Countering Card Fraud: Is Chip & Pin Technology Enough?
EuroPay, MasterCard and Visa (EMV) is a technical standard developed to ensure more secure Point-Of-Sale (POS) transactions. EMV allows non-static information to be transferred between
EuroPay, MasterCard and Visa (EMV) is a technical standard developed to ensure more secure Point-Of-Sale (POS) transactions. EMV allows non-static information to be transferred between the card, the terminal, and the financial institution that processes credit card transactions. This takes care of skimming fraud where fake devices would copy data from magnetic stripes and use it on another card. While EMV is not new technology and has been in use for over a decade, it has made its way to the US in the last 2 years.
EMV uses microprocessor chips that encrypt bank information making it far more secure than the old magnetic stripe cards. Magnetic Stripe uses static data that is stored in the stripe on the card (this makes it unsafe considering it can be stolen and used). The static information means that the number transmitted by the card for all transactions is the same.
When it comes to EMV standard, although the card data will be the same for every transaction, there will also be other pieces of data that gets re-organised for every transaction. This renders the data stolen at the POS useless for further use.
The verification method for EMV cards can be chip-and-pin or chip-and-signature, with the former being the preferred choice in Europe and the latter often used in the US. This is contactless transaction which is becoming popular as NFC (Near Field Communication) technology used by mobile payments is making inroads. While technological advancements are racing ahead to reduce frauds, fraudsters are not far behind, as they continue to seek innovative methods.
While POS frauds and card counterfeiting have reduced in countries that are early EMV adopters, the cybercrime scene has now shifted to the canvas of e-commerce and online transactions. Fraudsters are also keenly watching late EMV adopters as potential targets. With data breaches and online theft increasing, security agencies have reported a doubling in crime rates of online frauds. ATM frauds are not far behind – swindling with counterfeiting cards and duping to snatch PIN numbers are on the rise.
Research analysts report that these types of frauds are more damaging to the customer by the day. The frauds go unnoticed as the unauthorised purchases and withdrawals lie hidden in the transactional details list. Not many customers go through their transaction histories regularly and closely.
The microchip comes into play when trying to prevent counterfeit fraud because it makes it harder to produce a copy of the card. And a PIN comes into play for protecting against lost-or-stolen fraud because it makes it impossible to use the card unless they also know the PIN.
Using EMV technology for cards has seen a reduction in skimming-type attacks, but the crime rate has increased in other ways of stealing money. Research firm Aite Group reports that losses from counterfeit, lost, and stolen cards in Canada dropped from $245 million in 2008 to $112 million in 2013.
A research by the European ATM Security Team (EAST) found that fraud-type attacks increased 28% during the first half of 2016 with cyber criminals stealing €174 million and Aite reported that there was a 79% increase in online fraud during the EMV adoption phase in Europe.
The banking sector is now making a move to bring in EMV-chip-enabled credit and debit cards, which generate a unique transaction code with each purchase, making them harder to spoof. With these systems and cards rolling out, mining credit card numbers will not be as valuable for criminals, says Privacy Rights Clearinghouse.
While fraud severely erodes customer confidence and the bank’s bottom line, fraudsters continue to keep pace with the very technologies that are being developed to keep them at bay.
While banks conduct frequent security audits, invest in advanced security measures and work proactively in mitigating risks, there’s no silver bullet that can eliminate fraud completely.
However, it does help to have an intelligent, pro-active, well-synchronised cross-channel system in place that –
To effectively combat fraud, Banks must go beyond conventional anti-fraud solutions. Intelligent platforms are now available that harness data in real-time from across channels to not only deliver a unified anti-fraud mechanism but also helps create a secure ecosystem.
In Chinese philosophy, yin and yang (also yin-yang or yin yang, ‘dark-bright’) explains how seemingly opposite or contrary forces may actually be complementary, interconnected, and interdependent in the natural world.
This intriguing idea actually applies perfectly in the context of banking, if we were to see the yin as saving money (from losses) and the yang as making money (from sales).
The fundamental principle is that the very same investment in data analytics and real-time decisioning for detecting/preventing fraud can be monetized for earning more revenues.
Imagine an intelligent system that understands customers’ behavioral patterns to detect and prevent fraud is also creating precise personas for marketing teams to target.
This is because the same extreme real-time, context-aware logic/approach used to combat cross-channel fraud can also help enable intelligent, hyper-precise targeted and contextual customer engagements.
At the heart of the hypothesis lies the fact that banks have the ‘soul’ of the customer.
Banking is the only industry where the entire life of the customer flows through it. A bank knows how much its customers earn, where they live, where they travel to, how much they spend, who’s part of the family, whether they own their home, even how much fuel they put in the car.
No other industry (not even telco or retail) has this very special privilege of having a 360 degree view of a customer’s life. Only banks have the advantage and ability to actually convert this ‘resident intel’ to their benefit.
A real-time, enterprise-wide, cross-channel fraud management solution requires that every banking transaction is available in memory in real-time.
But since only a relatively small percentage of transactions are fraudulent and since the data is available in the system memory, the bank can run positive scenarios in real-time after having assigned fraud risk to certain transactions during the negative-scenario test-run.
The solution can use the same data captured per transaction and analyze the spending and behavior patterns to throw up potential cross-sell and up-sell scenarios in absolute real-time.
Precise data analytics on behavior patterns helps create intelligent and efficiently targeted customer interactions and campaigns to grow the topline.
So while the solution helps the bank’s larger enterprise fraud management initiatives with …
… it can also be used for –
So altogether the bank benefits from a –
While there may not be many solutions that have the ability to see topline and bottom-line as 2 sides of the same coin, CustomerXPs’ Clari5 seems to one. Its unified fraud management platform leverages the same context-aware, real-time decisioning to enable real-time customer cross/upsell.
Clari5 handles exceptionally large data volumes across multiple channels and source systems in real-time, and processes transactional as well as non-transactional events in real-time and applies over 150 rules to generate alerts in real-time that can be leveraged for both fraud management as well as revenue enhancement.
Banks get to use the same real-time insights that helps combat fraud to also generate profits because the approach that uses the same fundamental logic to protect/save money (curb fraud losses) is also being used to make money (upsell / cross sell).
If banks can view their topline and bottom-line as the yin and yang of their operations, then a single solution that helps achieve both can very well be the proverbial one stone designed to kill two birds.