By Sunil Rongala
MRL Posnet Private Ltd.
Editor's Note: While the majority of our readers are doing business in the United States, The Green Sheet periodically publishes articles about the payments landscape in other countries and regions. This is because the various economies of the world are interconnected, some U.S. payment professionals are already expanding or wish to expand their businesses beyond our borders, and cross-pollination of ideas and practices across global regions could foster further innovation to boost business within the U.S. payments market and elsewhere.
Fraud is a growth industry, and payment card fraud is a growth industry on steroids. Annual card fraud runs into the tens of billions of dollars, and India remains a top destination for card fraud done on POS terminals. Existing mitigation efforts are touching only the tip of the iceberg and are focused primarily on reducing financial liability, not preventing fraud before it happens.
While e-commerce transactions are on the rise, card fraud in that realm has largely been contained because of mandatory two-factor authentication on all transactions done using Indian cards on Indian websites. This article focuses on card fraud done on POS terminals because it is very likely this is where large-scale fraud will happen going forward.
The number of POS terminals in India, depending on whom you ask, currently ranges from 400,000 to 600,000, with the industry having seen no real growth in the past few years.
This is set to change. A consortium of government-owned banks recently put out a request for proposal that "involves the selection of Service Providers who can manage the entire Merchant Acquiring Business of the Public Sector banks on a fully outsourced model by giving an end-to-end solution related to deployment of POS terminals at Merchant locations and providing the complete range of Managed Services."
The consortium expects the deployment of 1.5 million terminals in the first year of operations and 2.6 million in the second. These numbers are impressive and almost certainly mean that fraud on POS terminals is going to rise.
Currently there are 18.5 million credit cards and 306 million debit cards in the country. In fiscal year (FY) 12 (which began in April 2011 ended in March 2012), credit card transactions volume was 319 million, and the value was 966 billion Indian rupees (INR). There were 327 million debit card transactions for a value totalling INR 534 billion.
In the first seven months of FY 13, the number of credit cards in circulation went up 5.2 percent year over year; the volume grew at 22.6 percent; value was up 25.3 percent.
For debit cards, the number went up by 20.1 percent; transactions volume grew at 36.7 percent; value was up 30.4 percent. With this sort of solid growth, this space will inevitably look more attractive to fraudsters.
The types of card fraud occurring in India, especially in the case of POS terminals, are:
While certainly not high on the fraud scale, this is widely viewed by risk managers as a gateway to more serious fraud. A big problem in this scenario is that some cardholders do not pay their credit card bills, and issuers sometimes attempt to recover this money from acquirers by initiating disputes.
In India, the fight against fraudsters is compounded by problems on several fronts. These include:
While there are negative databases derived from schemes that have been detected, they are largely ineffective because people often use initials in India, and if known fraudsters use variants of their own names, they become virtually undetectable. The same applies if the name of a shop is changed from, say, ABC Cleaners to BCD Cleaners.
Obviously, fraud will never fall by 100 percent, but steps can be taken to dramatically reduce it. Some steps being taken, apart from monitoring transactions using fraud detection tools, are:
Because of this, true fraud mitigation should go beyond reducing financial liabilities and should include detection before the fact. That said, acquirers are not entirely at fault because no merchant underwriting is available in India.
Proper mitigation can only be achieved if a negative merchant database is established, which has been proposed by regulators. However, for a negative database to work in India, it must be tied to a biometric database.
The Unique ID (UID) program, which is tasked with assigning each Indian a unique identification number in addition to maintaining a database of biometric information, may provide the answer. The program has already rolled out over 300 million such IDs. If the proposed database is not tied to the UID program, it will be dead on arrival, and with it, a large part of India's effort to fight card fraud.
Sunil Rongala is the Head of Risk Containment and Business Strategy at MRL Posnet Private Ltd., a technology-driven transactions facilitator based in India. He is a professional economist and holds a Ph.D. in economics from Claremont Graduate University in California. To reach him, call +91-99490-61784, fax +91-40-2355-4002 or send an email to firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next