EMV verification, a global standard for credit and debit payment cards based on chip card technology, makes it difficult for fraudsters to make counterfeit credit cards. It also provides more security for consumers. Even so, there has been a five-fold increase in fraudulent card applications in the U.S. during the chip migration, according to our data.
What is the cause of this increase? Fraudsters are finding new ways to get around EMV. For example, if they can obtain a new chip-enabled card, typically via the bank’s contact center, they can use it to perpetuate fraud even at the new chip-enabled point-of-sale (POS) terminals. Our company observed a five-fold increase in the number of alerts for fraudulent card applications in the U.S. between March 2015 and June 2015. This higher number of alerts has continued and is still in effect today.
Clearly, fraud attempts are on the rise and there is a reason for this sharp increase: vulnerability in bank contact centers. Here’s a typical scenario for how fraudsters can get around the EMV protection:
A fraudster oftens starts on his adventure by stealing someone’s identity or buying personal information on the black market leaked by security breaches. He then uses the stolen identity to open a new account, for example, by calling into the contact center, saying that he is “traveling” and asking that the new credit card be shipped to an alternate location. With the new card in hand, the fraudster is equipped to go on a buying spree before moving on to the next fraud opportunity.
Fortunately, there are ways for bankers to combat these efforts. For example, they can use voice biometrics in their contact centers to screen calls and detect fraudsters by their unique “voiceprint.” This biometrics system, which is passive, analyzes a caller’s voice in the background during an interaction without requiring a passphrase, a common phrase that is spoken during the call that allows one’s voice to be identified.
Banks can develop a “blacklist” of known fraudster voiceprints and continue to screen for them if the criminals attempt to request credit cards via the contact center. Examples would be if the fraudster tries to dial in to check on the status of the application or change the shipping address of the card. In each case, there are opportunities to capture the caller’s voiceprint and identify them if a match is found against the blacklist. In our experience, voice biometric blacklists can be very effective because the majority of contact center attacks are repeat calls by an established set of professional fraudsters.
In addition, once biometric screening is implemented, the average “lifetime” of a fraudster decreases, meaning the amount of time they linger at an institution before giving up. This is good news and an encouraging trend for banks and consumers alike. Making banks and financial institutions more aware of the new ways that fraudsters are trying to get around EMV, as well as the value voice biometrics provides, the better off these organizations and consumers will be in the war against fraud.
Mr. Williams is vice president, Identity Analytics, with Melville, N.Y.-based Verint. He can be reached at https://twitter.com/VerintIdentity.