Why multi-layered protection against ecommerce fraud is essential

By : Dena Hamilton

August 03, 2017 12:00 PM

One of the most significant changes in the US payments industry over recent years has been the fraud liability shift for EMV-enabled cards in October 2015. Since that date, responsibility for card fraud in cases where the card has an EMV chip but the point-of-sale terminal is not equipped to accept EMV transactions has fallen on the merchant, rather than the card issuer. The only exception is pay-at-the-pump terminals at gas stations, where the liability shift is not due to take place until October 2020.


The EMV chip is a step up from the magnetic stripe as far as card security is concerned, as it is capable of generating a unique transaction code for every transaction.


However, one unfortunate - but not entirely surprising - consequence of the shift to EMV at point-of-sale has been an increase in ecommerce fraud. Criminals that once relied on using stolen or counterfeit cards at POS terminals have turned their attention to card-not-present fraud in the ecommerce space.


For any business that engages in commerce through an online or digital channel, it is therefore more important than ever to deploy multi-layered, intelligent protection against fraudsters.


An evolving threat


After analyzing millions of ecommerce transactions from its client data, Experian revealed that rates of ecommerce fraud across the US increased by 33 percent in 2016. This was a much bigger increase than expected three-quarters of the way through the year, when it was predicted that ecommerce fraud rates would be at least 15 percent higher than in 2015.


Looking at instances of fraud related to both shipping and billing locations across the country, the information services group identified Miami, Florida, as the area with the highest risk of both shipping and billing ecommerce fraud. The city has 17 of the top 100 ZIP codes for shipping fraud and 20 of the top 100 for billing fraud.


Based on the overall number of ecommerce fraud attacks, 70 percent of billing fraud last year occurred in three states: Florida, California and New York. Delaware, Oregon and Florida saw the highest rates of billing and shipping ecommerce fraud in 2016.


Examining the reasons behind the growth in ecommerce fraud in the US, Experian noted that 2016 was a record year for data breaches. According to the Identity Theft Resource Center, the number of data breaches rose by 40 percent from 2015 to 1,093. Meanwhile, the Federal Trade Commission announced an increase in the proportion of consumers reporting that their stolen data had been used for credit card fraud, from 16 percent in 2015 to 32 percent last year.


As far as EMV is concerned, the report suggested that the increased adoption by merchants of chip-and-PIN payment terminals has "had a profound impact on driving up ecommerce attacks".


Robust and reliable protection


It's clear that it is now essential for online merchants, regardless of where they are based, to not only be aware of the threat of ecommerce fraud, but to have a clear plan in place to defend against it.


There are encouraging signs in this area, with Visa recently arguing that card-not-present fraud has not risen as rapidly as some commentators predicted in the wake of the EMV liability shift. The company said one of the reasons for this is the action ecommerce merchants are taking to tackle fraud.


One of the most effective ways your business can protect itself and your customers' sensitive data from fraud attacks is by using multi-layered security systems that are able to learn and evolve.


Experian said: "The value of employing a multi-layered approach to fraud prevention, especially when it comes to authenticating consumers to validate transactions, cannot be understated. By looking at all the points of the customer journey, businesses can better protect themselves from fraud, while maintaining a good consumer experience."


One particularly powerful tool that can help to strengthen your security infrastructure is machine learning. By using software that analyzes and learns from key pieces of data - such as shopping basket profiles and IP addresses - you can better equip your business to identify potentially fraudulent transactions.


Machine learning, combined with human intelligence and clear security protocols, developing technologies like this could be crucial to winning the ongoing battle against ecommerce fraud.

Dena Hamilton

GM/Director, Enterprise Fraud & Security Software Solutions

Other articles by this author

Dena specializes in fraud, risk, compliance and security with over 35 years in the financial services space. Her focus is in the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.