Skip to main content

It’s a Digital World, and Card-not-Present Fraud Is on the Rise – Here’s What Issuers Need to Know

Consumers don’t shop the way they used to. Many people who used to prefer trying on clothes and browsing in-store have been won over by online convenience. It’s no surprise, then, that digital or e-commerce sales, also referred to as card-not-present (CNP) transactions – are booming.

Unfortunately, as CNP transactions rise, so does the number of related fraud claims. But debit issuers are fighting back, meeting this growing challenge with their own innovations to help protect cardholders.

Not so long ago, financial institutions did the same to combat card-present fraud, by teaming up with debit networks like PULSE® to strengthen fraud protections. And it worked. Issuers’ net card-present debit fraud losses declined by 5.5% in 2020, according to the 2021 Debit Issuer Study, commissioned by PULSE and conducted by Oliver Wyman.

Today, financial institutions and networks are once again leveraging advanced technologies and deep knowledge of the fraud landscape to overcome fraudsters’ attempts in the online and digital environment as well.

Case in point: Card-present PIN transactions made up only 5% of net fraud claims in 2020, according to the study, while CNP transactions – accounting for the same proportion of debit transactions (34%) – represented 81% of gross fraud claims. In response, by using machine learning and the latest in artificial intelligence to verify customer identity online, issuers are redoubling their efforts to battle CNP fraud.

By improving their ability to differentiate between valid and fraudulent charges, issuers can better mitigate risk as transaction move through the fraud funnel. 

Fraud Funnel by Transaction Type

With CNP accounting for the bulk of gross fraud claims, issuers are working to balance a high authorization rate with an acceptable level of risk, as well as focusing on their fraud claim review process to keep net debit fraud losses low.

“It’s because of issuers’ proactive response that the overall story is a positive one.”

- Steve Sievert, Executive Vice President, Marketing & Brand Management at PULSE.

Fraudsters Are Adapting Along with Payment Innovators 

Like so many technology trends, online shopping and CNP transactions have increased dramatically since the start of the pandemic. Shoppers from all demographics enjoy being able to shop from anywhere, whenever they want.

CNP transactions are also on the rise because of new payment and delivery solutions available today – and their increasing popularity. Buy-online, pickup-in-store (BOPIS) usage grew significantly in 2020, while many retailers are exploring ways to ship online orders directly from individual stores in an effort to reduce delivery times.

As transactions shifted from in-store to online, the immediacy of payments also shifted. Without cash as an alternative, consumers increasingly relied on their debit cards for CNP purchases, the average ticket size of which is almost twice that of card-present transactions.

But merchants and payment providers aren’t the only ones innovating. Fraudsters are also changing their tactics as they try to keep pace with changes in purchasing trends. For instance, BOPIS has seen a higher fraud-attempt rate than other channels due to the short window of time between purchase and pickup.

The CNP Challenge

While card-present PIN provides a more traditional security measure, issuers have adapted their operations in an effort to manage CNP fraud more effectively. In fact, two out of three issuers adjusted their fraud models in 2020 to address changed spending patterns caused by COVID-19, the study found.

In doing so, they sought to maintain high authorization rates (93.7% percent in 2020 vs. 93.9% in 2019) while mitigating fraud losses. And they appear to have been successful, as net debit fraud losses declined from approximately $880 million in 2019 to $830 million in 2020.

This was no small achievement, as “CNP fraud is harder to identify given the sheer number of online merchants where fraudsters can use stolen card information,” explained Andrew Fong, Senior Manager of Fraud Operations Strategy at PULSE. In addition, it’s more common to see multiple CNP transactions on a card within a short amount of time, so even a flurry of fraudulent purchases might escape detection.

“The goal is to write fraud rules that stop fraudulent transactions without impacting customers’ legitimate purchases, but that can be challenging,” Fong added.

How to Combat Fraud in the CNP Era

Best-in-class issuers are responding by creating specialized fraud teams dedicated to reducing CNP losses. Among the tools in their arsenals are advanced fraud-detection models based on machine learning, and the fraud expertise of their processor and networks. “Processors and networks are great partners in this effort, as they have a holistic view of fraud trends occurring across thousands of financial institutions that an issuer may not be aware of,” Fong said.

Effective fraud management requires authenticating cardholders with the least amount of friction. For example, at PULSE, DebitProtect® Communicate can be used to contact a cardholder through email, SMS or phone whenever it detects a suspicious transaction, CNP or otherwise. This allows the cardholder to validate the transaction or block it.

Educating customer contact representatives so that they’re prepared for cardholder inquiries related to CNP transactions is also important, according to Sievert, as is taking advantage of new technologies. Click to Pay, which uses tokenization to protect identifying information, and 3-D Secure, which provides an additional layer of security by validating identity through the merchant, issuer and network domains, can help issuers minimize the rate of “good customer insults” (when a valid transaction is deemed fraudulent).  

Making proactive adjustments to fraud strategies will be even more critical as consumer behavior and payments technology continue to evolve. “Scan-and-go” transactions, for example – where shoppers walk in, scan the items they want with their mobile phone and walk out the door with their goods without stopping at a point-of-sale – are poised to become widespread.

With new shopping and checkout experiences come new fraud schemes, so fraud models need to be refreshed frequently, Fong said. Most fraud-detection tools rely on machine-learning models that must be trained on the latest fraud patterns to stay effective. PULSE DebitProtect is updated regularly for this reason, as well as to stay current with the latest in artificial intelligence and machine-learning technologies.

New Opportunities for Growth

The shift toward CNP transactions accelerated by the pandemic has brought new opportunities to every player in the retail landscape, including consumers, merchants, payments providers – and fraudsters. CNP fraud is a real threat, but forward-thinking issuers are tackling it with innovation and zeal.

New technologies like Click to Pay and advanced fraud-detection algorithms, coupled with a comprehensive understanding of the CNP fraud landscape, are helping debit issuers grow their business in the digital era and keep their customers’ identities and accounts safe.