The advent of online technology has brought substantial benefits to businesses, allowing them to access new markets across borders. But as banking technology becomes more complex and fast-moving, fraud also increases in scope. Cross-border transactions present numerous pathways for fraudulent activities.
It’s a challenge for businesses to optimize revenue and minimize losses while controlling operational costs, as they move into different geographical areas.
Third-Party Payment Fraud
Third-party fraud schemes typically employ a large variety of tactics to access accounts illegitimately. Fraud with payment cards typically involves stolen identities, using lost or stolen cards, and counterfeiting cards. The advent of EMV (enhanced motion vehicle) technology — commonly seen as chip and PIN verification — has been effective in reducing fraud for point-of-sale transactions with credit and debit cards, as reported in the United Kingdom.
Since the chip-and-PIN system rolled out in the U.K. in 2004, counterfeit card fraud, lost and stolen card fraud, and card non-receipt fraud fell off substantially. Financial institutions in the United States are expecting similar results when EMV technology is fully implemented.
But fraudsters are resilient; when one channel of opportunity is closed to them, they move to another. That’s referred to as the “balloon effect” in the financial industry — squeezing fraud in one area leads to growth in another.
Cross-Border Payment Fraud
Cross-border fraud is an example of the balloon effect. As avenues for point-of-sale fraud opportunities have been cut off, fraud has been on the increase in cross-border transactions, where the card isn’t physically used, known as card not present (CNP) transactions. Fraud tends to increase with the distance between the card issuer and the merchant.
Corporations need to instill fraud management practices into the operation without suppressing potential legitimate transactions or exceeding the budgets for fraud management, which tend to be small. Another complication in a prevention strategy is that fraudsters are continually evolving in their own methods of accessing payment systems.
Payment Fraud Detection Tools
Businesses commonly use a combination of measures to assess the fraud risk of a transaction, starting with automated screening. Automated screening involves validation services, proprietary data, multi-merchant data and device tracking. When automated screening detects a fraud risk, a manual review can be initiated, but this is the most costly option.
Validation services include the card verification number (CVN), account verification service (AVS), geographic indicators and phone number tracking. Proprietary customer data tracks the customer’s order history and may involve in-house positive and negative customer lists. Website behavior and pattern analysis may also comprise the customer data. Shared data between merchants is extremely helpful in detecting fraud risks, such as negative lists and for tracking customer behavior through different regions and businesses.
Tracking the purchase device can identify the location of the device; device fingerprinting is also an option.
Steps to Prevent Cross-Border Payment Fraud
In “Online Fraud Benchmark Report: Persistence is Critical,” 2017 North America Edition, CyberSource, a subsidiary of Visa, found that businesses were rejecting international orders at twice the rate of domestic orders due to suspicion of fraud, even though many of the survey respondents believed up to 10 percent of the orders were genuine.
The survey report recommends that businesses improve fraud detection more efficiently in international markets by working with fraud management experts with knowledge of the local market; implementing regionally relevant best practices; and adjusting fraud scoring rules to reflect local markets.
Businesses should continually review their processes and the results, including fraud losses and how they happened. It’s essential to be prepared to adjust the process as new threats come online and also to make sure that the protocol isn’t resulting in losing business unnecessarily.