Idea: Battle Card-Not-Present (CNP) Fraud by Putting Your Cardholder in the Middle

Idea: Battle Card-Not-Present (CNP) Fraud by Putting Your Cardholder in the Middle
Posted: May 31, 2016
Comments: 0
Author: Bill Lehman

There was a time when a bank or credit union did not talk about fraud to their cardholders. They did not want to give the impression that their financial institution might be susceptible. The only mention was when describing the benefits of using the Visa or MasterCard brand which carries zero liability to the cardholder in case of fraud. But those days of silence on the subject are long in the past. Consumers are leery of identity theft, have started to look closely at their statements and, have learned the need to keep their social security numbers private.

However, fraud continues to grow. Chip cards are expected to combat one specific type of fraud – counterfeit cards at the point-of-sale, once terminals are upgraded. But, fraud is taking other forms. A study from Juniper Research predicts that fraudulent online transactions will reach $25.6 billion by 2020, up from $10.7 billion last year. That means for every $1,000 spent, $4 will be fraudulent. This is because in the CNP environment of online purchases, the chip on the card can’t do its job of ensuring the validity of the transaction.

Another type of fraud is expected to rise in the wake of the U.S. EMV migration. According to a white paper by the Aite group, “account takeover (ATO) is another key area of fraud migration, as criminals leverage the large supply of compromised login credentials and PII at their disposal to take over existing accounts. ATO more than tripled in the wake of the U.K. EMV migration, from GBP42 million in 2005 to GBP125 million in 2015. Escalating attacks combining phishing, social engineering, and sophisticated malware are to blame for the continued growth in U.K. ATO losses.”

It is expected that we will see the same double digit increase in online fraud and account takeover fraud here in the U.S. What can banks and credit unions do to fight back? It’s time to enlist the help of the cardholders themselves. There is a proven drop in fraud when the cardholder is put in the middle of the transaction. Early detection can reduce 30-40% of fraud.

Products you can offer cardholders to combat CNP fraud

Purchase Alerts. Both Visa and MasterCard have made purchase alerts mandatory, as of October 2016, for all issuers to offer to their credit and debit cardholders alerts by either text or email for purchase made using their card. These alerts help a cardholder manage their budgets, and let them know immediately of transactions that they didn’t authorize. For issuers, purchase alerts go a long way to reducing fraud.  In an analysis from Visa, purchase alerts reduce 54% of fraudulent transactions, and reduce dollar loss by 36%. In order to activate the alerts, the cardholder must register their mobile number and/or email address and check which alerts they wish to receive. Issuers should encourage their cardholders to do so. And cardholders should be educated to report any suspicious transactions quickly to reduce further fraud. 

Fraud Alerts. Some issuers or their processors offer fraud alerts. When a neural network fraud detection system, such as the FICO Falcon fraud assessment system, scores a transaction as high potential for fraud, a trigger is issued. This trigger can result in a phone call, or a text message to the cardholder to verify the validity of the transaction, or a block on the card for all subsequent authorizations if it is believed that the card was compromised. This solution is only as good as the contact information on file for that cardholder. If the cardholder can’t be reached due to a missing phone number, then all the cardholder sees is frustration at the issuer when the next transaction fails. So issuers need to redouble their efforts to ensure current phone numbers and email addresses for all their cardholders.

Card Controls. A new technology in the market is the ability to “freeze” a debit or credit card if the cardholder misplaces it or it is stolen. Usually done through a mobile app, this capability also allows the cardholder to block transactions by category, for example, purchases made from out of state, or block all online transactions. This is the ultimate way to put the cardholder in the middle of the transaction to reduce fraud. When a blocked purchase is attempted, the cardholder is notified. If the cardholder is making a legitimate online purchase, they can lift the block, then reinstate it.

Online Wallets (3D Secure Technology). Using online wallets such as Visa Checkout or MasterPass is a win-win-win. Online wallets hold the payment credentials in a secure token form, and securely store billing and shipping addresses, for use in making purchases on a merchant’s website. When the cardholder wants to checkout their cart, they click on the Visa Checkout or MasterPass logo, enter their username and password, and all the forms needed for purchase are securely provided to the merchant. This is a win for merchants, since it drastically reduces card abandonment – that moment when you are about to checkout, but are presented with a screen full of empty fields, and leave the page. This is a win for cardholders, since it greatly reduces the time required to make a purchase. And this is a win for issuers, since the payment credentials are tokenized, and not stored by the merchant, eliminating breach of card data.

This is not a comprehensive list of solutions. Nor should it be taken as “pick the best one”. As EMV closes the gap on counterfeit fraud at the terminals, the bad guys will not give up, they will shift their prowess to other forms of fraud, as proven in every country that migrated to EMV before the United States. The fraud landscape will shift for issuers and cardholders. Cardholders need to be enlisted in the battle against fraud. But changing cardholder behavior has never been simple, painless or quick. Ongoing, consistent and creative messaging, incentives, and education at every touchpoint emphasizing a partnership to fight fraud will go a long way to making the bad guys less successful. 

Rate this article:
No rating
Bill Lehman

Bill LehmanBill Lehman

With over 20 years of progressive executive leadership in the electronic payments industry within the credit union industry, Bill now serves as the SVP of Managed Services for Trellance.

In this role, he and his team of Sr. Portfolio Consultants are responsible for assisting member credit unions

Other posts by Bill Lehman

Full biography , Contact author

Please login or register to post comments.


Featured Stories