Empowering customers to fight card fraud

Card fraud is one of the fastest growing crimes impacting financial institutions. A 2016 LexisNexis report found that issuers directly lose $10.9 billion per year in card fraud, with an average loss of $5.90 per compromised card.

With the threat mounting, a bank’s first impulse is often to build additional barriers to mitigate the risks of card fraud. Data analytics, biometrics and EMV chips are just a few of the steps taken in the past couple of years. These are all good protections to implement, but the more security measures implemented at the point of sale, the more security and ease-of-use issues begin to clash.

Instead, banks should look at putting power into the hands of customers. The current security archetype focuses on detecting transactions that can be classified as meeting either a “valid” or a “fraud” transaction pattern. While those analytics are needed, the fastest and most accurate method of verifying a transaction is directly with the consumer. This simple approach is the missing key that can provide the extra fraud protection needed to potentially save banks millions of dollars.

False Positives
One of the oldest methods for fighting card fraud is simply monitoring for suspicious activity and using advanced algorithms to flag suspicious transactions. The challenge for banks with this approach is that with millions of transactions coming across in a typical week, the potential for false positive hits or missing criminal activity only goes up. The time needed to investigate every suspicious transaction increases the burden on bank staff. Also, many times, the systems only catch criminal activity after several fraudulent purchases have already been made. And while the customer is not liable for those losses, the bank is and also runs the risk of losing the customer as they go through the hassle of reporting the fraud and obtaining new cards.

When implemented and used by both the financial institution and the retailer, EMV chips are very effective at stopping criminals from duplicating cards and stealing account information from magnetic strips. However, EMV does not provide as many protections for card-not-present (CNP) fraud in an online environment.

To combat CNP crime, banks are trying to come up with more foolproof methods to ensure that the person making the transaction is the actual customer. Multi-factor authentication, utilizing a combination of passwords, knowledge questions, location tagging, biometrics and other factors, can be effective. However, successful phishing attempts and compromised Internet browsers can still leave systems vulnerable. Banks also risk making the authentication process so complicated that the consumer will turn to less secure, but more convenient, payment options.

To close the gaps in these existing methods, banks need to abandon the mindset that consumers do not want to be bothered with security measures. A 2015 report from Telstra found that more than half of U.S. consumers cite the security of their finances and personal information as their top priority. In addition, one third reported being willing to pay an extra $17 each year for more sophisticated mobile security measures.

In order to strengthen security while also boosting end-user convenience, banks should focus on their transaction approval processes. Regardless of the banking channel being used to manage a transaction, reliable customer authentication is increasingly critical to a bank’s bottom line. Being able to authenticate customers in as close to real-time as possible is even more important as the financial services industry moves towards faster payments.

Making consumer involvement work requires combining strong detection processes with an omnichannel approach to confirm suspicious activity with the customer at once. Whenever bankers suspect potential fraud, they need to be able to immediately contact the customer electronically to confirm the transaction. If the transaction is confirmed, the purchase is approved and the customer is only out a few seconds of time. If the transaction is not confirmed, the attempt can be declined and further action should be taken to work with the customer to ensure the account has not been compromised.

Detection systems need to be automated so that the bank can immediately reach out to a mobile device via SMS Text, mobile application or through a phone call. In addition, email can be used for CNP transactions and automated phone calls can be made to alternate numbers to ensure that the bank can reach the customer even if a smart phone is not in use.

The benefit to the bank of this approach is a dramatically reduced volume of suspicious transactions that require time-consuming investigations. This frees up staff to focus on the truly criminal cases and work with customers to resolve those crimes as quickly as possible. Consumers also get the benefit of peace of mind knowing that the bank will flag suspicious transactions.

Building a customer verification system can take many forms. While some banks may have the resources and talent to build a system in-house, many will opt to look for automated solutions. As in any software brought into a bank, there are a few key factors to consider. The first is whether the system supports multi-channel notifications. While mobile banking apps are the fastest growing channel for most banks, a large percentage of the customer base will not have be active app users.  It is vital that any system support mobile notifications, SMS texting as well as automated phone calls via an outbound dialer.

It is also important for any fraud verification system to integrate with existing analytics systems. Using customer verification does not diminish the need for a sophisticated system to identify suspicious transactions. Requiring verification for every single transaction would cross the line from strong protection to aggravating hassle. And finally, the system should work seamlessly with both inbound and outbound customer support. Transactions that are declined as fraudulent will require that the customer speak to a service representative as quickly as possible to prevent future transactions.

Today’s consumers are more savvy and educated about the dangers present in the marketplace. Tap into that awareness and build a stronger fraud prevention program by enlisting your customers as the best frontline defense against card fraud.

Mr. Renshaw is co-founder and CEO of Birmingham, Ala.-based REDI Enterprise Development, Inc. He can be reached at [email protected]