The Green Sheet Online Edition
October 12, 2009 • Issue 09:10:01
Vigilance is watchword in fraud prevention
Crime is an unfortunate byproduct of success. As the prepaid card industry grows and prospers, it becomes a greater target for fraud. In a Javelin Strategy & Research webinar entitled Fraud Mitigation and the Prepaid Processing Relationship: Moving from Fraud Detection to Fraud Prevention, industry experts focused on the intricacies of fraud schemes and the steps businesses should take to detect and alleviate them.
According to Bruce Cundiff, Director of Payments Research and Consulting at Javelin, common schemes include:
- Compromised gift card numbers - fraudsters steal unregistered gift card numbers, clone those numbers onto blank cards and then make fraudulent purchases with them.
- Forced post transactions using closed-loop cards - fraudsters work with merchants or employees to "force" transactions on cards after those cards have been used by customers to make legitimate purchases.
- Test loads - fraudsters pose as service providers to make test loads at POS terminals, and they secretly load cards with value.
To detect such schemes, processors and program managers look for discrepancies in cardholder data and irregularities in how the cards are used.
For example, when customers enroll online to receive prepaid cards, they typically supply birth dates and phone numbers; that information can be compared to the information captured when potentially fraudulent transactions are made.
"The address you use on a credit or debit card to fund that card - does it match the profile address?" said Virgil Mathias, Senior Business Leader with Visa Inc.'s Prepaid Processing division. "Is that address in your negative file? Is it being used repetitively through your program? You can identify mutual fraud that way."
Call centers and the cardholders themselves can be enlisted to flag fraud. Customer service representatives are highly attuned to changes in customer behavior, Mathias said. When call volumes spike or when the type of questions asked veer from the norm are clues that fraud may have been perpetrated, he noted.
To prevent account takeovers, legitimate cardholders can be alerted when questions arise concerning suspicious transactions or account activity. "If you have a payroll card and a profile change and the cardholder did not initiate that, a real-time message to the cardholder, either by an SMS [simple message service] text message or via e-mail, [can] alert them to potential account takeovers," Mathias said.
On the tightrope
However, fraud and risk management is a balancing act. A program must be tailored to the type of prepaid card it powers.
"The gift card program that has point of sale access, limited maximum load, probably doesn't have as many fraud rules or compliance issues set up around it," Mathias said. "But as you expand the program ... where you have multiple reloadable options, reload networks or other cards, the rules are expanded."
Flexibility in load and purchase limits is also important. For example, a payroll card should have a "slightly higher per-day limit" than another type of card to allow for the occasional, big ticket purchase, said Liz Nutting, Vice President of Prepaid Card Implementations with Palm Desert National Bank in Riverside County, Calif.
The ability to grant overrides is another necessity. A new cardholder without a steady transaction history would not necessarily be granted the same latitude as an older cardholder with a regular transaction history. If the older cardholder contacts a call center wanting to withdraw a large amount of money but is being declined at the ATM, a customer representative can override that cardholder's withdrawal limit.
The goal is to "maintain customer satisfaction but, at the same time, balancing your risk tolerance over the entire program," Mathias said.
Nutting said fraudsters constantly vary their schemes to keep from being detected. A popular fraud currently being perpetrated involves automated clearing house (ACH) transactions, where fraudsters hijack ACH accounts and use processors' own systems for bank-to-card transfers, she said.
Another current scheme entails fraudsters who, using funds from their own bank accounts, load prepaid cards via the ACH. Then they turn around and have the money transferred from the cards and contact their banks, saying the transactions were unauthorized. "So they are using the card to commit fraud against the originator," Nutting said.
The webinar presenters agreed that combating fraud through coordination and communication is vital. From the time prepaid card programs are first implemented, all program participants - from lawyers to professionals from companies' compliance and risk departments - be on board and on the same page, Mathias advises.
Additionally, program managers should be communicating with payment processors to establish baseline trends of cardholder behavior, as well as what may constitute fraudulent behavior - meaning "not just fraud trends but usage trends," Nutting said. By knowing an average number of POS transactions on a daily, weekly and monthly basis, one can more easily detect abnormal activity, she added.
Communication is also important to root out hard-to-detect fraud. "We see instances where different programs can be hit by the same type of fraudulent activity but, in themselves, wouldn't alert anybody to that activity," Mathias said. By comparing transaction characteristics across multiple programs, providers can recognize trends that would otherwise go unnoticed.
"It's just not the program managers; it's just not your processor," Mathias said; in fraud management and prevention, "it takes a village."
For more stories from SellingPrepaid E-Magazine, as well as breaking news and forums devoted to the prepaid sphere, please visit
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.