The whole European Economic Area (EEA) landscape has changed this year. With the introduction of PSD2 on 31 December 2020, a new set of payment regulations and guidelines has placed merchants, PSPs, and acquirers in uncharted waters.
While PSD2 will have benefits for both customers and businesses alike, the new directive also presents some clear opportunities for fraud and cybercrime. The merchants and payment partners that understand where these new fraud attacks will come from will be the ones who can build the ideal strategies to combat them in 2021.
One of the key tactics that fraudsters will attempt this year is to start using non-EU credit cards in the EEA to commit their crimes. This comes down to the fact that PSD2 only covers EEA-based credit cards. So, if a customer makes a purchase through your website with a non-EU credit card, the Strong Customer Authentication (SCA) won’t be triggered.
How will fraudsters get their hands on non-EU credit cards?
There are many different ways in which credit cards are harvested for fraudsters. Two of the most common tactics include data breaches and phishing emails.
Major Data Breach – Banks or retailers could be the victim of a data breach, providing fraudsters with the credit card details of their database.
Phishing Emails – Fraudulent emails that are made to look official, with the purpose of attempting to fool you into providing your private information with them.
Taking the PSD2 regulation into account, there is a good chance that harvesters will focus on accessing non-EU credit cards in 2021 through the above means (among others).
But is it really a wise business policy decision to reject quality, legitimate customers out of fear? The answer is obviously no. Your revenue and reputation would take a severe hit if that were the solution. Instead, we have to think logically about the issue at hand. And it comes down to solutions of two types for protecting your business against the rise of non-EU credit card fraud:
To ensure that your business isn’t susceptible to credit card fraud from non-EU credit cards, it is vital that you screen all non-EU credit cards at the point of transaction. Especially in 2021, as this route will become a popular option for fraudsters and cybercriminals.
Now, the reality is that manual review on its own, while theoretically effective, simply isn’t scalable. The buying experience will be negatively impacted on all non-EU card users who turn out to be legitimate.
But what exactly is the best method for screening out fraudulent non-EU card transactions?
When it comes to fraud, there is no one size fits all approach. Nor should there be. It is actually better to think of it in terms of social science rather than an empirical one.
Let’s say we reject all transactions from non-EU cards if the IP address is different from the card’s country of origin. We may be able to catch some fraudsters in the act, but we would still be rejecting any good customer who matches that pattern as well. And that would be too strict, not responsive or agile enough, and it’s also not fair. We simply cannot deny 20 transactions because a bad one matches the pattern.
There has to be a more intelligent way of managing fraud
And that is where artificial intelligence comes into play. By harnessing the power of AI in fraud prevention, merchants now have the ability to truly understand the intent behind each individual transaction. By combining the scalability of machine learning with the thought processes of the world’s best human fraud analysts, merchants now have a solution that won’t treat the fraudsters and legitimate customers the same way.
Advanced artificial intelligence learns from each and every purchase, analysing and enriching the raw transactional data points to come up with a viable, transparent outcome. And it can do this in less than 15 milliseconds for thousands of transactions per second.
So let’s say that a non-EU credit card has been flagged, and the shipping address doesn’t match the card. The AI can then evaluate this against all purchases that match this exact pattern, as well as all similar historical cases, to provide a reasoned AI-Score on the chances that this one transaction is or is not fraudulent.
With this type of analytical power backing up their payment moment of truth, merchants and risk management professionals alike are confident that they can protect themselves against one of the EU’s biggest fraud risks, without sacrificing their revenue in the process.
So now we know what will be one of the most popular fraud strategies in the EU in 2021. We also know the best method for preventing this type of fraud from occurring to your business. The next step for merchants is to ensure that they take the necessary actions to protect their business from this upcoming threat.
About Shahar Levy
Shahar Levy is a seasoned Risk Analyst with a wealth of experience analysing different payment methods across various regions. Adept at managing portfolios, he is highly skilled at handling varying risk profiles & developing appropriate strategic solutions for clients. Having worked in large multinational organizations as well as startup environments, he has cultivated a transferable skill set and an agile approach to his work, which he instills into his team of analysts & data scientists at Fraugster. In addition to his daily tasks at Fraugster, he frequently represents the company on industry panels. As an accomplished public speaker, he is prized for his thought leadership.
About Fraugster
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now