Resellers warned about rising CNP fraud levels
Card-not-present fraud rises by 16 per cent over the past 12 months to a total of £212.6m
Channel players have been warned to be more vigilant because card-not-present (CNP) fraud has become the dominant type of card fraud in the UK.
Figures released last week by the Association of Payment Clearing Services (Apacs) revealed that CNP fraud rose 16 per cent last year to total £212.6m, while fraud on lost/stolen cards fell 23 per cent to £68.4m, and counterfeit card fraud rose just three per cent to £99.6m.
Sandra Quinn, director of communications at Apacs, said: “Although CNP is now the single largest type of card fraud, representing 49 per cent of all card fraud, the percentage rise was lower. In 2005 it rose by 24 per cent and in 2006 it grew by 16 per cent.”
Apacs is urging VARs that accept CNP transactions to sign up to the MasterCard SecureCode and Verified by Visa protection schemes.
“There is a big advantage for resellers and retailers to sign up to these schemes,” Quinn added. “The big challenge is encouraging their customers to register as well.”
Apacs is also working on the implementation of a remote card authentication device, which it hopes to trial with banks later this year.
“It works via a cardholder inserting their chip and PIN card into a hand-held card reader and entering their PIN,” Quinn said. “On confirming the PIN, the reader generates a one-time only passcode, which the cardholder provides when prompted, for authentication with the cardholder’s bank.”
Gina Loch, credit manager at VAR Misco, said: “We have noticed an increase in CNP fraud. We were hit badly over a year ago and have since put in very strict measures. We are also in the process of signing up to both MasterCard SecureCode and Verified by Visa. I like the idea of the hand-held device though as this would put the onus back onto the banks.”
Steven Cox, principal security consultant at software vendor CA, said that companies need to consider two-way authentication.
“With the increase in online transactions, the traditional approach to security needs to change,” he said. “The customer must prove that they are the customer, but VARs must now prove they are who they say they are, to overcome online card fraud.”