Who Is Fraud and What Does Fraud Do?Alissa Saoutina |
With large merchants such as Target and eBay making headlines with historical data breaches, opening up potential for fraud, I set out to understand what fraud means and what payments ecosystem players (i.e., consumers, merchants, processors, networks) are doing to address it.
In the payments world fraud is associated with an unauthorized use of personal and card information for payment, and in some cases identity theft—if I did not authorize that person to use my card, that’s fraud. The money has been taken out of my account, or I’m liable for the credit, without my permission. Note that the data breaches referred to earlier are making headlines because a data breach is effectively the fuel that powers fraud.
Roughly speaking, as it stands today, the merchant is on the hook for the fraudulent transaction in the Card Not Present (CNP) situation (eCommerce and telephone), and the issuer is responsible for reimbursing money to cardholder in the Card Present (i.e. face-to-face transaction), This delineation of responsibility is is changing with the introduction of EMV, payments through the mobile channel and the overall “omni-channel experience”. Payment networks, MasterCard included, play the role of defining the criteria for liability and liability shifts within each environment.
EMV is helping secure the check-out in the physical store, while tokenization and encryption methods will play a role in securing the online shopping channel. Who is responsible for deploying the latest methods and technologies? In case of EMV the responsibility falls on both merchants and banks to upgrade their POS (point-of-sale) systems and issue new chip cards respectively. In the online world, the responsibility falls on merchant shoulders to work with their payment gateway provider and/or merchant’s bank to validate an eCommerce transaction.
The next frontier is a mobile phone that will serve both as the channel and form factor for shopping—today consumers increasingly use the mobile apps and browser to conduct eCommerce transactions; in the future, payments industry leaders are betting consumers will use the phone to authenticate and transact both in store (tap the phone to pay) and through an “in-line” checkout (e.g., using a digital wallet app on the phone as a checkout mechanism in apps and browser instead of entering card details). Since authentication includes something I know, I have and I am, the phone may become a central medium for rigorous authentication methods. However let’s not forget that the phone comes with a host of its own security concerns that are still uncharted territory.
In the US today the focus is on deploying fraud mitigating strategies in brick-and-mortar commerce and thus working to catch up to chip technology usage in the rest of the world. Merchants and issuers are working on securing the data so no outside force can get to the details of the purchase, and specifically so that no one can get to the cardholder’s account information. In the online world, merchants and technology developers have been focusing on maintaining and deploying fraud monitoring algorithms that can identify when an unauthorized transaction is taking place. But as more and more commerce moves online, securing transactions in the digital space becomes crucial to sustaining growth and preventing data breaches of the size that makes your head spin. By leveraging similar encryption technologies that are being deployed in stores across the US and the world, the participants in the global commerce have the opportunity to make online transactions equally secure.