Doing something about US card fraud
You remember magnetic stripes? Signatures?
OK, OK, so we all know that the world’s card fraud has been steadily migrating to the US because the rest of the world was busy adopting EMV (“chip and PIN”) cards while the US insisted on sticking with magnetic stripe technology for as long as possible.
Chip cards reduce certain kinds of fraud over magnetic stripes cards because, basically, you can’t use stolen chip card data to make a bogus chip card but you can use stolen magnetic stripe data to make a bogus magnetic stripe card. You have to go somewhere that takes magnetic stripe cards to use it, of course: the US.
“As the US experiences an unprecedented spike in fraudulent ATM cash-outs, it is reported that the US accounted for 47% of the fraudulent cross border transactions seen on UK debit cards in 2014”
The gap between US card fraud and card fraud everywhere else in the entire world is substantial. In fact US card fraud runs around triple the rate outside of the US. That’s a lot of money, whichever way you look at it. And remember, the reported figures for fraud are for the direct losses to the issuers – they do not take into account the money that merchants have to spend on PCI-DSS or the sales they lose because of complex authentication processes or the money that goes into data breach notifications and repair.
“US fraud losses equaled 12.75¢ for every $100 in total volume last year. Fraud in all other regions combined was only 3.73¢ per $100.”
And unless we do something about it, it’s going to get a lot worse. Why? After all, now the US has finally started switching to EMV, surely the situation should improve? Sadly , no. As well all know, EMV only help with “card present” (CP) fraud. That’s why people have been talking about the expected surge in “card not present” (CNP) fraud in the USA following on from the introduction of EMV as sure as night follows day. That’s exactly what has happened everywhere else.
“While POS card fraud is expected to decline gradually in an EMV-enabled U.S. market, CNP fraud will nearly double by 2018”
The US already has half of the world’s card fraud so this is an impressive effort. But hey, they’re on track because it looks as if that surge has already started – even before the EMV liability shift – and the number of fraud attempts is escalating.
“Between January and July, one in 86 online transactions was an attempted fraud, compared to one in 114 for the same period a year earlier,.. That’s a 33% jump in fraud attempts in one year.”
Now, this figure may not be as scary as you think, because while the number of fraud attempts is climbing, the amount of fraud is climbing more slowly. We’re getting better at defending ourselves. And this is why I think there is some cause for optimism, even in the US. The reason is that the number of ways to fight card fraud is increasing and because, in time, the cards themselves will be supplanted by much smarter devices (i.e., phones) that have more security capabilities. Actually, whether they replace cards or not, phones are a critical component. Knowing where you are is a really big factor in working out whether a transaction is valid or not, and knowing where your phone is is a reasonable proxy. Hence my interest in initiatives like the Visa location-based fraud analytics.
“Mobile Location Confirmation is an optional service for consumers that will be offered through participating financial institutions’ mobile banking applications. The service uses mobile geo-location data in real time as an additional input into Visa’s predictive fraud analytics… When a cardholder’s mobile device is in the same location as the payment transaction, the issuing financial institution can more confidently approve the transaction.”
[From Tech Matters]