Card fraud has been on a declining trend since 2007, thanks to technological advances that are making transactions safer. This is the main conclusion of the second report on card fraud published today by the European Central Bank (ECB). However, fraud is migrating to countries where the technology remains less developed.
From 2010 to 2011 there was a further decrease in the value of fraud, despite growing card usage in the Single Euro Payments Area (SEPA), which comprises 32 countries (the European Union Member States, Iceland, Liechtenstein, Monaco, Norway and Switzerland) and 516 million citizens. The total amount of fraud was €1.16 billion in 2011, representing a decrease of 5.8% since 2010. In relative terms, the share of fraud as a share of the value of all transactions fell to 0.036% in 2011, from 0.040% in 2010 (and 0.044% in 2007). Between 2007 and 2011 the overall amount of fraud decreased by 7.6%, while the total value of all transactions grew by 10.3%, reaching almost €3.3 trillion per year.
The report, which was compiled by the Eurosystem, namely the ECB and the 17 national central banks of the euro area (with data from 25 card payment schemes, including the most well-known card brands, banks and other large national issuers), looks at fraud using different kinds of cards (debit and credit) and according to type of usage. In 2011 some 56% of the value of fraud resulted from card-not-present (CNP) payments – i.e. payments via post, telephone or the internet – while one-quarter resulted from point-of-sale (POS) terminals and about one-fifth from automated teller machines (ATMs).
Improvements in the security of cards and in the underlying payment infrastructure are the main reason for a slowdown in growth of ATM fraud, as well as in the more than 24% drop in fraud carried out at POS terminals. The most significant improvement was the more widespread adoption of EMV, a chip-based security standard that is much safer than conventional magnetic stripes, which goes hand-in-hand with improvements to the infrastructure behind each transaction. However, this trend has partially shifted the problem to countries where chips are not yet prevalent. In 2011 some 78% of all fraud with counterfeited cards was carried out in non-SEPA countries, up from 61% in 2010. With regard to fraud involving ATMs, 95% of all counterfeited card fraud occurred outside SEPA, up from 67% in 2010. Counterfeit fraud uses information on the magnetic stripe to make a copy of the card. Usually, fraudsters obtain the information on the magnetic stripe by manipulating ATMs or POS terminals within SEPA.
CNP fraud, which has been on an upward trend over the past few years, has stabilised, but remains the largest category of fraud. It saw an increase in its absolute value from €648 million in 2010 to €655 million in 2011 (or from 52% to 56% in relative terms). The vast majority of CNP payments (73%) were initiated over the internet. Countries that have made significant efforts to increase internet security, for example the United Kingdom with 3-D Secure, experienced a decrease in CNP fraud. In this respect, the European Forum for the Security of Retail Payments has recommended stronger security measures for transactions conducted via the internet.
For credit and delayed debit cards, which are predominantly used for internet and cross-border transactions, €1 in every €1,100 (around 0.09%) was spent in a fraudulent transaction. For debit cards, which are more commonly used in stores and for cash withdrawals, the proportion was €1 in every €5,200 (0.02%). CNP fraud is usually most prevalent in mature cards markets, whereas POS fraud is more common in less developed markets.
This second report on card fraud includes information on fraud at the level of each participating EU country. It shows that cards issued in Luxembourg, France and the United Kingdom on average experienced the highest fraud losses as a proportion of regular transactions. Transactions carried out in Ireland were the most likely to be fraudulent: over one in every 1,000 transactions, compared with the euro area average of about one in every 4,000 transactions, with most of them being conducted over the internet.
In conclusion, the report shows that keeping technology up to date is key in combating fraud and that it is necessary to foster a wider adoption of EMV standards in order to increase the safety of card payments in general. As the bulk of transactions within Europe becomes safer, fraudsters increasingly target more vulnerable markets. The ECB supports the adoption of such features, which also forms part of the SEPA migration. Although it is on a downward path, fraud continues to demand constant vigilance and coordination on the part of the payments industry across the globe.