Story image

How can Australian merchants turn the tide on CNP fraud?

02 Oct 2018

An staggering $476 million has been lost to fraud by Australian merchants over the last 12 months, thanks to the deployment of more innovative fraud methods by criminals. 

A sophisticated new generation of fraudsters are no longer content with physical theft or simple card skimming. This threat manifests itself as “card not present” (CNP) fraud on eCommerce channels, where methods like identity theft, account takeover data breaches and bust-out scams are employed.

Accounting for some 78% of all payment fraud in Australia, CNP fraud has pushed the country’s fraud rate to record levels. 

The good news is Australian consumers are not liable for fraud losses and will be refunded as long as they can demonstrate they have maintained a standard of care with their confidential data.

However, CNP fraud can have a huge impact on a business, putting their profit margins and long-term reputation on the line as losses are often sheeted back to merchants in Australia – worrying the ASIC and the RBA. 

So, why has CNP fraud reached such critical levels in Australia? For starters, businesses entering the online market may not have the right tools to fully protect themselves against cybercriminals.

This means there are gaps in their defences that fraudsters exploit all too easily. At the same time, consumers’ personal banking data can be compromised in a matter of minutes simply by targeting their mobile phones. 

Another significant contributing factor is email. It’s the gateway to most consumers’ online accounts; and carries with it a wealth of untapped data. Nowadays, criminals can easily get their hands on email addresses from the dark web at little cost, or they simply create ones which appear to be legitimate. 

Why aren’t businesses taking action? 

So, what’s holding businesses back from shoring up holes in eCommerce fraud defences? 

With fraud rates in Australia accounting for 7.5 cents per $100, many merchants struggle to find the right balance between the robust digital identity verification needed to prevent fraud, while minimising friction in the payment experience for consumers.  

Businesses fear adding too many layers of fraud prevention to the payment process can frustrate consumers – if they have to jump through too many hoops to order something online, consumers will simply abandon their shopping cart and shop elsewhere. This, of course, reduces conversion rates, impacting on merchants’ sales and profit margins. 

Another barrier is the perceived cost of fraud prevention solutions. It’s a misconception that integrating these systems is a costly and complex process. In fact, by prioritising investment in smart systems, businesses can increase profit margins through approving more transactions.

At the same time, they can also help avert huge financial disasters from fraud – the cost of a new fraud prevention system is far outweighed by the losses from one successful fraud incident. 

Why should businesses invest in fraud prevention?

Understandably, Australian merchants – like their counterparts all around the world – have many priorities when it comes to optimising day-to-day operations. Preventing fraud is not always at the top of the list. This leads to a reliance on sub-standard fraud prevention mechanisms, heavy on manual effort to face today’s sophisticated and increasingly automated fraud threats.

The time needed to manually analyse customers and verify orders means many businesses are unable to devote their attention to other aspects of their operations, impeding growth.  Most importantly of all though, failure to balance the fraud prevention equation can undermine a merchant’s reputation – nationally and globally. If consumers can’t trust a business to keep their hard-earned cash safe, they will shop elsewhere. 

This is a particularly important point for Australia’s smaller retailers, given that they rely on word of mouth referrals and positive online reviews to generate new customers. 

How can we build better defences?

It’s important to build a clear picture of who’s behind a transaction. Verifying only standard transaction data, such as name or address, leaves easily exploitable gaps and contributes to a higher fraud exposure level.

For the fraudster, impersonating a real customer’s behavior patterns and history is too complicated and cannot be employed at a scalable level. As a result, fraudsters use the most common method of tackling this issue: farming fake email addresses and establishing “sleeping cell” accounts to be exploited at a later date. To fight back against these threats, businesses need layered intelligence to counter attacks from all angles to make for a powerful defence solution, as well as a sound validation system. 

It’s important to build a clear picture of who is behind a transaction. When digital identity validation happens quickly, it allows companies to take steps to accelerate approvals, automate workflows and optimise processes.

Businesses should consider a scientific approach to stay ahead of the curve by ensuring fraud tools are powered by the latest technology. At the most basic level, businesses should opt for fraud prevention solutions that utilise machine learning. This branch of AI can monitor and evaluate data without manual analysis, minimising human error.  

The behaviour and history associated with an email address represents powerful intelligence that cannot be overlooked. This includes whether the email account is active and/or valid, the tenure and ownership of the address, and previous transactional behaviour. 

Time to protect Australian consumers

It’s undeniable online fraud poses a clear and present threat to Australian businesses. With cybercriminals becoming smarter, and fraud tools becoming more accessible than ever, it’s in a business’ best interest to protect themselves and their customers, by creating a multi-factor authentication process to increase the agreed industry security benchmark. 

The axiom by Benjamin Franklin “An ounce of prevention is worth a pound of cure” is still relevant today in relation to online businesses operating in Australia, and even globally. With AusPayNet announcing the start of an industry consultation on a new framework to mitigate fraud, businesses need to keep up with the advancement in technology and invest in better fraud prevention tools, otherwise they will be open to attack which would be detrimental to their time, reputation, and profit. 

Article by Emailage CEO Rei Carvalho.

Adobe & Software AG transform customer experience management
Adobe and Software AG have announced a partnership that will help businesses transform their customer experience management.
Zoom Phone beta announced for local customers
Zoom is bringing its full Phone solution to Australia in July, but has launched a beta for us to try now.
Interview: Understanding the difference between analytics and AI
"Artificial intelligence is defined as a computer making choices a human would normally make, however, that could mean a lot of things."
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
Flying high: How airline Scoot enhances the customer experience
Singapore Airlines’ low-cost arm Scoot has selected Dell Boomi’s platform help it better understand its customers – and its own business.
Schneider shares advice for solving edge computing challenges
Schneider Electric has shared the findings of a new whitepaper that delves into the issues of deploying IT at the edge.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
Seven Aussie projects shortlisted in IDC's Smart Cities Awards
The nominated projects include three from Newcastle alone and span smart water metering, solar farms, virtualization and transport.