Fighting fraudsters is a complex and ever-evolving challenge. As consumers change the way they pay, fraudsters change the way they steal. For banks to keep up, these new battles require new tactics to minimize losses and reassure consumers.
The rapid adoption of contactless payment cards has given rise to one such ‘new battle’, creating a new discourse surrounding contactless fraud. Whether it’s the digital pick-pocket skimming on busy subways, or spending sprees made on stolen cards, these headlines are making consumers think twice about tap & pay.
While contactless fraud has risen in line with the rate of use, it actually accounts for a pretty small percentage of total card fraud losses. However, with fraud fever spreading and prohibitive payment caps currently limiting genuine spending, the adoption and use of contactless cards is likely to plateau.
So, how can biometrics help conquer the new challenges presented by contactless card fraud? To illustrate, let’s look at how biometrics can directly mitigate the fraud ‘vectors’ (categories of fraud, if you like) that dominate contactless card misuse.
Lost or stolen card fraud
This encompasses any fraudulent use of a card reported lost or stolen. Picture the commonly considered scenario:
You’ve lost your contactless payment card, its fallen into the hands of the 21st century’s Artful Dodger*, and now its fuelling a five-payment spending spree at checkouts.
This is a relatable and common narrative that causes a headache for both the banks and consumers. But with biometric authentication, this scenario becomes obsolete. While it’s easy to steal a piece of plastic, the card is useless without the right fingerprint, reassuring customers the use of lost cards is prohibited.
Skimming and cloning
This falls under the broader category of counterfeit card fraud, where card details are used or stolen to either generate a fake card or be used without the card holder’s knowledge.
Criminals can use hacked payment terminals to skim unsuspecting consumers’ contactless cards and charge them without their knowledge. This is usually in a busy environment, such as a subway train, and attacks travellers who may have their wallet in their back pocket, for example. While it’s not proven how common this is, it is possible. And with a rise in RFID-blocking card sleeves and wallets to prevent this happening, its clearly causing concern. A concern that consumers are seemingly willing to pay around €10 or more for.
Card non-receipt fraud
This relates to cards that are stolen while in transit – after the bank sends them out, but before being received by the genuine cardholder. In this instance, the enrollment process (how your fingerprint is uploaded onto the card) is central to preventing this fraud type.
It’s unlikely there’ll be a one size fits all model for enrollment, whether banks want customers to enroll in-branch or by using a complimentary app on a mobile device, or a dedicated self-enrollment sleeve, for example. However, this extra step of authentication in the activation of cards mitigates the value of a card caught on its way to its rightful owner.
This type of fraud usually occurs when a cardholder buys something expensive with their card and then immediately reports the card as lost or stolen, disowning the transaction and claiming money back from the bank. This generally features card payments where PIN authentication isn’t used.
This service is a great safety net for consumers in instances of legitimate fraud, but false chargebacks are negatively impacting merchants and racking up costs for banks. With biometric authentication on a card however, cardholders are unable to claim that the card was used by someone else, as they are the only one’s able to activate it for in-store transactions.
Trust in biometrics
Biometrics can directly mitigate several fraud vectors and is the key to securing contactless card payments. Thinking more about the future too, combining contactless cards with proximity services within mobile banking apps could add another layer of authentication by proving the cardholder is in the vicinity of the payment. What’s more, by connecting a biometric payment card to a PC or mobile device with a card reader/sleeve, or Bluetooth, or combining biometrics with dynamic CVV on cards, this could also play a part in solving online fraud, which currently accounts for the majority of illegitimate spending.
In the immediate future though, biometrics can empower banks with the confidence to finally lift the pesky payment cap, offering its customers even greater convenience and promoting adoption. Crucially, biometric authentication offers a counternarrative to the fraud fears and brings trust to contactless cards.