What Debit and Credit Card Issuers Need to Know About Current Trends in Payments Fraud

Podcast: Play in new window | Download

Halfway through 2022, it’s not that the fight against payments fraud has shifted to a whole new ball game. While criminals’ tactics are ever-evolving, the real challenge lies in the breadth and complexity of the fraud. It’s many ball games on many fields, all at once, and that’s the environment confronted by card issuers, merchants, and consumers alike.

Eric Kraus, Vice President of Fraud, Risk and Compliance Solutions at FIS, and John Buzzard, Lead Analyst in the Fraud & Security practice at Javelin Strategy & Research, discussed the current environment on an installment of PaymentsJournal Podcast, going in-depth on such topics as the evolving nature of fraud, how FIS’s acquisition of Worldpay has fortified efforts to combat fraud, insights gleaned from Javelin’s most recent identity fraud study, the risks of peer-to-peer payments, and ongoing consumer education and the steps needed to preserve and strengthen the connected relationships between card issuers and customers, customers and merchants, and merchants and acquiring banks.

It’s a lot for all the parties to take in — as Buzzard noted, increases are being seen across almost every area of fraud that is tracked, a situation he described as “joker’s wild” and Kraus called “the Wild West.”

The Current Payments Fraud Environment

Kraus broke down the present situation for both card issuers and merchants.

On the card-issuing side, the biggest fraud challenges are:

• Card enumeration (also known as bank identification number, or BIN, attacks), which Kraus described as “high-velocity number guessing”
• Card-not-present fraud
• Point-of-sale fraud (such as at automated fuel dispensers)
• Account takeover, which is on the rise again after some pandemic-related lows (“We hypothesize that organized crime was focused on other schemes,” including fraud aimed at Paycheck Protection Program recipients, stimulus payments, and unemployment benefits.)

On the merchant side, two big areas of fraud stand out, Kraus noted:

• First-party fraud (“Within our own merchant e-commerce space, we’ve seen numbers as high as 80% of disputes being of a first-party nature.”)
• Digital skimming, which he noted can become the “feeding ground” for fraud against banks and credit unions.

As consumer behavior has gone increasingly digital, Buzzard said, criminal behavior has followed with automated attacks across digital channels. “We just continue to see a lot of crime-as-a-service and malware-as-a-service schemes out there,” he said.

Leveraging the Worldpay Acquisition for Better Fraud Mitigation

The 2019 FIS acquisition of online payments company Worldpay has led to some enhancements in the fight against fraud, Kraus said. Among them:

• The creation of “a true ecosystem of issuers and merchants.”
• Higher approval rates without an attendant risk of fraud.
• Combined data assets of the two companies for better risk scoring.
• More intelligent decisioning.
• A lower rate of false positives and false declines.

Kraus also cast the acquisition in consumer-centric terms. “Stopping fraud is super important,” he said. “That’s what we’re here to do. … But we can lose focus on the most critical player in all of this, and that’s the consumer and that relationship.” He noted the creation of what is internally being called a “fraud fusion center,” which will gather together fraud-fighting intelligence, including resources for customers.

Buzzard was particularly enthusiastic about that development. “They’re looking for guidance,” he said of consumers. Later in the podcast, he noted statistics that should get the attention of any issuer:

• 49% of consumers would watch fraud-prevention videos if they’re offered by a financial institution.
• More than 90% of those consumers find the information useful.
• But 52% of consumers assume their banks don’t offer such resources because they can’t find the material in the online or digital channels.

The Current Face of Identity Fraud

Javelin’s 2022 Identity Fraud Study: The Virtual Battleground, authored by Buzzard, sets down the stakes.

From the report:

• 2021 losses to traditional identity fraud — using consumers’ personal information for illicit financial gain — amounted to $24 billion from 15 million U.S. consumers.
• Identity fraud scams — those involving direct contact between victims and criminals in which information is coaxed out of a target or inadvertently revealed — totaled $28 billion and 27 million affected consumers.
• Grand totals: $52 billion in losses and 42 million victims.

The increases in identity fraud are seen across categories, Buzzard said: a 109% increase in new-account fraud and a 90% increase in account takeover fraud. Averaged out, the increase in total identity fraud is 79%.

“We’re back to pre-pandemic criminal behaviors,” he said, noting that criminals will always follow the money and the path of least resistance. It’s easier to fleece an individual consumer through compromised personal information than it is to crack a bank.

The silver lining is that the number of identity fraud scam victims has fallen by 12 million from Javelin’s 2021 study, perhaps signaling some impact of consumer education efforts. The takeaway, Buzzard said, is to not ease up on those efforts.

“There are still a lot of victims,” he said. “Refine your educational messaging. Something is clearly working.”

The Risks of P2P Apps

The era of easy money movement through peer-to-peer (P2P) apps has also seen a rise in fraud associated with those payments. Kraus noted that this rise has coincided with a generalization of how such payments are used.

The payment type began as a way of moving money between people known to each other. Bills were split. Handymen were paid. “Now,” he said, “it’s kind of morphed into a regular payment type. Criminals are going to follow the trends.”

Securing those payments, he and Buzzard noted, will require an emphasis on advanced authentication methods beyond the ubiquitous static passwords, including multifactor authentication, tokenization, and biometrics.

Buzzard sees optimism in consumers’ attitudes toward biometrics, noting:

• 80% are receptive to fingerprint scanning.
• 74% endorse facial scanning.
• 70% favor retinal scanning.
• 54% are amenable to voice authentication.

And When Payments Fraud Occurs…

One of the pain points with payments fraud lies in sorting through rights and responsibilities in the aftermath. Consumers, understandably, will look to their financial institutions for help in reconciling the fraud and being made whole, Buzzard said.

“By the time we learn about the consumer struggles with identity fraud, they’re pretty worn down,” he said, noting that fraud instances take approximately 16 hours of consumers’ time to resolve. “They’re frustrated.”

He and Kraus both drove home the point of clear, transparent communication with consumers and the clear availability of resources online and in digital channels.

“Improving the client experience takes that negative aspect away,” Buzzard said.