There’s a security revolution underway in the United States. In an attempt to reduce credit card fraud, retailers everywhere are transitioning from legacy magnetic strip cards to the more secure chip-and-PIN system. Under this new threat cyber criminals are picking up the pace and churning through stolen card data—desperate to squeeze out every last cent before their card details become obsolete. As a result, U.S. credit fraud is predicted to reach staggering new heights, totalling as much as $14 billion by 2020.
There is huge pressure for merchants who have still yet to move over to the new chip-enabled terminals and ATM systems. Those lagging behind now potentially face billions of dollars in chargebacks, as banks are no longer required to foot the bill of fraudulent activity. This means we’re seeing a mad rush of vendors forking out for expensive new payment terminals.
Amid this upheaval, a host of new tech solutions are emerging to protect businesses and consumers from the surge of fraud. Retailers and card companies are trialing various data encryption methods, along with biometrics and machine learning using behavioral data, to protect people from theft. So, what risks do consumers face, and how does this growing arsenal equip businesses to fight the fraudsters?
Online fraud powers global organized crime
Europay, MasterCard and Visa (EMV) will be the new standard for credit and debit cards in the U.S., using the same chip-and-PIN payment method that is popular in Europe. Eventually, the chip cards will replace all magnetic card transactions, severely reducing card fraud. But in the short-term, it’s going to get worse before it gets better. In the UK, for example, in the three years following the implementation of EMV, online fraud rose by 79 percent, with hackers racing to make the most of existing stolen data.
These advancements will also do nothing to protect against the “card-not present” (CNP) online fraud that costs online retailers an estimated 7.5 percent of revenue. This phenomenon is fueled by a rise in ecommerce, new money transfer services and digital wallets, that make sensitive data vulnerable to internet hackers and criminal gangs.
Online, cyber espionage unlocks protected systems, attacking retailers’ point-of-sales (POS) systems. They are supported by phishing scams and malware bots that crawl the web deciphering passwords and logging data with techniques such as keylogging—where a program records each keystroke to gain access to passwords and confidential information. After acquiring stolen card information, fraudsters sell this data to criminal networks on the encrypted Dark Web and sites like Rescator.
Groups like FIN6 steal user credentials via email phishing scams to gain access to POS systems, making millions from the stolen card data on the black market. In a single breach, the organization was discovered with over 10 million cards, each selling for an average of $21, and the potential to generate over $400 million in sales through counterfeit card crime and fraudulent transactions. In this way, the business of online credit fraud powers organized gangs across the globe; from New York to Guangdong, with criminals living in luxury, while the theft goes undetected.
Emerging AI and biometrics authentication
A huge number of banks and new startups are leveraging machine learning and cloud computing to identify fraudulent online transactions. Artificial intelligence systems that use consumer purchasing habits and data such as vendor location, IP or time of day to flag or reject sketchy transactions.
Fraud prevention startup Sift Science uses machine learning and AI to protect over 6,000 companies, including Airbnb, Yelp and Zillow, from cybercrime in their transactions, replacing manual human checks in real-time. The company recently raised $30 million in Series C funding, making it a serious contender against a range of industry leaders and new startups like Riskified, Signifyd and Forter, as reported by TechCrunch.
Another startup using AI to fight online fraud, Forter, is so confident in its Decision-as-a-Service (DaaS) algorithms, it is offering businesses a 100 percent guarantee against chargebacks. As consumers’ digital trails provide more and more data, this powers smarter AI checks creating an online copy of our personal traits, that develops as it starts to understand our lives.
The biggest financial services are also taking a different approach to unique human identifiers; employing biometric technology—using selfies, fingerprints and even voice recognition to authorize transactions. MasterCard is working with software company Identity Check to create facial and fingerprint recognition to eradicate online CNP fraud. This additional step to online shopping would require consumers to confirm their identity with this data via cellphone checks.
Apple Pay currently uses this two-factor authentication solution, using the iPhone’s Touch ID tool to check fingerprints. Samsung Pay instead scans the iris of a user to approve payments. And many contact centers and banks use voiceprints to confirm caller identities. This form of technology could soon make its way into brick-and-mortar stores, even using the shape of a person’s ear to identify a consumer.
Encryption and cryptographic tools mask personal data
As merchants seek to utilize more personal data to create unique identifiers in the digital world, this calls for more advanced encryption techniques to mask this information and protect online shoppers.
New data encryption methods are gaining popularity, hiding this sensitive data from both hackers and their bots. Outdoor activities chain Cabela has implemented point-to-point encryption (P2PE) that makes data invisible to hackers both in-store and online. Many retailers also utilize “tokenization”—swapping out the 16-digit card number for a reference code. As explained <href=”#f4700e01d719″ target=”_blank”>by Forbes contributor Bryan Pearson, when used in conjunction with P2PE the data becomes uncrackable, even to the most astute of hackers.
Banks are also turning to blockchain technologies, the open-source infrastructures used to create a public ledger of all Bitcoin transactions. In this way, a unique transaction identifier is added to the ledger creating a public record that is accessible to all, recording and verifying the transaction through distributed servers, making it extremely difficult to hack.
The most powerful protection tools today use machine learning to detect fraud and encryption technologies, such as cryptographic blockchain infrastructures to protect transactions. Fraud detection startup Feedzai, uses big data and machine learning as a protective layer on top of the blockchain. Feedzai’s CTO Paulo Marques told Coin Journal that advanced AI techniques not only understand human behaviors to detect fraud, they can be used to predict criminal activity before it even happens.
And so, while hackers and black market networks race on, buying and selling card data and racking up billions in costs, in the face of emerging tech their days are numbered. Unique human identifiers—be that an individual’s retina or their distinct shopping habits—will be the key to secure purchases. Combine this with uncrackable encryption techniques that locks away this detail. This combination provides a powerful weapon against the rise of cybercrime, fighting to provide consumers freedom both in-store and on the web.