It is inevitable that fraudsters will transition from POS to CNP fraud. Yes, they will have opportunities to continue to obtain and misuse mag stripe data for as long as merchants fail to reterminalize for EMV. And mobile wallets have also proven to be enticing targets for fraudsters looking to shop at their neighborhood Apple store. But the growing ubiquity of EMV and stronger mobile wallet ID&V will gradually drive fraudsters to other channels. The question is, how do fraudsters learn the new skills needed to transition from POS to CNP fraud? The answer is by starting slow and in-store pickup is just what they will need to learn the ropes while still being able to leverage some of the skills that they have utilized successfully for years.
As Javelin has pointed out in the past, the skill set and logistics for committing POS fraud differs significantly from that of CNP fraud. POS fraudsters must operate in the physical world, often utilizing sets of “runners” to purchase goods from known easy-targets using counterfeit (or stolen) cards, and subsequently fencing fraudulently purchased goods or engaging in a refund-for-cash scheme. Being successful at CNP fraud requires somewhat different payment data (specifically the CVV2/CVC2/CID or access to an existing e-commerce account), along with an understanding of what it takes to avoid the scrutiny of manual reviews, how to obtain (either through drop addresses or reshipping services for physical goods) and ultimately monetize the purchase.
But what if a POS fraudster – faced with the prospect of fewer mag stripe credentials for purchase and tighter controls around fallback transactions – wasn’t forced to change their m.o., but only the payment credentials they would rely upon? In-store pickup allows just that: CNP transactions that create an opportunity for traditional POS fraudsters to utilize their physical network of runners and their existing system for monetizing ill-gotten gains.
This reeducation of POS fraudsters will be one of the keys to CNP fraud’s continued growth, especially when armed with new techniques for bypassing traditional issuer and merchant fraud controls (which we covered in a recent webinar--Skyrocketing CNP Fraud Jeopardizes Top of Wallet Status). The long and short is that we need to bolster CNP fraud prevention capabilities today if we are to effectively mitigate the threat of tomorrow’s CNP fraudsters – who will be greater in number, well-motivated, and very capable.