Fraud and security is becoming a greater concern in payments as more retail sales move into digital channels.
For retailer Nordstrom, 10% of sales take place digitally, compared to 2% five years ago, said Steven Mattics, president of credit and payments for Nordstrom.
“If a person has their payment or personal information compromised, they won’t shop us anymore,” Mattics said.
Mattics was one of the panelists who took part in a discussion Tuesday on fraud and security risks in the new payments ecosystem.
“It’s all about reducing that friction but still protecting the customer’s data,” he said.
Discussion moderator Meneske Gencer, payments leader of the fintech practice for PwC, pointed out that on the flip side, false positives can also upset consumers who get flagged or stopped online while trying to make a purchase.
Mattics said that customers tend to be much more permissive and patient if they know that checks are being put in place.
“They understand almost everyone has had their card compromised. So as long as you don’t take it too far, there’s more permissiveness than we’ve ever had with customers.”
Jacob Bennett, vice president of risk and underwriting for the National Merchants Association, said there’s been an uptick in mobile fraud, which comes with doing business at the merchant level.
Rachel Yurkovich of the FBI’s Internet crime division said that when people’s mobile devices are compromised, criminals can get a hold of their identity information and payment methods.
“Your phone is basically a tiny computer,” she said. “For victims, that’s the real fear of jumping into these new payment methods.”
The FBI receives a substantial number of complaints about prepaid card fraud and wire transfers that take place from one account to another.
One such scam is known as business email compromise, which has affected both large and small businesses and resulted in losses of more than $2.4 billion among 17,000 victims worldwide. In this scam, a hacker compromises a corporate email system by posing as a CEO or someone with the authority to request a transfer of corporate funds.
“They monitor your traffic enough that they know your habits,” Yurkovich said. “They know how much you’re authorized to transfer.”
In terms of mobile fraud, a big thing merchants are seeing is with the EMV liability shift that happened back in October, Bennett said.
There was a lot of fraud expected based on what Canada and the U.K. saw with their own EMV rollout. “We’re not seeing it as much in the U.S. because about half of fraud here is card-not-present. It’s just a different landscape, a different environment.”
That’s not to say fraud isn’t happening. Mattics pointed out that many acquirers behind in terms of certification and supporting retailers with implementation, so fraud instances could be slower to surface.
While Bennett doubts that post-EMV fraud will be as devastating as what everyone expected, he said those numbers could rise over the next 18 months. He believes that biometrics and data could play a key role in fraud identification.
“Every shopper has a digital footprint, and it’s getting more robust as people spend time online,” he said, adding that merchants will be able to use that information to protect shoppers.
Yurkovich said it’s important for merchants to form relationships with law enforcement so that they know who you are in case an issue arises.
“Don’t be afraid to work with law enforcement. Don’t be afraid to take things to the FBI.”