Post-EMV eCommerce Fraud Growth Abetted by Data Breaches
According to recent data from Experian, eCommerce fraud was 15 percent higher in the first half of 2016 compared the same period the year before, but for the full-year eCommerce fraud attack rates increased to 33 percent. This implies an even greater increase in CNP fraud in the second half of the year, and it is believed that the transition to EMV or chip cards is the primary reason behind this growth.
As the last major payments market to adopt the more secure Chip card technology, we had a pretty good idea of what to expect in the United States. Similar to what was seen in the UK, Canada and France, the industry was bracing for an increase in CNP fraud as it became more difficult to perpetrate counterfeit card fraud at the physical point-of-sale.
In the United States, the EMV liability shift occurred on October 1, 2015 and the rollout has been gradual. Likewise, the increase in CNP fraud was notable but in-line with recent years’ growth. By the end of 2016, nearly 2 million U.S. merchant locations were equipped to accept EMV cards, or 39 percent of all merchant locations, according to Visa. It was in 2016, and seemingly more so in the second half of the year, that the industry really started to experience the shift of more fraud attempts to the customer not present channel.
According to Experian, one-third of eCommerce transaction attempts were fraud attacks in 2016. Figures from other sources corroborate this growth in fraud or offer potential insight into what may be causing the sudden increase. According to the FTC, nearly one-third of consumers experienced stolen data used for credit card fraud in 2016, more than doubling from 16 percent in 2015. While EMV makes it more difficult to counterfeit stolen information to use cards in-store, it does not stop fraud in the online, m-commerce or telephone order channels. Meanwhile the increase in data breaches has made this information more readily available. The Identity Theft Resource Center reported a 40 percent increase in the number of data breaches from 2015 to 2016.
While Experian says that 33 percent of eCommerce orders were fraud attacks in 2016, the FTC figure that one-third of consumers experienced credit card fraud goes across all channels. However, recent data from Javelin Strategy and Research (http://fraudpractice.com/fraudblog/?page_id=2500) shows that it is primarily CNP channel fraud that is growing. According to Javelin’s recent study, CNP channel fraud using a payment card impacted 3.42 percent of U.S. consumers in 2016, up from 2.41 percent in 2015. This marked a 42 percent year-over-year growth rate, whereas Card Present channel fraud increased by just 8 percent from 2015. Javelin reported that the share of existing payment card accounts that were compromised and fell victim to fraud increased from 4.5 to 5.1 percent in 2016, but there was significantly more of this growth leading to fraud committed in the card not present channel.
These facts tell us that there are more data breaches making payment card information and other identity information even more widely available. Meanwhile EMV terminals and chip cards phase out the less secure magnetic-stripe cards and readers. Incidences of identity theft and use of existing payment card accounts are increasing, as well as eCommerce fraud attacks, with 42 percent growth in card not present fraud compared to just 8 percent in the card present environment.
For more information: