With concerns about card-not-present fraud rising, e-commerce merchants have increased their usage of 19 of 21 fraud-detection tools since 2010, some by more than 30 percentage points, according to a recent report from the Federal Reserve Bank of Kansas City.
The only tool whose usage declined was 3-D Secure, which 29% of surveyed merchants used in 2010 versus 23% in 2016, according to the “Managing Fraud in Remote Payments”report. The study also found little usage, so far, of biometric fraud-prevention services.
The report drew on several data sources, including annual (except 2013) fraud studies from Visa Inc.’s CyberSource fraud-control subsidiary going back to 2010, says report co-author Zach Markiewicz, a payments research specialist at the Kansas City Fed. In those studies, CyberSource gathered data from 300-plus online merchants.
The 21 tools can be sorted into three groups: fraud-detection modeling, purchase-device tracking, and biometrics. Most of the tools fall into the fraud-detection modeling category, which often rely on data the merchant has. Tied for the lead in being used by 86% of merchants in CyberSource’s 2016 survey were card verification numbers, or CVNs, up 10 percentage points from 2010, and address verification services, up nine points in six years.
Next were customer order history, negative lists, and postal address validation services, used respectively by 78%, 72%, and 67% of merchants in 2016. Usage of all three of these tools has risen by more than 30 percentage points since 2010.
Usage of 3-D Secure, however, is going in the opposite direction. Around since 2001, 3-D Secure never has been popular with U.S. merchants because in its original iteration it takes online purchasers away from the merchant’s checkout page, leading to transaction abandonment by buyers who didn’t want to take the extra authentication steps. Still, the six-percentage-point decline “was surprising to me,” according to Markiewicz, who says the technology is effective.
EMVCo, a standards body controlled by the major payment card networks, has announced version 2.0 of 3-D Secure and promises a smoother authentication experience, but the new iteration is not expected to be in the U.S. market until 2019.
Another reason for the low adoption of 3-D Secure so far is that both issuers and merchants must support it, not to mention consumers. In France, however, the Kansas City Fed says adoption has been much higher in part because the central bank, the Bank of France, strongly encouraged issuers to offer the service to cardholders as card-not-present fraud boomed as the country converted to EMV chip card payments. Chip cards made counterfeit card fraud at the point of sale much more difficult for fraudsters to commit.
The Bank of France initially found that shopping card abandonment rates with 3-D Secure (3DS) were three to four percentage points higher than non-3DS transactions. “But over time, as 3DS became more widely available and the benefits were marketed to consumers, the 3DS abandonment rate converged toward the rate on purchases made without 3DS,” the report says. By 2016 “the abandonment rate on 3DS transactions was considerably lower than transactions without 3DS,” the report says.
Meanwhile, only 32% of merchants last year used purchase-device tracking, often called device fingerprinting, up from 23% in 2010, according to the CyberSource surveys. Device fingerprinting is technology that collects information about the device the buyer used for an e-commerce or mobile purchase. Merchants that do use device fingerprinting, however, tend to rate it as the most effective fraud-prevention tool, with fraud-detection models a close second, according to the report.
Just 1% of merchants polled by CyberSource in 2016 used biometrics, the same as in 2014-15 when CyberSource first tracked the technology, but the Kansas City Fed expects that number to grow as mobile wallets take hold and biometrics benefits from a wave of research and development.
In fact, in light of today’s worries about fraud, e-commerce and mobile merchants have an opportunity to make marketing hay if they can convince consumers that they provide secure payments, according to Markiewicz.
“I do believe that for a savvy marketer and a merchant of a certain scale, there are going to be opportunities to gain loyalty and customers by touting security,” he says. “I think that there’s definitely an untapped potential there.”
The Kansas City Fed report was co-written by senior economist Richard J. Sullivan, who is now retired.