Today's payments fraud prevention is an increasingly complicated business. Mass market adoption of e-commerce together with cross-border trade and the popularity of new forms of digital payments are challenging issuers with new complexities, and fuelling the rise of sophisticated card fraud techniques. New legislation has added new levels of consumer protection and, at the same time, further increased the fraud prevention burden on issuers.
Although initiatives such as EMV implementation and 3D-Secure have done much to reduce domestic losses from lost and stolen cards in Europe, the total value of fraudulent transactions still amounts to €1.8bn every year, according to the European Central Bank (ECB). The increases in complexity, however, weigh heavily on issuers' legacy systems, which are not agile or adaptable enough to respond adequately.
Deeper into the fraud problem
The volumes and types of fraud vary dramatically between European nations. In the Netherlands annual fraud losses are as low as €11.7m, whereas in the United Kingdom they reach a whopping €690.7m. ATM fraud is responsible for approximately 9% of all card fraud in Europe, but this rises to 13% in Denmark and falls to just 3% in the UK. Although Card Not Present (CNP) fraud represents almost 80% of the total volume of fraudulent card transactions across Europe, in Sweden this falls to 70%.
Focusing on the source
The future success of Europe's financial institutions is predicated by their customers' adoption of digital payment solutions. When developing these, issuers must ensure that their customers are protected, their privacy respected, and that friction during the payments process is minimised. In terms of consumer protection, many issuing banks have focused on consumer behaviour by attempting to educate their customers on the risks of phishing and other scams.
Organised crime involvement in European payment card fraud, however, is impacting fraud prevention efforts. Organised criminal enterprises are taking advantage of pre-packaged scams, also known as Fraud as a Service (FaaS), which, together with vast amounts of payment card numbers, are available to purchase on the dark web. Crucially, these card numbers and other Personal Identifiable Information (PII) are not always acquired through phishing. Some of this information is shared after data breaches, for example, and some through new types of skimming on e-commerce websites.
When presented with a more holistic view of European payment card fraud, it is clear that the industry must focus on tackling the beginnings of online fraud, as well where it ends with the customer.
Dealing in data
The key to fighting fraud before it impacts consumers is data. At this point, however, no one merchant, issuing bank nor payment service provider holds all of the different pieces of the puzzle.
That doesn't mean we should wave a white flag, though. Payment service providers, according to the report, are in a strong position to combine all data from issuers, acquirers and processors across the European ecosystem. Achieving this would go a long way toward enabling active fraud prevention at source.
The primary hurdle will be collecting and exchanging this data securely and in real-time, without increasing friction in the payments process; the best fraud prevention strategies place equal emphasis on delivering a positive experience for genuine customers, accurately detecting and rejecting fraudulent orders, and efficiently managing operational costs associated with fraud prevention.
Turning insights into action
According to the report, fraud prevention services that protect the digital identities of consumers and businesses, such as omni-channel fraud and risk management services, are widely recognised as the most effective. To keep pace with the rapidly evolving landscape, the industry has tended to outsource technology services and expert capabilities. This means that managed, end-to-end fraud and risk services are in demand from many banks and payment service providers.
In order to keep pace with increasing fraud and risk challenges, banks and payment service providers have two options:
- Benefit from next generation fraud and risk prevention services managed by a trusted external partner that can cover the latest trends, while allowing payment businesses to keep control of their own data;
- Combine their existing fraud and risk management with white-labelled next generation support to close gaps in their in-house services.
The scale of payment fraud losses underlines the urgency of implementing comprehensive security measures, and of reinforcing those measures through use of the right tools.
The insights above are drawn from The European Fraud Report - the most comprehensive report on tackling card fraud in Europe. Download it to learn more.
Get the key take-ways
Watch this webinar live recording to get key insights and analysis from the European Fraud Report by fraud and research experts Sune Gabelgård and Horst Foerster. Watch the webinar (external link).