Retail, CPG and Logistics

Tackling fraud in back-office, card-based transactions

The growth of e-commerce and mobile payments has given rise to card fraud. The race between advances in ecommerce fraud techniques and fraud management tools is a close one. Industry analysts agree that technology combined with skilled human intelligence is the best way to protect against fraud. While the need of technology cannot be undermined, optimising back-office operations to some extent may help reduce losses and fraud management costs.

As per The Nilson Report, global card fraud losses reached $27.85 billion in 2018 and is expected to grow beyond $35.67 billion by 2024. The more troubling fact is the rising cost of managing fraud. It costs merchants and financial institutions three times more than the actual fraud. That’s primarily because the back-office processes involved in the investigation and eventual settling of claims are often manual and time-consuming.

Of all the claims related to unauthorised transactions, a majority to fraud; of these, a lot of them are attributed to friendly fraud. On the other hand, sales are lost when genuine transactions are red flagged and denied by fraud management systems. In fact, almost a quarter of denied transactions are false positives.

Types of common card fraud

1. Friendly fraud:

   A complete misnomer, there is nothing friendly about this. It occurs when a customer tries to gain money back from a legitimate transaction by filing a chargeback.
   
   
1. The customer could falsely claim that a product was never delivered.
2. A customer could also refuse to make a payment if he or she does not recognise a charge. The purchase could have been made by a child without the parent’s knowledge or the customer could have forgotten about it.

While many customers could be making genuine claims, fraud is equally common. During the Covid-19 pandemic, most leading online retailers made their return policies very friendly, and fraudsters exploited it in full. Friendly fraud is growing at an alarming rate and is expected to cost retailers billions of dollars.

Friendly fraud is extremely difficult to prevent. Being a post-transactional threat, it may occur many months after the purchase. Fraud detection and filtering techniques are designed to kick in when a card is used suspiciously. Transactions are then blocked. However, in cases of friendly fraud, the fraudster may be the actual cardholder, who may be a trusted customer. 

2. Card-Not-Present (CNP) fraud:

   In this kind of fraud, the fraudster attempts to make a credit card transaction without owning the card. The fraudster could have stolen the card, found a lost card or copied the card and PIN. The card numbers may have been given to the fraudster by mistake or the card could have been obtained when mail was diverted by the card owner. Credit card skimming and PIN capturing devices are most commonly set up at gas pumps, ATMs and other POS devices.

   The increased digitisation of payments has opened the doors of opportunity for cybercriminals. Online transactions without sufficient security make card information easy to steal. CNP fraud is expected to increase every year and merchants are expected to continue to lose money.

   As more merchants migrate to the global standard EMV, fraud for card present (CP) transactions have declined, but CNP fraud has gone up. CNP-based fraud costs burden merchants while CN-based fraud costs are borne by banks.

3. Identity theft:

   When it comes to card fraud, identity theft can be categorised under two heads.
   
   
1. Account takeover: This involves taking over an entire account. A common victim is a senior citizen who has not used a credit card in a while. A caretaker or family member could change the address and order a new card without the senior citizen’s knowledge. Of course, there are other ways for an account takeover - the dark web, mail theft or dumpster diving.
2. Application fraud: This is a similar fraud where the fraudster goes a step further and sets up a whole new account with the stolen information. 



4. Electronic pickpocketing:

   ‘Contactless’ transactions have become popular, but such cards have small data-rich RFID chips embedded in them. Data can be stolen if pickpockets have the right tools. While the risk of this kind of theft is low since RFID-enabled cards are still not very common, it is not an impossibility.



5. Phishing, vishing, smishing and pharming:

   Phishing occurs when a scam artist tricks people into sharing personal information that can be used to steal identity. When the same thing happens over text, it is called smishing. Vishing happens over the phone, and pharming is when customers are lured to websites where their information can be stolen. This could be through a clever email that asks a customer to enter personal information, credit card number and even the PIN.

Fraud management

It is difficult to always stay ahead of fraudsters. However, steps that can be adopted to manage fraud include:

1. Employing advanced analytics:

   While this method is still new, it can improve the effectiveness of fraud management. The integration of high-quality data sources, the use of sophisticated modelling techniques and the introduction of automation technologies are transforming how businesses tackle risk. Instead of detecting fraud by flagging certain transactions, businesses can now take advantage of neural networks to monitor such activities.

2. Reengineering fraud case management:

   Many businesses are using digital approaches for fraud management, using data flow alerts and visual monitoring to guide quick decisions. Other tools can be integrated into these systems too.

3. Improving customer experience:

   Fraud management, authentication and customer experience must be managed together. Customers often get frustrated with long and cumbersome authentication processes.

An integrated fraud management strategy that can be implemented across all retail bpm channels and transactions is the best way to prevent losses. The strategy will also saves time and improves the agility of merchant-customer transactions.* However, it is a never-ending process. Vulnerabilities are no sooner strengthened than fraudsters find new and more creative ways to attack unsuspecting consumers and businesses. Staying alert and aware is the first step towards preventing fraud.

* For organizations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape. Now more than ever, it is crucial to deliver and exceed on organizational expectations with a robust digital mindset backed by innovation. Enabling businesses to sense, learn, respond, and evolve like a living organism, will be imperative for business excellence going forward. A comprehensive, yet modular suite of services is doing exactly that. Equipping organizations with intuitive decision-making automatically at scale, actionable insights based on real-time solutions, anytime/anywhere experience, and in-depth data visibility across functions leading to hyper-productivity, Live Enterprise is building connected organizations that are innovating collaboratively for the future.