April 18, 2022 | 5 min read
The four payment card fraud types remain steady
As Jean-Paptiste Alphone Karr wrote more than 170 years ago, “The more things change, the more they stay the same.” That’s certainly the case with the general types of payment card fraud. They remain relatively unchanged year after year, despite a tsunami of transformation that has swept across the payments ecosystem.
This is part 2 of a 3-part series of posts previewing, “Payment Card Fraud: Classification, Detection and Prevention,” from Aite-Novarica Group, commissioned by Marqeta. In part 1, we examined the perpetrators of modern payment card fraud. In part 2, we break down the primary types of payment card fraud, which include:
Card-not-present (CNP) fraud
Lost, stolen, and non-received fraud
It’s important to understand the different fraud types. The unique attributes of each greatly influence how the fraud is committed. And the types can make a big difference in how issuers detect and prevent the fraud. It could even impact which fraud losses – and how much – can be charged back to the card issuer.
Application fraud – For a change, the word, “application” in this case is not referring to software. Instead, it’s referring to an application to establish an account. When someone (or something when bots are involved) establishes an account with criminal intent, it’s considered application fraud. A common example is when an applicant intentionally provides inaccurate information. Becoming more common is intentionally using a synthetic, or false, identity when applying for a card. The problem for issuers is revealed when the accounts default. Although losses can be significant, issuers frequently fail to identify it as payment card fraud. Because application fraud gets lumped together with other credit defaults, it becomes challenging to detect and prevent.
CNP fraud – The pandemic accelerated digital adoption among consumers, and recent data suggests those changes have stuck. The Square Future of Retail report found shoppers make 37% of their monthly retail purchases online. One of the ramifications of the ongoing boom in digital payments is the accompanying rise in payment card fraud. With merchants unable to apply typical cardholder verification controls like in-person card verification, Card Not Present (CNP) transactions could lead to higher fraud losses. Additionally, legitimate cardholders may experience frustrations that might prompt them to discontinue using a card that gets declined, due to overly aggressive fraud prevention approaches if an issuer doesn’t have clear fraud mitigation strategies in place. The risk of having their payment card shuffled to the back-of-wallet highlights the challenge issuers face of dialing in precise controls that prevent CNP fraud while not punishing responsible cardholders.
Counterfeit fraud – This fraud type has seen considerable change following the rollout of EMV chip technology. Use of the chip avoids the payment terminal’s dependence on a card’s magnetic stripe. That change makes skimming account information nearly impossible at the terminal. In fact, Visa reported the shift to EMV helped reduce counterfeit fraud by a staggering 87%. Nonetheless, some merchants still have not implemented chip readers at the point of sale, so counterfeit fraud remains an issue. The victims of these crimes are usually oblivious that their card information was stolen. It’s not until fraudulent charges appear on their account that they might become detected. However, as a strong incentive to upgrade to chip readers, when a magstripe is used, the liability for fraud losses generally falls on the merchant, not the issuer. An illustration of this liability shift was the increase in chargebacks to gas stations following the April 2021 liability shift deadline. Merchants that were slow rolling out EMV payment terminals paid the price.
Lost, stolen and non-received fraud – This is the oldest type of payment card fraud. With a payment card in the fraudster’s possession, it becomes a race against time. Their goal is to extract every bit of value before it’s canceled, blocked, or they exceed its credit limit. Aite-Novarica Group points out that the increased use of artificial intelligence and machine learning tools is speeding up the ability to identify and block this fraud type. By leveraging a cardholder spending profile, the payments ecosystem can block attempted fraudulent transactions in real-time.
It’s critical for issuers to focus on the prevention and mitigation of these four primary fraud types and to understand where one type of fraud ends and another begins. Issuers should also understand the rules in place to determine which party in a transaction is liable for the fraud losses. Finally, continually monitor and implement emerging tools for detecting and preventing the various fraud types.
You can read the full report from Aite-Novarica Group and Marqeta. If you want to discuss how you can better protect your cardholders from payment fraud, chat with one of our modern card issuing experts.