Losses in the card payment industry have remained steady the past several years, as issuers, merchants and ATM and merchant acquirers have employed fraud-fighting efforts. Still, the gross fraud amount doesn’t include billions of dollars in losses related to transactions between bank accounts, or to QR code payments not linked to card accounts.
“The decline in the dollar amount of fraud losses in 2020 will not be repeated in 2021,” the report asserted.
Actual losses experienced by issuers, merchants and acquirers exceed the $28.58 billion lost globally last year and can’t be accurately calculated, the report noted, because there are additional expenses related to fraud investigation, managing call centers and maintaining operations, which tend to rise annually.
Still, industry players have made progress in containing those expenses — especially in managing chargebacks due to fraud, even as chargebacks “exploded to unprecedented levels,”.
“Friendly” or “first party fraud,” when cardholders claim transactions are fraudulent even when they or a family member made the purchase, is becoming a bigger concern for issuers, the report noted; the industry is moving toward making it an official fraud category.
Among consumers filing chargebacks, more than 40% have done so due to truly fraudulent purchases, but close to one-fifth admitted to committing “friendly” fraud, according to Sift’s Q4 2021 Digital Trust & Safety Index.
Personally identifiable information for sale on the dark web also remains an issue for the card industry, Nilson Report said. Especially in the U.S., card issuers faced fraud on new credit accounts opened expressly with ill intent. That can result in bigger losses than those from the sale of existing card account information.
Account takeovers by fraudsters buying card credentials on the dark web have become a bigger problem the past few years. Stolen American payment cards can be bought on the dark web for as little as $5.80, on average, and the U.S. has the most stolen cards circulating.
The installation of more chip readers at gas pumps in the U.S. has helped cut fraud, as has the use of tokenization, per the report. Major card networks’ use of 24/7 monitoring countered organized crime. Also, alerting merchant and ATM acquirers of fraudulent activity early resulted in fewer attacks.
CNP fraud picks up As more payments were made online or over the phone during the deadly Covid-19 pandemic, fraud followed: Card-not-present (CNP) fraud made up 68% of losses experienced by card industry merchants and acquirers in 2020.
The outsized U.S. share of fraud losses can be blamed on a higher prevalence of CNP transactions than in other countries. When the pandemic hit, stuck-at-home consumers turned to online shopping and phone payments, but issuers and their fraud risk models weren’t equipped “to handle the avalanche of first-time CNP authorization requests from valid cardholders,” the report said.
“The shake-up enabled criminals to quickly seize the opportunity to activate cards previously stolen but lying dormant,” the report noted. During the pandemic, fraudsters siphoned off federal stimulus money or unemployment funds, added them to stolen reloadable prepaid card accounts and used those to buy merchandise that was then returned or sold online.
The vast increase in CNP transactions added to the trend of merchants running up a higher share of fraud losses. CNP transactions hit 19% in 2020, up from 15% in 2019.
“Dollars lost to CNP fraud losses were more than six times higher in 2020 than the prior year,” per the report; 2019’s losses were four times higher than 2018’s.
The average value of these remote purchases grew through the year, forcing merchants to review questionable sales, which only upped their expenses, the report noted. CNP fraud linked to payments for streaming services in particular shot up.
Fighting fraud As these threats have grown larger within the payments industry, especially during the pandemic, major card companies have acquired cybersecurity firms to bolster their approach to fraud prevention and have provided merchants with toolkits to address cybercrime.
Global card fraud losses of $28.58 billion for 2020 were slightly lower than 2019, at $28.65 billion, thanks in part to the pandemic-prompted drop in cross-border credit card spending.
In the U.S., fraud losses totaled $10.24 billion in 2020, up from $9.62 billion in 2019, per the Nilson report. Globally, gross card fraud losses amounted to 6.8 cents per $100 in purchase volume, which was actually the same figure observed in 2019. The amount has been declining slowly since 2016, when it was 7.2 cents.
Card issuers were hit hardest, accounting for 65% of gross fraud losses globally, while merchants, ATM acquirers and merchant acquirers sustained 35% of losses.
Debit card fraud increased last year as consumers increased their use of those cards, while credit card fraud decreased. Global brand cards including Visa, Mastercard, American Express and Discover/Diners Club had the lion’s share of fraud losses, at $25.27 billion last year, down from $25.53 billion in 2019.
ATM cards tallied $1.40 billion in losses last year; domestic cards, $1.24 billion; and private label cards, $0.67 billion
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |