The future of commerce and the threat of card fraud

Representational image of a cybercriminal comiting CNP fraud
(Image credit: Future)

“Contactless” appears to be the most noteworthy trend to gain attention over the past year and a half, and consumers across the globe are gravitating towards the quick, easy, and contactless shopping experience they can get online. With the boom in eCommerce, it’s clear that card-not-present (CNP) payments will likely become the norm within the next few years. In fact, recent data from Mastercard shows that in 2021, more than half of Americans now use contactless payments.

About the author

Tan Truong is CIO of Vesta.

However, every light has its shadow, and with the rise of CNP payments comes the rise of CNP fraud as well. For those who aren’t familiar with the term, CNP fraud is a credit card scam in which a defrauder uses someone else’s compromised card information to make a remote purchase. Because both the card and cardholder aren’t physically present (and fraudsters often steal complementary information like the CVV and billing address), it can be extremely difficult for merchants to verify the purchaser’s identity. This also requires merchants to enlist additional manpower in order to pay close attention to new payment methods, transaction dynamics and customer preferences that are continuously evolving at a rapid pace.

Two types of CNP fraud

At Vesta we’ve been helping merchants prevent CNP fraud for more than 25 years, and what makes it such a challenging problem is the fact that fraudsters are constantly evolving their tactics. There are two primary types of CNP fraud. The first is fraud with direct linkage, meaning there is some kind of red flag a merchant can look for to identify a transaction as being fraudulent. For example, if the same credit card is used to make multiple purchases within a five minute window, and the shipping address doesn’t match the billing address, that’s a clear sign the orders could be fraudulent and the merchant should investigate further before approving the transactions.

With indirect linkage there is no clear sign for merchants to watch for, which makes it incredibly difficult to spot and prevent - especially on a global scale. In fact, data from our recent Global Card-Not-Present (CNP) Fraud Report found that fraudulent transactions with indirect linkage are on the rise with the percentage of overall fraud with indirect linkage increasing steadily quarter-by-quarter through all of 2020. And to make matters even more difficult, the value of fraudulent transactions with indirect linkage is generally higher than those with direct linkage, making it an even more expensive and complicated problem for merchants to deal with.

Machine learning to combat fraud

With all that in mind, there is no question that CNP fraud with indirect linkage presents one of the most unique and costly challenges for merchants, however there is hope. Thanks to advancements in machine learning, there are ways for merchants to tackle this problem head on. Sophisticated machine learning models can identify connections between disparate transactional data points to identify potential fraud in real-time, allowing merchants to make an instant decision on whether to accept or reject a transaction. While machine learning models can effectively prevent CNP fraud with indirect linkage, it’s important to consider the data they’re trained on when evaluating different solutions.

These models are only as good as the data that powers them, so merchants should pay attention to both depth and breadth of the data. To be more specific, you want models that have been trained on several years of transactional data - that’s the depth - and you also want them to have been trained on global datasets, which is where breadth comes in. The historical data ensures machine learning models understand how CNP fraud has evolved over time, and the global data ensures these models can identify fraud regardless of where it comes from. Fraudsters don’t operate from a single location - they’re all over the world, so your machine learning models need to have a global outlook.

Investing in protection

For retailers that are still in the early stages of their digital transformations, implementing a whole new machine learning solution just to fight CNP fraud with indirect linkage might seem like more trouble than it’s worth, but I’d caution against that mindset. Aside from chargeback fees, which can add up quickly and really eat into your margins, there’s a reputational risk to consider. If you went to order new shoes, and the retailer declined your order for no apparent reason, would you shop from that retailer again? No, and neither would most consumers. In a highly competitive retail market, it’s important to protect your brand reputation and deliver a seamless experience for shoppers.

Without an effective CNP fraud solution, you’ll end up either rejecting too many legitimate transactions or accepting too many fraudulent transactions, which is why it’s important to invest in a solution that strikes the right balance between maximizing approvals of legitimate sales and blocking the bad ones. Whether you build that solution in-house or partner with a third party depends on your own unique needs and existing resources, but investing in that solution today will allow you to stay ahead of fraudsters and protect your company for years to come.

If you're worried about online security, check out our best online cybersecurity courses.

Tan Truong is CIO of Vesta. A seasoned executive with 16+ years of experience and technologist by trade with two pending patents, Tan Truong builds and leads Vesta’s technology, product and operations teams to create a high-performance, innovative culture.