Card fraud schemes are one of the most common forms of fraud. Although card fraud rates have plateaued in recent years, card fraud remains a serious issue for merchants globally:
According to research from Security.org, nearly half of all American adults—around 127 million people — have had a fraudulent charge on their credit or debit card.
Security.org also reports that more than one in three cardholders has experienced card fraud more than once.
Data from the Australian Payments Network reveals that the three most common ways fraudsters obtained victims’ card details were over the internet (33%), during use (15.1%) and in person (5.8%).
The European Central Bank reports that card-not-present fraud accounted for 80% of the total value of card fraud in Europe in 2019.
Global research from the Nilson Report shows that card issuers, merchants and merchant acquirers collectively lost $28.58 billion USD to card fraud in 2020.
Statista predicts that the value of fraudulent transactions made with payment cards worldwide will reach $38.5 billion USD by 2027.
The Nilson Report also predicts that over the next 10 years, card industry losses to fraud will collectively amount to $408.50 billion USD.
What are the most common forms of card fraud?
All forms of card fraud fall into one of two categories: card-present (CP) fraud and card-not-present (CNP) fraud.
CP Fraud
CP fraud is any fraudulent transaction in which an actual debit or credit card is swiped. Some of the most common forms of CP fraud include:
Lost or Stolen Cards:
Perhaps the most basic form of CP fraud, fraudsters either find a customer’s misplaced debit or credit card or actively steal it from them and then use that card to make purchases. This form of CP fraud is often reserved for smaller transactions valued at $100 or less and performed without a PIN check.
Card Not Received:
This is when a customer does not receive their new credit or debit card issued by their bank. The card was either stolen from their mailbox or while in transit. The fraudster can easily set up a new PIN or change the customer’s credentials for internet banking, locking them out of their account. This form of fraud is closely related to APP fraud.
Counterfeiting:
Fraudsters insert a skimming device for cards with traditional magnetic stripes or place a shimming device for cards with embedded microchips on top of an ATM or other payment terminal. These devices automatically capture the payment data and PIN from any card swiped or tapped, which fraudsters then use to create a copy — or counterfeit — of that card.
Fake Terminals:
Fraudsters replace the terminal or the PIN pad — of an ATM, point-of-sale system, gas pump, or another payment system with a fake terminal. When a customer swipes their credit or debit card, the fake terminal automatically captures the card’s details and sends them directly to the fraudster rather than to the customer’s bank. Fake terminals can be challenging to detect, as they’re nearly identical to an actual terminal, and banks do not witness these transactions.
CNP Fraud
Conversely, CNP fraud refers to any fraudulent transaction without a debit or credit card being physically present. CNP fraud can be divided into two subcategories — but before discussing this, we must first define what 3D Secure is.
3D Secure (3DS) authentication is a security protocol designed to reduce the risk of fraud, identity theft and other illicit activities during CNP transactions. 3DS derives its name from the three-domain model it uses to authenticate a cardholder’s identity. These domains consist of the acquirer domain, the issuer domain and the interoperability domain. Although 3DS is an excellent way to enhance payment security, it isn’t foolproof.
The two subcategories of CNP fraud are:
Without 3DS:
This applies to any CNP transaction that does not require an additional level of customer authentication — for example, when a customer makes a purchase online by entering their card information into a website and is not prompted to verify their identity.
With 3DS:
With CNP fraud with 3DS, fraudsters will pose as a seemingly legitimate merchant or service provider with a functional website. Customers who do not receive the product or service they paid for have been scammed.
Most scams, including investment scams, remittance scams and the recent spate of keto diet pill scams, fall into this category of card fraud. Merchant bust-out fraud, where fraudulent merchants choose to process CNP transactions with 3DS to shift liability from the merchant back to the issuer, also falls into this category.
What risks does card fraud pose to banks?
Given that so many conversations about card fraud center around consumers, it can be easy to lose sight of its profound impact on banks and other financial institutions.
Banks are financially liable for certain types of fraud including all forms of CP fraud and CNP fraud with 3DS. LexisNexis reports that in the U.S., the cost of fraud for financial services and lending firms has increased between 6.7% and 9.9% since the pandemic.
Every $1 USD
of fraud loss costs firms $4 USD
Banks are not responsible for card fraud. They are responsible for providing customers with the means to make and secure payments only. If a bank fails to manage card fraud effectively, its customers might worry about the security of their finances and take their business elsewhere.
