CNP: the fraud which cost the UK £506 million over one year
Most customers think of CNP (card-not-present) payments purely as new source of convenience. You don’t have to visit a shop in person; you just key in your card details online or use a mobile payment app. Boom. Job done. Simple.
Except, for merchants, it’s not so simple. CNP fraud happens when real customers’ card details are stolen and used to make purchases, most frequently online. The rates of this specific type of fraud continue to rise, fuelled by an ever more tech-savvy cyber criminal network and the steady stream of shoppers moving from the high street to online retailers.
It’s a perfect storm. There were over two million recorded cases of CNP fraud in 2017–2018, a 47% year-on-year increase. It represents 72% of total card fraud – a figure which has been steadily increasing over the last decade. Losses from this kind of fraud rose 24% between 2017 and 2018 to exceed £506 million in the UK.
**It takes years to build a reputation… ** Just a fleeting glance at those figures shows CNP fraud is rife in the UK. Across Europe, meanwhile, the problem cost an estimated €1.8 billion (£1.5 billion) in 2016. That’s why new legislation popularly known as PSD2 is being brought in across Europe to protect customers who use third-party payment services and create competition in the fintech market. But regulatory action is not what should be making online retailers sit up and take action.
Unfortunately, CNP fraud deals retailers a double blow: if customers notice fraudulent transactions in their bank statements, then they speak with their banks and organise the money to be returned to their accounts, which is called a chargeback. But chargeback fraud is rife too. Customers are increasingly disputing transactions illegitimately and securing refunds by talking to their bank instead of contacting the merchant involved, who is locked out of the entire process.
On the other hand, if an online retailer rejects a transaction from a real customer because it seems fraudulent, then that retailer loses good business. This is termed a ‘false decline’ and can turn a happy customer into one that never comes back. In the UK, 21% of all declined payments online turn out to be false – a similar figure to the US (20%) and far higher than continental Europe (14%). Merchants could be losing each one of those customers every time a false decline takes place.
**… And moments to ruin one ** However, it’s the long term damage merchants must be particularly wary of. The threat of cyber fraud is like a stable door that’s been left open: the consequences are usually unnoticed until it’s too late, and can therefore be devastating.
The true cost of CNP fraud goes beyond those initial financial losses. Given consumer trust has been low in recent years, maintaining your customers’ faith is more essential than ever. In the age of social media, public knowledge of a cyber breach spreads like wildfire, causing significant harm to a brand’s reputation. Major brands like TalkTalk and Facebook have all joined the headlines about data breaches this year.
When that happens, it affects consumers’ assurance that their data is safe – and that brand could then lose them for good. This is especially true, considering 78% of UK consumers believe that businesses benefit disproportionately from data exchange in the UK. From their perspective, companies are reaping the rewards of data sharing – then all too often exposing themselves to fraudsters.
**Rebuilding customer trust – and defense against fraud ** Multi-factor authentication is touted by many as the solution to this problem, but this comes with its own issues: it can harm the user experience and cause customers to abandon their baskets when asked to authenticate their identity one time too many. It may feel like an awkward circus act, but nowadays businesses have to streamline online payments while ensuring maximum data security.
Luckily, it’s not an impossible task: there are steps businesses can take to make this balancing act work. Technology is partly to thank, given that AI can crunch vast amounts of data quickly and spot patterns that allow retailers to screen every order and flag suspicious activity. Meanwhile, investing in an expert team that can oversee the data-crunching work while adding human intuition and nuance into the mix will give businesses the edge they need to prevent false declines.
In today’s online retail ecosystem, it is business-critical for merchants to build a defense against CNP fraud, while minimising the risk of turning off their customers. Because when the horse has bolted, there is no stopping it.