CNP to Hit $70 Billion in the Next 5 Years

Retailers are on course to lose more than $70 billion globally to remote “card-not present” (CNP) fraud over the next five years. Despite this fact, retail managers of both large and small operations are under the financially fatal impression that fraud prevention is too costly.

Within individual retail organizations there can be a tension between sales and marketing departments – the departments concerned with selling the company’s products or service - and the loss prevention department – the department that is often perceived as working against the ability to selling the company’s products or service. However, this tension is often completely unnecessary.

The U.K. based consultancy Juniper Research released a new report on their cost analyses on many fraud detection and prevention solutions implemented by loss prevention departments and found that, in most cases, they actually provide value and ROI for merchants in the face of rising fraud.

Stated in another way, the data shows that - contrary to the common opinion of retail managers regarding this topic - investment into loss prevention programs serves to boost the bottom line by eliminating the write-offs resulting from fraudulent transactions as well as other loss events. Such loss eliminations more than outweigh any revenues lost by the addition of fraud prevention to the processes. The data analysis by Juniper Research follows the popular adage: “An ounce of prevention is worth a pound of cure.”

The Juniper Research report has pinpointed three factors that will drive CNP fraud losses in the next half decade:

1. the ongoing migration to EMV technology
2. the slower-than-expected rollout of 3-D Secure 2.0
3. the significant vulnerability to fraud that has emerged from the ‘buy online, pick-up in-store’ service that are becoming increasingly commonplace

EMV technology is capable of reducing in-person card fraud but does not have the ability to reduce CNP fraud, since the chip that is at the core of EMV technology is not used for e-commerce (online) purchases. In fact, there is growing evidence that EMV technology will actually cause CNP fraud to rise – if a criminal cannot use a fraudulent card in-person, then naturally, the criminal will try to use it online. You can learn more about why EMV technology is useless in preventing CNP fraud on a previous post.

3-D Secure 2.0 refers to a specification that the folks who created the EMV technology have created in order to attempt to combat CNP fraud. Although it sounds fancy, 3-D Secure 2.0 - put simply - refers to a data comparison and analysis method. By analyzing the transactions habits of e-commerce consumers, 3-D Secure 2.0 claims to be able to discern between genuine transactions and fraudulent transactions.

There was actually a 3-D Secure 1.0 that was scrapped due to the fact that it was so annoying to consumers that it led to a 50% decrease in conversion rates at merchants who tried implementing 3-D Secure 1.0; 3-D Secure 1.0 required customers to create a password or abandon the purchase.

3-D Secure 2.0 is not available for implementation until later this year, according to Visa and Mastercard, and has, irritatingly, kept the new password creation requirement - although it has been reported it will be used much more infrequently. If 3-D Secure 1.0 is any indication, 3-D Secure 2.0 shouldn’t provide that much confidence that it will be tolerated enough by e-commerce consumers that it can overcome the frictions that cause a decrease in conversion rates.

Juniper Research pointed specifically to the pressure that will be felt by physical goods merchants struggling with fraud created by the ‘buy-online, pick-up in-store’ service. As customers demand more convenience and retailers respond with omnichannel alternatives, buying goods online and picking them up at a store location or locker is becoming more popular. Consequently, retailers have been exposed to more fraud.

According to the report, the lack of a residential address associated with this type of sale along with reluctance on the part of merchants to impose stringent ID checks at pick-up - out of fear it will affect the customer experience - will drive this new ‘click-and-collect’ fraud to worrisome heights. It is estimated that by 2022, physical goods merchants will lose nearly $15 billion annually with click-and-collect fraud accounting for a significant chunk.