The Hidden Side of Retail Loss: 
How Payment Fraud is Quietly Draining Retailers 

The Cost of Hidden Loss 

“Fraud isn’t just merchandise walking out the door,” said Steve Bochniarz, TRG’s Director of Point of Sale and Payment Solutions. “Chargebacks and returns are also massive headaches.” 

The problem is twofold. On one side are true bad actors — organized fraud rings or individuals who exploit gaps in the system. On the other are customers who may not even see their actions as fraud, from wardrobing to false claims about undelivered items. 

“We see ‘friendly fraud’ all the time—customers who buy products, use them and then open disputes,” Bochniarz explained. “From the retailer’s perspective, it doesn’t matter if it’s intentional or not. The losses pile up either way.” 

The same patterns play out in restaurants, where chargebacks are a growing pain point. Disputes over delivery orders, claims of incorrect charges, or even customers eating the meal, paying for it, then challenging the transaction later all fall under the umbrella of fraud.  

“Restaurants see it constantly,” said Bochniarz. “Food is served, consumed and then never paid for — and the restaurant shoulders the loss.” 

Often, card companies don’t make it any easier. 

“Some cards make it so easy to challenge a charge that it practically invites abuse,” said Bochniarz. “You click a button on your phone, claim you didn’t authorize the charge, and the money is pulled from the merchant almost instantly. Even if the retailer wins the dispute later, the damage is already done.” 

This combination — consumer behavior, lax controls and payment networks that prioritize cardholder convenience — shows why these hidden losses are difficult to contain. And in the U.S., where payment security adoption has lagged behind other markets, the vulnerabilities are even more pronounced. 

Why the U.S. is Especially Vulnerable to Payment Problems 

The U.S. has traditionally lagged when it comes to retail payment technology. For example, overseas markets adopted Europay, Mastercard and Visa (EMV) technology years ago. This technology uses a chip embedded in the payment card that generates a unique transaction code every time it’s used. EMV can also be paired with a PIN requirement, making stolen or cloned cards much harder to exploit. 

The U.S. finally mandated EMV adoption in 2015, but the old-school magnetic stripe technology has stubbornly stuck around in the states, despite its near disappearance in Europe. 

One of the biggest reasons, according to Bochniarz, are government subsidy programs like EBT. These programs still rely on magnetic swipes, forcing retailers to keep the ancient technology alive.  

“More than 80% of all card fraud across the globe happens here in the U.S.,” he said. “That’s no coincidence. Magstripes are relatively easy to copy, and that makes them a big target for fraud.” 

Beyond government mandates, cultural norms compound the problem in the US. “In Europe, nobody wants to touch your card. It never leaves the customer’s hand,” Bochniarz added. “Here in the U.S., we’re used to handing our cards to servers, cashiers—anyone really. That habit makes fraud much easier because the card changes hands constantly.”

The New Frontline of Loss Prevention  

Even where new payment technology has been fully adopted, patchwork implementation still leaves cracks for fraudsters to exploit. And then there’s Payment Card Industry (PCI) compliance, the complex set of security standards designed to protect cardholder data which governs everything from how information is encrypted to how devices are certified. 

A critical piece of PCI compliance — and one of the least understood — is the management of cryptographic keys. These are the digital “lock-and-key” codes that secure every card transaction. Without them, payment devices can’t encrypt sensitive data. But if they’re mishandled, they can become a doorway for payment fraud. 

“If you don’t manage your keys carefully, you’re really opening the door to problem,” warned Bochniarz. “And in the U.S., the compliance requirements are dense, but the enforcement is inconsistent. This creates a situation where many retailers are exposed without even realizing it.” 

That’s why key injection facilities (KIFs) exist. A KIF is a highly secure environment where these cryptographic keys are loaded onto payment devices.  

Bochniarz compared it to handling nuclear codes. Done properly, it’s one of the most important safeguards retailers have against fraud. Done poorly, it creates long-term vulnerabilities. 

“The ‘payments’ part of retail has traditionally operated in its own world,” Bochniarz explained. “It’s all about banks, processors, devices, software, certifications etc. Every piece has to line up. And if one is wrong, the whole system is vulnerable.” 

At the same time, payment technology is evolving fast. Terminals have become multipurpose supercomputers that can run apps, not just process swipes. That evolution means it no longer makes sense for “payments processing” to operate in total isolation from other aspects of retail management.  

“Today, you can embed fraud detection, loyalty programs and even AI-powered monitoring right at the point of sale,” said Bochniarz. “RFID and Bluetooth can also tie inventory to the transaction in real time. If you know exactly what left the shelf and how it was paid for, you can connect dots across loss prevention, inventory accuracy and customer personalization.” 

Looking Ahead  ​ 

In today’s competitive retail environment, hidden losses from payment fraud are simply too costly to ignore. That’s why payment security and post-transaction risk will be a central theme for TRG at NRF 2026, the biggest retail show of the year. 

Retail leaders will be there looking for credible strategies to strengthen their payment systems, reduce fraud exposure and close the cracks. 

And we’ll be there with the solutions.