The sky's the limit for online payment fraud

Martyn Warwick
By Martyn Warwick

Mar 30, 2020

© Flickr/CC-licence/401(k)

© Flickr/CC-licence/401(k)

  • Will cost eCommerce merchants US$17 billion this year alone...
  • and $25 billion by 2024
  • This despite new anti-fraud technologies and systems 
  • Cybersecurity and the 'human element' vital in combatting fraud

A new report from Juniper Research concludes that online payment fraud will cost eCommerce companies and merchants upwards of US$25 billion by 2024 - and that's the figure calculated after factoring in the widespread development and deployment of new anti-fraud technologies and systems such as SCA (Strong/Secure Customer Authentication) that, although delayed in some EU countries is now becoming more commonplace across Europe overall. Mind you, it's not that eCommerce fraud isn't already a matter of major concern. Estimates are that, globally, it will cost merchants $17 billion this year and will grow by 52 per cent over the next four years.

The new research, "Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024", finds that the the ever-increasing consumer popularity of eCommerce and expanded 'card-present' security that is the corollary of the EMV payment standard has made all eCommerce a happy hunting ground for online fraudsters. 

EMV is a payment method based on an industry technical standard for smart payment cards which store data on embedded integrated circuit chips (commonly called Chip and PIN cards) payment terminals and automated cash-dispensing machines. Originally the initials stood for the three companies that created the standard, "Europay, Mastercard, and Visa". EMV cards are processed for payment in two steps: card reading and transaction verification where data flows between the chip on the card and the issuing financial institution to verify the card's legitimacy and create the unique transaction data. EMV has reduced 'card-present' fraud resulting from counterfeit, lost and stolen cards and the technology also provides interoperability with the global payments infrastructure and allows users with EMV cards to use them on any EMV-compatible payment terminal.

However, as time and technology moves on so do fraudsters and they are getting evermore sophisticated in their schemes, hence the move in Europe to SCA. Strong Customer Authentication is required to be implemented under the provisions of the EU Revised Directive on Payment Services by service providers within the European Economic Area (EEA). It mandates that electronic payments must be performed with multi-factor authentication.


We want to hear from you!

Take part in our 5G and Security survey and receive a free copy of the downloadable report ahead of general release.


In the EU, physical Chip and PIN card transactions already have passably strong customer authentication but it has not been the same for web-based transactions and many contactless card payments do not use a second authentication factor. Thus SCA came into force on 14 September 2019. However, the European Banking Authority has allowed several EEA countries to temporarily either delay or phase-in SCA deployment. The final deadline is set for 31 December this year.

"Strong Customer Identification" is defined as "an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data."

The new Juniper Research report stresses that unless eCommerce merchants outside Europe adopt similar measures to SCA, including two-factor authentication, they will suffer from increasing levels of sophisticated fraud. Payment gateways will be vital to ensure that these security requirements are implemented at scale.

Juniper adds that in addition to the pressing need to implement further and better security measures,  eCommerce merchants will have to educate consumers and take on a more educational role and teach them about cybersecurity practices, fraud methodologies and changes to the checkout process to improve fraud mitigation. 

The report points out that such measures will be essential in China, which, it is calculated, will account for 42 per cent of all the eCommerce payment fraud in the entire world by 2024. Nick Maynard, the co-author of the report comments, "The explosion of eCommerce means that fraudsters have evolved their tactics, and so merchants must also evolve. eCommerce merchants must educate their users in anti-fraud best practice, as the human element is consistently the most vulnerable to exploitation in the online payments ecosystem”.

Juniper Research adds the caveat that while additional security measures, including two-factor authentication, must become more widespread, merchants must be careful when implementing the changes. The report states, "Increased friction in the checkout experience must be minimised, or merchants will face increased 'cart abandonment' rates"  and recommends that security systems vendors s should work with eCommerce merchants to build security measures into shopping apps that ensure "a low-friction user journey, whilst encompassing increased authentication requirements." 

In other words, the new anti-fraud security regimes must be highly robust but their complexities should be minimised and camouflaged at the actual point-of-sale so that consumers are not deterred by being made to jump through so many onerous security hoops that they give up in annoyance or exasperation and fail to a complete a transaction. Now that will be a tricky balancing act.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.