Online fraud spikes 137% despite new chip-based security measures, study says

Special report: Homegrown fraud task forces promote collaboration
BRP's Perry Kramer reveals that EMV processing is not enough protection against e-commerce fraud.

Online fraud has increased 137% since the implementation of EMV. 

According to a new white paper from BRP, "Payment Security Update: What's New After EMV?," fraudsters have become more sophisticated, and retailers need to adapt to protect customers' payment cards and personal data. 

According to BRP, EMV—which stands for Europay, Mastercard and Visa and is a global standard for chip cards—doesn't offer enough data security, and retailers need to be looking at end-to-end encryption (E2EE) and tokenization options.

In another recent survey by BRP, 68% of retailers reported implementing E2EE and 48% have implemented tokenization of payment data. 

So why aren't more retailers implementing these security strategies?

The white paper states that the challenge is to deploy the best security, while at the same time maintaining corporate advances in omnichannel commerce initiatives. In other words, developing a synergistic payment and security strategy. 

“While EMV has received most of the attention in the last few years, there are several other critical security strategies that play a much greater role in protecting sensitive payment card and personal information,” said Perry Kramer, vice president and practice lead at BRP. “It is imperative that retailers have the right strategies and controls in place to thwart the ever-increasing advances made by fraudsters.”

Kramer explains that there are two large obstacles for retailers when they attempt to implement payment security strategies. The first is the ability to align the vision of a customer journey with the security and IT teams’ requirements and resources.  

"In many cases, the business has not taken the time to step back and clearly define what they want the customer journey and experience to be," he told FierceRetail. "This makes it impossible for the IT and security teams to create the environment that achieves the right customer experience and appropriate level of security."

And of course, there is often the constraints of the IT and security team budgets, which make it nearly impossible to keep up with emerging technology tools and threats.

However, some retailers are successfully implementing some of the best security measures for online payment systems. What sets these retailers apart is, first and foremost, their commitment to leadership. They have buy-in at the highest level from the board of directors. Security is a priority, and therefore, there is often reasonable funding and resources. In addition, these retailers have taken an omnichannel approach to service on both the sale and return transactions.  

"Almost 30% of e-commerce purchases at traditional retailers are returned, which requires the need to access payment information across channels," Kramer said. "Savvy retailers have implemented omnichannel token technology. They have either outsourced retention of the customer profile information to a company that specializes in protection of payments and PII data or they have used best of breed security tools."

RELATED: Holiday returns fraud to cost retailers $4B

Finally, Kramer says that these retailers are set apart because they have made the financial investment. Payment security is a part of these retailers' budgeted and allocated resources. And these companies constantly monitor new and emerging threat technologies and technologies for protecting and enhancing the customers payment process.

Kramer warns retailers that, depending on a retailer’s type of  business, the days of being able to manually review high-risk transactions are rapidly coming to an end and for some, the end has already come. 

"Many retailers have done a poor job of creating a road map for taking advantage of the newest tools available to leverage analytics for fraud detection. These include artificial intelligence (AI) related to buying patterns and customer profiles, Internet Protocol (IP) address analysis on the device where the transaction is originating, and the dozens of other tools that are emerging every day to try and meet the changing customer demand for same or next day delivery," he said. 

Moving forward, Kramer believes the e-commerce fraud levels will continue to diminish over the next several years.

RELATED: Mobile fraud poses $240M threat

The e-commerce fraud levels will continue to diminish over the next several years based on multifactor authentication and other emerging technologies. However, the challenge remains getting customers comfortable with these new payment processes.