Even as banks introduce increasingly sophisticated payments offerings, fraud in the space remains as much of a challenge as ever. And while criminals continue to develop ever-more complex schemes to outsmart banks' defenses, consumer demand for quick and convenient payments and service is intensifying, and regulatory requirements are growing more stringent. How can banks balance the need to provide customers with the latest payments products and services while preventing fraud? Where are the risks of payments fraud most acute, and what approaches are banks adopting to identify and prevent it? And what kinds of tools and technologies can best help banks meet both new regulatory mandates and new risks? --Peggy Bresnick Kendler
For 2010, fraud is down, dramatically so. Fraud totals, which in 2009 were $56 billion, have decreased 34 percent to $37 billion this year. The average fraud incidence rate has fallen to 3.5 percent, the lowest since Javelin started measuring the national fraud rate in 2003. Something is working, but it's too simplistic to cite just one driver of this decline. And unfortunately, fraud will simply move to the next weakest link in the security chain.
One driver in the overall decline in fraud in 2010 is the substantial decline in the incidence of existing-card fraud (ECF). In 2009 the ECF incidence rate was 2.8 percent; in 2010 it's only 1.9 percent. In terms of fraud amounts, ECF plummeted from $24 billion in 2009 to $14 billion in 2010.
There are a couple of reasons for this sharp decline. One is greater compliance with the PCI DSS data security standard among Level 1 and Level 2 merchants -- in some cases mandated by banks. Another reason for the decline is the emergence of new technologies to obfuscate the card data when it is in motion (end-to-end or point-to-point encryption) and when it is at rest (tokenization). (It's interesting to note that PCI DSS 2.0 does not specifically mention point-to-point encryption and/or tokenization.)
There have been advances on the consumer side, as well. Mobile alerts help consumers stay aware of account balances, requests for transfers and changes in personal account information. Looking ahead, GPS data from mobile devices can help determine whether the consumer is standing at an ATM or the point of sale where the account information is being accessed.
Robert Vamosi is an analyst with Pleasanton, Calif.-based Javelin Strategy & Research.