Fraud Prevention: Consumers are KeyStudy: Card Fraud Highlights Need for Dual Authentication
In its Seventh Annual Issuer Safety Scorecard, Javelin finds fraud-prevention measures lag when compared with resolution and detection.
"On the positive side, resolution efforts have improved over the last three years," says Phil Blank, part of Javelin Strategy & Research's Security, Risk and Fraud Practice. "Resolution, of the three is the easiest. Prevention and detection are more difficult."
Javelin finds many banking institutions are not working with security vendors to address growing concerns about card-not-present fraud, nor are they implementing multifactor or second-layer authentication that relies on the mobile channel - an area in which Javelin expects room for growth.
"If you used the mobile channel to approve a transaction, then all of that card-not-present fraud goes away," Blank says. "In crimes of impersonation ... there's no amount of traditional security that can fight that."
Consumers Must be InvolvedMindset is a big part of the problem. Javelin's research suggests only the customer can fight card-not-present fraud, highlighting the need for card issuers to get consumers involved in second-layer transaction approval. "If it's not you or the bank can't reach you, then the transaction is not approved," Blank says. "The mobile channel could be used to send alerts to customers about card transactions. Not enough is being done in that area."
Recent incidents of card fraud, from the Michaels debit breach to the online exposure of millions of Citi cardholders, have heightened concerns for card issuers. These organizations say they are struggling to curb fraud, especially on the debit side. Cuts to debit interchange income included in the Durbin amendment to the Dodd-Frank Wall Street Reform and Consumer Protection Act have increased their worries.
The Federal Reserve's announcement last week to offer a 1-cent per transaction incentive for fraud prevention investments tied to debit is expected to soften the blow. But how much will that incentive encourage institutions to invest more in prevention? [See The Fed's Impact on Fraud Funding.]
Some proponents of the interchange incentive, such as Randy Vanderhoof of the Smart Card Alliance, say the extra penny could motivate card-issuing institutions to more closely examine a move toward the chip-and-based Europay, MasterCard, Visa standard.
"From my perspective, the cost of [debit] fraud is going to become extremely difficult to absorb if the income financial institutions count on from their interchange channel gets reduced," Vanderhoof says. "When the percentage of fraud against the revenue those transactions generate significantly changes, I think banks and card issuers will be looking for solutions that can offer greater fraud reduction."
But the fraud increase is highest for card-not-present transactions: an area EMV does not address. "There is not enough is being done for card-not-present fraud, which now exceeds card-present fraud," Blank says. "And EMV will do nothing about the card-not-present fraud."
If card issuers had policies in place for consumers to review and respond to mobile prompts as second layers for transaction authentication, Blank says fraud would decrease, without costly investments in new technology like EMV. "Card-not-present fraud will grow," he says. "We have to get these consumers involved in the view-and-release process."
Javelin's research includes data from household, consumer and card-issuer surveys. Issuers were scored based on Javelin's Protection, Detection and Resolution model, which measures consumer-facing protective measures used by U.S. card issuers employ. The purpose of this report is to provide an understanding of the current trends in fraud and the evolving security criteria that card issuers are using to address them.
Listen to this exclusive podcast with Blank, who discusses what Javelin's findings mean for card issuers.