I noticed several unexplainable charges and the ‘amount owed’ scared me even more than usual. By the time I had realized that my new chip-enabled credit card number was hacked, presumably on-line and used overseas, my hot cocoa had gone cold!
I was hacked!
Working in the payments industry, I am well aware of fraud prevention strategies. But, nothing makes you appreciate the harsh reality of fraud more than a personal experience. The new benchmark data from ACI Worldwide shows that top retailers have experienced a recent surge in “card-not-present” fraud activity, along with the most popular pathways to fraud in an EMV environment.
The pathway found me when I discovered that my credit card number was used in a foreign country to purchase luggage and apparel. I asked my husband if he was planning a surprise vacation to a warm, exotic location. I envisioned him calling a few retailers to purchase high-branded apparel, buying luggage to store it all in, and having it wait for us at a hotel.
Seriously, stop daydreaming…my credit card data had been compromised. No second honeymoon! No expensive luggage!
Fraudsters targeting eCommerce channels
Did I really have to be an unwilling participant in a card-not-present fraud scheme? As the ACI data shows, the shift to more secure EMV chip cards has now tightened controls on card present transactions, leaving fraudsters to target eCommerce channels. Hackers made me a relevant statistic this holiday season.
To that end, you cannot ignore how this data has impacted the card-not-present channels and also its long-term effects on the omni-channel ecosystem. Having a secure omni-channel strategy to address this risk is critical for any retailer this holiday season.
Just as letters to Santa give parents’ an insight to their kids’ wishes, today’s mobile usage can enlighten retailers, as shoppers frequently consult their phones on purchases they are about to make in-store.
In fact, mobile has encouraged retailers to change their omni-channel strategy and provide layers of defense mechanisms for their security infrastructure. Although EMV helps to fight fraud for card present, we still have to remain vigilant as additional benchmark data findings tell us:
• First, fraud attempt rates have increased by 33% compared to the same period in 2014.
Many recent data breaches and online shopping hacks show the need for more secure measures between the attacker and the merchant. One layer of security is not enough and perhaps an augmented security effort is best, with several layers of defense.
• Secondly, another interesting finding is that the fraud average ticket value (ATV) has decreased by $9.00 over the past year from $282 to $273.
I experienced this lower fraudulent spend amounts trend with my own compromised card situation. Each of the fraudulent items on my bill was less than $200, but totaled a lot more than I would typically pay. (All those vacation outfits I had coordinated in my head!)
What can merchants do during peak holiday periods to minimize risk and fraud?
Is there one solution to minimize the effects of these findings, or a combination of them to curtail fraud? Secure elements? Tokenization? End-to-end encryption?
No single tactic diminishes all threats, but with a comprehensive payment security strategy in place, a retailer can help prevent the uptick in fraud during the holiday season, especially in card-not-present channels. No single security measure is impermeable on its own, but implemented collectively, more aggressive controls can lessen the chance of you or your customers becoming a fraud statistic.
All the “merchant Santas” out there should include a real-time fraud solution as part of an omni-channel strategy which continuously monitors fraud behavior across all channels, online and store.
Our findings show that merchants must be even more careful and implement effective eCommerce fraud protocols during the holiday season. “Hacked this season” has a terrible ring to it.