Story image

How can Australian merchants turn the tide on CNP fraud?

02 Oct 2018

An staggering $476 million has been lost to fraud by Australian merchants over the last 12 months, thanks to the deployment of more innovative fraud methods by criminals. 

A sophisticated new generation of fraudsters are no longer content with physical theft or simple card skimming. This threat manifests itself as “card not present” (CNP) fraud on eCommerce channels, where methods like identity theft, account takeover data breaches and bust-out scams are employed.

Accounting for some 78% of all payment fraud in Australia, CNP fraud has pushed the country’s fraud rate to record levels. 

The good news is Australian consumers are not liable for fraud losses and will be refunded as long as they can demonstrate they have maintained a standard of care with their confidential data.

However, CNP fraud can have a huge impact on a business, putting their profit margins and long-term reputation on the line as losses are often sheeted back to merchants in Australia – worrying the ASIC and the RBA. 

So, why has CNP fraud reached such critical levels in Australia? For starters, businesses entering the online market may not have the right tools to fully protect themselves against cybercriminals.

This means there are gaps in their defences that fraudsters exploit all too easily. At the same time, consumers’ personal banking data can be compromised in a matter of minutes simply by targeting their mobile phones. 

Another significant contributing factor is email. It’s the gateway to most consumers’ online accounts; and carries with it a wealth of untapped data. Nowadays, criminals can easily get their hands on email addresses from the dark web at little cost, or they simply create ones which appear to be legitimate. 

Why aren’t businesses taking action? 

So, what’s holding businesses back from shoring up holes in eCommerce fraud defences? 

With fraud rates in Australia accounting for 7.5 cents per $100, many merchants struggle to find the right balance between the robust digital identity verification needed to prevent fraud, while minimising friction in the payment experience for consumers.  

Businesses fear adding too many layers of fraud prevention to the payment process can frustrate consumers – if they have to jump through too many hoops to order something online, consumers will simply abandon their shopping cart and shop elsewhere. This, of course, reduces conversion rates, impacting on merchants’ sales and profit margins. 

Another barrier is the perceived cost of fraud prevention solutions. It’s a misconception that integrating these systems is a costly and complex process. In fact, by prioritising investment in smart systems, businesses can increase profit margins through approving more transactions.

At the same time, they can also help avert huge financial disasters from fraud – the cost of a new fraud prevention system is far outweighed by the losses from one successful fraud incident. 

Why should businesses invest in fraud prevention?

Understandably, Australian merchants – like their counterparts all around the world – have many priorities when it comes to optimising day-to-day operations. Preventing fraud is not always at the top of the list. This leads to a reliance on sub-standard fraud prevention mechanisms, heavy on manual effort to face today’s sophisticated and increasingly automated fraud threats.

The time needed to manually analyse customers and verify orders means many businesses are unable to devote their attention to other aspects of their operations, impeding growth. 
Most importantly of all though, failure to balance the fraud prevention equation can undermine a merchant’s reputation – nationally and globally. If consumers can’t trust a business to keep their hard-earned cash safe, they will shop elsewhere. 

This is a particularly important point for Australia’s smaller retailers, given that they rely on word of mouth referrals and positive online reviews to generate new customers. 

How can we build better defences?

It’s important to build a clear picture of who’s behind a transaction. Verifying only standard transaction data, such as name or address, leaves easily exploitable gaps and contributes to a higher fraud exposure level.

For the fraudster, impersonating a real customer’s behavior patterns and history is too complicated and cannot be employed at a scalable level. As a result, fraudsters use the most common method of tackling this issue: farming fake email addresses and establishing “sleeping cell” accounts to be exploited at a later date. To fight back against these threats, businesses need layered intelligence to counter attacks from all angles to make for a powerful defence solution, as well as a sound validation system. 

It’s important to build a clear picture of who is behind a transaction. When digital identity validation happens quickly, it allows companies to take steps to accelerate approvals, automate workflows and optimise processes.

Businesses should consider a scientific approach to stay ahead of the curve by ensuring fraud tools are powered by the latest technology. At the most basic level, businesses should opt for fraud prevention solutions that utilise machine learning. This branch of AI can monitor and evaluate data without manual analysis, minimising human error.  

The behaviour and history associated with an email address represents powerful intelligence that cannot be overlooked. This includes whether the email account is active and/or valid, the tenure and ownership of the address, and previous transactional behaviour. 

Time to protect Australian consumers

It’s undeniable online fraud poses a clear and present threat to Australian businesses. With cybercriminals becoming smarter, and fraud tools becoming more accessible than ever, it’s in a business’ best interest to protect themselves and their customers, by creating a multi-factor authentication process to increase the agreed industry security benchmark. 

The axiom by Benjamin Franklin “An ounce of prevention is worth a pound of cure” is still relevant today in relation to online businesses operating in Australia, and even globally. With AusPayNet announcing the start of an industry consultation on a new framework to mitigate fraud, businesses need to keep up with the advancement in technology and invest in better fraud prevention tools, otherwise they will be open to attack which would be detrimental to their time, reputation, and profit. 

Article by Emailage CEO Rei Carvalho.

Automation beginning to impact Aussie workforce
18% of those surveyed said automation has already impacted their job ‘significantly’, with their duties changing or their role becoming redundant.
OVH launches public cloud down under
OVH Public Cloud services is expanding to Australia out of two data centres - one in Sydney and one in Singapore.
Acer’s new programme and portal for partners
A simple and manageable programme designed to incentivise, recognise and reward commercial partner achievements.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
In ongoing cloud war, Google to acquire data migration specialist
Google is currently behind AWS and Microsoft in the cloud battle, and it would seem this play is an attempt to claw some ground back.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Why Aussie companies are struggling with data
The top culprits in poor data quality in Oz are human error, different data sources, lack of comms, inadequate strategy, and too much information.