ATMs Drive Debit Card Fraud To Record Heights

Fraud detection and prevention is no cottage industry. As debit and credit cards grow in the field, making inroads to consumers where they’d not been held before, so too has the opportunity grown for skimming and pilfering. And FICO has seen an alarming uptick and uptake in skimming and other practices designed to separate debit cardholders and their funds.

In an interview with PYMNTS’ Karen Webster, TJ Horan, vice president of fraud solutions at FICO, said that his operation monitors debit card traffic in the United States, utilizing both technology and analysts and “looking for anomalies.” And once anomalies are found, that information is pushed back out to financial institutions.

“One thing we have seen as we look back at 2016 is … a 70 percent increase in the number of compromises through various events. FICO has also seen that, in terms of the overall number of individual sites where these compromises have taken place, the number has risen in overall count by 30 percent. That follows a significant increase we had seen in 2015,” said Horan, “of 574 percent,” which brought activity to record levels.

All of this follows a trend that has been seen before, stated Horan, where the magnetic details of the back of a card and PINs are captured due to remote capture — “that technology has continued to get cheaper and more widely available,” the FICO VP said. And in the end, a wide variety of individuals and groups have been able to leverage those practices and technology into a boost of skimming episodes.

Webster noted that vulnerabilities at non-bank ATMs can be exploited due to location — think of the corners of convenience stores or less-than-vigilantly monitored placements of the machines. Said Horan, “there may not be as many physical deterrents to someone who wants to physically manipulate the machines … Those are areas where, as a consumer, I would want to have just a little bit of sense of extra caution.”

And while just over 50 percent of the compromises are taking place at non-bank ATMs, the remaining 40-plus percent are broken down this way: About a quarter of the remaining total are bank locations, leaving the rest to point-of-sale (POS)-centered fraud. Though POS has grown slightly in number of incidents, Horan maintained that these sites are more heavily monitored, with some awareness and vigilance on the heels of EMV.

In other advances, technology has improved enough to offer consumers alerts and a broader range of options for information flow to those consumers. Speed is key here, too. Fraud gets done faster (in terms of duration of event) and gets caught faster too, explained Horan.

In describing the aim of the data released by FICO, he said, the goal is alerting stakeholders to the cards that have been compromised, and then individual institutions work with individual merchant locations and, in some instances, work also with law enforcement to short-circuit fraudulent activity.

“FICO’s role,” he continued, “is about alerting the financial institution to the consumer account that might be at risk,” with an eye on collaboration with authorities.

Beyond the statistics just noted, Horan said that amid EMV and the ongoing transition to chip-enabled use, there remains pervasive swiping of cards at terminals. “There are certainly locations where [terminals] are 100 percent chip-enabled, and those locations are more secure.”

(And then there are those locations, noted Webster, with tape on the bottom, masking the slot to insert the card, forcing users to swipe and perhaps open themselves up to fraud. Yeah, look out for those. And avoid them.)

The road may be a long one, Webster stated, as it may take seven years for every single one of those terminals to be replaced. The strategy, said Horan, is one where the industry does not “take our foot off the gas” and other moves forward, like the growing use of mobile devices, which is encouraging for payments. Along with increased monitoring from the FIs, said the executive, those mobile devices can continue to be used as a conduit toward alerting consumers to “help drive down and drive out fraud.”