It is inevitable that fraudsters will transition from POS to CNP fraud.  Yes, they will have opportunities to continue to obtain and misuse mag stripe data for as long as merchants fail to reterminalize for EMV.  And mobile wallets have also proven to be enticing targets for fraudsters looking to shop at their neighborhood Apple store.  But the growing ubiquity of EMV and stronger mobile wallet ID&V will gradually drive fraudsters to other channels.  The question is, how do fraudsters learn the new skills needed to transition from POS to CNP fraud?  The answer is by starting slow and in-store pickup is just what they will need to learn the ropes while still being able to leverage some of the skills that they have utilized successfully for years.

As Javelin has pointed out in the past, the skill set and logistics for committing POS fraud differs significantly from that of CNP fraud.  POS fraudsters must operate in the physical world, often utilizing sets of “runners” to purchase goods from known easy-targets using counterfeit (or stolen) cards, and subsequently fencing fraudulently purchased goods or engaging in a refund-for-cash scheme.  Being successful at CNP fraud requires somewhat different payment data (specifically the CVV2/CVC2/CID or access to an existing e-commerce account), along with an understanding of what it takes to avoid the scrutiny of manual reviews, how to obtain (either through drop addresses or reshipping services for physical goods) and ultimately monetize the purchase.  

But what if a POS fraudster – faced with the prospect of fewer mag stripe credentials for purchase and tighter controls around fallback transactions – wasn’t forced to change their m.o., but only the payment credentials they would rely upon?  In-store pickup allows just that: CNP transactions that create an opportunity for traditional POS fraudsters to utilize their physical network of runners and their existing system for monetizing ill-gotten gains.  

This reeducation of POS fraudsters will be one of the keys to CNP fraud’s continued growth, especially when armed with new techniques for bypassing traditional issuer and merchant fraud controls (which we covered in a recent webinar--Skyrocketing CNP Fraud Jeopardizes Top of Wallet Status).  The long and short is that we need to bolster CNP fraud prevention capabilities today if we are to effectively mitigate the threat of tomorrow’s CNP fraudsters – who will be greater in number, well-motivated, and very capable.


About Al Pascual

An accomplished industry analyst, market researcher, and financial industry practitioner, Al Pascual is Javelin’s Senior VP of Research and Head of Fraud & Security. As SVP of Research, he oversees the firm’s operations and ensures that Javelin’s research content provides the innovative perspectives that clients expect from the firm.

As Head of Fraud & Security, Al provides clients actionable insights on a variety of fraud and security issues, acts as a partner in developing strategies for managing risk, and identifies and raises awareness of future threats and solutions. Al researches a range of topics, including the applicability of biometrics in banking and payments, the effect of data breaches on the integrity of consumer identities, the relationship between identity fraud and loyalty, and the best methods for securing data and transactions.

Al has presented findings from Javelin’s rigorous, industry-leading research at conferences around the world, including BAI, CARTES, Money20/20, NACHA, and RSA. Al has provided commentary on fraud and security issues to media outlets such as American Banker, Bloomberg, CNNMoney, Fox Business, Reuters, The New York Times, The Wall Street Journal, The Washington Post, and Wired.

Previously Al held risk management roles at HSBC, Goldman Sachs, and FIS. He is a member of the Association of Certified Fraud Examiners, the International Association of Financial Crimes Investigators, and the Federal Reserve Secure Payments Task Force. He earned a Bachelor of Arts degree in History from the University of South Florida.

Stay in Touch!