On the internet, the credit card may not be present — but the thieves still are.
The United States has long lagged behind Europe in terms of credit card technology, but concerns about fraud are driving American payment processors to speed up the adoption of EMV chip cards. While EMV adoption may have benefits for physical transactions, it seems that chip technology does little to thwart online fraud. Business and IT professionals have to remain vigilant in order to avoid the sizable losses they could face if they don’t take measures to secure their transaction data.
Because the chips contained in the new generation of credit cards provide dynamic data that’s unique to every transaction, and the cards themselves are difficult to counterfeit, criminals now find it unrewarding to attempt to engage in fraud at brick-and-mortar retail stores or set up accounts using stolen mail order credit card offers. Instead, they’re heading to the internet and other mediums where cards don’t need to be physically present in order for bogus purchases to go through. Javelin Strategy & Research found that for 2016, the rate of point-of-sale fraud remained basically the same as in 2015, but “card not present fraud” increased by 40 percent.
Potent, responsive data analysis
In order to combat this threat, businesses are turning to real-time data processing to reject suspicious requests. Rather than having teams of personnel poring over every transaction, they’re using sophisticated automated analysis and machine learning algorithms to vet credit card purchases in milliseconds. The factors used to determine whether or not a transaction is legitimate include:
- The location from which the transaction is transmitted.
- The type of goods being paid for and the purchasing habits of the consumer.
- The volume of transactions placed by a single cardholder within a short timeframe.
- Biometric identity markers.
Organizations are now able to use predictive models to make educated guesses about new forms of credit card fraud and to block them in advance. They can search for patterns in billions of records to uncover fraud-related trends that would be impossible to identify by examining transactions one at a time.
Card not present fraud: risks in the new environment
Moving the forefront of fraud detection to the online arena has certain negative consequences. Hackers can target the mountains of personally sensitive info being sent back and forth to compromise users’ entire banking accounts rather than just their credit card info. They can collect individuals’ social security numbers and then open up new credit accounts in their names, a form of identity theft that’s becoming more and more prevalent. Gaming or cracking the data analysis functions of financial entities is a more challenging endeavor, but it’s potentially very rewarding because if crooks understand exactly how these mechanisms work, they’ll also know how to effectively bypass them.
There’s therefore a kind of cat-and-mouse game going on between card issuers and savvy cybercriminals, who are not slow to deploy robust computing infrastructure to further their untoward goals. Some of them even run automated bot software that can rapidly place illegitimate purchases at online retailers without any human intervention required.
Preventative measures
Institutions operating in the credit card space need to make sure they keep their computing systems up to date when it comes to plugging security holes. Multi-factor authentication is a growing field that has immediate applications to the prevention of fraud. This form of identity verification makes users enter data sent to separate interfaces, like a number that’s transmitted to their cellphones or a code that’s sent to their email accounts. Thus, anyone trying to make illegal purchases must have access to all relevant devices before their efforts bear fruit.
A Florida company called Tender Armor has released a system that sends cardholders a new code every day to replace the CCV code on the back of their cards. Because it’s variable and frequently changing, this code is virtually impossible for thieves to hijack.
By either developing real-time protection systems in house or obtaining them from software vendors, banks and other big players in the realm of credit cards can decrease the time it takes to make judgments about borderline transactions while improving rates of false positives. Both of these benefits redound to the advantage of the firms because they’re critical in keeping clients happy.
Corporations are exposed to harm
Certain safeguards are already in place to limit the liability faced by consumers. Under federal law, individuals are only responsible for up to $50 in fraudulent credit card charges. This is great for the ordinary customer, but it merely shifts the expenses to card issuers and merchants.
Fortunately, the data mining and analytics applications on the market today let these enterprises largely automate their routine fraud detection and combating operations. This frees up the energy and creativity of their human employees to devise new strategies and decide how to direct their computerized systems to the best possible effect.
While the rapid spread of EMV chip tech has made in-person credit card fraud much less profitable, the internet still presents an irresistible target to fraudsters. Only by harnessing the power of real-time big data innovations can today’s credit lending institutions hope to remain a step ahead of their adversaries on the other side of the law.