The pandemic was a big turning point for the digitization of payments as it was able to speed up some of the processes that were already happening. We can see everywhere a total movement towards electronic payments which is unlikely to return back to the old ways.
In 2022, credit cards were the most reported payment method vulnerable to online scams.1 The ease of credit and debit cards and their widespread acceptance by merchants means that the vast majority of payments today are made using something other than cash. In fact, according to the US Census Bureau, total e-commerce sales in 2022 were estimated at $1,034 billion with an increase of 7.7% from 2021. 2
With more money being spent online, fraud has become more common than ever. Another challenge that banks and financial institutions are attempting to overcome is distinguishing whether something is actually fraudulent or a bug that just happened once.
According to Credit Card Fraud 2021 Annual Report3, 127 million Americans were victims of credit card fraud. According to their research, the median charge was 62$ totaling approximately $8 billion overall in attempted charges.
People who store their credit card information in their web browsers and use the same card for autopay as they do for everyday spending were more likely to be victims. Only a small portion of people had fraudulent recurring charges from the same merchant over several months.
In this article, we will share the approaches and tech solutions that banks, neobanks, and other financial institutions can use to both detect and prevent fraud. With emerging technologies like machine learning (ML) and artificial intelligence (AI), it has become possible to successfully prevent fraud from happening and alert cardholders to act before fraudsters manage to remove a greater amount of money from their credit or debit cards.
Fraud Detection and Fraud Prevention
Since the pandemic, many people have started using cards on a daily basis and for a variety of transactions. This can lead to the potential of their data ended up online making it easier for fraudsters to take advantage of this information if leaked.
source: 2022 BBB Online Scams Report: Start With Trust Online
What is Credit Card Fraud?
Credit card fraud can be defined as the criminal use of another person’s credentials or credit standing. Credit card fraud is one of the most prevalent types of financial fraud and identity theft. Federal Trade Commission's data for 2022 shows that consumers lost over $2.6B in 2022 in imposter scams.
When it comes to credit card fraud, all of them fall into one of two categories, either card present or card not present fraud.
Card Present Fraud
Card present fraud happens when the criminal uses a physical card, which is either stolen or duplicated, to make fraudulent purchases. Card present fraud can be the result of the theft of a card through robbery, pickpocketing, or mail theft.
Criminals may also leverage card skimmers installed at frequently used payment points to collect and store the card details when swiped; this data can then be used to produce a duplicate payment card or clone.
Card Not Present Fraud
Card-not-present fraud happens when the criminal uses the details associated with the card, such as the card number, account holder name, and CVV code, without having the card in their possession.
In some cases, card-not-present crime is accompanied by account takeover techniques. This is when fraudsters contact a credit card issuer and purport to be a legitimate cardholder to change information associated with the account, such as the phone number or address. This will allow them to verify purchases and authenticate activity by evading many fraud detection tools.
Source: Insider Inteligence, 2022
How to Detect Credit Card Fraud?
Credit card fraud detection is an essential aspect of maintaining financial security in the age of digital transactions. The goal is to identify unauthorized or suspicious activities as quickly as possible to minimize financial loss and protect customers. Banks, card issuers, and other financial institutions are utilizing different policies, tools, methodologies, and practices to combat identity fraud and stop fraudulent transactions.
After 2015, credit card fraud shifted more towards Card Not Present fraud type. This happened because MasterCard, Visa, and Europay introduced EMV chip technology. EMV microchip has superior safety and security to traditional cards, as card skimmers can’t use the magnetic strip to capture data from the card and easily produce a clone.
In addition, financial institutions are employing a variety of technologies including artificial intelligence and machine learning that use vast amounts of data to learn user patterns so they can flag any problematic transactions and warn the cardholder about any unusual activity. These modern solutions use data analytics, predictive modeling, and decision-making processes to create fraud alerts and react on time.
How to Prevent Fraud?
Preventing credit card fraud is one of the biggest goals for financial institutions. The first step is to devalue sensitive information to make it less useful if it falls into the wrong hands.
Tokenization is a process of replacing credit card numbers with randomly generated numbers impossible to trace back. That way, the financial transaction doesn’t contain any original information and it still allows payment processors to process payments without exposing a consumer account number.
