For as long as there have been merchants, there have been thieves with sticky fingers looking to avoid paying for the goods. In the modern era of retail, brick-and-mortar chains have tried to combat those criminals with cameras, mirrors, security guards, alarm tags, and a host of relatively low-tech techniques. They aren't always successful, but they keep what management likes to call "shrinkage" somewhat in check. 

Interestingly, those old-school methods are working better for physical stores than what many sellers are doing to prevent similar loses online.

Retailers are likely to lose $130 billion in digital card-not-present (CNP) fraud between 2018 and 2023," according to a new report from Juniper Research. That's largely because criminals are innovating and getting smarter while many retailers are ignoring the problem.

A person holds a credit card while typing at a laptop.

An increase in digital shopping means an increase in fraud. Image source: Getty Images.

What are retailers doing wrong?

CNP is exactly what it sounds like. Whether it's in-store, over-the-phone, or online, these are transactions made when the physical credit card isn't present. In most cases, retailers try to verify that the person making the charge is really the accountholder by asking for a billing address, a three- or four-digit security code, and the expiration date along with the card number.

The problem is that all of that information can be acquired by nefarious means. Combating CNP, therefore, requires retailers to take steps beyond what they are currently doing. 

"The report found that eCommerce merchants remain, to a large extent, focused on assessing fraud risk at the point of transaction," according to a Juniper press release. "As such, analysis in terms of session and behavioral monitoring, or validating the identity of a user to assess fraud risk before any transaction, is lacking."

The study showed that retailers aren't investing enough in fraud detection and protection (FDP) tools. This is an issue of perception, according to the report -- retailers simply don't recognize the value of making those investments. Nearly $10 billion will be invested in FDP annually by 2023, but the bulk of that will be spent by financial institutions and payment service providers.

"A layered FDP solution naturally helps directly preventing fraud, but it also offers major gains in terms of recovering potentially lost revenue through false positives," said research author Steffen Sorrell in a press release. "This is something about which retailers remain undereducated, and has allowed fraudsters to capitalize on relatively low FDP spend"

What can be done?

As more sales move online, CNP fraud has steadily grown. Losses will reach $48 billion a year by 2023, up from the $22 billion in losses estimated for 2018, according to Juniper Research.

"The increase in instant payment mechanisms and mobile P2P money transfer services, make the money transfer segment a key target for fraudsters through social engineering, malware, and app tampering," according to the report. "This will lead to transaction fraud in this segment growing at 23% CAGR (compound annual growth rate)."

To combat the problem, retailers first need to accept that it exists and that it won't be solved for them by banks, credit card companies, and other financial institutions. That's a lesson that bigger companies are likely to embrace first, which will leave a host of retailers exposed to fraudsters.

Consumers also carry some responsibility here. As data breaches have become more and more frequent, the public response to them has evolved from outrage toward apathy. That's a dangerous path to take, given that in at least some cases, being more careful with your own choices can prevent your data from being compromised in a corporate hack.

The rise in CNP fraud is a phenomenon that will require both vigilance and investment to counteract. So far, it appears neither retailers nor consumers are prepared to devote enough of either to make a difference.

The Motley Fool has a disclosure policy.