December 3, 2015
The rising use of technology at retail stores has opened new opportunities for sales and made shopping more convenient for customers. But along with that convenience comes the ever-increasing problem of fraud.
In fact, LexisNexis reports that 2014 saw a 33 percent spike in fraud incidents over the past year, making it the worst on record.
In total, merchants lost .68 percent of all revenue. In addition to direct losses, retailers also incur costs when dealing with fraud. The average amount per fraud dollar in 2014 was $3.08, also an increase over 2013. Large merchants handling online and mobile transactions experienced the largest losses.
Stolen credit cards and numbers have been a problem for decades, but the explosion of online shopping with associated customer information databases has exacerbated the problem.
In 2014, as in 2013, massive data breaches occurred in flagship company systems. These included auction giant eBay, Home Depot, Michaels Stores and Neiman Marcus. Even Goodwill, a nonprofit that sells second-hand merchandise, wasn’t immune, and data for over 300 stores was stolen.
Credit card clearinghouses have also been hacked, resulting in millions of records falling into the hands of criminals.
LexisNexis offered recommendations to stem the fraud tide at the company level, where it has the greatest impact. Not only does fraud cost merchants money, it erodes the trust of customers who might think twice about purchasing again.
There are two sides to this issue. First is safeguarding data, and the second is preventing criminals from using stolen information to make purchases.
Track fraud – Instead of lumping it all together in a loss bucket, analyze the sales channel and method used to commit fraud. Each channel and method requires different strategies to improve security and reduce incidents. For example, after customer credit and debit card information was stolen, restaurant chain PF Chang resorted to manually imprinting cards for a time to prevent further breaches.
Layer security and verification – Online retailers are especially vulnerable to fraudulent transactions. Many rely on the card verification value (CVV) printed on the back of credit cards. With increased hacking sophistication, multiple protocols to verify customer identity need to be implemented.
3-D secure is already required for merchant protection regarding customer not present (CNP) transactions. 3-D secure verifies merchant, issuing bank and the card processing infrastructure. Other fraud prevention methods can be layered together to increase reliability of the verification process. These include address verification, PINs, security questions and customer profiles.
Maintain 3-D secure even while using EMV – The new EMV (Europay, MasterCard and Visa) cards are an attempt to prevent card counterfeiting.
Instead of using a magnetic strip that can be skimmed and duplicated, EMV uses an embedded computer chip. This chip is read to create the transaction, and a one-time code is created.
Many of the first round of cards will still include magnetic strips since merchants need time to become compliant. Point-of-sale terminals need to be switched out since card reading technology has also changed, from a swipe to inserting the card into the terminal.
When it comes to online and CNP transactions, EMV cards will still be vulnerable to misuse, although protocols are being developed to make remote transactions more secure. Merchants accepting CNP transactions must continue to use 3-D secure.
In addition, new rules put responsibility for fraudulent transactions on the party with the lowest EMV security in place at point of sale (POS). In many cases, that will be the merchant, not the issuing bank.
Stay ahead of data security requirements – Merchants can’t afford not to stay current with updated security technology and methods. As technology becomes more complex, the sophistication of hacking methods also rises.
In the recent flood of fraud incidents, some merchants are throwing up their hands, with over half believing that fraud is inevitable. The study found that large ecommerce merchants were actually using fewer customer verification methods in 2014 than in 2013.
In tandem, one in four merchants overall believe that combating fraud costs too much. At the same time, over half recognize that fraud impacts customer perception and sales.
This article was originally posted on December 3, 2015 and the information may no longer be current. For questions, please contact GRF CPAs & Advisors at firstname.lastname@example.org.