Brutal. There is no other way to describe the plastic card fraud environment in 2015 where many credit unions were reporting more than 150 percent increases in fraud year-over-year. With the EMV liability shift in place since October 2015, fraud technologies being rolled out every day and a renewed focus to fight fraud, one would have hoped 2016 would provide a much needed relief from fraud losses. That isn’t turning out to be the case. Losses continue to mount and many credit unions are left wondering what else they can possibly do.
While there is no single solution, there are credit unions that have made it through the fraud epidemic with fewer scars of progress by employing these four tactics.
According to CUNA Mutual Group data, 91 percent of reported losses in 2015 are from counterfeit cards. EMV was designed specifically to address this type of fraud by limiting the fraudsters’ ability to counterfeit cards. While fraudsters can still create magstripe cards, if used at a non-EMV enabled merchant, the credit union would have chargeback rights to minimize losses. Some credit unions have reported averaging over $40,000 in chargebacks per month since October 2015.
While some may obsessively check every transaction that takes place on their plastic card, the reality is most members likely wait the 30-45 days for the statement to identify suspicious activity. To close the time horizon between when fraud occurs and when the credit union is notified, several credit unions have rolled out member notification and control options. By creating member engagement in monitoring accounts and using members to help compliment your data analytics, fraud can be spotted and addressed sooner.
Fraudsters are most successful at perpetrating online or card-not-present fraud when they have access to CVV2/CVC2 (the three or four digit numbers) on the back of the credit card. Credit unions should ensure they are validating the presence of the correct CVV2/CVC2. One future solution that has the industry talking is a dynamic CVV2 where the number on the back of your card changes regularly. At this time, the expense of such innovation isn’t scalable, but other solutions are coming soon as Apple recently announced moving the Apple Pay process to online transactions in addition to its existing in-store and in-app functionality.1
Trust me, you cannot have enough data. Once you have it, make sure to use it. The sign of a sophisticated plastic card program is one where each and every penny of fraud is reviewed and scrutinized. You cannot write fraud rules without patterns and you cannot identify patterns without data.
Beyond writing rules, data can help you in common point of purchase analytics to see where a breach might be likely. If a breach is found, then you can block/reissue or move those affected members to a higher degree of risk scoring.
While it is unrealistic to expect zero dollars in fraud loss that is the mentality we need to have during these difficult times in order to make 2017 better. Using these four tactics as well as constantly remaining vigilant will help the industry get there.
CUNA Mutual Group’s Credit Union Protection Resource Center allows policyholders to access a wide array of helpful resources online, including training modules, regular releases of risks, and loss control recommendations. For registration information, contact CUNA Mutual Group at email@example.com.