In today’s card risk environment, your bank needs a comprehensive fraud strategy that includes cardholder education backed by powerful fraud prevention and detection technology.
While card issuing does come with some inherent risk, it is also one of the most lucrative assets a bank can offer. With the employment of comprehensive, multi-layered protection practices community banks can minimize their risk to maximize their card program’s profitability.
Never underestimate the power of the consumer. With today’s tools and information sharing capabilities, community banks have a variety of methods to engage and educate their customers. Remind your customers to check their accounts frequently for unfamiliar charges and/or suspicious activity. Use every opportunity to inform them about what a social engineering attack looks like and how to avoid it. Explain how transactional alerts, push text alerts, etc., work.
Predictive Tools/Geo-fencing Protections
Commonly used personal identifiers are no longer fit for customer verification. Due to synthetic identity fraud—a scheme that creates new identities by combining personal/factual identifying information with fabricated or synthetic credentials—using the last 4 digits of SSNs or address/zip is no longer a viable option for validating a person’s identity.
Today’s verification tools are focused on real-time information and authentication measures. Placing a risk-rated score on most card transactions has proven beneficial for mitigating fraud loss. In addition to scoring, many banks and processors are employing tools that monitor cardholder location vs. normal transaction behavior in both card present and especially card-not-present environments.
Two-factor Authentication Challenge
Today, the use of just PIN and signature is quickly becoming an outdated verification method. In many cases, signatures may no longer hold value or qualify as personal validation of a person’s identity. The use of multi-layered protections, such as biometrics technology and/or mobile PIN verification, is beginning to take hold within various sectors.
Increasingly, the financial industry is seeking out fintechs that can deliver stronger consumer authentication tools. The use of biometrics paired with additional criteria, such as the use of chip-and-pin, and the “something you know” requirement at the point-of-system access has proved successful.
A layered approach involving multi-faceted protection efforts remains one of the best ways to verify that your bank customers and cardholders are indeed who they say they are.
Determine Your Risk Tolerance
It is important to regularly review card program parameters and cardholder limits to ensure they are designed to optimize profitability and align with your bank’s risk tolerance. Periodically examine your Stand-In Processing (STIP) Parameters and associated rule sets, which are employed during occasions when the processor is unavailable to review or authorize transactions.
Where possible it may be appropriate to set daily use limits or further verification measures as a means of protection. As cardholders increasingly transact online and via their mobile phones, so do the criminals. Some of the most basic protection practices include conducting an annual performance review and setting appropriate limits and velocity checks.
Alan Nevels is senior vice president of card risk and merchant services at ICBA Bancard and can be reached at Alan.Nevels@icba.org.