By Sudha Kiran Pentela
Principal Consultant
Thinksoft Global
Major brands like Visa, MasterCard, American Express, Diners Club, UnionPay and JCB averaged fraud losses of 6.13 basis points or 6.13 cents for every $100 spend, excluding merchant costs; up from the 5.07 cents in the previous study. Interestingly, the United States (US) accounted for 47.3 percent of such losses, despite generating just 23.5 percent of the total transactions for goods and services.
Major brands like Visa, MasterCard, American Express, Diners Club, UnionPay and JCB averaged fraud losses of 6.13 basis points or 6.13 cents for every $100 spend, excluding merchant costs; up from the 5.07 cents in the previous study. Interestingly, the United States (US) accounted for 47.3 percent of such losses, despite generating just 23.5 percent of the total transactions for goods and services.
There are several factors shaping card fraud trends. They include changes in the underlying card technology, security standards, consumer payment preferences, legal and regulatory rules regarding liability for unauthorized payments, the structure of the payments industry, definitive initiatives from stakeholders like central banks, card schemes and approval/fraud detection techniques for debit and credit card transactions.
The US on the other hand has been very slow in adopting the EMV system due to constraints in upgrading the 8 million odd legacy systems at merchant sites writes Joshua Brustein in the Bloomberg BusinessWeek of December 23, 2013. Quoting Jason Oxman, CEO of the Electronic Transactions Association, a trade group for the payments industry, Brustein notes that the credit card industry in the US downplays concerns about fraud dismissing them as very rare occurrences..
However, the delay on the part of US issuers to implement EMV-based systems has repercussion for issuers in other regions: European card issuers are now facing increased cross-border fraud losses in overseas markets, especially in the US. The ECB’s Report on Card Fraud of 2012, a 2% share in transactions is contrasted with a 25% share in fraud value for payments acquired outside the Single Euro Payment Area (SEPA)., Prior to the adoption of chip-and-PIN cards, only about 25 percent of the total fraud for UK-issued cards occurred on transactions outside of the UK, but today it is over 60 percent.
CNP fraud is another increasingly important element in this overall picture.
- The ECB notes that, ‘for delayed debit and credit cards’ and
‘debit cards’, CNP was the most used fraud channel,
accounting for 68% and 48% respectively of all fraud. CNP
transactions accounted for 56% of all fraud and were the main
drivers of fraud rates in the previous year. FICO data also
indicates a growth of 25% in CNP fraud rate between January
2011 and September 2012!
- CNP fraud becomes significant as fraudsters get to be more sophisticated. Data breaches and emergence of ‘Fraud as a Service’ (FaaS)/‘Cybercrime as a Service’ with Research, Crimeware, Cybercrime Infrastructure and Hacking all as services exacerbate the situation. A Symantec study found that the list of most popular items for sale, as well as the most requested for purchase is credit card data. The potential worth of all credit cards observed for sale during Symantec’s yearlong reporting period was estimated to be $5.3 billion Yet another dimension is ATMs and PoS terminals. Counterfeited cards continue to be the most common type of ATM fraud, while it is lost and stolen cards at PoS terminals. For delayed debit and credit cards within SEPA, fraud occurrence at PoS terminals and ATMs accounted for 25% and 7% respectively. For debit cards, these figures stood at 34% and 18% respectively. Card fraud acquired at ATMs grew by 7.4% from 2010 to 2011, while fraud acquired at PoS terminals decreased by 24.2%. This decrease was mainly driven by a 43% reduction in counterfeit fraud at PoS terminals. In 51% of cases, ATM and PoS fraud was conducted with counterfeit cards and in 40% of cases with lost or stolen cards.
Implementation of EMV standards for issuance and acquisition have resulted in reduction of ‘card present’ fraud, forcing fraudsters to shift to cross-border and CNP transactions. To mitigate the risk associated with CNP transactions, central banks and card schemes and issuers are implementing solutions like 3D secure and one time password.
The issuers and acquirers are also focusing on fraud detection solutions. As banks amend their techniques, fraudsters shift to weaker links and into identifying newer vulnerabilities. As Frank Abagnale Jr. in the movie Catch Me if You Can says, “you're gonna have to catch me first!” For financial institutions, often it has been an exercise of catching up with ‘innovative’ fraudsters. A wide range of anti-fraud solutions are based on rule based neural networks and analytics. Tackling payment card fraud requires a holistic, layered and multi-pronged strategy that accounts for customer experience without compromising on fraud detection.
Testing of fraud detection solutions requires an understanding of business rules and the end to end authorization processes. Simulating transactions to address specific strategies and rules throws up many challenges. Experience shows that it is pertinent to consider decimal variations w.r.t. currencies (zero decimal, two decimal and three decimal) and the amounts. As a transaction could traverse through switches, behavior-risk based decision systems for over-limit transactions and finally fraud-detection, scoring systems and the issuer host, it is important to ensure that authorization response is in line with business expectations.
No comments:
Post a Comment