23 Mar

What can banks do as EMV pushes fraud to new places?

By: Dan Frechtling, SVP Marketing and Chief Product Officer

 

The US is the last G-20 country to shift to the EMV standard for credit cards. In this context, the Retail Payments Risk Forum blog of Federal Reserve of Atlanta published a piece last Monday  by David Lott called, “Squeezing the Fraud Balloon.”

The post starts with the consensus prediction that EMV cards and hardware will boost security. Next, fraud will begin declining at point of sale. For example, stolen credit cards will be harder to  exploit when POS systems verify the chips in EMV cards rather than magnetic strips alone.

This is good news. Now for the bad news: fraud is going to shift, not disappear. The consensus view also foresees that fraudsters will merely transfer their criminal activity online. Indeed, the Aite Group projects that CNP (Card Not Present) fraud losses will grow from $3B in 2015 to $6B in 2018. This is based on the experience of Europe, Canada, and Australia.

But the consensus view misses that fraud is also going to migrate to bank credit and checking accounts. David, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed, writes:

“Canadian financial institutions report that fraudulent applications for credit and checking accounts have increased as much as 300 percent since that country’s EMV liability shift.

Criminals are opening checking accounts to perpetrate overall identity theft fraud as well as to create conduits for future counterfeit check or kiting fraud. And they’re submitting fraudulent credit applications to purchase automobiles or other merchandise that they can then sell easily.”

These activities have moved south of the border to the US. In advance of the October EMV liability shift, US FIs (Financial Institutions) have already reported more fraud from duplicate items and fake checks. This happens in a “bust out” mode, where legitimate accounts fly under the radar and become actively criminal after half a year or  more.

What to do? Banks can apply transaction monitoring to spot fraud as (or after) it occurs. But this is necessary but not sufficient. They must also follow sound KYC processes to spot bad actors before they commit fraud.

Risk officers at FIs need merchant intelligence at the point of onboarding to keep bad apples out if the barrel before they rot. Upfront fraud history and hidden risk in tools like the G2 Merchant Map can supplement software from firms that catch transaction anomalies after the fact. Learn more about KYC Governor and ways it can help banks here.

David closes with his suggestion for FIs:

“The time to examine and improve your fraud detection capabilities across all the channels customers use is now. Financial institutions should already be evaluating their check acceptance processes and account activity parameters to spot problem accounts early.

Likewise, financial institutions should make sure their KYC, or know-your-customer, processes and tools are adequate to handle the additional threat that the credit and account application channel may experience. Be proactive to prevent the fraud in the first place while ensuring you have the proper detection capabilities to react quickly to potential fraudulent attempts.

If we want to constrict the balloon of fraud, we’re going to have to constrict the whole thing with consistent, equal pressure.”

Find out more about the KYC Governor answer to this ballooning problem. 

Share this