In Wake of EMV Switch, US e-Commerce Fraud Soars!

Payments Specialist, Risk Specialist

As the US switched to EMV chip cards system, e-commerce fraud rates jumped by 33% last year, according to Experian. In late 2015 the US finally followed much of the rest of the world when Visa and other card schemes switched the liability for fraud-related losses to retailers that have not upgraded their hardware for EMV.

Experian notes that the increase in e-commerce fraud follows a similar trend pattern from countries that previously rolled out EMV cards – UK, France, Australia, and Canada – that also saw gradual increases in card-not-present fraud.

“We suspect that the EMV liability switch and increased adoption by merchants of chip-and-pin enabled terminals have had a profound impact on driving up e-commerce attacks,” says the firm.

Fraudsters that typically relied on committing counterfeit fraud have shifted their focus to the digital channels where they could have more success, and as more attackers enter a rapidly growing mobile and online commerce space it becomes increasingly difficult for merchants to spot them.

This means that businesses need to expect the increase in e-commerce fraud to continue over time and to be prepared to deal with it by employing a multi-layered approach that pairs transactional data elements with details about the user and their device.

Experian says that the biggest component of credit card fraud trends is the fact that 2016 was a record year for data breaches. There were 1,093 breaches, a 40% increase from 2015, according to the Identity Theft Resource Center.

Meanwhile, the Federal Trade Commission recently revealed a jump in consumers who reported that their stolen data was used for credit card fraud, from 16% in 2015 to more than 32% in 2016.

The record number of data breaches is a signal that future fraudulent activities will take place, warns Experian.

What Bill Trueman, an Eminent Risk Specialist Says About This:

1. Of course e-commerce fraud will rise. It is rising everywhere as e-commerce and m-commerce get used more.

2. Naturally, if you stop fraudsters using cards at the point of sale with EMV, they will move to CNP.

3. If you do not put in protections in your CNP channel, fraud will rise.

4. USA fails to adopt (or plan for) protections in the e-commerce channel.

5. The late adoption of EMV in the USA, has caused a lot more data compromises for longer in this market.

6. EMV adoption is starting to see fraudsters deterred from CO fraud opportunities already as they move to other softer targets.

Bill Trueman is an eminent independent payments and risk specialist helping business and bank owners manage risk & fraud and save millions. He is director of globally well known RiskSkill, and UKFraud and is an active member of a worldwide fraud and risk advisors organization i.e. AIRFA.

Understanding Online Payment Frauds

online payment fraud

If you are an e-commerce owner, then the term “payment fraud” must be well known to you. The main reason for its popularity is the huge cost burden caused by these frauds to your business, not to mention the degradation of your credibility as well as client’s trust.

Generally, a payment fraud can be understood as an illegal or false transaction done over the Internet. Since all the e-commerce businesses sell products online, their payment is done online as well and hence there is maximum chance of payment frauds for them. It can be said that such frauds are unstoppable, however if an e-commerce owner uses an efficacious anti-fraud protection in its website / system, then the frauds can be avoided.

Cyber thieves are on constant look out for even the smallest patch or glitch in the online system (website, payment gateways etc.). Through these glitches or patches, they can steal the private information. Various ways of doing so are directly contacting the owners of credit cards via SMS or email (known as phishing frauds); redirecting the transaction to a fraudulent website; or even calling them by pretending the customer care executive of the concerned e-commerce website.

Common Scenarios of Payment Frauds:
Credit Card Frauds
Disagreement in accepting product delivery
Fake Returns

1. Credit Card Frauds

Ranked among the common crimes related to online payments, the easiest way to misuse is that fraudster steals the card and using it, they shop online for various products. In this scenario, the affected party (consumer) can get that specific amount back after some efforts, but the merchant loses that amount as well as the product.

2. Disagreement in accepting product delivery

In this scenario, fraudsters places online order for products then merchants sends the order to fraudsters, who then put forwards the claim that he/she did not collected the product. In this case, the truth lies somewhere between the rock and a hard place, hence is hard to determine.

