Can FIs Get In Front Of Fraud?

Be proactive. Monitor across channels. Be vigilant. The motherhood and Apple Pie of fighting cybercrime. But Fiserv’s VP of Risk Solutions, Patrick Davie, says that empowering consumers could be the FI’s ticket to getting in front of fraud. Davie offers that and four other “fraud to-do’s” that help keep fraud at bay.

PYMNTS: Fraud is a worldwide problem costing businesses more than $100 billion annually. Just as the U.S. is migrating to EMV, fraud is also on the move and it’s getting more sophisticated. What kind of risk trends is Fiserv seeing in the marketplace right now?

PD: It’s clear that financial institutions are operating in an extremely challenging environment. Some of the key trends we’re seeing include more diverse cardholder activity patterns, making it more difficult to recognize legitimate cardholder behavior. We’re also seeing more creative and pervasive fraud, including flash fraud, which could result in huge losses before issuers can react and respond; criminal attacks that have increased in magnitude; social engineering tools that exploit consumers with phishing attacks; and criminal efforts to install malware.

The list goes on, but I think what we need to cap the list off with “vishing” and “smishing.” Vishing is voice phishing typically used to steal cards or other information used in an identity theft scheme, and smishing is SMS phishing, using cellphone text messages to induce people to divulge their personal information.

But the most worrisome trend of all the various trends is the continued breach activity at merchants and FIs. It’s occurring at an unsettlingly regular pace, and this is really driving the increase in fraud loss.

An interesting side note to this trend is that the true cost of fraud – already billions of dollars – likely underrepresents the total cost to FIs. It is important FIs understand that the cost of fraud goes way beyond just the actual fraud loss. What they should make sure they do is account for additional categories of expense that are often underreported, or perhaps not reported at all, like the back office operational expenses associated with research, cardholder service, and the cost to reissue cards. There’s a chance those reissued cards are not going to be used or, even worse, that accounts will be closed. And these things directly impact the profitability associated with cards and card portfolios.

PYMNTS: You talked about a number of risk trends there, how are EMV and tokenization going to affect those trends?

PD: With the implementation of EMV aggressively underway in the U.S., that means we’re making or will soon make significant strides against point-of-sale fraud at in-store terminals. But EMV is only a partial answer to the overall war against fraud — it simply concentrates on counterfeit fraud and does not do anything to mitigate card not present fraud. And as we’ve seen in Europe, which has had EMV for years, they’re currently in the throes of expanding CNP fraud, and unfortunately I expect to see a repeat of that phenomenon in the U.S.

I think it’s inevitable that as consumers begin to rely more and more on online platforms to transact, new security measures are going to be needed to separate customers from criminals, and that’s where tokenization comes in.

We’re excited about that because it complements the value of EMV, it addresses the potential for fraud to shift to the card not present environment, and in general I’d say it enhances the overall payment ecosystem data security.

Unfortunately, we’re just in the beginning stages of tokenization and the full impact that tokenization will have on fraud is still years away. Both approaches, EMV and tokenization, are undeniably strengthening the payments chain, and FIs should absolutely take advantage of these fraud fighting capabilities.

But fraudsters won’t give up trying to find and then exploit the weak spots in any fraud-fighting eco-system — and FIs need to remain vigilant and diligent as it relates to the shifting patterns of fraud.

PYMNTS: We’ve learned that your approach is to empower financial institutions and consumers to protect their payment cards from fraud. How are you doing that and what are the benefits to your clients?

PD: FIs still need sensible risk management approaches that complement the promise of EMV and tokenization. And I suggest a few best practices. These practices include tools that have been widely available for quite a while — including real-time transaction scoring that blocks suspected fraud at the point of purchase, real-time case management and monitoring, and tracking and monitoring fraud alerts on compromised cards, to name a few.

Additionally, all FIs should consider deploying specific authorization rules that fit the unique characteristics of their card base. The old adage “one size does not fit all” as it relates to operational rules is really true because each issuer’s card base is different from their peers in the market.

I’d also like to highlight customized options, like risk management services. These complement the best practices that I just mentioned, but they also provide additional insight and controls to assist in managing fraud. With a risk management service team FIs receive insights and direction designed to address their institution’s unique card fraud risk exposure.

At Fiserv for example, our industry experts do things like provide advice on remediation strategies. They design and implement customized fraud rules. They generate specialized reports. They provide analytic services, and generally supply other assistance to reduce fraud exposure.

As relates to the cardholders, FIs really need to empower them and educate them on the importance of proactive management. Cardholders who understand how to safely use their cards are reasserting themselves as one of the strongest lines of protection against card fraud.

Up-front cardholder education increases cardholder awareness which helps decrease unauthorized card use and fraud loss. Industry statistics show that cardholders who review their account activity on a routine basis are much more likely to detect and report fraudulent activity.

And another point about cardholders: they should be empowered by their FI to use new technology capabilities to actively manage their card usage by defining when, where and how their payment cards are used. We have a service called “CardValet” that is ideal for cardholders who want to proactively manage their card accounts through their mobile devices. CardValet’s financial management capabilities empower cardholders to monitor and control their card transactions. So for example, if you’re a parent or a small business owner, you can review card usage for your dependents or enforce spending policy compliance for transactions on business cards.

PYMNTS: Fraud continues to evolve – what are you doing to stay on step ahead?

We continue to build out our comprehensive and holistic fraud detection solutions. These tools combine risk solutions with personal hands-on investigative and support services, along with cardholder engagement tools, like CardValet. Comprehensive tools and rules provide our clients with prudent practices they can use to control risk and increase cardholder satisfaction.

But to get a bit more specific, as we’ve been talking about, fraud trends demand risk management strategies that improve detection and operational efficiency, and we are continuing to add to our integrated and coordinated risk management solutions to make sure that our FIs have the ability to build a seamless and multi-layered defense against very complex and changing fraud scenarios. An example of this is linking our card fraud system with our deposit fraud system to provide our clients with a better view on cross-channel fraud. I think this is going to be increasingly important as fraud begins to shift to account takeover fraud and new account fraud, particularly as the future promise of EMV and tokenization seal up the existing attack factors that fraudsters have been able to take advantage of through the years.

Patrick Davie

Fiserv, Vice President of Risk Solutions for Card Services

Patrick Davie is Vice President of Risk Solutions for Card Services at Fiserv with responsibility for risk management efforts supporting debit, credit, and prepaid transaction processing. His experience is across all major areas of risk management—including fraud detection, anti-money laundering, deposit account risk, and portfolio risk. Patrick joined Fiserv from Cortera, a business-to-business data and analytics provider. Previously, he served as GM of financial risk management for Fiserv, where he led the Fraud and Compliance business. Patrick began his risk management career at Equifax.

Patrick is a former officer in the U.S. Army and graduate of the United States Military Academy at West Point, NY.