Finally, banks can also fall prey to card fraud, especially if they lack robust detection and management system. Without such systems, fraudsters might attack a bank directly — often in a Bank Identification Number (BIN) attack. In a BIN attack, fraudsters use a software program to randomly generate the remaining digits of a card following in various combinations and then make low-value transactions to confirm the card details and determine whether those BINs are associated with active cards.
What is card fraud management?
Card fraud management refers to the collective systems, processes, policies and protocols banks use to detect, prevent and respond to card-based fraud.
Banks can use advanced technology like real-time monitoring, data analytics, artificial intelligence, machine learning, robotic process automation (RPA), two-factor or multi-factor authentication, 3DS authentication and biometrics to combat fraud.
What are the benefits of card fraud management?
By developing a comprehensive card fraud management strategy and investing in the right tools and technologies, banks can:
Reduce Risk: With solid security systems and clearly defined policies and procedures for responding to active threats, banks can significantly reduce their — and their customers’ — risk exposure.
Enhance the Customer Experience By implementing a solid card fraud management strategy and utilizing the right technology, banks can deliver robust security without compromising the customer experience. And with fewer false positives, banking customers enjoy much-needed peace of mind and minimal service disruption, leading to higher customer satisfaction rates.
Improve Fraud Detection Rates Using real-time monitoring, analytics and machine learning, banks can more easily detect anomalous behavior and proactively respond, mitigating risk and reducing fraud losses.In addition to improving fraud detection rates, banks can drastically reduce their rate of false positives by using a card fraud management solution.
Streamline Operations and Reduce Costs: Automation is an integral component of any successful fraud management strategy and has the power to streamline otherwise manual tasks that may be prone to human error. This enables banks to enhance operational efficiency while achieving substantial cost savings.
Protect Brand Reputation With robust fraud detection and prevention systems and protocols in place, banks can develop a reputation for robust security and reliability, increasing their standing in the eyes of their customers and peers.
Maintain Top-of-Wallet Status In addition to taking proactive measures to mitigate fraud, banks can also secure their top-of-wallet status by enabling customers to turn off their card if it’s lost or they suspect it’s been stolen. Ultimately, the more customers trust their bank to protect their finances — and deliver a frictionless customer experience — the more likely they will utilize its services.
Comply with Key Regulations The banking regulatory landscape is complex and in a constant state of flux, meaning banks need to be nimble to comply with critical regulations, such as Payment Services Directive 2 (PSD2) and anti-money laundering requirements, as well as prepare for pending regulations, such as PSD3. Since security is integral to these and other regulations, an effective card fraud management strategy can help banks maintain compliance.
Maximize Revenue and Growth Banks can also monetize card fraud management, creating new or growing existing revenue streams by repurposing the large quantities of customer data they collect for fraud analysis to develop hyper-personalized marketing campaigns, sales messaging and product offerings. The more targeted a bank’s offerings, the higher the customer engagement rate. This leads to increased revenue and greater profitability.
How can banks prevent card fraud?
By developing a comprehensive card fraud management strategy and investing in the right tools and technologies, banks can:
Use behavioral analysis to build customer profiles to establish baselines for “normal” activity and proactively identify anomalous and potentially fraudulent behavior
Utilize tools provided by payment processors, such as the Address Verification System and the Card Verification Value, to authenticate transactions
Eliminate data silos and automate labor-intensive and/or time-consuming fraud operations, reducing the risk of human error, operational costs and false-positive rates
Leverage advanced technology, including AI, machine learning algorithms, network intelligence to detect fraudulent activity
What capabilities should banks look for in card fraud management solutions?
Banks should look for the following features and functionality when evaluating a card fraud management solution:
How does ACI Worldwide support card fraud management?
Stay ahead of changing regulations and proactively prevent all forms of fraud with the ACI Fraud Management for Banking comprehensive, analytics-based fraud management solution.
ACI Fraud Management for Banking can achieve all of this through the following:
Enterprise risk monitoring across 300+ customer interaction touchpoints, using hundreds of unique data elements to ensure accurate risk assignment
A robust risk orchestration engine with a variety of direct inputs and indirect connections with over 20 of the leading external intelligence providers
Automated fraud alerts for fraud analysts and two-way SMS message alerts for customers
An analytics engine powered by custom-defined rules and robust customer behavioral profiles
A built-in investigations management framework that allows for streamlined card fraud case management and resolution
Advanced data science techniques including tactical machine learning and fraud scoring models that automatically adapt to changing fraud patterns
Network intelligence and a community framework that enables member banks to share metadata on fraud trends and community threats
