The Green Sheet Online Edition
July 28, 2008 • Issue 08:07:02
Canada goes to chip, fraudsters move south: Are you ready?
Editor's Note: This article was originally published in The Acquiring Mind, issue 3, May 3, 2008; reprinted with permission. (c) 2008 Take Charge Business Consulting LLC. All rights reserved.
Canada's push toward chip and PIN smart card payments is a reality. The first rounds of testing have been completed with overall positive results. It is a fact that when chip goes in, the fraud losses go down - or do they?
Actually, the fraudsters really just move on to someone easier to trap.
Canada's target date for 100 percent conversion to chip is the end of 2015. With no sign the United States will go toward chip, the fraud will most definitely move our way. Fraudsters are lazy; they target the easier victims.
An ounce of prevention
What are some preventative measures an ISO can take to prepare for an increase in fraud?
First and foremost, always file your suspicious activity reports, and report all criminal activity to federal authorities or the local police. It's a lot of work prepping a case for law enforcement, but if you have a standard template to follow, it is not as labor intensive as you might think. The bad guys do not like to mess with processors who call the police. If you get some arrests, they will leave you alone and move on to someone else.
Now is the time to shore up your risk system. Many systems were written long ago; many philosophies and fraud trends have changed. And the nature of fraud changes constantly. If your risk system does not allow for additional rules and alerts to be added on the fly, it will become obsolete very quickly.
One of the most undermonitored items is card numbers. The fact is usually the bad guys have a limited number of credit card numbers to work with. If your monitoring system is not equipped to allow you to tag card numbers known to be used in fraudulent activity on your own portfolio, you need to think about updating your system.
Nothing is worse than getting hit with a fraud and then three months later getting hit again with fraud using the same card numbers. We see it all the time.
As soon as you detect a fraud, investigators should be running card searches. Once the searches have been run, the fraudsters can strike again. Known fraud cards should be a flag category in your risk system.
Authorization monitoring is huge, and it is amazing how many processors and ISOs still do not monitor for excessive declines. Tracking excessive declines is the most important fraud detection tool. Usually programmers and developers simply do not want to, or do not understand how to decode authorization files. This should not be an excuse. Authorization files can be decoded and monitored properly.
Last but not least, train your call center people on the basics of risk. They are your first line of defense, and properly trained customer service representatives can be a huge asset in detecting fraud.
Let's face it: Risk is the sexiest job in the company. Everyone loves to hear the stories. Set up brown bag lunches, and tell your stories. You will find trained customer service reps will alert you to suspicious activity concerning statements, downloads and so forth.
Risk assessors can't possibly talk to every merchant, and losses are everyone's responsibility. Use your frontline warriors.
Deana Sellens specializes in operations, risk, compliance and project management consulting. She is a Partner in Take Charge Business Consulting LLC, as well as the current President of the International Association for Financial Crimes Investigators, Gulf Coast Chapter. Deana has a unique customer service oriented attitude toward risk and a proven track record in reducing bankruptcy and fraud losses. Contact her at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.