3. Fake Returns

In this case, the customer puts in effort to win over the merchant over the statement that the ordered items are sent back to him and money should be refunded to him. However, those items never reach the merchant. In its spinoff setting, customer can claim the presence more than the actual number of items returned to merchant and hence claim a complete refund.

Through this information, merchants should understand that although “client is king” but client is not always honest and truthful. Therefore, they should implement suitable measures and policies to counter the aforementioned payment frauds.

For more information about the online fraud, payment fraud, commercial fraud, cyber frauds and fraud prevention strategies visit website http://www.riskskill.com/

UK Banks Covering up Cyber Crime Losses – City of London Police

A widely-held suspicion that UK banks are covering up the true scale of cybercrime has been confirmed by the City of London Police chief Adrian Leppard, who says that up to 80% of online crime goes unreported to the authorities.

Speaking at a Tech UK conference, Leppard says that the vast gap between what is reported and the actual threat level arises “primarily because banks are happy to write off incidents as costs, thereby costing the consumer collectively and funding ongoing cyber-criminality”.The Commissioner told the audience that the scale of the threat is much greater than the public think, so much so that it may have even surpassed what drugs have delivered to the criminal economy.He argues that the banks’ unwillingness to report the true extent of cybercrime, makes it harder to gain an accurate picture of the threat to the national economy and the resources required by police to counter the criminals.In November last year, a Treasury Select Committee hearing into cybercrime and fraud heard evidence from Dr Richard Clayton, a senior researcher in security economics at the University of Cambridge, who said that “insider” accounts of fraud losses at banks are double the numbers generally reported publicly.This followed a July Home Affairs Committee report on e-crime that accused British banks of letting cyber-crooks carry out crime in a ‘black hole’ of impunity by failing to report or investigate fraud.

Comments by Bill Trueman over this News:

We need to be very careful about articles like this, and comments like this too.

The issue here is about REPORTING not dealing with (investigating, prosecuting and deterring) the crime.

The real question here is, of the crimes that are reported to the authorities (i.e. the police), how many are investigated and how many are prosecuted and how many organised gangs identified and stopped and how many opportunists deterred. We can assume that the answer to these will be “almost ZERO %” on all counts.

I have sat with senior COL police people over many years (mainly in the 1990s) – who have refused to accept reports of fraud from banks, because they have no resources to investigate and prosecute. Accordingly £100 millions’s of card fraud ARE reported and not progressed, and £100 million’s of insurance fraud go the same way without even being reported – except for the MAJOR, MAJOR cases that are accepted by the police from the Insurance fraud bureau.

Try and get Leppard to accet such cases is nigh on impossible as only the top – fraction of 1% are progressed. And do not even start talking about or reporting to the police the Inland Revenue, Local Authority, NHS, Benefits etc. fraud because they won’t look there either.

In the UK, we are held up globally (mainly the banks) for the exceptional fraud collation and reporting on card and banking fraud and insurance fraud – and we were leading with the statistical collation of fraud as UKPLC. This was all done 20 years ago as a fall-out from the Levi Home Office reporting – and ‘wrapped up nicely’ except for the police investigation, and prosecution bit, which is still absent.

So it is easy, but also abhorrent that a police officer shoudl stand up and throw stones at an industry that has been doing its bit for a long time. The industry also funds the fraud reporting centre that HE RUNS as part of the COL police force – so it is actually a) Under his control and b) HIS issue too!

BUT…. lets look at what we are talking about here….. We are asked to believe that banks are “covering up Cybercrime”. What is this cybercrime? As far as the banks are involved, the banks lose money from criminals who are attacking the banks to obtain money through the abuse of the systems and processes. This is always how it has happenned and the banks are good at losing money in this way. Just because a new term started to be used 3-4 years ago – does not change the fraud position:

– Banks are attacked and lose money

– Some of it will always get misrecorded as bad-debt when the crooks have managed to con the banks that it was thus. The agreement with all parties has always been that this will not be considrered as fraud (Cybercrime) and will not get reported. The police adamantly refuse to accept such reports too – believeing that the banks have brought this upon themselves by lending money in the first place to these cybercriminals (Ironic eh?).

