Different payment instruments pose different security risks. Those associated with cash include loss, theft and counterfeit while risks associated with alternative payments are far more diverse and complex. They include card theft, card skimming, card-not-present fraud, identity theft, account takeover, fraudulent transactions, data breaches and more. As a result, it is difficult to accurately compare the risks associated with cash with those of non-cash payments, but nonetheless it is worthwhile to assess the scope of the problem.
According to the European Central Bank, the total value of fraudulent transactions involving cards issued within SEPA (the Single Euro Payments Area comprising the 28 Member States of the European Union, as well as Iceland, Norway, Liechtenstein, Switzerland, Monaco and San Marino) amounted to €1.33 billion in 2012. This represented an increase of 14.8% from 201135 and amounts to €2.58 per person. In the US, the LexisNexis 2014 True Cost of Fraud Study36 concluded that merchants lost a significantly higher percentage of revenue to payment fraud than in 2013 (0.68% versus 0.51%). The increase was due to a higher volume of successful fraudulent transactions: the average merchant suffered 133 successful fraudulent transactions per month in 2014, 46% more than in 2013.
In the fiscal year 2013, the US Secret Service recovered approximately $156 million in counterfeit US currency37 compared to a total circulation of just under $1,198 billion. In the euro zone, a total of 838,000 counterfeit euro banknotes were seized in 201438 out of a total circulation exceeding 16 billion notes; in value, this represents less than €35 million. In India, the number of counterfeit notes detected by commercial banks and the reserve bank reached 488,273 for the fiscal year 2013-2014 compared to a total circulation of over 77 billion notes39.
There are also key differences between cash and non-cash risks.
Firstly, in the case of cash, individuals and merchants can adopt straightforward measures to reduce risks. The most obvious are to reduce the value of cash stored, deposit it in a bank account or keep it in a safe. The security measures for electronic payments are far more complex and often depend on external providers. Furthermore, merchants are incurring increasing costs to combat payment fraud. In the 2015 Europol report, Exploring Tomorrow’s Organised Crime40, the law enforcement agency classifies currency counterfeiting as a declining criminal activity whereas cybercrime, which includes payment fraud, is the fastest-growing activity.
Secondly, in the event of cash losses, the liability lies with the user, but for non-cash losses it is largely collective. If someone loses their wallet, they are accountable for the coins and banknotes lost.
But if one or several cards are in that wallet, in the majority of cases, they will not be liable for the fraudulent use of those cards. Those costs are borne by the issuers and are included in their cost base. In other words, those costs are actually borne collectively by the community of card users.
Thirdly, in the case of cash, potential losses are limited to the value of cash involved. But in the case of electronic payment fraud, the consequences can be much worse and sometimes dramatic, for instance, in cases of identity theft and data breaches (see page 29).