Fraud Prevention: Consumers are Key

Study: Card Fraud Highlights Need for Dual Authentication
Fraud Prevention: Consumers are Key
Most of the top payment card issuers are doing a poor job of preventing fraud. In fact, Phil Blank of Javelin Strategy & Research says a majority of the top U.S. issuers of Visa and MasterCard have for the last three years received poor marks for consumer education and fraud prevention - revealing a gap in steps institutions should take to curb card-fraud losses.

In its Seventh Annual Issuer Safety Scorecard, Javelin finds fraud-prevention measures lag when compared with resolution and detection.

"On the positive side, resolution efforts have improved over the last three years," says Phil Blank, part of Javelin Strategy & Research's Security, Risk and Fraud Practice. "Resolution, of the three is the easiest. Prevention and detection are more difficult."

Javelin finds many banking institutions are not working with security vendors to address growing concerns about card-not-present fraud, nor are they implementing multifactor or second-layer authentication that relies on the mobile channel - an area in which Javelin expects room for growth.

"If you used the mobile channel to approve a transaction, then all of that card-not-present fraud goes away," Blank says. "In crimes of impersonation ... there's no amount of traditional security that can fight that."

Consumers Must be Involved

Mindset is a big part of the problem. Javelin's research suggests only the customer can fight card-not-present fraud, highlighting the need for card issuers to get consumers involved in second-layer transaction approval. "If it's not you or the bank can't reach you, then the transaction is not approved," Blank says. "The mobile channel could be used to send alerts to customers about card transactions. Not enough is being done in that area."

Recent incidents of card fraud, from the Michaels debit breach to the online exposure of millions of Citi cardholders, have heightened concerns for card issuers. These organizations say they are struggling to curb fraud, especially on the debit side. Cuts to debit interchange income included in the Durbin amendment to the Dodd-Frank Wall Street Reform and Consumer Protection Act have increased their worries.

The Federal Reserve's announcement last week to offer a 1-cent per transaction incentive for fraud prevention investments tied to debit is expected to soften the blow. But how much will that incentive encourage institutions to invest more in prevention? [See The Fed's Impact on Fraud Funding.]

Some proponents of the interchange incentive, such as Randy Vanderhoof of the Smart Card Alliance, say the extra penny could motivate card-issuing institutions to more closely examine a move toward the chip-and-based Europay, MasterCard, Visa standard.

"From my perspective, the cost of [debit] fraud is going to become extremely difficult to absorb if the income financial institutions count on from their interchange channel gets reduced," Vanderhoof says. "When the percentage of fraud against the revenue those transactions generate significantly changes, I think banks and card issuers will be looking for solutions that can offer greater fraud reduction."

But the fraud increase is highest for card-not-present transactions: an area EMV does not address. "There is not enough is being done for card-not-present fraud, which now exceeds card-present fraud," Blank says. "And EMV will do nothing about the card-not-present fraud."

If card issuers had policies in place for consumers to review and respond to mobile prompts as second layers for transaction authentication, Blank says fraud would decrease, without costly investments in new technology like EMV. "Card-not-present fraud will grow," he says. "We have to get these consumers involved in the view-and-release process."

Javelin's research includes data from household, consumer and card-issuer surveys. Issuers were scored based on Javelin's Protection, Detection and Resolution model, which measures consumer-facing protective measures used by U.S. card issuers employ. The purpose of this report is to provide an understanding of the current trends in fraud and the evolving security criteria that card issuers are using to address them.

Listen to this exclusive podcast with Blank, who discusses what Javelin's findings mean for card issuers.


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.