– Cybercrime / fraud losses are experienced, reported and not investigated.

It is OK to moan at the banks these days – for everything, and often they are to blame for a lot of their mistakes, but in this case we must be careful to spot that here we have a big policeman throwing stones from a very big greenhouse.

Perhaps we should start asking him a few big questions and stop this outrageous reporting. It is probably too that he was taken out of context in this reporting, as I am afraif that I cannot believe that a responsible policeman would be so stupid as to criticise his partner banks, his funding bodies and people who are patiently waiting for him to do his job rather than trying to do theirs.

Bill Trueman is Director of Riskskill(http://www.riskskill.com/)

 

Source News: http://www.finextra.com/news/fullstory.aspx?newsitemid=27226

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

Riskskill has been approved as a trusted vendor for Visa Inc., and specifically as a Global Acquirer Risk Standards programme (GARS) reviewer. The Visa Inc. risk team monitor acquirer performance – i.e. organisations, often major banks, who process card transactions and other electronic payments for merchants. Riskskill will now assist such acquirers that want to demonstrate their compliance with applicable legislation and card scheme rules.

There are only a small number of similar approved vendors globally and most of these are based in California. With the addition of Riskskill on the Visa Inc. programme, there is now payment and risk management expertise available to acquirers in EMEA and around the globe, including across the wider USA.

Riskskill is a business advisory and management-consulting specialist, which focuses upon risk management practices and compliance within financial services and retail businesses.

The Riskskill team is heavily engaged in this part of the payments sector and has helped many acquirers (and large merchants) to review and grow their business in the right way with strong risk and exposure controls.

Visa Inc, proposes that acquirers engage a Visa-approved reviewer such as Riskskill to carry out a GARS review. They will then work on-site with management and teams at an acquirer to look at current practices and procedures to identify business improvements.

Within a GARS review, Riskskill advises on all aspects of the merchant acquiring business, including merchant and third-party partner/agent recruitment and management, underwriting and sales policy and practice; agreements and contracts; settlement operations and procedures; portfolio quality, ongoing merchant management and monitoring; merchant closure and termination; fraud, chargebacks and compliance programmes; merchant training; and data/systems security.

Kevin Smith, who manages the acquirer GARS practice at Riskskill commented that: “With a deep knowledge of the payments business and risk management requirements, the team at Riskskill look forward to working closely with more acquirers that want to improve their acquiring performance and be able to independently demonstrate this to other organisations such as Visa Inc. We are delighted that Visa Inc. recognises the skills and expertise at Riskskills, and our capabilities in global risk management.”

About Riskskill (www.riskskill.com)

Riskskill is a leading Europe-based risk management consultancy, with an impressive international track record of eliminating the risk of losses, reducing risks and exposures, and working with clients to put in place strategies and programmes of work to remove or prevent losses, regulatory issues and other fraud or bad-debt and compliance problems. Its people are widely accepted as some of Europe’s leading risk and fraud experts and they are frequent commentators on the issues involved. The key team have a wide experience in banking, insurance and the financial services and payments sectors and are thought leaders at the forefront of many industry wide and international debates.

Riskskill(http://www.riskskill.com/) is just one of only six organisations globally that have been confirmed as qualified and approved to complete GARS Reviews for Visa Inc.

For further information, contact:  Bill Trueman or Kevin Smith at Riskskill.com
enquiries@riskskill.com
or
Leigh Richards, The Right Image PR, 0844 561 7586 – leigh.richards@therightimage.co.uk

Read the full story here: http://www.pr.com/press-release/614755