There's been a great deal of interest in—and even some confusion with—the findings of our latest European fraud map. Some observers have commented that, whilst the card fraud trends may be interesting, the underlying messages are somewhat mixed.
The European card industry has long praised chip and PIN technology as the antidote to historically spiralling card fraud losses in areas such as counterfeit and lost and stolen—and now (finally) the US has followed suit with its own chip card issuance and acceptance plans. And yet, the overall levels of European card fraud, in absolute terms, are back on the rise. This seems like a contradiction.
Dig a little deeper, and it is evident that the robust European chip and PIN defence saw fraud attacks evolve and mutate rather than be eliminated. Just like a snow plough on a snow-laden road, whilst the path immediately ahead is cleared, the displacement merely results in a greater build-up in adjacent areas. Our fraud map commentary references fraud migration to cross-border and into remote (card-not-present) transactions. These are areas where the chip and PIN defences did not extend, and therefore, they became the chosen targets for the criminal fraternity.
One might expect fraud levels to drop as fraud migrates to areas that were historically less attractive or more complicated to target. But the longer an area of exposure is left untreated, the greater the attraction to criminals, and the greater effort and emphasis they put upon it. Combine this with the facts that, as a society, we are now far more inclined to make “remote” purchases (such as on-line or via telephone), to spend with merchants overseas (how many of us realise that e-commerce transactions on eBay settled through Paypal may be routed through Luxembourg?), and to travel far more widely than ever before (international tourism has more than doubled in less than 20 years). Needless to say, fraudsters have a rich seam of opportunity.
Industry reactions to fraud trend changes are often far slower than that of criminals, and the latter have come to realise this. Chip and PIN reached critical mass maturity in the UK in 2005, and yet there are still large parts of the developed world that have yet to embrace the technology, and will not do so until what will eventually be more than 10 years later.
With the rise in European fraud levels again, some observers have questioned whether it is statistically significant. Fraud is frequently reported in terms of hundredths of a percent (basis points), and the highest levels of fraud within the region equate to 7 basis points or 0.07%. That doesn’t sound a lot.
The thing to bear in mind is relativity, as I’ve indicated before on this blog. As those of us familiar with quality and process assurance know, statistical significance from defects are evaluated in manufacturing and service industries to a measure of Six Sigma. Basis points, whilst a fraction of a percent, are still significantly higher than levels of quality or process tolerance.
Of course, if total genuine card spend only equated to $1m, then a 7 basis points loss only equates to $700. But if total spend in the UK, for example, is £520 billion, then the UK’s loss level at just under 6 basis points equates to circa £300 million. That’s a lot of money in anyone’s book!
The moral of the European fraud map, therefore, is that whilst there is much to celebrate in terms of recent anti-fraud advances, there is no room for complacency. Until there is complete global interoperability on card fraud defences, and unless the industry begins to move faster and in concert, fraud will continue to prevail to some degree. And whether card fraud is skewing up or down, fraud loss is something that should concern us all.