By Patti Murphy
I've always been fond of carnivals. It wasn't the carnie rides or the sideshows that drew my attention, but the games. I find myself reflecting on those days whenever I write about payment fraud. That's because fighting payment fraud is a lot like playing a rigged game of ring toss, milk bottle pyramid, balloon and dart, or any number of other popular games that line midways worldwide.
Like children determined to win that top-shelf carnival prize, financial institutions and their clients keep thwacking at the problem but seemingly never manage to vanquish the fraudsters leveraging payment systems to criminal advantage.
Data compiled by the American Bankers Association suggests that in 2014 almost every bank in the United States sustained losses from demand deposit (checking) account (DDA) fraud. The biggest culprit: debit cards; 94 percent of banks lost money to debit card fraud, according to the ABA's data. Check fraud resulted in losses at 60 percent of banks, while fraud involving remote deposit capture of checks resulted in losses at 7 percent, the ABA added.
But here's the good news: banks are getting better at spotting potential fraud. "Banks' sophisticated fraud prevention systems and customer vigilance successfully stopped 85 percent of fraud attempts in 2014," said Doug Johnson, Senior Vice President, Payments and Cybersecurity Policy, at the ABA.
Bank losses to DDA fraud totaled $1.91 billion in 2014, up from $1.744 billion in 2012, but banks also managed to avoid $11 billion in fraud losses, according to the latest ABA Deposit Account Fraud Survey.
A new report from Pymnts.com and Forter Inc., a company specializing in fraud prevention, paints a bleaker picture for retailers. Titled Global Fraud Attack Index, the report revealed that fraud attacks against online merchants based in the United States have grown by 11 percent since the October 2015 EMV (Europay, MasterCard and Visa) liability shift from card issuers to merchants.
Additional data points from that report indicate that online merchants:
"Let there be no doubt: payments fraud is an enormous challenge for all organizations," said Jim Kaitz, President and Chief Executive Officer of the Association for Financial Professionals, a trade association for corporate treasury executives that surveys members each year about fraud experiences.
According to the 2016 AFP Payments Fraud and Control Survey, released in March, check fraud remains a huge threat to corporations; however, wire fraud is growing, too. In 2015, 48 percent of companies surveyed by the AFP had been exposed to wire fraud, up from 27 percent in 2014 and 14 percent in 2013.
By and large, treasury managers think EMV should help alleviate fraud pressures, the AFP reported. Yet 90 percent expect fraudsters to shift their focus away from cards and toward other payment methods as EMV takes hold in the United States; that's up from 80 percent in 2014.
The liability shift related to EMV puts merchants on the hook for billions of dollars in card-present chargebacks that, in the past, had been borne primarily by card-issuing banks. It has been highly controversial.
In March 2016, a group of merchants sued the card companies, leading issuers and EMVCo (which manages the EMV standard) challenging the liabilty shift in federal court in California. The merchants assert the mandated 2015 shift was unrealistic, even for those who purchased new terminals, because the terminal certification process is ongoing and probably will be for several years to come. Merchants and consumers, alike, also complain that EMV card authorizations take longer than traditional magnetic stripe cards, slowing down the checkout process. Harbourtouch polled 5,000 consumers recently and found 67 percent consider mag-stripe cards the fastest way to pay at the POS. What's more, nearly four times as many consumers are more concerned about speed at the checkout than about the availability of EMV terminals, according to Harbortouch.
On average, it takes seven to 10 seconds to authorize a chip card compared with two to three seconds with traditional mag-stripe cards. The card companies aren't backing down from the liability shift, but they are trying to make EMV more palatable for merchants. Last month, at Transact 16, the Electronic Transactions Association's annual conference, Visa Inc. heralded an EMV technology upgrade, Quick Chip for EMV, designed to speed up checkout times.
Quick Chip specifications are available free to processors, acquirers and networks. It is supposed to allow for customers to dip and remove their EMV chip cards from a POS device in two seconds or less without having to wait for their transactions to be finalized. MasterCard Worldwide developed a similar technology improvement it calls M/Chip Fast.
Acquirers, ISOs and device manufacturers are praising the moves. "Being able to make this update using existing EMV chip infrastructure and not requiring re-certification means retailers can integrate this enhancement into their solutions with minimal impact to the POS terminal application," said Allen Friedman, Vice President of Payment Solutions North America at Ingenico Group, in discussing Visa's Quick Chip.
Both MasterCard and Visa insist the migration to EMV cards is moving rapidly. But is it? MasterCard reported in March that over 67 percent of consumer credit cards that carry its logo now feature chips and that 1. 2 million U.S. merchant locations can now accept EMV cards. Visa claims more than 265 million Visa-branded chip-embedded credit and debit cards have now been issued to U.S. cardholders and that 20 percent of all U.S. merchant locations are equipped with chip-enabled card readers.
Unfortunately, that leaves plenty of opportunities for fraudsters to continue striking and for our national carnival of losses to continue, pretty much unabated.
Patti Murphy is Senior Editor of The Green Sheet and President of ProScribes Inc. She is also the founder of InsideMicrofinance.com. Email her at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next