Tokenization happens when a consumer submits payment details like primary account number and security code to any business. The business then requests the token from the network and the network shares the information with the bank.
Another successful way to prevent fraud is by using rules that help find patterns in large amounts of transactional data to understand when and why they are broken. That way every suspicious transaction can be caught and deftly taken care of. The more transactional data the system has, the easier it becomes to detect and prevent fraud.
The Biggest Fraud Challenges for Institutions
Financial institutions are trying to focus more on detecting and preventing attempted fraud. However, both prevention and detection processes are interlinked as the goal is to reduce fraudulent behavior to a minimum using every technique possible. With most transactions happening online, it's clear that fraudsters are now focused on online transactions.
Financial institutions and networks have categorized fraudulent behavior into 4 types:
- E-commerce and remote payments fraud
- Counterfeit fraud
- Lost and stolen cards
- Account takeovers and other types of fraud
Tools for Fraud Prevention and Detection
Technologies and strategies for combating fraud are designed to fight all four mentioned types of fraud. All major banks and credit card companies are working on heightening security measures and improving their internal processes for fraud detection.
Since banks and credit card companies have to absorb much of the financial liability of credit card fraud, they are heavily invested in preventing fraud by all means. Here are some of the most common approaches to fighting credit card fraud.
Consumer Transaction Alerts
Consumer translation alerts are a very powerful way to stop any fraudulent action before it damages the cardholder’s account. Notifications and alerts are usually sent to the cardholder’s mobile phone, email, or banking application. Every alert is an indication that a transaction has been initiated.
Alerts can be made to reflect some of the consumer preferences or appear only when more than a certain sum of money has been removed from the account.
SMS Text Alerts. BNY Mellon’s retail web portal now allows shareholders to sign up to receive SMS Text Alerts whenever certain account-related events occur, such as profile changes, transactions, and account maintenance. The alerts not only help identify fraud attempts as they happen, but also give retail customers a greater sense of control and confidence. Most BNY Mellon clients have already implemented this new SMS capability, and we continue to onboard clients on a monthly basis.
Call Center-Based Multi-Factor Authentication. In addition to offering 2-factor authentication on the web, there is now multi-factor authentication technology for call centers, including both full-service and remote facilities. Agents issue a token to the mobile device on file for an account and ask the caller to authenticate the transaction in real time. Authentication is currently invoked for certain fraud-sensitive transactions and events and can be expanded on as required in the future.
Dynamic Passcodes
Dynamic code is a one-time unique code required to verify the transaction sent to the cardholder via the banking app, emails, or as SMS. This ensures a high level of security as it authenticates a cardholder according to the regulatory requirements of PSD2 Directive.
Real-time Data Enrichment Tools
Real-time data is useful for enhancing KYC data with aggregate extra data obtained from a variety of sources like open source databases, digital services, and social networks. This tool is helpful in fraud detection as it provides additional information on each cardholder.
These tools are often used for flagging problematic cardholders and high-value customers so the card issuer and bank better understand the risks involved.
Machine Learning (ML)
Machine learning has become one of the cornerstones of fraud detection. In essence, it’s a system that helps gather and interpret as much data possible about cardholders and use it to establish purchasing patterns. When fraudsters use card information in a new location, alerts, typing speed information and new phone recognition. Also, if the transaction was done in a strange time the system can flag those transactions and make sure the cardholder knows what’s going on.
The black box fraud prevention system is a machine learning model that helps prevent card fraud. These systems are becoming more and more popular as they are fast to give a credit card risk score pinpointing what factors are likely to lead to risky transactions.
There are two types of machine learning, black box and white box. After 2021, most systems in use are black box, since this type of ML uses new technologies like big data, string similarities, deep learning, and neural networks.
Know Your Customer (KYC)
KYC is a significant approach to fighting financial fraud. It is designed to perform identity verification on a variety of levels (like ID verification), thus allowing financial institutions to meet compliance requirements and prevent fraud for their customers.
The KYC process includes ID, face, document, and biometric verification. For example, in India, banks can use e-KYC which allows them to verify people’s identities through a separate government-verified application.
New Technologies for Fraud Detection
Voice Biometrics
This year, financial institutions and banks will introduce biometrics and artificial intelligence (AI) to passively authenticate callers based on their voiceprint. The technology compares a caller’s voice characteristics—vocal range, talking speed, speech patterns, and so on—against a verified, previously enrolled voice sample.
