Skip to content Skip to navigation menu
Your browser is not supported by this site.
Please update to the latest version, or use a different browser for the best experience.

White Paper

Understanding the modern
retail fraud landscape


Fraud is a persistent, expanding problem for retailers. They’re contending with criminals who grow in sophistication and inflict greater levels of losses with every year.

Retail fraud has been evolving. It’s often no longer the work of an individual, opportunistic criminal (say, someone who steals a credit card and uses it at the point of sale) but more that of syndicates, sometimes global networks with many hackers at their disposal.

“It’s grown in profitability,” says Daniel Garrie, executive managing partner at Law and Forensics LLC and a partner at Zeichner Ellman and Krause LLP. “It’s becoming a lot more pervasive, and it often seems more like the work of a crime syndicate. They’re becoming more aggressive.”

The Prevalence of Online Retail Fraud

At the same time, retail fraud is becoming increasingly centered on online activity. As more retailers adopt EMV (embedded chip) terminals, it’s made point-of-sale credit card fraud more difficult. It’s easier and more lucrative for criminals to target consumers online. For example, Card Not Present (CNP) fraud is 81 percent more likely to occur than point-of-sale fraud, according to Javelin Strategy & Research’s 2018 Identity Fraud Study. CNP fraud, where scammers exploit online payment channels to bypass face-to-face verification at the point-of-sale, could cost the global retail industry $71 billion by the end of the decade.  In a new Juniper Research white paper, experts identified a confluence of factors, including the shift to EMV chip cards, delays in payment security upgrades and an uptick in click-and-collect (C&C) fraud, where customers purchase goods online but pick them up in-store, as primary drivers of this fraud pandemic.

Recent fraud studies paint a troubling picture. Account takeover (ATO) tripled last year, a four-year high, and total ATO losses reached $5.1 billion, up 120 percent from 2016. And the number of identity fraud victims rose by eight percent in 2017 (totaling 16.7 million U.S. consumers), a record high since Javelin started tracking identity fraud in 2003.

The Impact on Retailers

As more customers become victims of identity fraud, it could translate into substantial losses for retailers. The more emphasis retailers place on improving their customer verification efforts, the more they can identify potential fraudsters and prevent them from acting. But just like financial institutions fine-tuning their money laundering rules, broad industry trends alone cannot guide merchant fraud prevention. Before deploying a fraud counterstrategy, retailers must conduct thorough proprietary risk audits to determine their unique threat exposures. For example, a merchant that doesn’t allow in-store pickup of goods will have zero exposure to C&C risk. Alternately, an e-commerce merchant that hosts high volumes of airline payment transactions will likely have more exposure to chargeback fraud.6 Thus, retailers need to review their proprietary fraud reports to understand the typologies, geographies, email addresses, physical addresses and other contextual data points that collectively reveal their vulnerabilities.

It’s essentially an arms race, technology-wise, between retailers and criminals and retailers can’t afford to lose. “If you can identify and verify IDs, you will be in a much better place,” Garrie says.


Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.