As Europol Warns of CNP Fraud Deluge, Adaptive Decisioning Becomes Key

Recent Europol report on Internet Organised Crime highlights increased sophistication of the malware resulting in cyberattacks of unprecedented scope and scale.

At Simility we regularly report on the latest fraud trends and try to provide best practice advice to help your business steer its way through the oncoming storm. Many of these same trends were highlighted this week by international law enforcement organization, Europol, particularly the global growth in card-not-present (CNP) fraud. Let’s be in no doubt: fraud represents a serious challenge to businesses everywhere, especially smaller companies with less to spend on the problem.

Europol Report

With Europol warning of new opportunities for fraudsters over the coming months and years, organizations must look to active decisioning platforms to get smarter about how they tackle this challenge.

EMV spurs CNP

On the one hand, it was reassuring to see Europol highlight many of the issues Simility has been tackling for years. But there’s no doubt that the scale of the problem is increasing all the time. Look no further than the lengthy section devoted to payment fraud in Europol’s latest annual Internet Organised Crime Threat Assessment report. It warned that as EMV adoption spreads, fraudsters will look to move more operations online via CNP scams. This is because pre-EMV magstripe cards are easier to clone, meaning they were more likely to be used in face-to-face scenarios to fraudulently pay for goods. Shut one avenue down and the bad guys will simply move to another. They may not be able to clone EMV cards easily, but they can use stolen or breached card data in CNP scenarios.

Even though Europol has flagged CNP fraud as one of the biggest threats facing businesses today, the true scale of the problem may still be under-estimated. The report points to a widespread problem of under-reporting by victims, and of a “lack of comprehensive insight into the availability of compromised card data on the dark web.” However, we can guess that volumes are growing all the time. One report claimed an increase in stolen credit card data hitting the dark web of 149% over the past 18 months. Another report calculated that data trading on the cybercrime underground generates $160bn annually.

The bad news is that Europol is predicting that opportunities to commit fraud will only grow over the coming years. For one, new banking rules in Europe known as PSD2 will open up banking data to a range of third parties. The fear is that these providers could be breached, exposing customer banking data, or hijacked to submit fraudulent data access requests to banks. The challenges don’t end there. Instant payments may also put customers at risk by “reducing the opportunities for financial institutions to intervene with a transaction.”

Fighting fraud as part of the PayPal family

So what does this mean for merchants? The vast global cybercrime economy will continue to fuel major data breaches and the illegal trade of card and personal data. Fraudsters will increasingly look to online channels where they have been stopped profiting from using cloned cards in the physical world. And innovations like instant payments and open banking APIs will create new opportunities for scammer.

That creates an even greater urgency for merchants to invest in fraud prevention systems to empower internal risk teams. But the market is flooded with tools all promising the earth. In reality, many are simply not agile or adaptable enough to keep pacing with rapidly evolving fraud patterns and efforts to cash in on faster payments. Rely too much on humans in your internal processes and they will be further impacted by manual errors and inconsistencies in decision making.

Ultimately you should be looking for data-driven systems which combine the best of automation, machine learning and predictive decision-making to help prevent fraud where possible. Don’t rely on a single system, but look for those which blend a range of cutting-edge technologies to support your human analysts. We call this adaptive decisioning: a system which draws insights from multiple data sources and is armed with the agility to make real-time adjustments for maximum impact on fraud levels whilst minimizing customer friction.

As part of PayPal we hope to bring this functionality to a whole new market of global merchants, leveling the playing field for those previously unable to benefit from these advanced capabilities. Contact us to know more!



Vanita Pandey

Vanita Pandey

Vanita is the Vice President of marketing and product strategy at Simility.In this role she is responsible for establishing Simility's brand, driving Similty's go-to-market strategy as well as product and market positioning. Prior to Simility, Vanita worked atThreatMetrix where she was responsible for the strategic vision and go-to-market for ThreatMetrix products and solutions. With extensive experience in strategy, innovation, product management and analytics within the payment industry, Vanita previously led merchant development and global go-to-market for Visa’s digital products. Prior to Visa, Vanita held a range of diverse positions at some of the world’s leading financial institutions including Capital One, Standard Chartered Bank and ABN AMRO Bank.
Vanita Pandey