At a round table event last month to coincide with the launch of a white paper on card-not-present (CNP) fraud, experts discussed the need for co-operation from all sectors to tackle CNP crime, and called on banks in particular to be more proactive.

According to the white paper, published by payment systems provider eFunds, online fraud now tops the list of challenges facing the payment processing industry, and the biggest increase was in CNP fraud, which jumped 24 percent over the last year.

Katherine Hutchison of eFunds said that e-commerce is the weakest link in terms of card fraud – because criminals can make multiple mistakes while trying to defraud online retailers without being caught. “Statistically most transactions [made online] are still good … but fraud follows the money and so it’s concerning that many companies have no effective solutions deployed,” Hutchison added.

Online crooks are using internet chat rooms to share information and trade their specialist services, such as hacking into systems or gathering account information, Hutchison said. “[It has become] a cottage industry where they sell each other goods and services … but it’s important for retailers] to band together too,” she added.

Riten Gohil of the fraud control division of payment authentication organisation Apacs said that criminals look for the weakest defences to exploit – and the success of chip and PIN security on the high street is causing criminals to focus more on online fraud.

“Information is [now] a hot commodity for the criminal,” he said. “But the antiquated data protection laws [in this country] mean sharing information is a difficult challenge … from merchant to merchant and merchant to bank.”

The education of merchants is a big part of Apacs’ job, according to Gohil, as many firms do not have good protection in place. “Mid- and low-tier merchants don’t have [sufficient safeguards] and the first time they become aware of fraud and realise that [they have to pick up the bill] is when they’re hit,” he warned.

EFunds’ Hutchison said that criminals are increasingly targeting such companies, especially new online retailers, as these companies often have less knowledge of fraud prevention and their security budgets are limited. “If you don’t react you will be at risk – it’s necessary to have the full suite of defence tools,” Hutchison said. “However [online fraud] is concerning because there is no known solution that [is foolproof]. Verified by Visa, for example, is vulnerable to phishing.”

But Karen Williams of eFunds argued that banks could do more to protect those retailers that are unable to fund their own in-house defences, and could gain a new revenue stream as a result.

“Banks think merchants should provide the tools to combat online fraud,” Williams said. “But there is a huge opportunity for the banks to generate revenues … by sharing the expertise they have to provide a suite of offerings to help retailers verify [cardholders’ identities].”