Winning the Battle With Fraudsters
By Debra A. Janssen
As members of the banking industry, we all understand that financial institutions can incur significant losses as a result of fraudulent activity and identity theft. What’s noteworthy is that many financial institutions continue to place more emphasis on recovering losses once they’ve occurred, rather than taking a proactive stance in the fight against identity thieves.
With the increased sophistication and threat of fraudsters, sitting by and waiting to recover losses isn’t a viable long-term solution. By not taking action, you could be threatening your business’ viability, risking the loss of customer trust and exposing your brand to negative perceptions.
By forming a proactive strategy to mitigate fraudulent activities, including focused efforts on education, prevention and detection, you can dramatically minimize the opportunity fraudsters have with your customer base.
EDUCATION AND COMMUNICATION
In addition to educating employees and consumers about fraud, financial institutions that share information across product areas can quickly improve communication and education. It’s important that a centralized system exists to track and document a clear categorization of losses.
Consider a structure that centralizes management of fraud mitigation to a single point of responsibility and contact, enabling databases to share information within developed uniform operational policies. Data from fraud detection and losses within the various programs – debit, credit, checks and others – can then be provided to managers across business lines.
Don’t forget to leverage the intelligence of other organizations in the industry. Financial institutions can and should help one another improve protective services, detection and fraud resolution. Financial institutions, card associations and service providers are working together to establish local, regional and national groups to exchange experiences, help identify perpetrators and discuss best practices.
To be a leader in risk mitigation, an organization needs to invest more resources in proactive prevention than reactive investigation. To proactively help prevent incidents of fraud, consider adopting three simple rules.
Rule #1 – Save the data: It’s important that the financial institution retain all relevant transaction information to facilitate monitoring, identifying, tracking and resolving fraud. This data includes:
• Information on each deposit account customer,
• Information on each transaction, and
• Information on prior fraud cases and transactions.
Gathering and maintaining this data enables the financial institution or service provider to identify repeat offenders and spot suspicious behavior or transactions. The data can also be used to build and continually refine fraud-scoring models. Examples of data used in this manner include the identification of consumers who are:
• Using a card at an unusual geographic location or merchant type,
• Using a card an unusual number of times in a single day,
• Purchasing an unusual amount of large-ticket items with the card,
• Attempting to purchase a large-ticket item using several cards to obtain the required total authorization amount, and
• Having unusual transaction activity immediately after an address change request.
Rule #2 – Use similar prevention tools for PIN, signature and credit transactions: PIN debit cards are often housed within the retail bank organization, while credit card processors frequently handle databases and processing for signature debit transactions and are subject to similar credit card fraud controls. If the data isn’t collected or stored together, be sure that similarly robust tools and procedures are used to monitor all transactions.
A variety of mechanisms and tools have been developed and refined over the past decade that can aid in protecting debit card programs. Each of these tools focuses on a specific area of potential fraudster infraction and helps strengthen the protections a financial institution can place around its debit business. Examples include:
• Velocity checking and transaction scoring, including use of neural networks,
• Card verification programs (CVV, CVC and CID),
• Address verification services,
• Identity authentication and age verification,
• Office of Foreign Assets Control database lookup, and
Rule #3 – Defend on multiple fronts: Organizations leading the way in fraud management don’t rely on a single solution, technology or approach. They use various methods through multiple channels to address many fraud types, including:
• Employing multi-factor authentication for online (Internet) purchase transactions,
• Deploying more sophisticated ATMs and testing new security devices on ATMs to protect against skimming, and
• Periodic audits of the financial institution’s fraud and risk management functions to uncover weak links in their policies, processes, tools and technology.
Of course, the Internet has become another area that requires specific attention because it supports online banking and purchases. Online transactions need to be reviewed as diligently as card transactions, particularly since online transactions are always “card not present” transactions. Again, the best approach is to examine all data generated by the different transactions with a holistic view.
FRAUD DETECTION AND RESOLUTION
These prevention strategies fit hand-in-hand with detecting and resolving fraud. The most prevalent tool used to detect card-based fraud is a neural network. The neural network relies upon historical purchasing patterns to identify out-of-pattern spending. Since consumers tend to use debit cards in different situations than credit cards, enhancing a neural network to recognize debit-specific patterns is essential when fighting debit-related fraud. The industry estimates that as many as one-half of all debit card portfolios are not taking advantage of tools such as neural networks.
Successfully detecting fraud within debit businesses requires enhanced neural scoring specifically tailored for debit card transactions. Given that consumers tend to use debit cards in different situations (i.e. for small value payments) than credit cards, it is essential to enhance neural network tools to recognize these differences when fighting debit payment fraud.
Another element critical to detection and resolution is the need for accurate and thorough fraud tagging and tracking. Knowing which transactions actually resulted in losses, as well as identifying what type of fraud resulted in which losses, provides critical intelligence in detecting the next fraudulent transaction.
Proactive financial institutions need to continually improve their detection capabilities by investing in new technologies and solutions. Examples of solutions an organization should consider include:
• Computer fingerprinting to create unique PC identifiers,
• Further enhancements to neural networks,
• Profiling online banking patterns,
• Digital signatures and biometrics,
• Enhanced Internet security and secure e-mail, and
• Two-factor authentication.
One of the most important elements of effective use of a neural network is the ability to quickly communicate what appears to be unusual card behavior. Make sure the neural network you have in place is coupled with a fast, effective means of contacting the cardholder to report suspicious card usage.
BE PROACTIVE NOW
The battle with fraudsters will never end, but adopting a proactive strategy can put your organization on the winning side. There’s no time like the present to develop or refine fraud- and risk-related policies and procedures. Focused efforts can help alleviate the near- and long-term threats and cut costs associated with losses, as well as protect and preserve the trust and confidence customers have in your institution.
As president of First Data Debit Services, Debra A. Janssen is responsible for managing the division’s processing activity. Janssen joined First Data in 2004, bringing with her more than 20 years of payment leadership experience. She can be reached via e-mail at firstname.lastname@example.org.