While credit cards have transformed purchase transactions, it has not been without simultaneously growing vulnerabilities.
Financial fraud losses across payment cards, remote banking and cheques totalled £755 million in 2015 – a 26% jump when compared to 2014 says Financial Fraud Action UK.
It says that the rise across all fraud loss types during 2015 owes much to the growth of impersonation and deception scams, as well as sophisticated online attacks such as malware and data breaches.
Of the prevalent card-frauds, card-not-present (CNP) and payment fraud, CNP (where the card holder needn’t be present online or phone for the transaction) is the dominant form of card fraud in Europe in addition to the UK.
Payment fraud not only involves falsely creating or diverting payments; it goes to the extent of creating false accounts and scamming on a large scale. A merchant account created for a seemingly genuine organization performs transactions through the stolen credit cards.
The UK tops the highest jump in credit card fraud in Europe with an 18 percent rise resulting in £ 88 million of losses.
Increased rate of personal data compromise through data breaches was one likely cause for the jump.
Globalization and technology driving credit card fraud
The ability to contain scams is challenging given globalization. With financial organizations spreading their wings across geographies, the ‘law-of-the-land’ comes in to focus.
Each country has specific policies and laws that banks have to abide by leading to a lack of a common security cover. This leads to vulnerabilities let alone the effort involved in understanding laws, creating policies and maintaining them.
Hi-tech card fraudsters rely on technology as they look for ways to compromise customers’ personal and financial details and use that to commit frauds.
They hack into systems, run random generated bank account numbers and sometimes approach as legitimate organizations and lure information under the pretext of seeking data via email, text messages and phone calls made to seem as if they are from tax departments with threats of deportation or imprisonment.
Enter EMV and NFC
Europe was one of the early adopters of EMV (Europay, MasterCard, Visa) – a global security standard for chip-cards and the technology used to authenticate chip-card transactions.
EMV helps when the physical card is required for a transaction, protects from counterfeiting, CNP fraud continues to thrive. View the stats.
A CNN Money report features a claim by a security company having discovered a way of rewriting magnetic chip code to make it look like a chip-less card. This takes it back to the basic fraud technique of counterfeiting.
NFC allows smartphones and other devices to communicate with each other when they’re physically very close. NFC can also be present in wearable devices.
NFC has gained some movement in the US and is now being launched in Europe. According to Markets & Markets, the NFC market is expected to touch $22 billion by 2020.
While the technological advancements are definitely encouraging, they point to a fundamental question on fraud-free credit card transactions – can a channel centric (in this case, credit card only) approach be a fool-proof solution?
Solutions must rely on ‘absolute real time cross-channel intel’
While card security technology has evolved from signature cards to chip-and-pin cards and now to NFC, they will deter sophisticated, hi-tech fraudsters from inventing newer techniques in staying a step ahead.
Anti-fraud solutions cannot merely rely on a channel-centric approach. They will have to rely on advanced technologies that harness the collective wisdom about customers (factual and behavioural) already resident across a bank’s systems, pull the collective cross-channel insights at lightning speed from all channels to detect and thwart fraud intelligently in absolute real-time even as the fraud is being committed.
This gives banks an edge over fraudsters because channel-specific fraud relies only on breaching that particularly channel’s (credit cards) data.
If banks are in the know of suspect transactions while it is in progress, they can prevent the fraud from being committed in the first place instead of taking action post-incident when the deed is done.
Absolute real time anti-fraud technology coupled with continuous monitoring, stringent regulatory compliance and improved auditing are some of the primary measures banks must adopt to stay ahead of evolving fraud technology.