A Tale of Two Fraud Stats

As PYMNTS.comreported recently, the Federal Reserve for the first time in its triennial payments study collected data related to payments fraud. It recently published the full report, a 192-page document loaded with data. What the discussion on fraud in the full report suggests is: Why all the clamor to move to an EMV-based card system? The fraud rates for card-present activity—slightly less than four basis points for general purpose credit cards—just aren’t that high.

But the data used in the fraud discussion in the full report were based mostly on number of unauthorized transactions, not on the value of unauthorized card purchases and ATM withdrawals. A comparison of both appears in two chart exhibits in the fraud section of the report. Data regarding fraud value isn’t hidden, but it just wasn’t included in the discussion of fraud trends. A more detailed comparison of fraud by transactions versus value is included in a chart on the last page of a 43-page Payments Study report summary, which the Fed released late last year (see chart).

Fraud value is what really tells the market picture and why efforts to move to a technology that’s more secure than magnetic stripes are gaining momentum. The Fed apparently chose in its discussion to highlight fraud-incident likelihood instead of the cost implications of unauthorized activity.

EMV movement

In October next year, liability shifts to the merchant if fraud occurs with a card the retailer had to swipe because its terminal couldn’t read the card’s chip. So this should motivate merchants to embrace chips cards if presented with one. Merchants, however,would prefer that chip cards require a PIN, while networks and card issuers are more poised to support signature-based EMV transactions.

Though less secure than PIN-based purchases, signature-based transactions tend to generate higher interchange income for card issuers. The Durbin amendment debit-rate cap in the Dodd-Frank Act removed much of the difference in PIN and signature-debit card rates, though a move to a chip-and PIN-based credit card system surely would cut into issuers’ profits. That argument doesn’t matter in environments where credit card interchange is regulated as well, such as Australia, where the networks are mandating use of PINs with EMV.

At least one network executive believesrequiring a PIN would slow EMV rollouts in the U.S. It’s doubtful, however, that argument would work for long if the only thing standing between someone getting cash or making a purchase is remembering a number.

A look at the numbers

In 2012, unauthorized signature-based debit and prepaid card sales totaled $1.4 billion, or an average value of $101 per transaction. Discussion in the “detailed” Fed report notes the fraud rate for debit and prepaid signature transactions in 2012 was approximately 4.04 basis points (bps), or about four per every 10,000 transactions. That rate appears to represent an update to the earlier-released summary, which showed the transaction fraud rate to be 4.36 bps.

But the difference is irrelevant when looking at the value of signature-based debit and prepaid fraud, which was a much higher 11.91 basis points (12.45 bps for card present, and 10.9 bps for card not present).

By comparison, the detailed report showed, fraudulent debit and prepaid PIN transactions totaled a relatively small $124.1 million, or an average of $148 each, for a fraud rate by number of transactions of 0.42 bps (0.47 bps in the earlier summary, but still significantly lower than that of signature-based debit and prepaid). The rate of PIN-based debit and prepaid fraud based on value also was just 1.7 bps, which helps one understand why merchants are so interested in PIN-based EMV, and not signature-based chip transactions (though chip-based signature transactions contain transaction identifiers that should make their fraud rates much lower than those for mag-stripe purchases).

Not surprisingly, PIN-debit’s main source of fraudulent activity is at the ATM, where cards are used to get cash. In 2012, unauthorized ATM withdrawals totaled $256.3 million, or an average of $199 each, significantly higher than the $118 average authorized withdrawal. Still, the fraud rate for ATM cash withdrawals in 2012 was just 2.21 bps. The value of unauthorized ATM withdrawals was 3.74 bps.

Unauthorized credit card sales in 2012 totaled $2.3 billion, including cash advances and before any recoveries or charge-backs. Credit card transactions had a fraud rate of 5.76 bps (5.74 bps in the summary—2.92 bps for card present and 11.44 bps for card not present). In terms of value, however, the summary report showed that the general purpose credit card fraud rate was 10.23 bps (9.15 bps for card present and 11.58 bps for card not present).

Card not present

Much of the concern about moving to a more-secure payment method at the point of sale is the migration of fraud to less secure card-not-present situations, namely transactions made online, through the mail or by telephone. They also include automated recurring purchases or bill payments.

Efforts are underway to combat counterfeit card fraud through card tokenization; device fingerprinting, keystroke and other biometrics; and through mobile CMS, geolocation and other practices.

And for good reason. As illustrated in the data noted above, for both general-purpose credit cards and debit cards, card-not-present transaction fraud rates were three times the card-present fraud rates in 2012. The fraud-value and transaction rates for card-not-present matched closely, while the fraud rate for the value of card-present fraud was much higher than that of the transaction fraud rate.

The total value of general-purpose card-not-present payments reported by the networks was $1.4 trillion in 2012, including bill payments. There were almost as many card-not-present payments by debit card (5.5 billion) as by general-purpose credit card (5.8 billion) in 2012, but the percentage of card-not-present payments made with general-purpose credit cards (24 percent) was twice as large as the percentages for debit cards and general-purpose prepaid cards (12 percent). There were only 400 million card-not-present payments by general-purpose prepaid card.

Efforts to combat fraud should focus more on card-not-present fraud, especially as mobile-based online transactions continue to grow. However, card-present fraud rates based on value similarly remain high and require quick attention. But are EMV cards the answer? A view on whether alternatives to EMV might be more practical to combat card-present fraud from Market Platform Dynamics CEO Karen Webstercan be found here, in her column “Is the EMV Journey Worth The Price?”