Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Online card fraud up as thieves avoid more secure chip cards for in-store payments

Matt Hamblen | Feb. 6, 2017
Increasing use of biometrics may help protect online payments

One unfortunate side effect from the use of chip cards for in-store purchases has been an increase in online credit-card fraud.

Hackers have taken the path of least resistance, moving from in-store fraud to e-commerce fraud, according to security experts.

Deterred by the security capabilities of chip cards for in-store payments, thieves have resorted to stealing credit-card numbers and passwords or opening new accounts with false credentials to use in making online payments for purchases, according to recent studies. Botnets also comprise some of the biggest increases in online card fraud.

Chip cards were instituted on Oct. 1, 2015, and since then, e-commerce fraud on U.S. merchants has jumped 42% as of the fourth quarter of 2016, according to a study by research firm

"We predicted this [online fraud increase] would happen following [chip] cards in the banking industry years ago," said Mike Lynch, chief strategy officer at InAuth, a vendor of mobile and browser security products. (InAuth was recently purchased by American Express, but will remain a subsidiary.) Other countries, including Canada and Australia, also saw big jumps in online card fraud after chip cards were adopted, he said.

Lynch said the online fraud increase is probably higher for financial institutions than for merchants, but merchants are more open about the problem and discuss it more freely. "Banks don't typically want to disclose fraud," he said.

The amount of dollars put at risk by online fraud went up 55% from the second quarter of 2015 to the second quarter of 2016, according to the study. That was a jump from $4.90 to $7.60 per $100 of online sales. For luxury goods alone, the dollars at risk were $12.10 per $100 in sales in late 2016.

Botnets were behind many of these attacks. The rate of attacks by botnets increased by 47% for the same period for all goods and by 87% for luxury goods alone, said.

Javelin Strategy & Research this week reported that identity fraud of all types, the bulk of which comes from card activity, hit a record high in 2016. There were 15.4 million U.S. victims in 2016, up 16% from 2015. Losses from fraud in 2016 hit $16 billion.

"The increase in [chip] cards and terminals was a catalyst for driving fraudsters to shift to fraudulently opening new accounts," Javelin said in a statement. Fraud using existing cards also increased by 40% in 2016.

"After five years of relatively small growth or even decreases in fraud, this year's findings drive home that fraudsters never rest," said Al Pascual, research director in fraud and security for Javelin, in a statement. "When one area is closed, they adapt and find new approaches." He urged the payments industry to close security gaps.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.