By : David Divitt
October 13, 2015 12:00 PM
Card fraud costs consumers, businesses and issuers billions every year. In fact the Nilson Report estimates it at around $15 billion annually, with a significant amount of this falling on the issuing banks.
Improving security and detection methods is essential in the fight against fraud, but this is a fine balancing act for issuing banks as there is arguably an even greater problem posed by wrongly declining genuine transactions.
These so-called false positives can seriously erode customer loyalty and can drive the consumer away from the issuer or the merchant that declined the transaction.
Research by NCR in 2013 found one in five consumers surveyed across the UK, USA, Australia, Mexico, Malaysia and UAE had had a card payment declined in the past 12 months because the bank incorrectly thought it was fraud.
In the US, one in six (15 percent) cardholders has had a transaction declined due to a suspected card fraud, according to new figures from Javelin Strategy & Research, which estimates that a total of $118 billion was wrongly declined in the last year.
The true cost is in the loss of loyalty: four in ten (39 percent) declined cardholders abandoned using their card after it was falsely declined.
“Issuers must invest in high-quality authorization solutions and strategies to improve card authorization practices. Failing to live up to cardholder standards may encourage customers to, at best, decrease their card usage or, at worst, to stop their use of the card entirely,” said Al Pascual in the report, director of fraud & security at Javelin. “Cardholders expect authorization perfection from their issuers and will not stand for fraud or false positives.”
Card issuers face a conundrum: “Employ lax card authorization strategies and risk losing revenue to fraud, or use strict authorization rules and risk losing legitimate revenue.” Pascual says.
Neither is desirable but Javelin says that new technology, including EMV, can help improve card authorization practices and reduce false-positive rates. EMV cards are being rolled out in the US at present, with the liability shift happening on October 1st, 2015.
Chip and PIN
Chip and PIN versions of EMV cards benefit from a stronger authentication process that helps issuers reduce false positives. For example, at a merchant point of sale terminal the use of a PIN over a signature for authorization makes the transaction more secure.
Chip and PIN makes a transaction authorization black and white - either the customer has the PIN or they do not. This is both a positive and negative. If a fraudster has obtained the correct PIN, the issuing bank is more likely to approve the transaction, potentially ignoring other signals that would usually flag a potential fraud. Equally, the bank can safely allow genuine transactions to go through that otherwise might have been wrongly flagged as a fraud. This is the conundrum that they face and one that does not necessarily get solved by EMV cards.
EMV is clearly not the only answer for false positives. While EMV cards are a lot more secure than mag stripe cards, this is a fraud detection issue - are banks able to spot the difference between a fraudulent transaction and a genuine one? And in many cases we cannot rely on the PIN to help.
There are plenty of situations where EMV cards are just as vulnerable as mag stripe cards - particularly in the card-not-present arena. Meanwhile, plenty of US banks are issuing chip and signature cards, which make them just as vulnerable in the card present sphere as mag stripe versions.
As we see time and again in payments, there is no 100 percent secure system, which makes an intelligent fraud detection system essential.
Explore more at NCR Financial Services here.