Menu

Fraud/Data Security

What you need to know:

Nearly fifty percent of all worldwide card fraud happens in the U.S. and managing consumer confidence is paramount. Merchants do not want consumers to fear breaches and fraud. Fraud prevention and data security technologies need to be developed in an open and competitive environment, which fosters better security, higher efficiency, lower cost and lower customer friction.

FROM 2020 TO 2021, GLOBAL FRAUD LOSSES INCREASED 13.8 PERCENT, REACHING $32.3 BILLION. THE US ACCOUNTED FOR ONLY 23.02 PERCENT OF GLOBAL CARD TRANSACTIONS, BUT 36.83 PERCENT OF GLOBAL FRAUD LOSSES

FAQ

How often are there data breaches and hacks?

Often, and more often than you think! But, banks have different Disclosure lawsFinancial laws that are put in place to protect consumers on fraud and data breaches., and thus aren’t legally required to broadcast to the public about a breach because they already know who you are.

“Banks can be more discrete about data breach disclosures because they can talk directly to the customers.”

They can be more discrete about disclosure because they can talk directly to the customers. Because of this, many banks data security incidents go unreported to the general public.

Fraud is Becoming an Increasingly Global Issue: In 2012, 53 percent of Fraud Occurred Outside the U.S., Compared with 61 percent in 2017.

– NILSON REPORT, 2018

OUTSIDE THE UNITED STATES, CARD SPENDING IS DOMINATED BY PIN-BASED DEBIT CARD PAYMENTS, WHICH BETTER PROTECTS AGAINST FRAUD. IT WAS THE GROWTH IN CNP TRANSACTIONS THAT FUELED THE INCREASE IN ACTUAL DOLLARS LOST TO FRAUD.

Is there new technology to protect transaction data?

While there is some new technology, unfortunately, there are no open and set standards that are in place with regards to the payment ecosystem. With proprietary systems – including EMV being controlled by the card networks – creating the most secure and safe payment environment is difficult.

Part of the problem in the U.S. is a lack of following open and accredited standards organization for payments. For example, the  An international organization that is responsible for promoting worldwide industrial and commercial standards, including financial standards. standards for payment systems, which have been agreed upon for years internationally, have proven successful in preventing a tremendous amount of fraud on payments where customers enter a PIN. The ISO standards dictate how the PIN is encrypted and transmitted through a PIN block specification.

“With increasing card not present transactions globally, the entire payments ecosystem is responding by developing various technologies to combat the increasing fraud that comes with those transactions. KYC, machine learning, and even AI are all being leveraged in nascent solutions that are offered by core payments partners such as networks and acquirers, and third partythird-party fraud tools as well to reduce the impact. Finding the most effective solution financially and operationally can feel like an unsolvable puzzle for merchants today.”

While there is some new technology, unfortunately, there are no open and set standards that are in place with regards to the payment ecosystem. With proprietary systems – including EMV being controlled by the card networks – creating the most secure and safe payment environment is difficult.

Part of the problem in the U.S. is a lack of following open and accredited standards organization for payments. For example, the  International Standards Organization (ISO) An international organization that is responsible for promoting worldwide industrial and commercial standards, including financial standards. standards for payment systems, which have been agreed upon for years internationally, have proven successful in preventing a tremendous amount of fraud on payments where customers enter a PIN. The ISO standards dictate how the PIN is encrypted and transmitted through a PIN block specification.

“There is no true way of identifying who a consumer is through a swipe, dip or tap and a signature”

Tokenization and encryption are available advanced technologies more recently applied to payments, and depending on the providers of these solutions, they can fight against new forms of fraud effectively. However, these solutions can be expensive and can also impact your ability to route your transactions.

How do we secure a transaction and identify a consumer?

Encrypting data when it is swiped, dipped, tapped, or even entered into a website is an important tool for securing data as it moves between the different parties involved in a transaction. Replacing consumer data with non-sensitive information – the process of tokenization – is another important tool for protecting data. When you mask the meaning of data it becomes less valuable for thieves to steal.

Improving the security on financial products is yet another way to secure a transaction. EMV Chip A small microchip which is embedded into a credit or debit card that stores dynamic data about an account holder. It is inserted into the point of sale payment terminal and then a corresponding PIN number is entered for debit cards, or a signature for credit transactions. cards attempt to do this, but as long as the magnetic stripe is still on the card and multi-factor authentication is not supported, there is still tremendous potential for United States card fraud losses to remain the highest in the world. Authenticating a cardholder, also known as identifying the customer, is yet another means to secure a payment. This can be done with a PIN, password, biometrics, or any other feature that links a consumer to their payment card or device. Some of the ways to identify a customer are safer than others. New technologies, such as 3DSecure and Strong Customer Authenticatino (SCA), have been introduced globally to assist in identifying customers, but they have varied effectiveness and merchant adoption.

Is the signature a customer verification method?

There is no true way of identifying who a consumer is through a swipe, dip or tap and a signature, especially if a credit card or bank account was opened online, with only an electronic – not physical – signature.

It is extremely important to identify both the cardholder and the account holder through a two-factor authentication process. Using a swipe, dip or tap and signature alone, there is no way to effectively do this. Essentially, anybody could be using that card.

