Payment Fraud Continues to be a Top Concern for Financial Institutions and Card Issuers

While payment technologies advance at a rapid pace, the battle to prevent payment fraud continues to be neverending. Participants in the ecosystem need to arm themselves against relentless criminal elements. Identity theft, data breaches and the expansion of remote payments such as ecommerce and mcommerce are all contributing to the uptick of card-not-present (CNP) fraud.


CNP fraud is growing exponentially and as predicted such that the fraudsters are succeeding. CNP fraud includes purchases made online, through mobile devices and over-the-phone, leading to billions of dollars in losses and expenses for financial institutions and retailers. The problem is getting worse as this year, U.S. financial institutions are expected to write-off $6.4 billion due to CNP fraud.


In the U.S. alone, CNP fraud has increased to 68 percent of card fraud, according to U.S. Payments Forum. This is leaving consumers with heightened feelings of anxiety about the safety and security of their debit and credit card account information. This fear impacts all ecommerce shoppers irrespective of age, the type of card they use (credit, debit, or prepaid debit) or whether they’ve experienced a previous fraud event.


A recent TD Bank survey report that collected responses from 390 finance professionals showed that

84 percent of those polled indicated cybersecurity and payment fraud were their top concerns. Those same professionals also stated that they expect payments fraud will become an even bigger threat in next one to two years.


As this trend continues, it’s more important than ever for card issuers to have the right protections in place while ensuring that customers are protected.


Enter CVV+.


CVV+ provides fraud authentication and prevention for credit, debit and prepaid cards. CVV+ is a dynamic, out-of-band code that replaces the static code printed on the card. The flexible solution works in issuers’ existing ecosystems, does not require any changes to merchant systems or procedures, and doesn’t rely on cardholders to provide any personally identifiable information.


For card issuers and financial institutions, CVV+ helps to improve margins, reduce costs and increase revenues. For consumers, a card with CVV+ fraud prevention in place, it makes the card the most secure and usable option in their wallet. It also empowers consumers with a simple way to proactively protect themselves from CNP fraud.


Dynamic CVV Technology Delivers More Secure and Consistence Experience for Cardholders over Biometrics

It’s no secret that fraudsters are becoming more aggressive in their tactics with e-commerce shopping channels as EMV has restricted criminals’ ability to carry out fraud at physical point-of-sale (POS) locations. In its 2018 Identity Fraud report, Javelin Strategy & Research found that online shopping presents the greatest fraud risk, with CNP fraud being 81 percent more prevalent than POS fraud.


Since many smartphones and tablets now come with built-in fingerprint sensors and cameras, it’s no surprise that biometrics has emerged as a fraud prevention solution to authenticate consumer devices. Gartner defines biometric authentication as methods that “use biometric characteristics or traits to verify users’ claimed identities when users access endpoint devices, networks, networked applications or Web applications.”


There are, however, some disadvantages associated with biometrics technology. When shopping online, in a mobile app, or on a smartphone, a user could either use facial recognition or their fingerprint to unlock the phone and confirm that transaction. However, if that user is now sitting in front of their laptop at home or placing an order by phone, biometrics typically can’t work, as there is no means to capture and validate the data. While biometrics is beneficial for online shopping via smartphones and tablets, they fall short when users are making purchases via phone or via a computer (since biometrics is not built into those channels). Additionally, biometric authentication involves device centric mechanisms that neither merchants or banks can manage, validate, or deploy. Because merchants can’t enable biometric tools is perhaps why biometrics hasn’t yet resonated as a solution merchants would embrace. According to the 6th Annual Mobile Payments and Fraud 2018 report, survey data showed that biometrics was the least used tool or service to prevent mobile fraud in 2018.


Biometric authentication merely confirms that the right device or channel is being used in a transaction. It’s authenticating the device, but not the customer or the transaction, per se. Consider the following scenario: if a criminal steals your iPhone and your fingerprint is left on the device, there would be nothing to stop the fraudster from using a warm gummy bear to apply to the fingerprint sensor, lift the print and make a cast mold to unlock the device, revealing all of your personally identifiable information. Since biometric data is static, once it is stolen, a person’s entire identity can be exposed. And because it’s static, the compromised biometric data can’t be replaced unlike dynamic CVV authentication.


Financial institutions don’t care to store personal identifiable customer information because it represents a liability. It is therefore unlikely that an institution would want to store any biometric data, let alone develop systems to validate that data in a transaction. Unlike biometrics technology, CVV+, a Tender Armor product, works on all card accounts in the market, across all purchasing channels, and works with all devices the same way. CVV+ anonymously authenticates cardholders by generating a dynamic CVV code that only the consumer can obtain. With CVV+, a cardholder’s phone number and account number are never tied together, making it markedly difficult for fraudsters to carry out their illicit work.


