A new high for European card fraud – and how to fight back
September 2017 | LEGAL & REGULATORY | FRAUD & CORRUPTION
Financier Worldwide Magazine
September 2017 Issue
Card fraud levels across 19 European countries hit a record high in 2016, reaching €1.8bn. These findings, revealed by FICO and Euromonitor International, are a cause for concern for both financial institutions and their consumers. The key to fighting back lies first in understanding why card fraud levels increased again in 2016, and second, in understanding how artificial intelligence (AI) and machine learning can help turn the tide.
What was the overriding cause of this year’s increase? In a word: e-commerce. Card not present (CNP) fraud, the clear majority of which is e-commerce, has grown from 50 percent of gross fraud losses in 2008 to 70 percent last year. This is not too surprising considering the changes in the way we shop. It is estimated, for example, that UK consumers will use their mobile banking devices to manage their current accounts around 2.3 billion times – that is more than traditional branch banking, telephone banking and internet banking combined. We should expect criminals to follow the line of least defence, and the ability to hide in a huge growth channel is perfect for their needs.
Where criminals are targeting
While 19 countries were included in the study, much of the increase in fraud is down to just two countries: the UK and France. Between them, they accounted for over 70 percent of losses across Europe.
While CNP fraud was the overriding cause of card fraud across Europe, inevitably particular trends and circumstances in individual countries contributed. The UK, for example, reported its highest ever plastic card losses since its previous peak in 2008, when a ‘tough on fraud’ stance was introduced to turn criminals away. As e-commerce spending grew from £41bn in 2008 to £248bn in 2016, CNP fraud in the UK reached £432m. £309m of this was e-commerce related, with the rest accounted for by other areas of CNP fraud such as Mail Order Telephone Order (MOTO). One contributing factor is that card issuers must always choose between reducing fraud and reducing false positives, which puts a strain on the customer experience. The latter is more important to many banks.
By contrast, France’s fraud growth was driven by a rise in ID fraud and lost and stolen fraud; they accounted for 96 percent of the country’s total losses, almost two-thirds of which were ID fraud. This reflects how criminals have adapted to the investment France made in securing point of sale systems 12 years ahead of Europe and the rest of the world. By introducing chip & PIN early, France enjoyed a low level of counterfeit fraud compared to the rest of Europe in the early 2000s. Criminals realised that they needed to steal the card and associated PIN from the consumer, apply to the banks for credit using false identities, or actually take over a customer’s account at the bank. As the data shows, this is the path that criminals in France have continued down, and it points to a need for new first party fraud models that will work throughout the customer’s lifecycle, not just when they apply for a card.
We would expect to see France’s fraud picture continue to change in the years ahead. As French issuers strengthen their originations capabilities and early-life transaction monitoring, criminals will have to migrate again and might come back to e-commerce, meaning a rise in CNP fraud.
It was not all bad news, however. The Netherlands is something of a success story, achieving a continued decline since its peak in 2008 when CNP and counterfeit fraud were dominant. Since 2008, there has been a 70 percent reduction in losses due to fraud.
This has been achieved by good investment and control by the banks. CNP is becoming harder to control, but bringing in dynamic authentication, such as one-time passwords sent to a mobile device, is a great way to cut fraud.
Three ways to fight back
As the Netherlands shows, it is possible to fight back against fraudsters. There are three ways forward-looking issuers are addressing the rise in fraud, and in particular CNP fraud. First, by instant communication. Contacting consumers whose payment devices may have a high probability of being used fraudulently early using two-way SMS is critical to making sure transactions are valid. Fully automating this process and integrating it into a broader fraud solution means cases can be closed without human intervention, and genuine consumers can continue to spend when and where they want.
Second, the use of machine learning and AI. While these are already used in fraud detection, and have been for 25 years, their use is expanding. Scott Zoldi, FICO’s chief analytics officer, explains: “It is no longer just about identifying patterns that are unusual for the customer — we are also looking at anomalies at the mobile device, IP address and merchant level. All of these have ‘behaviours’ just as individuals do.” Look for machine learning to continue to improve.
Third, the use of mobile analytics. It is now possible to use data generated by your phone to give a good indication of whether a transaction is really yours. A sophisticated solution can tap into the rich source of mobile behavioural contexts, and feed it into a real-time decision.
As card fraud levels climb across Europe, and online shopping explodes, it is imperative that financial institutions seize the initiative and fight back. The latest AI-based technologies offer a compelling path forward, providing a sophisticated fraud-prevention strategy while maintaining a good customer experience. Balancing these two competing demands is an enormous challenge for banks and card issuers, but it is one they must meet if they are to keep criminals at bay.
Martin Warwick is senior consultant at FICO.
© Financier Worldwide