1. Research

Card fraud in Germany: Few incidents, but high costs

Deutsche Bank Research Management
Stefan Schneider

Christmas is only a few days away, and everyone is rushing to buy presents for family and friends. The tills are ringing and the card terminals are buzzing. But how safe is it to pay by card?

In 2016, approximately 800,000 incidents of card fraud caused EUR 132 m of damage in Germany. This sum is certainly high in absolute terms, but needs to be put into perspective: Overall, 6.3 bn card payments and ATM withdrawals worth a total of EUR 643 bn took place in 2016.[1] The fraud rate thus amounted to 0.02% of the total value and 0.01% of the total number of transactions. Put differently, the per-capita damage from card fraud was EUR 1.61, with EUR 0.26 stemming from cash withdrawals, EUR 0.29 from point-of-sale payments and EUR 1.06 from using cards online. However, the card fraud statistics do not offer information on which party ultimately has to bear the loss: the cardholder, the cardholder’s bank, the merchant or the acquirer (the merchant’s bank).
Card fraud in Germany: Few incidents, but high costs
Sources: ECB, Deutsche Bank Research
The risk of card fraud depends to a large extent on the situation in which the card is used. In Germany, ATM withdrawals are the most important type of card transaction in terms of value (EUR 384 bn). At the same time, the fraud rate is lowest for this type of transaction. In theory, the damage from fraud amounts to about 6 cents for every EUR 1,000 withdrawn in cash. Card payments at the point-of-sale amounted to a total of EUR 220 bn, with the average fraud damage for every EUR 1,000 of sales coming to 11 cents. Over the last few years, EMV chips have helped to considerably reduce fraud from card-present transactions, as the chip technology has rendered copying the magnetic stripe obsolete. By now, 84% of all cards in Europe carry an EMV chip and these are used for 98% of all card payments.
The card fraud risk is biggest in virtual payment situations. But even then, the large majority of transactions did not suffer from any fraud. Most of the so-called “card-not-present” (CNP) transactions were online card payments, but the total also includes cases in which payment instructions were given on the phone or by letter. When paying online by card, German customers mostly use credit cards; debit cards play only a marginal role on the internet. Out of a total of EUR 38 bn paid over the internet or on the phone, fraudsters grabbed EUR 87 m or, on average, EUR 2.27 per EUR 1,000 of sales. In most cases, sensitive card or cardholder data had been stolen. But fraud also included incidents where fraudsters claimed back the price of goods which they had indeed ordered online and paid for by card.
Since the damage from CNP transactions is relatively high, banks, card companies and retailers are working hard to prevent online fraud. According to retailers and financial services providers, 3D Secure Authentication (improved procedures to identify both payers and payees) and tokenization (replacement of sensitive card data by a number code during the payment process) have yielded good results. In addition, neuronal IT systems helped to prevent fraud by recognising attempts in time. These and other methods to improve security have been quite successful, in fact. CNP fraud rates dropped in comparison to 2013 (the year in which the previous survey took place), while total online sales rose.
Even though the fraud rates were low and, regardless of the situation in which the card was used, more than 99.7% of all card transactions by value were executed securely, the absolute damage of EUR 132 m is an incentive to continue with efforts to combat fraud. This applies not only to card payments, but also to other payment methods such as credit transfers or online payments, for which no similarly comprehensive figures are available.[2] Experience has shown that fraudsters prefer situations where the potential loot is large or security is lax. Indeed, fraud rates are considerably higher in countries such as France, where cards are used much more often than in Germany. Moreover, new technologies and payment methods do not only improve the quality of service or reduce costs, but at the same time they open up new weak spots which criminals can exploit. Thus, the race between financial services providers and fraudsters will continue.
[1] Card payments excluding Elektronisches Lastschriftverfahren (debit card payments requiring the customer’s signature).
[2] From 2019, the PSD2 will oblige payment services providers to use a uniform European template to report fraud incidents for all payment methods to the national supervisory authorities. These figures will be sent on to the ECB and the EBA. However, as of now, it is not yet clear whether the EBA will make the aggregated data publicly available.
Originalfassung in Englisch vom December 17, 2018: ˮKartenbetrug in Deutschland: Geringer Anteil, aber hohe Kostenˮ

© Copyright 2022. Deutsche Bank AG, Deutsche Bank Research, 60262 Frankfurt am Main, Germany. All rights reserved. When quoting please cite “Deutsche Bank Research”.

The above information does not constitute the provision of investment, legal or tax advice. Any views expressed reflect the current views of the author, which do not necessarily correspond to the opinions of Deutsche Bank AG or its affiliates. Opinions expressed may change without notice. Opinions expressed may differ from views set out in other documents, including research, published by Deutsche Bank. The above information is provided for informational purposes only and without any obligation, whether contractual or otherwise. No warranty or representation is made as to the correctness, completeness and accuracy of the information given or the assessments made. In Germany this information is approved and/or communicated by Deutsche Bank AG Frankfurt, licensed to carry on banking business and to provide financial services under the supervision of the European Central Bank (ECB) and the German Federal Financial Supervisory Authority (BaFin). In the United Kingdom this information is approved and/or communicated by Deutsche Bank AG, London Branch, a member of the London Stock Exchange, authorized by UK’s Prudential Regulation Authority (PRA) and subject to limited regulation by the UK’s Financial Conduct Authority (FCA) (under number 150018) and by the PRA. This information is distributed in Hong Kong by Deutsche Bank AG, Hong Kong Branch, in Korea by Deutsche Securities Korea Co. and in Singapore by Deutsche Bank AG, Singapore Branch. In Japan this information is approved and/or distributed by Deutsche Securities Inc. In Australia, retail clients should obtain a copy of a Product Disclosure Statement (PDS) relating to any financial product referred to in this report and consider the PDS before making any decision about whether to acquire the product.