With CVV+, cardholders can choose how often the code rotates, be it a daily code, or just by using the solution as a one-time passcode. Cardholders can securely receive their CVV+ code via a mobile app, text-on-demand, a daily SMS message, email, or through their card issuer’s mobile app or banking site. To complete a transaction, the dynamic CVV+ code is used by the cardholder in place of the static security code printed on back of their credit or debit card.


While biometrics is a promising fraud prevention method, there are inconsistencies, security challenges, and many other considerations associated with the technology. Fortunately, new dynamic code technologies such as Tender Armor’s CVV+ provide a secure and seamless experience for cardholders when transacting across all CNP channels.

Calculating the Total Cost of Fraud on Cardholder Portfolios

I recently had the opportunity to speak at Card Forum 2018 where I addressed a number of card and payment executives representing the industry’s leading issuers, networks, retailers and innovators. With my co-presenter, Brian Fisher, Group Product Manager at U.S. Bank, I led a lively discussion on the topic of card-not-present (CNP) fraud.


Following the advent of EMV chip cards, fraudsters have followed the path of least resistance by attacking CNP channels (online, through mobile devices and over-the-phone). CNP fraud has led to billions of dollars in losses and expenses for financial institutions, and the problem is only expected to worsen.  As CNP fraud rises to 64 percent of total fraud losses, understanding how fraud impacts portfolio growth, cardholder behavior, and profitability is an urgent requirement for card portfolio and marketing managers.


Not only does fraud cost card-issuing banks a fortune, it impacts cardholder usage behavior. Converging market dynamics such as escalating fraud, increasing consumer worry and ecommerce shopping are requiring banks to reshape how they think about and manage fraud. Fraud negatively changes consumer credit and debit card behavior which is a silent revenue killer for banks’ portfolios and a wake-up call for action.


In the past, credit and debit card issuers focused on fraud loss ratios and charge-off dollar volumes. However, that is not nearly enough today. Most card-issuing organizational structures keep the risk management teams isolated from operating departments, customer service channels, and even product portfolio managers. And because bank card organizational structures tend to be siloed, there is little to no cross-functional analysis conducted that accounts for all the fraud related expenses together to paint a cohesive total cost of fraud picture.


Payment card fraud has an impact that reaches well beyond just the charged off dollars, and despite financial institutions’ best intentions, most do not know how fraud affects card portfolios on a multitude of levels. Understanding fraud’s impact is the new imperative for cardholder retention and acquisition marketing efforts. It is essential that portfolio managers recognize that fraud could be a trigger event for detrimental changes in cardholder behavior and attrition. Fraud has become a silent revenue killer that needs to be considered when marketing to new and existing cardholders in an already competitive arena. Fraud prevention techniques have become a marketing opportunity and portfolio benefit above and beyond what the most advanced AI detection methods can deliver.  


The CVV+ solution, from Tender Armor, addresses the growing threat of CNP fraud and the consumer worries it creates. CVV+ works to prevent fraud from occurring before it happens, unlike other solutions that don’t detect fraud until the transaction is being processed. The easy-to-use solution works by anonymously authenticating the cardholder everywhere payment cards are accepted including through mobile devices, online, and over-the-phone by generating a security code that only the cardholder can obtain. The cardholder can choose to receive the code daily or use the solution as a one-time passcode. Cardholders can securely receive their CVV+ code via a mobile app, text-on-demand, a daily SMS message, email, or through their card issuer’s banking site. To complete the transaction, the dynamic CVV+ code is used by the cardholder in place of the static security code printed on the payment card.


Forthcoming research from Tender Armor, conducted by a third-party independent researcher, will provide a clear view of why credit and debit card fraud prevention, as well as understanding the total cost of fraud, is the new imperative going forward. More specifically, the research will reveal the implications of fraud on portfolios and underscore the value behind evaluating the total cost of fraud in order to enhance future cardholder acquisition and retention marketing initiatives.


Looking ahead, bank card issuers are urged to consider the total cost of fraud on their entire organization. Based on the significant operational expenses and market share losses associated with CNP fraud, it’s imperative for card portfolio and marketing managers to take a keen interest in trying not simply to mitigate fraud, but rather prevent it from occurring in the first place.


Insights from One of 2018’s Most Influential Women in Payments, Maddy Aufseeser

During Card Forum last month, I was honored to participate on a panel discussing leadership traits associated with sustaining a successful career as a woman in payments. The panel included long-tenured industry experts and women who I admire. Much like myself, all the ladies on the panel have benefited from encountering many extraordinary female colleagues during the course of our careers. These relationships and encounters have helped motivate, mentor, and influence our careers and frame our leadership skills in a historically male-dominated field.

Read more

Fox in the hen-house: Will fraudsters foil the online shopping holiday season?

Shiny new technology tools utilizing big data are making it easier than ever before to shop online. For consumers that means more relevant reward programs and a proliferation of the 1-click buy button. But before you click that buy button be forewarned, fraudsters are out and about looking for the weakest link in the purchasing process. That fraudster just may be lurking behind the buy button you are about to click.

Read more