- Security TWENTY
- Women in Security Awards
An analytic software firm reports that the UK saw Europe’s largest annual jump in card fraud losses for 2015. Most of the UK’s 18 percent rise in losses came from online transactions, reflecting the growth in this channel, the ease of accessibility to funds and lower risk for criminals, and the theft of personal data through cyber-crime.
The online map from Fico, based on data from Euromonitor International, shows that card fraud rose in ten of the 19 countries studied, with Greece, Denmark, France and Russia posting the highest rises after the UK. Visit: http://www.fico.com/europeanfraud/.
The rise in UK card fraud equates to an additional £88.5m lost. Some 75 percent (£66.7m) of that increase was in card not present (CNP) fraud, and £42.4m of CNP fraud came from e-commerce. The UK contributed about 43 percent of the total card fraud losses across the 19 European countries studied.
Why was the UK’s rise so steep? FICO fraud consultant Martin Warwick, who provided the commentary in the map, said that the increased rate of personal data compromise through data breaches was one likely cause, but that customer expectations for a seamless purchasing experience also had an influence.
He said: “We cardholders are very demanding, and if we don’t get what we want then we let people know in the form of reviews and feedback, not to mention switching cards. Banks want to avoid intervening unnecessarily when customers are shopping on the internet. E-commerce spending in the UK has nearly quadrupled since 2007, so you see why this is such a target for criminals.”
What to do? Martin said the financial services industry will either have to find a way to make data useless to criminals, or make more use of fraud detection analysis. He said: “FICO has introduced innovative analytics to try and make card fraud detection as painless as possible for the customer and still detect more fraud. These include merchant profiling, adaptive analytics, behaviour-sorted lists and collaborative profiling.
“When executive dashboards in either retailers or card issuers start flashing red in terms of unacceptable fraud losses, change will have to take place”, Warwick added. “With the underlying trend being fuelled by compromises of personal and payment data, banks will find increased pressure to control the increased attack on how they identify and verify (ID&V) customers when they call in to customer services teams.”
The card payment security news is not all bad. As a share of total card payments for the researched markets in Europe, total value lost to fraud declined from .08pc to .06pc from 2010 to 2015.
Robert Capps, VP at NuData Security, a behavioural biometrics and fraud mitigation company, said he was saddened but not shocked by the findings. “Coupled with the data that cardholders have very high expectations, that they aren’t willing to change their habits when it comes to password security, and tech savvy users are the most likely targets, FI’s and e-retailers are being increasingly pressured to step-up their game in when it comes to online authentication. In fact, the pressure seems to be all on them.
“In this study, the fact that fraud losses climbed 18% in one year in the UK is a sad state of affairs for consumers who can often bear the brunt of the costs (especially with regard to account takeover and new account fraud). It’s absolutely no wonder that consumers are pushing back on companies to improve security, holding them accountable for it, yet still want to have a good experience going through the gates.
“With the incorporation of the EMV chip into cards, there is now no doubt that fraudsters have migrated online where the field is greener, especially since so many merchant and financial institutions are still using end-point authentication methods that just don’t provide a confident verification of the genuine user.
“We can move beyond single-point solutions that are so obviously failing. The end game has to be customer satisfaction, as it should be. Companies should never have to put process and security above customers, and there are now tools on the market that can verify users by their own natural behaviour. That should be where we start and finish.”