As recession bites, card issuers and players are
experiencing a surge in first-party credit card fraud and ATM and
debit fraud. A range of recent studies gives varying reasons for
the upsurge, from individuals purposefully defrauding card issuers,
to mass compromised card data, as Victoria Conroy
reports.

It is a commonly-accepted saying in the payments industry that
fraudsters always manage to stay one step ahead, but technology
initiatives such as EMV and real-time transaction monitoring are
enabling payment players to catch up to a degree.

But difficult economic circumstances are now producing a rise in
rather more old-fashioned types of fraud, the most notable of which
is first-party fraud, where a customer applies for and receives a
credit card with no intention of repayment, either using their real
identity, a false identity or misrepresent their real identity to
open accounts. The British Bankers Association estimates as much as
10 to 15 percent of bad debt losses suffered by the banking sector
may be a result of first-party fraud.

Speaking to CI, Janis Horan, senior director of solutions
management for the Europe, Middle East and Africa (EMEA) region at
global credit scoring and analytics specialist FICO, said: “When
desperate times hit, people start to act in a more desperate way.
In the UK we have seen an increase in fraud, and an increase in
what we would call first-party abuse, which is deliberate misuse of
the card by an individual with the intent of defrauding the card
issuer.”

Fraud and credit losses

Meanwhile, US payment consultancy TowerGroup predicts that US
branded total card credit losses will peak at $55.6 billion in 2009
because the recessionary economic conditions are making it
difficult for consumers to repay credit card debt.

TowerGroup says that not all losses are the result of honest
inability to pay, warning that intentional cardholder losses from
abuse and fraud may cost the industry as much as $10 billion, and
that first-party fraud incidents are increasing during the economic
slowdown.

Many US issuers estimate that first-party fraud and cardholders’
credit abuse cause between 5 and 35 percent of their total bad debt
write-off.

Debit cards too are coming in for greater attention from
fraudsters, both individuals and organised crime gangs, and no more
so than now when consumers are shifting an ever-greater number of
purchases onto debit and making more cash withdrawals during times
of recession.

According to figures published in March by UK payment association
APACS, the year 2008 actually saw a 31 percent increase in ATM
fraud compared to 2007, reversing a trend of yearly declining
losses.

Card ID theft losses jumped by 39 percent to £47.4 million, which
APACS attributed to a rise in account takeover, whereby criminals
take over the running of another person’s payment card and
obtaining a genuine card and PIN – APACS said this kind of fraud is
behind the increases seen at UK shops and ATMs.

However, lost and stolen card fraud losses fell in 2008 by 4
percent to £54.1 million, and is now at its lowest level since
collation of fraud data commenced in 1991.

A new study from software solution provider Actimize, which
surveyed 110 financial services institutions, shows that when it
comes to ATM and debit card fraud, many more institutions are
seeing an upsurge in activity, with 70 percent of those surveyed
seeing increase in fraud claims in 2008 compared to 2007.

Of those with increased fraud claims, 58 percent saw double-digit
growth. Over 80 percent expect ATM and debit card fraud attempts to
increase in 2009, with 35 percent predicting a 10 to 14 percent
growth rate this year.

The rise in ATM and debit fraud is adding new urgency to calls for
US financial institutions to bite the bullet and migrate to EMV
technology. Actimize’s survey found that 55 percent expect US card
fraud levels to increase or dramatically increase once Canada
reaches critical mass with its EMV roll-out by 2010.

Looking at Europe, a survey from the European ATM Security Team
(EAST) published in April 2009 reported a 149 percent rise in
ATM-related fraud attacks during 2008, primarily led by a 129
percent increase in card skimming incidents. Despite this,
fraud-related losses rose by just 11 percent, with a total loss of
€485 million reported. According to EAST, this smaller increase in
losses is indicative that deployed counter-measures, such as
anti-skimming devices, are increasingly effective, as are fraud
monitoring and detection capabilities.

EAST director and co-ordinator Lachlan Gunn said: “This increase in
reported incidents is of great concern to EAST members. While the
year-on-year fraud loss figures show an increase, the half-year
figures show a declining trend for such losses over the past three
six month periods, with international losses due to card skimming
falling by 18 percent in the second half of the year.”

At the other end of the scale is the issue of mass compromised
data, where a large amount of cardholder data is stolen at any one
time. Actimize’s study has highlighted the scale of the problem of
mass compromised card data being used in fraud attacks, with 45
percent of those surveyed believing they had seen mass compromised
data used in fraud attacks against their institutions.

Fraud on a scale of this kind not only hurts consumer confidence in
their financial services institutions, but also costs the industry
dearly in terms of excessive card replacement.

Other findings of the survey included around 80 percent of
respondents somewhat or strongly agreeing that mass compromise
events decrease consumer confidence in the ATM and debit card
channels.

Also, 57 percent said such events increase overall costs for
financial institutions, and 20 percent estimated a 10 percent
increase in call centre traffic after a single mass compromise
event. While most respondents expect less than one percent of
exposed accounts actually to experience fraud, 15 percent reissued
cards to over 20 percent of their cardholder population.