Credit card business components work in various manners. On the acquisition side, it requires routine maintenance and testing of features, offers, and text. As the goal is to bring in new applications, offers need to be competitive and compelling. For transaction authorizations, policies tend to be static although best practices will ebb and flow with purchase volumes. Collection strategies require persistent outbound calling, with champion and challenger strategies to keep staff dialing-and-smiling.
Fraud, however, requires constant honing because attacks are unpredictable. There are routine countermeasures, often driven by consortium data on management tools such as FICO Falcon, but data compromises require the manager to be constantly vigilant.
Here is an interesting story at Bankrate which recaps network strategies along with some issuer techniques.
- Data breaches at large companies have become all too common over the past few years. Between Equifax, Facebook and Marriott, it can seem like it’s certain your data has gotten into the wrong hands at some point.
- The good news is, as data breaches become more common, credit card networks have begun ramping up their security measures. Networks, which include Visa, Mastercard, American Express and Discover, are responsible for facilitating transactions between merchants and credit card issuer banks that exchange the money, like Capital One or Chase. This means they are the first lines of defense against fraud.
Fraud management is not a one-and-done effort. It requires industry participants to add layers of protection. Do this to protect against fraudulent applications. Do that to shield against cardholder fraud. Try this to counteract skimming, and on and on. Unlike collections, where operations must separate the wheat from the chaffe by determining who can but won’t pay versus those who want to pay but can’t, Fraud management is an endless pursuit of protecting the integrity of the authorization switch.
On the issuing side, networks and issuers play essential roles. Here are some thoughts by the networks.
First, from the top brand, Visa.
- Visa describes their security program as “a multi-layered approach designed to keep your customer data safe.”
- “These security layers protect cardholder data, enhance payment system security among e-commerce and brick-and-mortar merchants and prevent fraud using a combination of cutting-edge technology and human expertise in cybersecurity and fraud prevention,” says RL Prasad, senior vice president of Payment System Risk at Visa.
- Visa monitors and prevents all fraud attempts through artificial intelligence and their Payment Fraud Disruption team, but they implement additional measures based on whether transactions are made card-present or card-not-present.
- Card-present transaction security relies on EMV chip technology and geolocation data. “If a cardholder is in San Francisco but a card-present purchase is being made in Idaho, the transaction will be flagged for fraud,” Prasad says.
- To protect card-not-present transactions, Visa uses a combination of tokenization, which replaces sensitive card information with digital “token” identifiers during online transactions, biometric authentication through fingerprint or facial recognition and near real-time transaction alerts.
Moreover, archrival Mastercard follows a similar focus.
- Mastercard also takes a layered approach to security that focuses on eliminating fraud from the system, says Chris Reid, executive vice president of Services at Mastercard North America.
- “Starting from identity verification to authorization, Mastercard’s layered approach to security identifies the right user throughout the consumer experience and across customer touchpoints — before, during and after the transaction,” he says.
- First, “The Identity layer authenticates that the person is who the person says the person is,” Reid says. Mastercard uses behavioral biometrics to authenticate users and provide a secure environment for their transactions. This is combined with “risk-based authentication” through Mastercard Identity Check, which “provides merchants and their banks an easy way to upgrade and enhance current security solutions to determine potential risks.”
- Next, Reid says, “The Detection layer predicts and prevents fraudulent behavior and malicious attacks before they happen.” Mastercard scans network activity and intervenes when there’s a large-scale attack. They also analyze transactions to improve security and make sure real transactions are approved.
- Finally, “The Prevention layer secures the infrastructure against cyber attacks by protecting accounts, devices and data,” Reid says. This includes implementation of the EMV chip and a secure tokenization system.
In contrast, three-party networks such as American Express and Discover need to manage both sides of the equation for cardholders and merchants.
At Amex:
- “Our state-of-the-art monitoring tools, controls and policies help detect and prevent fraud in our operations around the world.”
- “To combat the increasing sophistication and scale of fraud attacks, we use advanced, machine-learning algorithms to evaluate different data points and make fraud risk decisions on every American Express transaction, anywhere in the world, within two milliseconds,” Johnson says. “Machine learning models also allow us to delve much more deeply into understanding the unique patterns of our customers’ spending and fraudulent episodes.”
- In addition to consumer prevention, American Express has partnered with merchants to detect and prevent thieves from using compromised information and integrated authentication methods to identify theft.
- American Express contacts cardholders if they suspect unusual activity on an account and also offers fraud alert notifications. In the event of a major data breach, their security increases.
- “When an entity that has been breached informs us which card accounts were impacted, we elevate our level of fraud monitoring on those accounts,”
And, at Discover,
- Discover’s fraud prevention measures can be activated by all parties and allow it to alert cardholders if something goes awry with their account, says Laks Vasudevan, vice president at Discover.
- “We also provide additional tools for our cardmembers that go beyond just these measures, to give them more control around the security of their account, such as our Freeze It function, Social Security Number alerts and new account alerts,” Vasudevan says.
- If a Discover cardholder does fall victim to fraud, “the free alerts from Discover are backed by 100 percent U.S.-based fraud resolution experts who can even help cardmembers place a fraud alert on their credit files with all three major credit bureaus,” Vasudevan says.
- Because Discover constantly monitors every purchase, they are able to alert customers of any suspicious activity, but also encourage cardholders to reach out if they believe they may be a victim.
Everyone, from consumer to network, and issuing bank, needs to be vigilant. Consumers can be a line of defense by paying attention to what authorizes and posts to their account, which they can do through account alerts. We cover that countermeasure in this recent research.