You don’t always have to go out on a limb in payments to make an accurate prediction of things to come. Take the transition to EMV in the U.S., as Damon Moorer, president and CEO at TCM Bank N.A., told PYMNTS in a recent interview. Before the liability shift in 2015, the industry-wide prediction was that the onset of EMV would reduce occurrences of counterfeit card fraud in-store, but that the industry should expect to see a spike in card-not-present (CNP) fraud as fraudsters moved to easier targets.
Predictions Can Come True
“We even saw the ‘going out of business’ spike in counterfeit fraud that was anticipated, where fraudsters tried to squeeze that last little bit of momentum before the EMV shift occurred,” Moorer said. “Then it died down and shifted to CNP fraud, which today is becoming an increasingly large portion of all card fraud.”
And the problem, he added, is likely going to get worse before it gets better, as more and more sensitive consumer data finds its way into the hands of bad actors. Which means the future of fighting CNP fraud will depend on two things: first, helping consumers become their own best data security advocates, and second, introducing stronger, more context-specific fraud prevention tools.
The Consumer As A Frontline Against Fraud
The bad guys, Moorer noted, have data – and lots of it. So much, in fact, that stealing a card or a card number isn’t even required to commit fraud at this point.
And there is more than one way for that information to be used. Fraudsters can commit account takeover fraud, where they call into a call center, verify themselves and then change the account information to suit their needs. Or they can use that data to create a synthetic identity and obtain entirely new accounts to use. And in the digital era, Moorer noted, new accounts can be applied for and verified in less time than it takes to make a cup of coffee.
“Today, a fraudster can apply for an account, get it automatically approved and spend the entire credit line associated with it in less than two minutes – before the issuer has even sent out a plastic card,” he pointed out.
Or for the particularly precise, there’s always footprint fraud, where a cyber thief uses what they know about a customer’s spending habits to keep their fraudulent transactions within that pattern so as not to set off any alarm bells.
And while there are a variety of technological tools designed to make those fraud attempts more obvious – particularly modern rules engines and artificial intelligence – perhaps one of the most overlooked tools in the battle against fraud in a CNP world are the customers themselves.
The customers, Moorer said, can enlist in the fight for their own data security – and institutions should offer the tools to make them effective in battling fraudsters. That can mean a lot of things in terms of application: SMS alerts when spending appears to be out of pattern, or the ability to turn cards on and off at will, or even something as simple as offering consumers access to their credit scores so they can be made aware of all activity under their Social Security number in real time.
There are challenges in that, he noted – particularly in recruiting customers to the cause of protecting themselves. Moorer pointed out that different customers will be more or less motivated to directly protect their own security on a sliding scale: Some will be very motivated, others not so much.
But what motivates every customer, he continued, is having a good experience when using their cards. And security hiccups can affect that process in ways big and small.
“Anyone who has ever had their card declined at the point of sale, for whatever reason, knows that feeling of embarrassment. It is very unpleasant – and avoiding those kinds of experiences goes a long way toward motivating customers to be good stewards of their own security,” he said.
Moorer added that the technologies consumers are holding in their hands – their smartphones – need to be pushed into the authentication pipeline so that fraudsters can’t buy based solely on what they know, as biometric technology can fill in a clearer picture of who they are.
“I think we are going to see a next generation of tools built around biometrics that will continue to make it easier for customers to leverage things like their mobile devices to authenticate themselves much more directly than answering prompt questions,” Moorer predicted.
That might include things like fingerprint or facial scanning – or even performative biometrics that evaluate factors like how customers hold their phones or the speed at which they type.
Beyond empowering customers, there is also something to be said for a better understanding of context. It is an issue close to TCM’s heart, Moorer said, because it serves the community banking space, a context where the tools it develops need to be somewhat unique.
“We serve community banks and their customers, and there are certain features of those populations that are not well-captured by the global rules engines,” Moorer said. “As a result, we have introduced rules, which you could almost consider micro-rules, that are specific to our space and allow us to identify fraud more directly. This approach has also kept our false positive ratio below the industry average.”
Identifying fraud before it happens and keeping false positive ratios in check is an ongoing challenge, which Moorer says TCM Bank will continue to address in 2019.
“Fraudsters are always going to be a threat, and not one we take lightly,” he said. “However, by continuously refining our tools and enlisting consumers in the battle to protect themselves, I believe that we can stay one step ahead.”