Not so many of us would think of bank card fraud when we use it as a means of payment to buy cryptocurrency. Usually, we think of crypto-related types of fraud first neglecting the other threats.
Meanwhile the total annual value of fraudulent transactions comes to €1.8 Billion, according to the latest European Central Bank report. Among these CNP (Card Not Present) fraud, which represents about 80% of the total volume of all fraudulent card transactions.
The reason is the apparent change in customer behaviour and the overall growth of online payments. It makes CNP fraud one of the primary sources of income for fraudsters who always look for the weakest link.
Therefore, fraud prevention and risk management measures within the financial organisations become increasingly complex, requiring more budget to fight fraud, process chargebacks and disputes. Card fraud comes in many different forms and is often achieved through identity theft.
We’ll take a closer look at 3 most popular types of fraud related to online payments.
CNP (Card Not Present) Fraud
This means that fraudster uses your card without being in physical possession of it, i.e. they know the number and the expiry date of your card.
CNP is mainly related to online fraud; it has become the most prominent type of card fraud in recent years. Many merchants in Europe require the card verification code (3 digits on the back of the card), making CNP fraud more difficult. However three digits don’t look enough to make much of a password. If criminals can obtain your card number, they can figure out that number too using a hacking technique that can guess CVV code in seconds. There are only 999 possible combinations for this code. Many fraudsters try to make purchase of the low amount until they figure out the right CVV right number. Do not neglect that attempts to charge the small payments in your bank notifications.
Luckily most of the banks have anti-fraud monitoring systems that notice the suspicious transactions before you and block the compromised card to prevent any further attempts. Anyway, it is a good idea to stay cautious and report any suspicious activities with your card to the bank.
Lost and Stolen Card Fraud
As the name suggests, this type is relevant for the lost and stolen card; when it is in possession of fraudsters. In this case, it is quite tricky to use the card at the stores through merchants POS terminals as they might require a PIN. However, it is relatively easy to use a found or stolen card for online purchases. You must block your card as soon as you realise they are lost or stolen.
Card ID Theft
Card ID theft occurs when the details of your card become known to a fraudster. This information is then used to enter your card account or open a new one. Your name will be used for this. This is one of the most sophisticated types of fraud and is hard to identify and to recover from because it can take time before you realise what happened.
Data breaches containing Personal Identifiable Information (PII) such as card numbers often result in your information being sold on the Internet. Your identity information, payment credentials, bank account credentials and answers to security questions are widely available on the darknet for purchase in bulk.
The basics of card fraud stay the same, but the fraudsters become more and more creative. That means fraud analysts need to be as agile and innovative as fraudsters. Fighting fraud can only be done with the right information, though. Merchants and payment services use the following information and fraud prevention/risk management tools to detect and prevent online card fraud:
- Card Verification Code (CVV, CVN, CVC2, CID, etc.)
- Address verification service (AVS)
- Blacklists — including those provided by the International card schemes as well as internal lists
- Fraud scoring models
- Customer purchase history
- Device fingerprinting
- Email verification
- Strong customer authentication (SCA) to be compliant with the PSD2
- 3-D Secure (disliked because consumers often cancel payments when required to use 3D-Secure)
However, there is good news. We at Mercuryo are fighting CNP fraud and data breaches and continually improve our anti-fraud techniques. Our systems monitor all the data across the payments chain, cooperate with our acquirer partners, reducing steps during the purchase process and protecting consumer privacy.
Mercuryo team has created a unique cross channel anti-fraud system, which is easily scalable; we can add new analytics blocks if necessary. It is a fully automated system with 24/7 uptime.
Mercuryo is focusing on the whole cryptocurrency payment ecosystem rather than crypto exchange service alone. That is why it is essential to build a proper security infrastructure and the environment from day one.
This will allow us to avoid the pain many banks suffered when information security systems became vital. Banks invested million dollar budgets just to re-design the architecture and re-develop most of the internal systems to build in required security features.
So what we do is we develop the proper basement first (security-wise) and then build the entire ecosystem on top of that.
Stay safe and never worry about security breaches.