Card fraud within the Single Euro Payments Area (Sepa) increased in 2012 for the first time since 2008, driven mainly by higher internet fraud.

The third report on card fraud, published by the European Central Bank, finds that more efforts will be required to ensure the security of online card payments as internet purchases continue to grow. At the same time, fraud as a share of the total value of transactions remained below the levels recorded between 2008 and 2010.

In 2012, €1 in every €2,635 spent on credit and debit cards issued within Sepa (the EU, Iceland, Liechtenstein, Monaco, Norway and Switzerland) was lost to fraud. That represents 0.038 per cent of a total of €3.5 trillion in transactions, up from 0.036 per cent in 2011.

The total value of fraud increased by 14.8 per cent in 2012 compared with 2011, reaching €1.33 billion. Compared with 2008, the overall amount of fraud decreased by 9.3 per cent, while the value of transactions increased by 17 per cent.

“These data show we must remain vigilant against card fraud, although it is also reassuring to see that counterfeit levels are lower inside Sepa than outside, thanks to higher security standards,” said Vítor Constâncio, vice president of the ECB.

The report, compiled by the Eurosystem (the ECB and the 18 national central banks of the euro area), looks at fraud using different kinds of cards (debit and credit) and according to type of usage.

In 2012, some 60 per cent of the value of fraud resulted from card-not-present payments – i.e. payments via post, telephone or the internet – while roughly one-quarter resulted from point-of-sale terminals and about one-sixth from automated teller machines.

Card-not-present (CNP) fraud has been on an upward trend over the past few years, and increased by 21 per cent from 2011 to 2012. However, this must be viewed in the context of fast-growing CNP usage: data on regular CNP transactions, which were only partially available, suggest that CNP payments rose by around 15 per cent to 20 per cent a year between 2008 and 2012, compared with four per cent a year for all transactions, i.e. including ATM and POS transactions.

Significantly, increases in this kind of fraud were also observed in countries that had previously made major efforts to increase the security of the card payments via internet, albeit mostly relying on additional passwords rather than more advanced techniques such as random codes generated by a token or chip card reader.

Such advanced techniques, together with awareness of the importance of security among cardholders and merchants, become necessary as fraudsters become more sophisticated. This was all the more important given that further growth in CNP usage could be expected, the ECB said.

Against this background, the European Forum for the Security of Retail Payments emphasised the need for higher security standards in its recommendations for the security of internet payments released in January 2013.

Among other things, higher security standards are needed in order to protect the initiation of internet payments by strong customer authentication, to better protect data storage and communication, and to provide guidance to customers on best online security practices.

Higher ATM and POS fraud was caused mainly by higher counterfeit fraud committed (i.e. the moment a cloned card is used) outside Sepa. Counterfeit fraud is continuing to shift to countries outside Sepa owing to higher security standards at ATMs and POS terminals inside the area. In 2012, 94 per cent of ATM and 65 per cent of POS counterfeit losses were incurred outside Sepa, rising sharply from 53 per cent and 58 per cent respectively in 2008.

This situation should improve as more countries migrate to the EMV security standard, in which cards equipped with chips allow for safer infrastructure systems and authentication processes.

However, where magnetic stripe usage cannot be completely avoided, card schemes and issuers should adopt further measures to prevent fraud, such as carrying out enhanced monitoring of transactions, setting limits and imposing blocks on transactions from specific countries, which could be temporarily lifted according to customers’ needs.

For credit and delayed debit cards, which are predominantly used for internet and cross-border transactions, €1 in every €1,000 (around 0.097 per cent) was spent in a fraudulent transaction.

For debit cards, which are more commonly used in stores and for cash withdrawals, the proportion was €1 in every €5,400 (0.019 per cent).

CNP fraud is usually more prevalent in mature card markets, whereas POS fraud is more common in less developed markets. However, CNP was the dominant channel for fraud in almost all countries, while also rising sharply in less developed card markets.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.