Fraudsters are flying high on card-not-present (CNP) fraud attacks, a type of fraud in which criminals scam legitimate cardholders by using stolen credit card information online or over the phone. CNP fraud is surging everywhere, particularly in Latin American (LATAM), which has seen the highest rates of CNP fraud transactions in the world. 

The rate of CNP fraud is likely to soar due to the exponential rise of online shopping during the pandemic mixed with efforts to serve unbanked and underbanked populations. Here are the three factors driving CNP fraud, plus four solutions for banks to ground fraudsters and protect their customers.

Problem #1: Fraudsters are undeterred by failure

One of digital banking’s top-selling points is how easy it is for consumers to access and transact. Fraudsters are also flocking to the digital banking arena for the same benefits – although for more sinister reasons. The digital banking expansion has made it easier for fraudsters to commit transaction fraud at a large scale while facing few consequences. Fraudsters can obtain credit card or debit card information – including credit card numbers, CVVs, and billing addresses – under false pretenses or purchase stolen credentials on the dark web. Criminals can use this stolen to buy expensive items. Banks, payment processors, retailers, credit card companies, and consumers ultimately get left holding the bill. 

What’s most troubling is the speed at which fraudsters can operate in the digital banking environment. Fraudsters can make hundreds of CNP fraud attempts in very little time, putting in little effort, and gaining considerable rewards. Even if they are only successful two or three times, they yield considerable benefits with few, if any, consequences from law enforcement. 

Fraudsters have a wealth of CNP schemes available to them and aren’t discouraged by failure. That’s a dangerously potent combination for financial institutions (FIs) to address. 

Solution: Employ Segmentation

Understanding customer behaviors is important to sorting legitimate transactions from fraudulent ones. Investing in segmentation systems can help banks understand which customers behave normally and which ones are worthy of further scrutiny. A one-size-fits-all approach to fight fraud adds unnecessary friction for legitimate customers and risks driving them to another FI. Using segmentation solutions can ensure that FIs employ different monitoring methods for different types of customers.

Problem #2: New payment schemes enable faster CNP transaction fraud

The speed of payments is also working in fraudsters’ favor. Instant payment schemes and new payment types that have been launched in many regions enable fraudsters to make faster transfers. In LATAM, this includes PIX and Boleto Bancário in Brazil, Cobro Digital (CoDi) in Mexico, and Transfers Now and ACH Colombia in Colombia, and Yape in Peru, to name just a few systems to come online in recent years. In other regions, we see Canada has Payments Modernization, Australia has NPP, the U.K. has Faster Payments Service, and Hong Kong has TME-1. Meanwhile, the U.S. is planning its own real-time payments system for 2024.  

The rise of global faster payment systems has created another key transaction fraud opportunity for fraudsters. They can move money at a much faster pace than ever before and can sidestep common card-present transaction restrictions. The emergence of faster payments infrastructure has not only made CNP transaction fraud more accessible. It has also given scammers more avenues to move their profits and ultimately monetize their activities.

Solution: Implement Biometrics or 2FA

Latin America is home to one of the largest unbanked populations in the world. A recent report by Mastercard found that just 55% of adults in the region have access to a bank account.  

Smartphones help bring this gap by bringing more consumers into the digital banking environment and boosting financial inclusion. In Brazil, for example, 84 million adults have access to some kind of smartphone. 

Given the high market penetration of smartphones and the constant threat of fraud, banks should work to implement fraud prevention measures such as biometric solutions (like fingerprint scans or facial recognition) and two-factor authentication (2FA) to help keep their customers safe. Implementing these solutions will add a layer of friction to the online banking experience. However, the prevalence of smartphones among the population means consumers are likely to accept the new measures quickly – and may even feel more comfortable with their banking experiences. In other words, this mild level of friction will ultimately prove reassuring to customers.

Problem #3: New payment types vulnerable to fraud

The ease of use of many of the aforementioned new payment types creates another opening for fraudsters to exploit. Many of the payment methods launched in LATAM, like Brazil’s Boleto Bancário, use personally identifiable information (PII) like mobile phone numbers or email addresses to complete transactions or provide access to accounts. 

While these authentication methods are designed to make digital banking and eCommerce simpler, fraudsters can exploit them to commit CNP fraud. If a fraudster manages to learn a consumer’s PII, they can easily breach the consumer’s account. This is a very real threat in Brazil, where recent data indicated that about 40% of fraud victims in the country fell victim to phishing schemes and voluntarily revealed their personal information. 

Authentication methods for these new payment types (mobile phone numbers and email addresses) are also payment methods. If fraudsters can crack one method, they can easily crack the other.

Solution: Utilize AI-enabled transaction monitoring solutions

As new customers join the digital banking environment, banks must monitor how exactly they transact. Machine learning systems can help banks track how often customers transact and the types of activities they engage in. Banks can better understand if a customer’s recent activities are cause for concern using solutions that can access data from disparate sources. These solutions can review disparate data and highlight customer activities linked to suspicious entities. Monitoring these kinds of activities can help banks keep their organizations fraud-free.

LATAM: A Perfect Storm for CNP Fraud 

These three factors create a perfect storm for CNP fraud to accelerate globally, particularly in the LATAM region. Recent data shows how eCommerce activity (and, by extension, CNP transactions) surged by 80% in the region last year. This means LATAM bank customers face a higher risk of fraud. Add the expansion of faster payment schemes in the region, and fraud is poised to increase and accelerate.

FIs should note that there is precedent for fraud to increase when new faster payment schemes go online. In the UK, for example, online fraud increased by 132% following the launch of the UK’s Faster Payment System. 

Solution: Banks must look to the future

The fraud challenges that banks face today will eventually morph into new challenges in the future. Having a specific solution to address CNP fraud will be outdated once fraudsters find new vulnerabilities. Banks should invest in flexible systems that can both respond to the fraud challenges they face today and emerging ones. The experiences of other markets that have launched instant payment schemes can help banks prepare for these inevitable challenges.

Fraudsters rejoiced at the rapid shift to digital banking and eCommerce witnessed in 2020. Case in point, account takeover (ATO) attacks rose by a shocking 650%. Download Feedzai’s Financial Crime Report – Q1 2021 to learn how the pandemic impacted different global regions, plus the top five fraud trends and how to fight back.