Retailers around the world could collectively lose as much as $71 billion over the next five years in fraud from transactions where cardholders and their credit cards are not present (known as card-not-present incidents), according to a Juniper Research report.
Factors in these losses include the time and resources consumed in the shift to EMV chip-based cards and terminals — which delayed spending on cybersecurity for e-commerce transactions — as well as increasing click-and-collect fraud and delays with the 3-D Secure 2.0 standard.
Additionally, the researchers forecast that fraudulent card-not-present physical goods sales will reach $14.8 billion annually in 2022. It argued that such services were particularly vulnerable given the lack of a residential delivery address.
Card-not-present incidents have been stirring e-commerce fraud fears for a while, and increasing awareness doesn't seem to be having much of an impact yet. For their part, customers don't seem afraid of e-commerce fraud, with fewer than 20% saying in a Blumberg Capital study earlier this year that they would cut back their online spending due to data theft incidents.
Juniper Research mentioned the EMV transition as a factor in an increase in online fraud, and that may be true in a couple of ways. For one, EMV seems to be working to limit the ability of physical counterfeit cards to be reproduced, which is forcing malware developers and other fraud perpetrators to look for easier, less secure targets online.
Secondly, the EMV transition has been an all-hands-on-deck effort for some companies, taking much longer and involving more work than many originally may have anticipated. As a result, it has forced some retailers to delay other payment initiatives and took precedent over implementing new online security programs. Technologies, like the 3-D Secure 2.0 protocol, which is supposed to provide speedier, more secure authentication processes for online transactions, has experienced slow adoption as well. However, Visa just weeks ago started a major implementation.
Until now, little has been said about card-not-present fraud related to click-and-collect offerings. These programs are becoming increasingly common as retailers look to change the role their brick-and-mortar stores play, transforming them to something like a fulfillment center, in part. Juniper noted that retailers are reluctant to impose rigorous ID checks on pick-up for fear of damaging the consumer experience and reducing conversion rates. But they might need to start thinking about ways to make these programs more secure if their businesses are moving in that direction.