Publication Date: March 2017
With card-not-present (CNP) fraud rates rising, many countries have deployed various fraud prevention tools to help curb fraud in the online and mobile channels. This U.S. Payments Forum CNP Fraud Working Committee white paper reviews experiences from countries around the world to assist the U.S. payments industry in mitigating CNP fraud.
While many attribute the rise in CNP fraud to the implementation of EMV chip technology, there are other factors, such as the rapid growth of online sales and the fact that fraud prevention tools have not been fully adopted and implemented by all stakeholders, that have contributed to the increase. This white paper looks at the experiences and lessons learned from other countries that have a similar landscape to the U.S. to provide a foundation for the U.S. payments industry to build out layered, effective and systematic mitigation strategies to reduce CNP fraud.
This white paper is specifically focused on CNP fraud in countries that have migrated or are in the process of migrating to EMV, including Europe/SEPA, the U.K., France, Canada, Australia and the U.S., and provides the following for each location:
- Perspective on the current status of CNP fraud
- An overview of fraud prevention tools and authentication methods that have been implemented and proven to be effective, such as 3D-Secure and device fingerprinting
- Relevant legislation and its impact on CNP fraud
The white paper provides the following recommendations for payments stakeholders in their efforts to mitigate CNP fraud:
- Implement a systematic, layered approach to secure all transaction data; no single security mechanism can protect against all possible fraud scenarios
- Address CNP fraud within an EMV migration strategy and regard phasing in these and other security practices as a high-priority business requirement
- Work together as an industry to secure all of the sensitive data elements handled during transaction lifecycles
Please note: The information and materials available on this web page (“Information”) is provided solely for convenience and does not constitute legal or technical advice. All representations or warranties, express or implied, are expressly disclaimed, including without limitation, implied warranties of merchantability or fitness for a particular purpose and all warranties regarding accuracy, completeness, adequacy, results, title and non-infringement. All Information is limited to the scenarios, stakeholders and other matters specified, and should be considered in light of applicable laws, regulations, industry rules and requirements, facts, circumstances and other relevant factors. None of the Information should be interpreted or construed to require or promote the establishment of any solution, practice, configuration, rule, requirement or specification inconsistent with applicable legal requirements, any of which requirements may change over time. The U.S. Payments Forum assumes no responsibility to support, maintain or update the Information, regardless of any such change. Use of or reliance on the Information is at the user’s sole risk, and users are strongly encouraged to consult with their respective payment networks, acquirers, processors, vendors and appropriately qualified technical and legal experts prior to all implementation decisions.