August 27, 2009

Fraud in the Cards?

Indeed, when it comes to security issues, no other area has received greater attention than cards. But cards present a strange dichotomy: On one hand, they are prone to fraud on a number of fronts, from outright theft of physical cards to sophisticated hacking attacks into issuers' or merchants' databases and networks. On the other hand, the card space has long been lauded for its use of analytics and risk-monitoring technology to thwart fraudulent activities.

Add to that the common issuer practice of zero liability for consumers who are victims of card theft and, as First Manhattan Consulting's Sussman says, "Credit card fraud is pretty locked down in some ways." Then again, with the recent rumblings from Congress about reforming the card industry, Sussman says, he is unsure if issuers will be able to maintain this business model.

Neither is Julie Bernard, a Washington, D.C.-based senior executive and financial services technology expert with Accenture. "It may take a long time to change [the zero liability] practice, but who knows what's going to happen as a result of caps put on the business by Congress," she says.

KeyBank's Twining, however, stresses that there is great value in maintaining a strong anti-fraud program. Even with legislation that restricts some practices of credit card issuers, continuing a program of zero consumer liability is in a bank's best interest, he says. "As margins are squeezed, your ability to digest fraud losses becomes more difficult, and there could be a positive snowball effect from a fraud prevention investment from a consumer confidence perspective," Twining notes.

The card business presents an intriguing model for the use of fraud-fighting technology. "There are some really good pattern analytics that you don't necessarily see on checks," Accenture's Bernard relates. "There are so many ways to prevent card fraud -- PCI compliance, placing credit watches on cards. And retailers have some time before the money goes out the door to verify the transaction."

Bruce Rutherford, who oversees fraud management solutions for MasterCard Advisors, says the card space has historically served as a model for the use of fraud-fighting technology. Purchase, N.Y.-based MasterCard, for example, has offered near real-time risk scoring to its issuers since 1998. MasterCard's Expert Monitoring Solution (EMS), Rutherford explains, scores transactions in near real time and builds models at the regional network level based on product type. "EMS is a technology that leverages a number of artificial intelligence technologies beyond our own networks," he says. "We plan to introduce real-time scoring to EMS this November."

A War on Multiple Fronts

Key to any payments fraud prevention program, according to Catherine Allen, founder and CEO of The Santa Fe Group, is breaking down the business silos that segregate not only payments channels but also banks' information security and fraud management systems. "A good fraud prevention process requires better communication between [lines of business]," she asserts.

"It is no surprise that the biggest fraud problems are in legacy products, like checks and credit cards," says Infosys' Skari, who notes that these products also are banks' "biggest cash cows." "These are not integrated when it comes to fraud management. [For example], you may employ sophisticated analytics for cards, but not for ACH."

According to Financial Insights' McPherson, banks are moving toward an enterprisewide, cross-channel fraud management approach. "It's the idea that activity in one account can signal activity in another if they're linked," he explains. "You can get a lot of value in looking at all of a customer's accounts together."