'Every time an institution builds a higher wall to fight fraud, the fraudsters just use taller ladders.' So says the latest online fraud report from Juniper Research. There is evidence, however, that fraudsters are now targeting the customers themselves rather than their banks.

Following the introduction of EMV (an acronym inherited from Europay, MasterCard and Visa) smart cards in the United States last year, the report's authors expect a sharp increase in 'card not present' transaction fraud, as fraudsters move away from 'card present point of sale' fraud. This behaviour has already been observed in other regions of the world (for example, Europe) immediately after the introduction of payment cards that comply with the EMV standard, which are often called chip-and-PIN (personal identification number) or chip-and-signature cards.

The threat of fraud is on the rise

A few years ago, according to the report, in-house fraud detection and prevention software might have been adequate to keep fraud to acceptable levels, but this is no longer the case. Nowadays, fraudsters operate globally and can only be dealt with by means of sophisticated, real-time fraud screening software, supported by an understanding of the latest fraud patterns and patterns of behaviours around the world.

The increasing threat of fraud has led to the emergence of a host of new tech start-ups, a number of which have been acquired in recent years by big, established vendors that sell broader solutions such as payments processing, security (identity and access management) or enterprise fraud management.

Although it is a problem for both card-present and card-not-present transactions, card fraud is bigger problem for online payments, i.e. eCommerce card-not-present transactions. In Europe, around 60% of card fraud is associated with such transactions, according to the European Central Bnk. The main causes of fraud in eCommerce and online banking are:

• Growth in eCommerce. This has become mainstream and is forecast to expand rapidly during the next few years, helped along by advanced shopping and payment options and new entrants in international markets.
• Increasing flows of money. This happens online, on mobile phones and on both channels.
• More and more mobile payments. The increasing use of smartphones for payments is a significant factor, especially in emerging markets. In developing countries with immature payment services and limited fixed-line Internet penetration, more and more people are using mobile phones to access the Internet, shop and move money. Sometimes, mobile phones are the primary channel for this.
• More and more serious data-thefts. Cybercriminals are always trying to tap into the ever-growing pool of data that identifies people, sometimes by hacking and soemtimes by other means. 2015 was a record year for such attacks, with well-known consumer brands such as TalkTalk in the UK and T-Mobile in the US suffering. Fraudsters are now taking advantage of ill-gotten data from many organisations to build up very complete collections of identifying information about their victims.

Pressure off the banks?

The data that these fraudsters are obtaining is rich enough for them to apply for and successfully open bank account in those victim’s names - a trend that must be useful to money-launderers. This is why there is such a surge in account application fraud. Fraudsters are trying harder and harder to obtain personal and financial details from customers rather than obtaining this data by attacking their banks directly.

The incidence of fraud

About 1 out of every 67 transactions represented an attempt at fraud in 2015, as against 1 out of every 72 transactions in 2014. This represented a 7.1% increase during the year. According to data from RSA Security, the merchant categories most affected by eCommerce fraud, with 46% of fraudulent transactions, were airlines and travel, followed by money transfer at 16% and computers/electronics at 13%. Then came general retail with 9%, clothing with 5%, gaming with 1% and toys and travel with the same.

Predictions for the future: banking in the crosshairs

According to Juniper Research, the rapid increase in eCommerce will lead to a record level of online fraud, fuelled by a steep rise in data-theft, with the global value of online payment transaction fraud likely to rocket to $25.6 billion by 2020. Juniper identified three areas as the primary targets for online fraud:

• eRetail (65% of fraud by value);
• Online banking (27%); and
• The purchase of airline tickets (6%).

The research also calls attention to ‘buy-online, pay in-store’ and electronic gift cards as two of the main targets for eRetail fraud. The continuing migration of retail to mobile and online, remote sales of digital and physical goods exceeded $1.7 trillion in 2015 and fraudsters are therefore likely to concentrate on these lines of business more and more.

* Juniper Research has also published a white paper entitled "Online Payment Fraud: Key Vertical Strategies & Management 2016-2020," available at the reassuringly expensive price of £2,990.