The same (fraud) rules do not apply to everyone
Balancing fraud protection with the customer experience continues to be a difficult objective for all credit card issuers, including credit unions. Strategies to achieve this balance are only becoming more complicated as the payment fraud landscape evolves to address upticks in e-commerce transactions, data breach fallout and other cybersecurity vulnerabilities.
An important first step in fine-tuning a credit union’s fraud program is to look at ways to improve the generation and management of false positives. Frequent false positives undermine a cooperative’s reputation, generate frustrating cardholder experiences and may even result in the loss of long-time, loyal members.
Analyzing authorization rules, including the specialty status given to certain cardholders, is a smart place to start. Often, issuers will place affluent or frequent-traveler cardholders into a no-decline status to better manage these VIP cardholders’ experiences. Especially as spear phishing attacks against wealthy individuals become more prevalent, this all-too-common strategy is becoming increasingly risky. If not managed properly, it can result in significant losses for the cooperative.
Generally, limiting the number of authorization rules within a particular portfolio will improve both the frequency and cardholder-impact of false positives.
Deciding which rules to keep and which to eliminate, however, can seem complicated. Data analytics can be a tremendous help to card teams working to refine their authorization strategies. In a recent engagement with a large credit card issuer, our analysts were able to reduce a set of rules from 46 to 12 while capturing 10 percent more fraud dollars and generating 26 percent more in spend (from reduced declines).
By taking a look at the last two years’ card transactions, as well as data on confirmed fraud cases during the same time period, card teams develop a much clearer picture of what’s working and what isn’t. Armed with this data – made even clearer when combined with information from credit bureaus – credit unions can virtually draw a line between those authorization rules that have historically been the most effective and those that have generated the most false positives.
In our experience with both large and small issuers, we’ve found the more complicated a rule, the less effective it is. Similarly, rules focused on a particular card number (first digit or BIN) are not as accurate as others. As well, valid Card Verification Value (CVV) at the time of transaction does not strongly indicate the transaction is good. Among the fraud transactions IQR has analyzed, nearly 70 percent included a verified CVV.
The current fraud climate is making false positives more of a common occurrence. In fact, a recent CreditCards.com survey of frequent credit card users found that among those who had purchases questioned or blocked, half said the charges were legitimate. This trend could very soon make proficiency at eliminating the “false alarm” hassle from the lives of consumers a significant differentiator for credit unions.