RiskTech Forum

Deutsche Bank: Card Fraud: A Growing Problem?

Posted: 1 October 2014  |  Source: Deutsche Bank

Card fraud in Europe has risen recently, both in absolute terms and relative to total transaction values for card payments. What is behind this increase and how much is it a cause for concern?

According to the latest edition of the ECB’s card fraud report, 2012 saw a marked increase in fraudulent activity. In total, the value of fraudulent transactions for cards issued within SEPA amounted to approx. EUR 1.33 bn from a recorded total of 9.1 m fraudulent transactions. Both fraud numbers and values are up by almost 15% yoy. However, this increase deserves a closer look and needs to be put in perspective.

First, incidences of fraud need to be related to the use of cards which has been on the rise over recent years. When looking at card fraud relative to transaction numbers and values, increases therefore appear less pronounced. Fraud as a share of the total number of transactions increased from 0.016% to 0.017%. Fraud as a share of transaction values rose from 0.036% to 0.038%, i.e. EUR 1 out of every EUR 2,635 spent using debit or credit cards is lost due to fraudulent activity.

Second, year-over-year changes appear pronounced not least because 2011 marked the low point for fraudulent activity in the past few years (see chart 1). While figures for 2012 exceed values for 2011, latest fraud shares are still lower than for previous years.

Third, it is worth to look at what is driving the increases. The report distinguishes between ‘card present fraud’ (CP), i.e. cases occurring at ATMs and directly at the point of sale (POS), and ‘card not present’ (CNP) fraud. The latter category includes card transactions via post, telephone and also via the internet. By categories, ATM fraud accounts for 17%, POS for 23% and CNP fraud for about 60% of total fraud values. CNP fraud has been growing continuously during the past years, is now the main fraud category in all but three SEPA countries, and therefore a key driver of overall developments.

In fact, aggregate figures for fraud in the card market mask a quite different trend in the traditional area of POS and ATM card transactions: here, fraud has decreased by over 25% since 2008, when fraud data was collected for the first time. Notably, the requirement of EMV as a technical security standard for SEPA card payments helped to combat card present fraud, namely counterfeit fraud which is the prevalent type of fraud at card terminals. The increase in payment security provided by EMV was most noticeable in 2010, when the share of EMV-compliant transactions in all card payments in the euro area surged from about 50% to 70% - accompanied by a slump in losses related to fraudulent POS and ATM transactions. Unfortunately, EMV adoption outside SEPA lags behind and counterfeit fraud in cross-border card payments involving non-SEPA countries has become a growing concern. Its increase in 2012 even outweighed the decrease in counterfeit fraud within SEPA. Revealingly, in the US, where EMV implementation took off only recently, fraud at ATM and POS terminals accounted for the majority (60%) of all fraudulent card payments in 2012, as opposed to 40% in SEPA (see chart 2).[1]

The example of EMV implementation is encouraging as it shows that successful action can be taken to combat card fraud. Now, CNP fraud clearly remains the main challenge – all the more because currently a lot of innovation is happening in this area and because CNP transactions are becoming ever more prevalent, driven for instance by the growth of online shopping. Notably, credit cards (incl. delayed debit cards), which are often used for online shopping, show on average higher fraud rates than debit cards. CNP fraud can be particularly difficult to tackle as this requires for instance strong authentification procedures, secure devices (e.g. computers or phones), cooperation among different players along the payment processing chain, as well as customers who are aware of security issues. Yet, this effort is worthwhile in order to maintain high levels of trust in payment services in the future.