial discussion and wanted to take some time to share some highlights from our panel with all of you. Of course, if you prefer to hear it firsthand, you can download the archive recording here. Myth #1: Oct. 1 will change everything Similar to the hype we heard prior to Y2K, Oct. 1, 2015, came and went without too much fanfare. The date was only the first step in our long and gradual path to EMV adoption. This complex, fragmented U.S. migration includes: More than 1 billion payment cards More than 12 million POS terminals Four credit card networks Eighteen debit networks More than 12,000 financial institutions Unlike the shift in the United Kingdom, the U.S. migration does not have government backing and support. This causes additional fragmentation and complexity that we, as the payments industry, are forced to navigate ourselves. Aite Group predicts that by the end of 2015, 70 percent of U.S. credit cards will have EMV capabilities and 40 percent of debit cards will be upgraded. So while Oct. 1 may not have changed everything, it was the start of a long and gradual migration. Myth #2: Subscription revenues will plummet due to reissuances According to Aite, EMV reissuance is less impactful to merchant revenues than database breaches, since many EMV cards are being reissued with the same pan. The impact of EMV on reoccurring transactions is exaggerated in the market, especially when you look at the Update Issuer provided by the transaction networks. There still will be an impact on merchants, coming right at the start of the holiday shopping season. The need for consumer education will fall primarily on merchants, given longer lines at checkout and unfamiliar processes for consumers. Merchants should be prepared for charge-back amounts on their statements, which they aren’t used to seeing. Lastly, with a disparate credit and debit user experience, training is needed not just for consumers, but also for frontline cashiers. We do expect to see some merchants decide to wait until after the first of the year to avoid impacting the customer experience during the critical holiday shopping season, preferring to absorb the fraud in the interest of maximizing consumer throughout. Myth #3: Card fraud will decline dramatically We can look to countries that already have migrated to see that card fraud will not, as a whole, decline dramatically. While EMV is very effective at bringing down counterfeit card fraud, organized crime rings will not sit idly by while their $3 billion business disappears. With the Canadian shift, we saw a decrease in counterfeit card loss but a substantial increase in Card Not Present (CNP) fraud. In Canada and Australia, we also saw a dramatic, threefold increase in fraudulent applications. When criminals can no longer get counterfeit cards, they use synthetic and stolen identities to gain access to new, legitimate cards. In the United States, we should plan for increased account-takeover attacks, i.e., criminals using compromised credentials for fraudulent CNP purchases. For merchants that don’t require CVV2, compromised data from recent breaches can be used easily in an online environment. According to Aite, issuers already are reporting an increase in CNP fraud. Fraudsters did not wait until the Oct. 1 shift to adjust their practices. Myth #4: All liability moves to the issuer EMV won’t help online merchants at all. Fraud will shift to the CNP channel, and merchants will be completely responsible for the fraud that occurs there. We put together a matrix to illustrate where actual liability shifts and where it does not. Payments liability matrix Note: Because of the cost and complexity of replacing POS machines, gas stations are not liable until October 2017. For more information, or if you’d like to hear the full discussion, click here to view the archive recording, which includes a great panel question-and-answer session.

What will the EMV shift really mean for consumers and businesses here in the U.S.? Businesses and consumers across the U.S. are still adjusting to their new EMV credit cards. The new credit cards are outfitted with computer chips in addition to the magnetic strips to help prevent point-of-sale (POS) fraud. The new system, called EMV (which stands for Europay, MasterCard and Visa), requires signatures for all transactions. EMV is a global standard for credit cards. In the wake of the rising flood of large-scale data breaches at major retailers – and higher rates of counterfeit credit card fraud – chip-and-signature, as it is also called, is designed to better authenticate credit card transactions. Chip-and-signature itself is not new. It has been protecting consumers and businesses in Europe for several years and now the U.S. is finally catching up. But what will the EMV system really mean for consumers and businesses here in the U.S.? There is the potential for businesses that sell both offline and online, to see an increase in fraud that takes place online called Card Not Present (CNP) fraud. Will credit card fraud ever really be wiped out? Can we all stop worrying that large-scale point-of-sale breaches will happen again? Will the EMV shift affect holiday shopping and should retailers be concerned? Join us as we explore these questions and more on an upcoming Webinar, Chipping Away at EMV Myths. Our panel of experts includes: David Britton, Vice President, Industry Solutions, Experian Julie Conroy, Research Director, Aite Group Mike Klumpp, Director of Fraud Prevention, Citibank Moderated by: Keir Breitenfeld, Vice President, Product Management, Experian