Analytics & Big Data
May 22, 2015

How to counter "card not present" fraud with analytics

What is CNP fraud and why is it important

Card not present (CNP) transactions refer to purchases made by a consumer without physically presenting the card. They can be classified as e-commerce purchases, mobile or mail orders, and telephone orders (MO/TO).

Rapid advances in technology and increased use of the Internet coupled with a generational shift have been driving payments offline to online in an unprecedented manner. Online transactions are forecasted to cross the US$400 billion mark in 2015 and hit $458 billion by 20171.

Migration of card payments from magnetic stripes to EMV Chip and PIN has witnessed a simultaneous shift in fraudulent activity from the card present to the CNP scenario. CNP fraud occurs when a purchase is made by an unauthorized user of a card in a non-face-to-face setting. In 2012, CNP fraud rates were estimated in the United States to be more than three times2 as high as card-present fraud rates, and CNP fraud losses are projected to reach $6.4 billion by 20183 in the United States alone.

CNP fraud has primarily been a problem area for merchants, since they not only lose the goods and services but also in most instances the value of the goods and services, the overhead costs, and the subsequent chargeback fees and fines. The adoption of 3-D Secure by merchants has resulted the loss liability for some types of fraud shifting to banks. This coupled with increasing emphasis on a frictionless cardholder experience has made securing CNP transactions critical for banks as well.

Regulators are also taking notice of this problem and gearing up to address it by strengthening the security standards associated with the online model. The European Banking Authority (EBA), for instance, has already set guidelines for minimum security requirements for payment service providers in its 28 member states. In the United States, the Federal Financial Institutions Examination Council (FFIEC) has released a set of guidelines outlining the need for layered security measures.

Solution approach and analytics
A primary approach to tackling CNP fraud involves building or purchasing a technology solution for authentication and transaction monitoring that forms the first layer of defense against fraudulent activity. The second level of defense with a higher incremental value combines analytics with technology solutions for a complete and more holistic approach to mitigating fraud. “Fraud management requires a holistic approach, blending tactical and strategic solutions with the state-of-the-art technology solutions and best practice in fraud strategy and operations," says James Gilmour, editor of Credit Risk International.

Analytics is the core driver that enables technology to identify a pattern of activities to isolate fraud. The following types of analytics are being used to effectively mitigate fraud:

  • Rule-based detection
  • Anomaly detection
  • Network analytics

Rules-based detection: Past behavior of fraudulent customers, segments, or portfolios is used to identify similar patterns in the new transactions. This technique sets rules for transactions originating from the same IP address previously identified as fraud or certain transaction types (such as transaction amount, channel type, merchant type, etc.) that show up in historical data with a high correlation with incidence of fraud.

Anomaly detection: Anomaly detection or pattern recognition is the identification of events that do not conform to an expected pattern. An example of an anomaly is a high-value online purchase during out of operating hours and/or outside the geography in which a card is typically used. Anomaly detection is particularly powerful when historical transaction data shows no or very few instances of fraud, which renders supervised modeling methods ineffective to predict future instances of fraud. Anomalous events once investigated and established as fraudulent activity can then be tied to a business rule for use in mitigating future incidences of fraud.

Network analytics: Network or entity link or social network analytics tries to establish links between seemingly unrelated entities. The perpetrators often share real and fake attributes such as Social Security numbers, names, addresses, phone numbers, or their variants while operating in organized fraud rings. This information can be used to detect and prevent potential fraud rings by establishing “links" among these attributes and thus unearthing suspected accounts.

Analytics is emerging as key in providing actionable insights that minimize the incidence of fraud with minimal impact on the customer experience in the CNP environment. Fraud analytics helps build models for scoring transactions as well as customers to assign the likelihood of a CNP transaction is fraudulent. Fraud analytics also helps design predictive rules for transaction monitoring and thus fraud detection. Increasingly, it is also being used innovatively to identify anomalous transactions to initiate additional authentication such as two-factor authentication or challenge questions to establish the identity of the consumer. For banks and merchants, the need to actively bolster their analytics capability to defend against the rising fraud problem is now a critical piece of their overall operating model.

To learn more, you can also read fraud analytics in retail banking detect deter and prevent or write to our Fraud Analytics experts.

Author: Vishal Joy - Manager, Fraud Analytics

  1. Javelin Strategy & Research
  2. 2013 Federal Reserve Payments Study