Published August 25, 2020
If there was such a thing as true deterrence to cybercrime and credit card fraud, criminals would just give up. The problem is, there isn’t a tried-and-true way to eliminate the threat—as soon as a possible solution to one method of attack emerges, criminals simply change tack and try another modus operandi. It’s a problem for every industry, but credit card fraud specifically is a big and growing problem for retailers in particular.
According to a LexisNexis study, retailers paid $3.13 for every dollar lost to credit card fraud, on average in 2019—a 6.5 percent year-over-year increase. For retailers of all kinds and sizes, from convenience stores and gas stations to department stores and supermarkets, credit card fraud risks their profitability, reputation and, potentially, even their business viability.
The good news: Retail technology providers have had plenty of practice developing a wide range of countermeasures that are catching up to criminal threats faster every day.
Below, we discuss the risks, challenges and resources available to combat credit card fraud.
Credit card fraud is an existential threat to the retailer if the store is found to be at fault and customers sue for damages. And while large retailers have more resources to cover the actual financial impact of fraudulent card charge-backs, it can literally put smaller retailers out of business.
Another threat to business viability: Once the credit card payment processor is notified of fraud and learns the retailer is at fault, it could terminate the retailer’s processing account. That limits the retailer’s ability to stay in business.
If criminals get away with fraudulent purchases, the retailer doesn’t get compensated for the goods sold. Also, the bank that issued the card might try to get reimbursement from the retailer for allowing the fraudulent transaction. The losses can really stack up—and the larger the scale of the fraud, the bigger the hit to a retailer’s profitability.
Whether a large retailer receives negative publicity for large-scale credit card data breaches or word gets around town that a smaller retailer allowed theft of a single cardholder’s information, brand loyalty can suffer. Identity theft in particular could be catastrophic for victims and they’ll remember which retailer allowed the theft of their information for a long time. And the damage to the retailer’s brand will manifest itself in the bottom line over the long term.
These risks can arise from two major categories of the crime: card-present and card-not-present (CNP) fraud.
This type of credit card fraud, which involves physical credit cards, comes in many forms that can originate from outside or inside the retailer’s store:
Card-present fraud criminals target some types of retail businesses for credit card fraud more than others:
CNP fraud involves internet, phone and mail-order transactions or activity. The actual fraud occurs after criminals steal card information by hacking, skimming or phishing. Predictably, this category of credit card fraud has begun to outpace card-present fraud in recent years as e-commerce transaction volume has proliferated.
According to a 2018 study by the Federal Reserve, the amount of card-present fraud in the U.S. declined from $3.68 billion in 2015 to $2.91 billion in 2016, while the amount of card-not-present fraud jumped from $3.4 billion to $4.57 billion during the same period. Also, a study by Javelin Strategy & Research the same year revealed that CNP fraud is now 81 percent more likely to occur than card-present fraud.
Hacking appears to offer criminals the greatest potential to steal massive volumes of credit card information at one time. Having achieved this, the criminals can make the data, such as card numbers, available on the so-called dark web. Due to their widespread adverse impacts on both cardholders and retailers, the largest credit card data breaches in history have received a great deal of publicity in recent years.
A major objective of credit card data theft is identity theft, a crime that exponentially increases the impact of credit card fraud on victims. It’s possible for a perpetrator of identity theft to literally steal most of what a victim owns or earns. Besides possibly ruining consumers financially, identity theft has the potential to greatly increase retailers’ liability.
Retailers that offer online transactions cannot even expect the issuing bank to cover the charge-back fraud, also known as friendly fraud. If they install chip readers to read chip-enabled cards issued by the bank and get signatures for transactions and fraudulent charges still occur, the bank must cover charge-backs. The same security measures are not in place for CNP transactions, so the retailer, not the bank, must refund the amount of the fraudulent transaction.
Credit card companies offer some early-warning protection for fraudulent activity in retailer accounts. They detect fraud by monitoring accounts for unusual activity, e.g., amounts charged, stores and locations where purchases are made, etc. Each card issuer uses increasingly sophisticated fraud detection algorithms to monitor massive amounts of credit card number data collected from millions of cardholders. The detection of suspicious charges triggers a fraud alert and the card issuer contacts the cardholder via phone or, increasingly, texts to verify the transactions.
It’s also possible to use customer data including credit card numbers to mitigate credit card fraud risk—a form of fraud detection. Predictive analytics systems use the data to predict possible fraudulent activity.
But consider credit card fraud detection a last line of defense and instead prioritize implementing tools that offer fraud protection. Doing so not only will enable you to avert potentially costly fraud—your brand will also establish a reputation for safe commerce and low potential as a staging ground for identity theft.
That reputation is important to consumers who, though protected against fraudulent charges, have legitimate concerns about the security of their financial information. In a given case of fraud, the credit card company, the bank or possibly the retailer is liable for charges beyond the $50 maximum for cardholders.
Protect them and your business by investing in fraud prevention tools and strategies, like the below.
Minimizing card-present fraud involves making a conscious effort to adhere to procedures and invest in enhanced fraud mitigation solutions:
Card-not-present fraud is any fraudulent transaction that takes place when the criminal and card are not physically present in the store. This can include online, mobile and social shopping, phone orders and mail-order purchases.
Watch for very small transactions. Occasionally, criminals test a card with very small purchases before buying more expensive items with it.
There’s no doubt, credit card fraud is a sophisticated threat to your retail business, and no sector is immune, whether supermarkets, department stores or gas stations. Think of it like a chronic illness with no cure: you have to remain vigilant, educated on the risks and keep learning as much as you can about new, more powerful treatments that are emerging all the time. Fraud protection must be one of your top priorities. Your business’s future—and your customers’—depends on it.