The past year has been quite a decade: the pandemic dramatically accelerated digital shopping trends and put digital transformation front and center for financial institutions, credit card companies, and customers walloped by Card-Not-Present (CNP) fraud.
Look at how far we’ve come – and how quickly these changes have taken effect: more than half of all people who've ever purchased groceries online have done so since shelter-in-place mandates were first enacted due to the COVID-19 lockdown in March 2020. Ditto for nearly 1 in 4 people who've ever purchased digital entertainment through mobile or online channels. And retail merchants with buy-online-pickup-in-store (BOPIS) prior to the pandemic have seen transactions in this channel jump 70% by volume and 58% by value.
With consumers now firmly accustomed to this level of convenience, payments transformation is at the top of the agenda. Whether it's online shopping, credit card-connected loyalty and payment apps, or newfangled voice commerce, innovation is the name of the game in 2021.
Unfortunately for us all, fraudsters got the memo.
CNP Fraud: The $130 Billion Problem
Digital CNP transactions have boomed since the beginning of the pandemic, and so has CNP fraud.
Accounting for $2.8 billion in losses back in 2014, illegal transactions made using stolen credit card information ballooned to $5.5 billion in 2018, and is estimated to have topped $6.4 billion in 2020. Aite Group projects a 16.4% increase in CNP fraud this year.
That may just be the tip of the iceberg. Juniper Research estimates that by 2023, retailers are set to lose more than $78 billion through this form of fraud worldwide—$130 billion over the preceding five years. As a result, the success of BOPIS and other popular trends and promising new innovations will depend on preventing CNP fraud.
As it stands now, BOPIS is seeing a 7% fraud attempt rate compared to 4.6% with other delivery channels, driven mostly by fraudsters taking advantage of the short window between purchase and pickup, according to Payments Journal. It is, after all, an easy way to bypass EMV chip, PIN, or signature verification.
Transformation Initiatives at Risk
Post-pandemic ecommerce is ripe for digital innovation. The kind that’s years in the making, but will still seem to suddenly appear as if from nowhere. Banks, credit card companies, and others will be ready for transformative change—or else.
For starters, digital commerce seasonality has finally smoothed. What was once a lead-up to the all-important fourth quarter is now a year-long, steady-state affair. Even demographic cohorts that long grumbled, "I don't do online shopping" now fire up mobile transactions with seeming abandon.
Contactless payments of all kinds are proliferating. Over the next year, look for voice commerce to start to gain traction as more consumers discover the joy of saying, "Alexa, Mama needs a new pair of shoes." Not just via smart home devices, mind you. Also by mobile phone and automobile dashboards, too.
Beyond BOPIS, shopping IRL is about to undergo other significant changes.
As the world reopens, card issuers and acquirers alike must prepare for a new wave of "scan-and-go" transactions powered directly by or through apps tied to them. Shoppers walk in, scan the items they want with their mobile phone, and simply walk out the door with their goods—facilitating a transaction in real-time, on the fly—no EMV chip-enabled credit card (or standing in line) required.
Truth & Friction: The Rise of Risk-Based Authentication
As organizations accelerate these and other kinds of digital transformation initiatives, they must also prepare to manage the risks that come with them. But today, financial services organizations, credit card companies and others are layering in new defenses against CNP fraud with varying success.
Just one case in point: Confirming each CNP transaction with the customer via text message has been a growing trend, especially when the amount being transacted is unusually high. This practice, however, can create friction that can lead want-it-now consumers to abandon the purchase, never to return. In March 2020, 88% of online shopping orders were abandoned, according to Statistica. It's unlikely that those rates have fallen since then.
Risk-based and adaptive authentication payments strategies are now table stakes. Solutions that build upon the features available in the 3D-Secure v2.2 protocol, for instance, analyze hundreds of different risk indicators to silently authenticate cardholders before the transaction even happens. In real-world deployments, merchants are delivering a frictionless transaction experience while challenging only the small minority of high-risk transactions.
I'm biased, of course, since these technologies are at the heart of RSA solutions. But given the opportunities and risks ahead, CNP fraud prevention may be just a necessity to current transformation initiatives. It very well may be the killer app.
# # #
To learn more, download our ebook, "RSA Risk Engine: More Fraud Detection, Less Intervention"