Despite the introduction of EMV chip cards over the last several years, credit card fraud is on the rise as criminals find new ways to outsmart technology – but not all of the fraud flags raised are attributable to criminals.
Overall debit and credit card fraud alerts rose to a record high in 2016, up 15 percent from two years ago, according to a new report from CreditCards.com, an online credit card marketplace. It found that 31 percent of U.S. adults have received a credit card fraud alert, while 25 percent have received a debit card fraud alert.
The rise in alerts is in part an offshoot of the shift to EMV, said Sarah Grotta, director of debit advisory service at Mercator Advisory Group – and in some ways it is a good thing.
“The industry is doing a good job through that technology of handling counterfeit card fraud in the card present environment,” she said. The trouble is that “transactions are shifting to the e- and mobile-commerce environment, which requires card issuers and their supporting partners to look at different types of data. Securing online transactions requires a different approach.”
Javelin Strategy & Research issued a report earlier this year, the 2017 Identity Fraud Study, indicating that the incidence of identity fraud increased by 16 percent in 2016 over that of the previous year. A total of $16 billion was taken by fraud, up nearly $1 billion from the prior year. Most of that activity resulted from card-not-present fraud. Thieves are taking advantage of e- and m-commerce activity, boosting CNP activity by 40 percent from the prior year.
The increase in activity has caused an increase in fraud alerts pushed to consumers – and not all of them are legitimate. The CreditCards.com survey found a 37 percent false alarm rate, as reported by customers who have been contacted about potential fraud.
Why so many false alarms? Is it a weakness in the system or an overabundance of caution?
It could be both. Part of it is the human element – “an overabundance of caution” on the part of banks, said Matt Schulz, CreditCards.com’s senior industry analyst. “Banks are leery of blocking a transaction altogether; an alert is a lot less disruptive.” He added that he doesn’t think banks have “crossed the threshold” of irritating customers with alerts on transactions that turn out to be legitimate.
The alerts serve a purpose; usually a customer can indicate that the transactions are legitimate and resume using their card.
“The last thing a financial institution wants to do to a cardholder is not allow that transaction to go through and so they use another card,” Grotta said, or if the frequency of flagging hits them too often, “an individual might take their entire banking relationship somewhere else.”
The solution, she said, lies in familiarity with the system and a better analysis of the data it provides.
“The fix is more data, better data and better business rules,” she said.
And more data – better data – is coming. Visa announced late last year that European debit and credit card issuers will be the first to adopt the new 3-D Secure 2.0 program it developed as an update to online transaction security protocols. The program will provide more information about cardholders’ buying habits, helping to establish patterns that may narrow the scope of what is flagged as a questionable card-not-present transaction – and reducing the number of fraud alerts pushed to consumers.
Additionally, issuers may not be keeping pace with market preferences for how alerts are delivered. Visa- and MasterCard-branded cards are required to let cardholders receive alerts via text when their cards are sued for high-dollar, online or international transactions, but most fraud alerts come in phone calls (53 percent). Just 14 percent received a text message, and 12 percent received emails, the survey respondents said.
Customers have to opt in to receive text or email alerts, a choice that’s still in its early days of acceptance, Schulz said.
Because credit card limits typically exceed checking account balances, credit card fraud alerts outpace debit card alerts despite the two-to-one ratio of debit card to credit card transactions.
The Javelin study also said that new-account fraud is continuing; as EMV or chip cards continue to enter the market, fraudsters have become better at evading detection. But on the plus side, Javelin noted that while fraudsters are more clever, consumers with an online presence are too, improving their ability to detect fraud more quickly, leading to less money stolen per attempt.