A temporary victory?
Written by Graham Buck
With even the mighty Sony Corporation falling prey to hackers and the theft of personal information on millions of PlayStation users, it’s easy to assume
that the war against fraudsters is being lost. But not all the reports from the battlefront are gloomy. According to recent data from fraud prevention group Retail Decisions (ReD),
efforts to reduce the incidence of online, mail order and telephone order fraud are achieving success. The figure for 2010 showed a ‘significant’ drop for a second year in succession, falling 10 per cent to £239 million against £266 million in 2009.
In a generally upbeat report, ReD noted that money lost to the most common type of plastic swindle - card-not-present (CNP) fraud - has fallen progressively since it peaked at £328 million in 2008. It also anticipates that the success story will extend into this year, with a further five per cent reduction in the value of CNP fraud in 2011.
However, the longer-term projection is less rosy. ReD notes that the Beijing Olympics three years ago was the catalyst for a massive jump in China’s online fraud rate. The group fears that London 2012 will similarly reverse the downward trend, as fraudsters devise more creative ways to overcome new security measures and tightened regulations.
“Fraudsters are continually adapting to overcome fraud prevention techniques and they communicate constantly in the criminal underworld to share scams,” warns ReD’s chief executive, Carl Clump.
“So retailers need a fraud prevention strategy that not just keeps pace, but is one step ahead of the fraudsters. To be truly effective a system needs to be able to spot trends as they are emerging - not just identify them once they’re active.”
As the group notes, two successive years of reductions in the value of UK card payment fraud is contrary to the “significant growth” seen over the past five years. The increase can be attributed, in part, to the greater number of credit and debit card details which cyber criminals are able to gain access to online as more consumers desert the High Street and instead opt to shop on the internet. ReD cites this as a major contributing factor in CNP fraud now accounting for 50 per cent of plastic card fraud losses, against only 10 per cent in 1998 when overall fraud totalled just over £100 million.
The more recent improvement does not reflect any let up in criminal activity. The group reports that “although criminals are pocketing less they are still as active and inventive as ever, and last year attempted a further four times more fraud that didn’t succeed.” It suggests that their efforts are largely being thwarted as retailers are now screening transactions more carefully. For example, if the goods are not being shipped to the customer’s home address then further checks will be made to determine whether the given address is a valid one.
“In the past couple of years retailers have used technology to regain ground, adopting automated screening in addition to traditional tools,” says Jeanne Gorman, business development manager for anti-fraud services at BT Global Services. “So we’ve seen a big improvement as a result.”
“Fraud screening services work in conjunction with the individuals responsible for the final call on whether or not an order goes through. So the success has been through a combination of technology and the people behind it. But the tools behind fraud screening services must continually adapt by adding new sources of data; checking on identities, postcodes and other details so they can be smarter about their customers.”
Perhaps the most obvious measure has been the introduction of three-digit or four-digit security codes (CSCs) for credit and debit card transactions as an added layer of protection against fraud. However, as retail development manager at Callcredit, David Fletcher notes, if hackers infiltrate a retailer’s database then this information promptly enters into the public domain. New technologies are therefore essential so that the retailer can not only verify ID and payments methods but also combine the two; reliably tying the customers to the debit/credit card to facilitate a safe transaction.
It’s better for the retailer to be proactive rather than reactive, he adds. “Often a consumer doesn’t immediately notice that he or she has lost their card, so there is a time gap before it is flagged up as either lost or stolen.”
There are potential pitfalls in having greater security, adds Fletcher. One of the biggest problems is that fraud checks can also result in genuine customers being turned away because they cannot be verified for some reason. Another is that the checking process adds to the time period that elapses between receiving an order and dispatching it to the customer.
“We’re working with retailers so that checks can be completed more speedily,” he adds. “It’s vital when some companies offer to send out the goods within 90 minutes of the order being received.”
The gap between sales and fraud detection in too many organisations is undermining the task of growing their business, agrees David Britton, vice president of industry solutions at 41st Parameter. “Executives assume that fraud is being managed, but the solutions are often draconian.”
Even in one of the most highly-targeted sectors, airline travel, attempted fraud comprises no more than 1.5 per cent of total sales. Yet as many as one in four transactions is impacted negatively, he adds.
UK retailers could also take tips from continental Europe, suggests Tim Allitt, head of sales and marketing at SecureTrading. “The Germans and the Dutch are particularly sophisticated; the latter use the iDeal system and have got into 3D Secure factor authentication.”
iDeal, an internet payment method that allows customers to buy securely using direct online transfers from their bank account, processed 4.5 million transfers in its first year, which had grown to 68.8 million by 2010. 3D Secure, which has rapidly been adopted across Europe, involves the card number being checked as well as a three digit security code. The customer is then asked to validate the payment with a special password.
So is technology winning the battle against CNP fraud? Certainly those companies that specialise in anti-fraud and verification products report that they can identify the ‘hot spots’ and postcodes where fraud is particularly prevalent.
“Regions such as South America and Nigeria are already well known, but others such as Lithuania and Ukraine are rapidly coming onto the map,” reports Fletcher. Perhaps more surprisingly, the US has also seen a steady increase. As Britton notes: “It’s no longer a safe assumption that the US is a safe location.” And if fraudsters have suffered a setback as CNP fraud is tackled, they will simply switch their focus, he adds.
“Fraudsters are sophisticated not only in their techniques but in the channels they exploit - hence the recent surge in malware attacks. And in the next five years we’ll see an increase in cross-industry attacks, as those now rampant in commerce shift their focus to financial services.”
As he says, the fight is not against automated machines, but against highly creative and motivated criminals.