Halloween is over, but an article in FinTech Magazine has some scary points to make regarding the rise in debit card fraud. This likely surprises no one in the payments industry. There are some simple explanations, including: debit card transaction growth has been significant in the last two years; most of the growth has occurred in online channels where fraud is more easily committed; and criminals are getting smarter faster than issuers, acquirers, and consumers are able to prevent fraud. Here’s how the article characterizes the issue:
Debit card fraud falls into two major categories: where the criminal uses the physical card of the consumer and card-not-present (CNP) fraud, in which fraudsters siphon money from the payment card via using it online or over the phone.
The prior can occur in many ways, from theft on the street and intercepting your mail to attaching a card skimmer device to an ATM to create a counterfeit card. In these cases, fraudsters use the physical card (or a cloned card) either at an ATM to withdraw cash or a point of sale (PoS) terminal at a merchant.
On the other hand, cybercriminals utilise a wide variety of tactics to acquire debit card details for CNP fraud, including hacking centralised databases of merchants or financial services, skimming, and phishing attacks.
After they have the necessary information – which is often paired with sensitive personal data like social security numbers, date of birth, name, and billing address, perpetrators use this to purchase products and services at merchants to be sold later or open new financial accounts to monetise the stolen card details.
And some basics on how to stem the tide:
A business has to consider implementing multiple measures. For example, encrypting customers’ card data at each stage of the payment process reduces the likelihood of fraud. Obviously, if you handle sensitive data from many customers, you need to spend the necessary resources to establish a highly resilient IT infrastructure that can effectively identify and respond to cybersecurity threats.
In addition to getting your business PCI DSS certified, utilising a combination of active fraud monitoring – preferably via artificial intelligence solutions – and mandatory 2-FA checks via 3-D Secure 2.0 (even outside the EEA) can help combat debit card fraud more efficiently.
However, to win the war against fraudsters, we also need cardholders to stay vigilant against scams. As a consumer, it’s a good idea to set up spending alerts and monitor your account balance regularly so you can spot any irregularities. This is very important, as most regulatory laws protecting against card-not-present fraud require victims to report crimes within a specific timeframe.
Overview by Sarah Grotta, Director, Debit and Alternative Products Advisory Service at Mercator Advisory Group