We'll call you!


Fill in the form and we will contact you shortly.

How e-commerce can help combat fraud


4 min read

According to Jan Olsson, fraud expert at the Swedish police, online purchases with stolen card information, known as CNP fraud, is a threat to the whole financial system. This type of fraud is on an alarming rise across Europe, despite there being effective ways to combat it. Now, Jan Olsson wants to see more efforts on the part of the merchants.

In November 2018, the Marriott hotel chain announced that they had fallen victim to one of the largest data leaks in history. Hackers had gotten in to one of the company's booking systems and gained access to personal data from over 500 million guests: everything from card information and passport details to names, addresses and traveling information.

This leak is a reminder of the growing threat of cyber crime. According to Jan Olsson, Police Superintendent at the Swedish Cybercrime Center, fraud costs the global economy over three trillion euros annually, with an increasing share of the fraud taking place online. There are many forms of online fraud but the most common one is the so called Card Not Present fraud, where online purchases are done with card information that is stolen from leaks like the one at Marriott.

"Fraud is growing by about 10 percent annually but Card Not Present fraud is growing a lot faster, by about 40 percent per year", Jan Olsson explains.

According to Swedish Police, the number of annual reported cases of CNP fraud increased by 269 percent in Sweden between 2011 and 2017, from just over 20 000 cases a year to about 80 000 cases. On a European level, the statistics also look bleak. The ECB's numbers show that the amount of CNP fraud has increased by 66 percent over the past five years. And even if consumers are protected, this fraud cost the European economy 1. 38 billion euro in 2016 alone.

"This is a threat to the whole financial system. In the end, people won't want to use their cards online if they are worried about what will happen to their card data. It is also a threat to our societies since we are creating a generation of young people who hardly view this as a crime; they are just using some numbers to buy things online", Jan Olsson says.

Jan Olsson, Police Superintendent at the Swedish Cybercrime Center
CNP fraud is preventable

But despite the worrying development Jan Olsson is still hopeful about the future. The reason is that CNP fraud is highly preventable and that there are a lot of big initiatives under way that can help turn the tide.

With the EU's new data protection regulation, GDPR, companies are facing higher demands to keep our personal data, like card information, safe. The new European payment services directive, PSD2, also means that European online merchants will have to use strong customer authentication, like 3D Secure, in their online stores. In theory, this would make it impossible to conduct online purchases within Europe using only stolen card information.

The EU's requirement for strong customer authentication will come into effect in September 2019, but Jan Olsson has already seen that card issuing banks have started with other initiatives aimed at reducing CNP fraud. One example is a Swedish bank that was able to reduce their fraud losses by 60 percent by making customers "unlock" their cards before making purchases online.

The problem with CNP fraud, then, is not that there is a lack of technical solutions, but Jan Olsson feels that there has been a resistance among merchants when it comes to implementing these solutions. The reason is that many merchants believe that stronger security, like 3D Secure, impacts conversions in a negative way by making the customer journey more complex. To Jan Olsson, however, this is a very short-sighted view on security, since merchants will be among those hit the hardest if consumers lose faith in e-commerce. For that reason, he now hopes that merchants will lead the way in finding and implementing new solutions to the fraud problem.

"We can't stop these crimes through investigations, we have to work to prevent them and we have to do that together. Banks are already doing a lot in this field so I think that it is probably e-commerce that needs to do more".


Fill out the form and we will be in touch to tell you more.