An expanding number of innovative payment methods and ever-shifting fraud tactics are spelling trouble for merchants and credit card issuers when it comes to fraud vulnerability and data breaches. Consider that just as U.S. businesses accelerate their shift to chip-enabled cards to protect card-present transactions, following the global standard created by Europay, Mastercard and Visa (EMV), they also expect more sophisticated attacks on card-not-present (CNP) transactions.
In this challenging and complex landscape, it’s no wonder that, according to a recent study of customers, issuers and merchants, half of merchants and issuers are not highly confident in their current security measures. And, neither are their customers. While consumers place a moderate level of trust in issuers to secure their transactions — with more than 60% expressing confidence in their ability to do so — less than 30% feel that way about merchants.
Earning customer trust is essential. While a sizable number of customers say they would never transact again with a merchant from which their data has been stolen, nearly one-third would remain a customer if the retailer takes measures to improve security. Retaining trust is equally important for issuers, as a huge majority of customers (88%) said they were likely to switch to the competition if their online account was compromised.
So far, merchants, issuers and consumers themselves admit they’ve got some learning to do when it comes to new forms of fraud. Not only are issuers far less sure of their ability to protect against CNP fraud vs. more traditional card-present fraud, but consumers also voice more concern about security when it comes to mobile commerce than shopping on the Web or in a physical store. How can merchants and issuers up their game and ensure the highest protection for transactions?
They must both act on multiple fronts:
• Merchants should develop multiple lines of defense that protect both card-present and CNP transactions. In addition to EMV adoption, tokenization and encryption, merchants need to expand their comfort zones into technologies that enable more reliable multi-factor authentication, such as device authentication and biometrics. So far, these tools are not widely used. 3D Secure 2.0 is another technology to look forward to, as it is expected to enable more intelligent risk-based decision-making to control fraud.
• Issuers should continue to improve their fraud monitoring and detection measures by centralizing fraud prevention efforts, and deploying real-time and behavioral analytics. In our survey, issuers indicated the prevalence of siloed approaches to fraud risk management, which can lead to redundant efforts, difficulty sharing risk information across departments, and the inability to gain a complete picture of the risks they face. By combining organizational data with data from external sources such as social media, and leveraging advanced analytics, organizations can produce deep insights into customer behavior that can help them detect anomalies early in pur¬chasing behavior. These insights can also be used to provide alerts to customers, such as location-based fraud warnings, and reduce false positives.
And, what will it take to win back customer trust? It’s a three-pronged approach:
• Education: Customers must be continuously educated on various forms of fraud, precautions that can protect mobile devices from rogue apps, malware, etc., and steps to take if they suspect fraud.
• Empowerment: Empowering customers with tools that give them greater control over their accounts and improve security can go a long way toward improving confidence and driving traffic across channels. Issuers have already begun to extend fraud management capabilities to customers, such as the ability to switch cards on and off using mobile apps (61%), using one-time verification passwords sent to a mobile phone to validate a card transaction (61%), sending a text message when abnormal activity is identified (52%) or even every time a card is used (26%). In our survey, 75% of customers said such controls would improve their loyalty to card issuers. Issuers can go further by providing mobile apps that allow customers to limit card spending in certain geographies, cap transaction limits, abort transactions, block and unblock cards, etc.,
• Engagement: Engaging customers through regular communication using relevant channels in post-incident management is critical to increasing customer confidence and ensuring customer loyalty.
Succeeding in business in the digital age is impossible without involving customers and earning their trust. Businesses that adopt a layered approach, incorporating intelligent technologies and advanced analytics, will not only mitigate risk but also gain the true prize of customer confidence.
1 The global standard for chip-enabled cards is EMV, which stands for Europay, MasterCard and Visa.
2 Cognizant conducted an online survey in July 2015 of 509 U.S. consumers, 50 U.S.-based card issuers/banks and 52 merchants. For more information, see “Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters,” Cognizant Technology Solutions, January 2016, http://www.cognizant.com/InsightsWhitepapers/Secure-Payments-How-Card-Issuers-and-Merchants-Can-Stay-Ahead-of-Fraudsters-codex1565.pdf.