Is it safe to shop online?

Yes. Different websites use different tools (i.e. IP address) to know and understand who their customer is to help prevent against fraud. Some merchants also utilize a process known as 3DSecure to authenticate the transaction, which sometimes may require a consumer to answer a security prompt.

In the eCommerce space, most fraud is conducted because a criminal was able to go in and make fraudulent purchases with your card data he or she has stolen and copied. Additionally, there is the concept of a ‘spoofing’ website, which is where fraudsters create a replica of a legitimate website to try and fool a customer into thinking it is the official webpage, and asks them to enter their payment information.

Consumers can help by being vigilant and not purchasing goods or services from a phishing website. Any website using a secure connection will display a ‘https’Secure websites begin with these letters. These sites are trusted and a safe way to transact in the e-commerce space. in the URL.

Fraudsters have also gotten more creative in the ways they commit fraud. For example, account takeover fraud occurs when a consumer’s account with a merchant is hacked, and saved payment information is used while bypassing preliminary fraud checks. Loyalty programs can also be abused leading to significant value lost for merchants. It is important for merchants to help consumers keep all information as secure as possible when shopping online.

Does EMV solve data breaches?

No. The chip makes it difficult for anyone to copy or counterfeit a card, but the data can still be stolen. EMV is only safest when used in conjunction with a PIN, and even then it is not a fool-proof solution. As long as magnetic stripes continue to exist on cards, there is still ample opportunity for counterfeit fraud on those products, as well. EMV does not prevent fraud in the e-commerce environment, nor does it fully prevent hackers from developing means to decipher the dynamic data the chip contains.

“EMV is only safest when used in conjunction with a PIN, and even then it is not a fool-proof solution.”

EMV only solves  Counterfeit card present fraudWhen a criminal makes copies of a credit or debit card using illegally or fraudulently obtained data., not  E-commerce fraud Fraud that exists in the e-commerce space..

What is encryption versus tokenization?

Encryption A system of communication where only the two transaction parties can read the data being transmitted. Each party is privy to the keys to decrypt the data and protect it from hackers and interlopers. – Encryption is taking a 16-digit credit card number and rearranging the digits through a complicated algorithm to change it into a different number. Anyone who knows the key to the math problem can change it back to the original credit card number through the decryption key.

“The United States needs to continue to deploy much broader security technologies, such as end-to- end encryption, to better protect payment card data.”

Encryption can be used in a transact-able nature, but encryption lends itself to standardization and openness with trusted parties having keys. However, encryption keys can be transferred between parties, leaving the data somewhat vulnerable to hacks if an unauthorized user gains access to the appropriate encryption key.

TokenizationTokenization is the process of replacing one number with another unrelated number. Tokenization is purely replacing one number with another number. There is only one place where the two numbers are matched up and stored in a secure location. No algorithm or math equation can unlock the tokenization as the numbers are randomly associated.

There is a difference between a payment token and a storage token. Merchants use tokenization for data storage and payment management across a broad range of products that move through their systems. Payment tokens are solutions leveraged by supply chain members that can help merchants keep up to date information on credit and debit cards through working with the issuing banks.

Who pays for fraud losses?

Card fraud losses are borne primarily by merchants and banks.

Fraud Liability Losses

Download PDF

What is a chargeback? How does it work?

According to the Kansas City Federal Reserve Bank Study, a chargeback is a form of customer protection done by issuing banks in case of fraudulent activity in CP and CNP scenarios. Once a cardholder files a dispute for fraud, the issuing bank makes an investigation into the complaint. If the transaction is proven to be indeed fraudulent, the bank will refund the original value to the cardholder.

Then, the issuer will enter into a process with the merchant to decide who is responsible for covering the fraud costs. From the merchant’s point of view, if they cannot prove the transaction to be legitimate in the banks definition, the bank will take back the entire value of the transaction from their account, along with an additional chargeback fee which can range from $0 to $100, depending on the merchant’s bank.

Chargebacks are perceived as one of the major cost components for merchants to accept card payments

Merchant fraud loss rates significantly vary between CP and CNP. In the CNP environment, chargeback rates are at least 10 times higher than those in the CP environment. For example, the travel merchants have remarkably high chargeback rates, accounting for nearly 3 percent of their CNP sales value. Merchant fraud loss rates for CP transactions are currently low, but this may change as more card issuers issue EMV cards.

It is also important to note, when a merchant incurs losses from a fraud chargeback, the merchant loses not only the transaction funds, but also the merchandise consumed by the fraudster.

Roughly 70 to 80 percent of chargebacks in CNP scenarios are determined to be the merchant’s liability, and they are forced to pay for the fraudulent activity.

Do chargebacks exist on PIN transactions?

Not typically, for a few distinct reasons. PIN debit networks typically do not have a chargeback process; rather funds of transactions are reversed as adjustments. Additionally, adjustments are quite rare.

Because PIN transactions are unique numbers, known only by the cardholder, they provide better protection against fraud than swiping a card that could have been copied or stolen.

Sign Up

Want more information and to stay up to date about payments?


  • This field is for validation purposes and should be left unchanged.