The opening of the 2016 holiday season, which marks the first full year since the country's major EMV fraud liability shift, is proving what data security experts feared all along.
Ahead of the liability shift, which made the party unable to handle EMV-chip cards liable for any fraud on those accounts, experts predicted that fraud would migrate to e-commerce. This prediction hinged on retailers improving their security to avoid fraud liability.
But because the EMV migration was not so abrupt, neither was the shift of fraud to e-commerce, where EMV provides no protection. A year later, as retailers relaxed their protections ahead of the holiday shopping season, fraudsters flocked to digital channels. And with another big shopping day — Christmas Eve — approaching fast, retailers can expect to get hammered again.
Credit card fraud spiked 20% during this year's Black Friday to Cyber Monday shopping weekend compared to a year earlier, according to fraud prevention technology provider iovation. Further, this year's fraud numbers represented a 34% increase over 2014.
Total online fraudulent credit card transactions over that holiday weekend rose to 59% this year, compared to 49% last year and 44% two years ago.
"It's an incredibly high number," said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
The statistics reflect the combination of the increasing trajectory of e-commerce fraud as well as the fact that a lot of merchants loosened risk controls around the Black Friday weekend to bring in more sales, Conroy said.
"It's that classic trust/benefit between balancing revenue and the risk around that shopping season," Conroy added. "They are willing to take on a little extra fraud, and in this case a lot of extra fraud, in order to get sales through the pipeline."
Because transaction volume rises dramatically at this time of year, retailers become wary of fraud prevention measures that might slow down or derail consumers from completing their purchases.
Iovation research bears this out, showing that 0.38% of all online retail transactions during the first holiday shopping weekend were fraudulent, Conroy said. That number was down from 2015, when it was 1.16%, because of increased transaction volume in 2016.
"I think that stat really jumps out at you and points to the fact that the denominator for transaction volume is growing so quickly, and that really bolsters the decision to loosen fraud controls," Conroy said.
Merchants and consumers are increasingly understanding that fraud occurs every day of the year, but it does increase significantly when a lot of consumers are shopping, said Erika Dietrich, ACI Worldwide's global director of payments risk management.
ACI research with larger e-commerce retailers also shows the overall online credit card fraud to be at less than 1% during this year's holiday shopping season. "But that is still a big enough number to put some merchants out of business" when considering the increases in online shopping, Dietrich said.
Fraud attempts increased by 9% in volume and 2% in value during the peak shopping days over last year, according to ACI's research. By volume, ACI reported that 1 out of 79 e-commerce transactions is a fraudulent attempt in 2016, compared to 1 of out 101 in 2015.
As a result, merchants are increasingly putting data security technology in place, with many deploying systems that stress "no cards in the clear" without encryption, tokenization or cloud-based storage, Dietrich said.
"More merchants are implementing 3D Secure on their sites in the U.S., something we were seeing regularly in Europe," Dietrich added.
The card networks have been promoting new upgrades in 3D Secure the past two years in an attempt to eliminate the bad perception U.S. merchants and consumers alike had about the original version, which largely relied on demanding an extra password during the checkout process.
Despite the potential for fraud, Black Friday through Cyber Monday remains an extremely popular time for online shoppers.
The iovation research showed that 29% of all online transactions during the opening weekend occurred on both Black Friday and Cyber Monday. Still, Cyber Monday activity is flattening a bit, compared to previous years, the report said.
Iovation cited consumers' growing comfort with making purchases on their mobile phones at any time has taken some of the transaction pressure off Black Friday and Cyber Monday e-commerce, which for years was essentially a desktop or PC task on those designated days.