In addition to the audio voiceprint, a conversation print process transcribes the contents of the call and compares it to callers’ typical vocabulary and syntax. Additionally, behavioral checks review the data collected on the caller’s device, geographic location, and more.
Voice biometrics can help identify fraudsters, as well as flag calls potentially made under duress. Most importantly, it automates the most annoying part of the authentication processes for shareholders, letting them access their accounts faster without wading through questions about zip codes, maiden names, or account numbers.
Enhanced Knowledge-Based Authentication (KBA)
Another new solution for fighting credit card fraud is knowledge-based authentication technology, which validates cardholder identities against outside sources. Examples of personal information used in KBA are a person’s social security number, date of birth, phone number, address, employment history, and so on.
This technology incorporates third-party data and tools from different providers and gives access to data on 400 million people from over 10,000 sources. It checks to see whether personal information like phone numbers, addresses, and other data provided by a caller appear in association with the same individual in other records. It can also combine data from multiple sources to create extremely hard-to-guess challenge questions.
Adaptive Authentication
Later this year, BNY Mellon will introduce an AI fraud risk scoring capability, which will pull together analytics from multiple channels to provide clear guidance to agents during a call.
Anomalies such as unusual device attributes, excessive numbers of transactions, or failed voiceprints will be combined into a single risk score. A high score can trigger stepped-up authentication, a transfer to a fraud analyst, or even a failed transaction. The risk engine is designed to make agents’ jobs easier by simplifying a wealth of data into a single real-time metric, helping to stop fraud before it happens.
Tech to Prevent Counterfeit Fraud When Using a Credit Card
Address Verification Service or AVS
Address Verification Service (AVS) is one of the most widely used fraud prevention tools in card-not-present (CNP) transactions. An AVS check compares the billing address used in the transaction with the issuing bank’s address information for the cardholder. It is a common sense check since the majority of purchases go to a customer’s address.
Geolocation
Visa pioneered geolocation technology for card transactions in 2015. Essentially, it matches a cardholder’s mobile phone location with the location of a transaction. Geolocation offers one more data point when accepting or declining a transaction and may work in conjunction with other tools.
For example, the consumer may be sent a unique passcode on her mobile to confirm that she is the one initiating the transaction. Presently, Visa has combined many of its security solutions into a suite of tools called Visa 3-D Secure 2.0, which holds the promise of stronger defenses against fraud by increasing the amount and type of data used in verifying transactions.
Account Takeover Tools
There has been a great emergence of tools to detect account takeover including biometric authentication to confirm identities, activity analytics that compares current online behavior with past established patterns, and general card verification. Card Verification Methods (called card verification value [CVV] or card verification code [CVC] for some card brands and card identification [CID] for others) are typically required in CNP transactions, where a PIN cannot be used.
Most debit or credit cards carry a three- or four-digit code, which the cardholder must enter to complete many transactions. This code is printed only on the card, and CVV/CVC verifies that the person making the transaction is in possession of the card.
Final Word
By digitizing fraud prevention capabilities using AI and other advanced technologies, banks and financial institutions can speed up their response to fraud—and in turn help cardholders feel more comfortable moving to digital payments.
Payment by debit and credit card has now become a way of life for billions all over the world, a far cry from the 10,000 consumers who signed up for the world’s first charge card introduced in 1950. In the U.S. alone, card payments now run close to $7 trillion annually, according to a recent study by the Federal Reserve. But this ubiquity is beset by widespread fraud that is costing consumers, banks, and networks billions in losses.
Taking steps to protect users and their accounts means using the available anti-fraud tools and continually improving them and discovering new techniques and technologies year after year. As the payments industry is a domain we understand well, our consultants can support companies that offer prepaid or credit cards and provide them with the anti-fraud solutions their cardholders will appreciate and that will help them comply with regulations.
Don't let payment fraud hinder your business growth! Leverage Softjourn's financial development expertise to secure your transactions and safeguard your customers' data. Our team can help you implement cutting-edge solutions tailored to your needs.
If you are interested in finding out how to protect the users of your platform, don’t hesitate to contact our team.
