There are undoubtedly hundreds of cybersecurity and fraudulent attacks being committed at this very moment. While merchants have invested time, resources, technology, and hundreds of millions of dollars to protect sensitive company and customer data, fraud continues to rise at an exponential rate.
Fraud is Migrating
While the U.S. continues enabling EMV technology to combat Card Present fraud, this solution only blocks one avenue for fraudsters. Though Card Present was historically the easiest path for fraud, fraudsters are becoming more technologically savvy.
Using global networks and mechanisms such as social engineering, account takeover, and stolen credentials sold from data breaches, fraudsters continue to find new clever ways to cheat the system, and they’re beginning to target the Card Not Present (i.e., digital) channel. This migration into the digital space is inevitable; these fraudsters make more money than most honest working Americans, and we cannot be naïve and believe they’ll have a reason to stop.
Why Target Digital?
Digital commerce is becoming more and more of the norm in our everyday lives. Starbucks allows customers to order, pay ahead and skip the line to grab that caffeine fix that many Americans feel they will die without. They were one of the pioneers in this endeavor, and many of their competitors in the QSR space have followed suit.
Consumers want to order from their watch, their car, their phone or from any number of IOT devices with the least amount of friction as possible. That’s where the fraud starts…becoming frictionless.
Many of the digital applications in the marketplace are ripe with vulnerabilities that fraudsters look to capitalize on. Consumers have come to enjoy and expect the “One Click” checkout experience gained from digital outlets like Amazon. The combination of these two factors creates a breeding ground for fraudsters.
Defending Fraud: What’s to Come
To give consumers a frictionless checkout experience requires merchants to know your customer (KYC). There are many ways that merchants perform KYC checks, including ID/Device fingerprinting (first time registered vs. repeat) and order history (e.g., shipping location, etc.). The merchants that have been most successful in combating fraud have been tracking and mining this data for years.
While we are not there yet, moving to a model where anonymized transaction data can be shared across merchants only helps us fight fraudsters. There will be no silver bullet to stop Card Not Present fraud; effective defense will require a panel of processes, tools, and risk calculation to accurately address fraud.
As you think about the seamless experience consumers love, remember that there will always be someone on the other side, working to exploit the system. Remember, they have the advantage—while a merchant must protect data from 100% of threats, a fraudster only has to break in once to be successful. While this is a somewhat doom-and-gloom outlook, this is a reality in the world of commerce that we all live in.