Card Fraud, Cyber Security, Daily News, Fraud & Security, Identity, Issuing & Acquiring, US EMV, US EMV rollout -

Issuers confront card fraud and account takeover in a post-EMV US

Card fraud is a multibillion-dollar moving target that continues to become ever more complicated for issuers due to the introduction of new channels and products.

In fact, over the last year the rate of fraudulent new account openings increased 113%, according

US Card Fraud Losses

US Credit Card Fraud Losses to Javelin’s 2016 Identity Fraud report.

Confronted with the implications of the US EMV rollout, mobile wallets, and digital channel applications, issuers are faced with significant headwinds as they attempt to stay a step ahead of fraudsters.

This new study examines the effects that the aforementioned challenges will have on the ability of issuers of credit, debit, and prepaid cards to mitigate card fraud, with a specific focus on how issuers can most effectively manage application fraud and account takeovers in this dynamic environment.

Key findings

Issuers directly lose $10.9 billion to card fraud each year: These losses are driven principally by credit cards, which accounted for 71% ($7.6 billion) of the losses while debit accounted for 25% ($2.7 billion). Driven by a lower relative number of cards in the market, prepaid cards contributed to only $0.5 billion in fraud losses.

Credit cards result in three times the fraud loss per card compared with debit: With a comparable number of credit cards and debit cards in circulation, this difference in overall losses translates to significantly greater losses per card for credit compared with debit ($9 vs. $2.80 per card, respectively). Prepaid cards, much fewer in number than credit and debit, slot in between at $4.70 per card.

Issuers’ opinions are mixed about some aspects of the effect that EMV will have on fraud: The majority of issuers agree that EMV will result in increased card-not-present (CNP) fraud losses, while driving a reduction in fraud at the point of sale (POS). Despite the EMV rollout, counterfeit card fraud is the fraud type issuers believe is most likely to increase as criminals rush to misuse magnetic-stripe cards before that opportunity ends.

Late adopters of EMV are rightfully more concerned about application fraud: The level of concern about application fraud among issuers that are late adopters of EMV is double that of the early adopters. Nonetheless, while early adopters of EMV are less concerned, their experiences certainly prove the late adopters’ fear is well-founded. 22% of the losses experienced by issuers in the top 50% of EMV-capable issuers by portfolio share could be traced to application fraud, compared with 17% of the losses among those in the bottom 50%.

Detecting synthetic identities is even more troublesome for financial institutions than stolen identities. Misused true identities that slip past bank security measures may eventually be detected by the victims through review of their credit report. Because synthetic identities are constructed from identifiers that are not clearly associated with an individual with established credit, there is no one to detect the fraud besides the targeted FI. Nearly a third of application fraud is created from identities that have never before been seen by a FI, making it nearly impossible to validate the PII through conventional means.

Using more fraud prevention solutions does not necessarily equate to less application fraud: Issuers with higher than average rates of application fraud are generally more likely to use any fraud prevention solution or control. This point suggests that issuers are applying as many tools as possible, but they’re having little success because they aren’t doing so strategically.

Manual reviews afford most issuers the ‘gut check’ they need to control for fraud: The value that manual reviews provide is apparent in their prevalence among issuers: 63% have separate manual review processes for both credit underwriting and fraud, while 33% at the least integrate the review for both into a single process.

Coordinating with affiliates complicates fraud mitigation: For both application fraud and account takeovers, issuers specified that detecting fraud was most difficult when it came through one of their affiliates’ channels, such as a cobrand or private label partner — either in person or online. This indicates the difficulty of coordinating a fraud mitigation strategy across multiple organizations where incentives may be at odds.

Issuers believe takeovers are under control, but they worry about customer experience and growth related to mobile wallets: Mobile wallets are seen as a unique area of concern around the growth of account takeovers, and many issuers (56%) believe that they cannot further reduce takeovers without hurting the customer experience.

Customer service-oriented call centers are serious contributors to the problem of account takeovers: To accomplish account takeover, fraudsters will frequently target customer service representatives as the weakest link in the account access process. Recognizing this problem, 41% of issuers indicate that successful social engineering of customer service staff is either the most or second most difficult challenge in mitigating account takeover.

Significant investment in fraud mitigation is planned for 2016: A strong majority (78%) of issuers are planning to make significant investments in fraud mitigation over the next 12 months, with most planning to invest in additional tools. Dynamic and static KBA (knowledge-based authentication) lead the list of tools targeted for additional investment, followed by mobile carrier identity verification and manual reviews.

Download the report HERE

The post Issuers confront card fraud and account takeover in a post-EMV US appeared first on Payments Cards & Mobile.