With regulation seemingly increasing as each week passes, one would assume that the financial sector was tightening its control over card fraud. FICO, a predictive analytics and decision management software company, has discovered a different outcome. Patrick Brusnahan investigates
In its latest card fraud map of Europe, FICO found that card fraud losses in the 19 countries studied reached 1.55bn ($2bn). This is the highest level yet. It surpasses the previous peak in 2008, which was in the heart of the global financial crisis. What could cause a larger rise than the biggest financial scandal of the 21st century?
Martin Warwick, a principal fraud consultant at FICO in EMEA, told Cards International: “The rise in fraud is best attributed to the tenacity and ingeniousness of the criminals, who are always looking for new schemes and weak links.”
Weak links are being increasingly found as card usage increases, something which ‘draws the attention of criminals’. The UK and France suffered 62% of the total card fraud losses in the 19 countries surveyed, reflecting their higher card usage.
As card usage increased, so did innovation within card usage and innovation from the criminals. One example is the emergence of Card Not Present (CNP) transactions. While EMV Chip & Pin worked and limited ‘face-to-face’ fraud, it forced fraudsters to change their focus to CNP, which amounted to over 60% of the card fraud across the European countries researched.
What exactly made CNP so appealing for fraudsters? Warwick said: “Firstly, CNP has a lower risk of being caught by the police. Secondly, compromising plastic card data was easier than attaching a device to an ATM, because customer card data was being stored by retailers around the globe as part of their purchasing process.
“A bigger factor in this being such an opportunity is the fact that e-commerce spending was facing an explosion in growth at the same time that EMV was completing its rollout in Europe. E-commerce spending reached £69 billion ($112 billion) in 2012, according to Financial Fraud Action UK, and it was half that figure in 2007.”
Reaction to card fraud seems to be simply that; a reaction. Many organisations do not maintain continuous investment in fraud prevention, merely taking action when the problem rises. This starts a ‘cycle of fraud’. Investments in fraud prevention technology are raised when the ROI appears highest and then held back when fraud is low. This spurs criminals to try new technology of their own and the cycle begins anew.
Somewhere that avoids this vicious circle is Turkey. It saw a 0% increase on card fraud losses through continued investment in preventing such occurrences.
Technology, and indeed this ‘cycle of fraud’, has another adverse side-effect. Defences are unable to keep up with their progression and are left behind, leaving gaps for fraudsters to exploit.
Warwick said: “The speed with which technology is introduced and adopted far outstrips defences. That is most certainly a very pertinent and increasingly difficult problem, especially where the technologically savvy – young people – are often the most inexperienced and least risk-aware. They are, in fact, risk-takers, and their more aggressive use of new technologies, without full regard for safety, may make it easier for criminals.”
As criminals are obtaining more data, a ‘key objective’ is to make the data of no use. Warwick said: “Take online banking as an example, where some banks use cryptograms to log on and signed cryptograms for new payees are dynamic and not static. These make data useless because the dynamic element ensures that codes are only used once, as opposed to static passwords that could be stolen and misused.”
With all these new methods of fraud prevention coming in, it should be easier for consumers to avoid being affected. However, persuading them to change their behaviour and partake is a harder task than previously thought. Warwick concluded: “Unsurprising, perhaps, when it comes down to it, we are all creatures of habit.”