By Nicholas P. Cucci
Fluid Pay LLC
Let's state the obvious. The economy is booming and people are spending more money. Here's a crazy statistic from The Washington Post: only 5 percent of individuals use no credit or debit cards in 2019. To put this in perspective, the figure in 2001 was 22 percent; in 2002 it was 17 percent. We are now at 5 percent! Also, according to FICO, credit card use is most prevalent among 25- to 34-year-olds, at 83 percent.
With more credit cards than ever out in the wild, credit card fraud is also booming. Card-not-present (CNP) fraud has grown exponentially in the United States. According to a 2018 study by the Federal Reserve, CNP fraud rose to $4.57 billion in 2016, up 34 percent from the 2015's $3.4 billion. Analysts expect CNP fraud could break $6 billion in 2019.
There really isn't a way to hide from this. Pretty much everyone at one point or another will use their credit card at a location that exposes them to fraud. For example, if you've swiped your card at a gas station with a hidden skimmer, your information is compromised. Purchased something online at a breached website? Have malware on your device? Compromised.
If that's not enough to concern you, consider this: Markus Bergthaler, director of programs at Merchant Risk Council, a nonprofit organization that educates businesses on how to combat fraud, said, "Recent figures suggest that over 80 percent of credit cards in people's wallets have already been compromised." There is a cost specific to CNP fraud that goes beyond the millions and even billions of dollars lost in merchant merchandise. Small businesses are having to take on the burden of spending money monthly to protect themselves as best they can – and it may not be enough.
Some merchants are hiring security experts, buying software and contracting with companies to monitor transaction statuses. Banks are constantly replacing credit cards, which places a drag on their economic activity. I think we can all agree that our adopted EMV solution just isn't cutting it. It helps with in-person fraud, but to be completely transparent, we did not have a ton of in-person fraud.
The "EMV shift" was instituted purely to shift liability to the merchants. Signatures are not required with EMV, but it seems every other merchant is still capturing signatures regardless of the dollar amount of transactions anyway. Per Visa back on April 14, 2018, EMV enabled merchants in the United States and Canada to opt to stop capturing signatures as a method of cardholder verification. Those merchants are also no longer required to retain store transaction receipts.
The whole point of EMV is that the chip is specific to the user, so a signature won't do much; when that card is placed in the reader, it is authenticating you are the cardholder. If you have ever had to do a chargeback or been a victim of fraud with an EMV card, you will quickly find that the bank will send you a letter for signature stating that the card is and was in your possession at the time the transaction occurred. This makes sense because the liability shift changes back to the merchant at the end of the day.
Typically, liability will shift to whoever has the lowest level of security, which 99 percent of the time will be the merchant unless the merchant service provider (MSP) can step up to the plate and help the merchant combat "unauthorized" transactions.
Here are several simple steps merchant level salespeople, ISOs and MSPs can take to protect their merchants:
Cutting edge technology companies are now utilizing their own systems to combat fraud. And "communities" are growing through which transaction details can be shared. What this means is that digital fingerprints can be stored and shared from one merchant to another via velocity controls or opt-in communities. Regardless of merchant size, velocity controls are your friends
For example, if Merchant A has been hit with fraud from a specific digital fingerprint, that information can be shared to stop the same fraud from harming other merchants on the same system. Models are exposed to new data, while independently adapting to new data as it comes in. This is where more data equals more security. This is a machine learning algorithm.
Legacy payment platforms will not be able to handle this type of technology because the infrastructure needs to be recent. Having large amounts of data is only half the battle; you need a robust system to support and back it. Keep this in mind when deciding where your merchant data resides.
Have a goal for 2020? Create value for your merchants. Become sticky, share your ideas, and implement procedures and "health check-ups" to stay on top of everything for 2020. Dealing with thousands of merchants daily and being one myself, I can tell you it makes a huge difference to know there is someone in your corner – and not just another "credit card" company. Loyalty goes a long way these days. Keep moving forward, and best of luck. If you have any questions or just want to chat, please reach out directly to me.
Nicholas Cucci is the co-founder and COO of Fluid Pay LLC and former director of marketing for NMI. Cucci is also a graduate of Benedictine University and a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. Fluid Pay LLC is the first and only 100 percent cloud-based Level 1 PCI payment gateway processing transactions anywhere in the world. Contact Nick at nick@fluidpay.com.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next