Card fraud costs the U.S. card payments industry about $8.6 billion annually with the bulk of the losses falling on card issuers, according to a report released this week by Aite Group LLC.
The report, which the Boston-based research and advisory firm based on interviews with more than 30 fraud management professionals, details different types of card fraud and analyzes fraud prevention systems to compare their potential success in defeating card fraud.
Among the top forms of card fraud are card not present, counterfeit cards and lost/stolen card fraud, but the biggest category of card fraud is "first-party" fraud, which is committed either by a thief or a legitimate cardholder who intentionally decides not to pay off a credit card balance, the report showed. Losses are split between card issuers, merchants and acquirers but the majority impacts card issuers, according to Aite Group.
The U.S. card industry has a handful of choices to mitigate card fraud including: requiring additional information for card transactions such as address verification or token-based authentication; devaluing magnetic stripe data through encryption or single-use card numbers; or by deploying higher-level card technology such as chip card technology, Aite Group said.
The report concludes that end-to-end-encryption, which encrypts the card data from the point of capture to its final destination, is the most practical method for mitigating card fraud today.
"Criminals need access to deep seams of card data," Nick Holland, senior analyst at Aite Group and author of the report, said in a prepared statement. "Cutting off the supply of data via a national-level deployment of end-to-end encryption would significantly reduce counterfeit and lost and stolen card fraud."
After its systems were breached in 2008, Heartland Payment Systems Inc. last year led an industry charge towards end-to-end encryption. The company has partnered with Voltage Security Inc. to produce the E3 system, an end-to-end encryption system that protects card data from the time a customer swipes their credit card through its storage in the payment processor's systems.