Every year, UK Finance produces a definitive overview of payment industry fraud. The organisation is known as the ‘collective voice’ for the UK’s banking and finance industry and represents over 250 firms across the sector.
It’s annual ‘Fraud the Facts’ report aims to reveal the extent of the fraud detection and prevention challenge facing organisations today.
If we look specifically at the area of the report that our business specialises in – Cardholder-Not-Present (CNP) payments (which in UK Finance’s study also includes mail order and internet, as well as telephone-based transactions – and is classified as ‘remote purchase frauds’) – some interesting findings were published:
Overall, remote purchase fraud increased to £506.4 million last year (2018). Looking specifically at Mail and Telephone Order (MOTO) fraud against UK-based retailers, this also increased – by 14% to £92.1 million.
While the number of cases of remote purchase fraud increased by 47%, the gross losses that occurred rose by a lower increment of 24%, which the report suggests is due to card issuers identifying (and stopping) individual incidents more quickly.
When delving into the reasons behind this, UK Finance suggests that this fraud is being driven by the criminal use of card details that have been obtained through data compromise, including third-party data breaches, phishing emails and scam text messages.
The fact that 78% of all remote purchase fraud occurred online (£393.4 million) shows that criminals are identifying more ‘loop holes’ to fraudulently undertake transactions on the web, over other methods, including the phone.
These figures certainly make for startling reading, but also make it clear to me that retailers – or any business that handles payment transactions remotely – must be prepared to take the bull by the horns to manage the associated security risks.
My advice is to descope your contact centres so any sensitive cardholder data that is handled over the phone never enters your network. With no data stored locally on internal systems, the risk is removed– both from the threat of external hackers and internal fraudsters.
You can then invest more of your time on managing data security risks in other areas of your business, safe in the knowledge that the contact centre PCI DSS compliant and payments are being handled in the most secure and efficient way possible.