Debit card issuers face an ever-growing array of fraud schemes perpetrated against them and their account holders.
Effective card offerings require financial institutions (FIs) to quickly and accurately detect myriad forms of fraud, forcing them into a delicate balancing act. Being too permissive without adequately scrutinizing transactions enables more fraudsters to make off with funds. Being too restrictive can result in a slew of false positives, however, irritating consumers whose cards are declined and frustrating merchants as would-be customers abandon their carts.
Security challenges are mounting, too. PIN-based debit transactions are some of the most secure, but this payment method is being used less and less, with consumers instead turning to eCommerce and in-person contactless payments during the pandemic.
FIs’ card-issuing trends also underscore the growing popularity of touchless purchasing approaches. Two-thirds of card issuers were expected to offer contactless debit products by the end of this year, for example, and 87 percent of all cards are anticipated to be contactless-enabled by the end of 2022.
This departure from PIN-based transactions can present challenges to issuers, requiring them to revise their fraud-fighting approaches as consumers’ purchasing habits evolve. This month’s Deep Dive examines the evolution of debit fraud as consumers adopt novel digital purchasing methods and how machine learning (ML)-powered tools can help keep it in check.
The Face of Fraud
Addressing security concerns is no trivial pursuit for debit issuers, as they incurred more than $1 billion in net fraud losses in 2019. Certain types of debit transactions are riskier than others, however, with card-not-present (CNP) purchases typically more prone to fraud than card-present (CP) ones. This is because CNP purchases, which include mobile- and web-based transactions, can be harder to verify than those that require users to supply their PINs.
Point-of-sale (POS) debit purchases authorized with PINs are very secure, and this purchasing method accounted for only 5 percent of gross fraud cases in 2019 despite representing 38 percent of all POS activity. Not all CP purchases are equally safe, however. Contactless debit payments made at the POS can face more risks because they typically do not require cardholders to provide authentication before completing purchases.
Fighting such losses requires the ability to detect when stolen debit cards are being used online or for contactless purchases. More modern approaches to tackling this problem require gaining a deeper understanding of legitimate cardholders’ purchasing patterns so that FIs can spot when bad actors are using them for transactions instead. These approaches could even prove to be more secure than knowledge-based authentication (KBA) measures because information such as PINs can be stolen, while behavioral patterns are much harder to mimic.
Many FIs seek to learn account holders’ purchasing habits and create behavioral profiles by analyzing their keystroke patterns, determining which devices they use to transact, and establishing average purchase sizes. These and other details help FIs better comprehend their customers’ normal behaviors, enabling them to spot irregular activities that could reveal whether fraudsters have taken over their debit accounts or made off with their cards.
FIs can get even more holistic views by examining consumers’ interactions with specific entities or technologies, such as ATMs. A series of sudden, high-value withdrawals might be normal for an ATM at a well-trafficked spot, for example, but it could be cause for alarm at a machine that typically sees intermittent usage.
Some FIs have also teamed up with eTailers to better protect CNP transactions using a protocol known as 3D Secure 2.0. Online retailers that adopt this security measure can enable debit issuers to review numerous customer data points during users’ site visits and purchasing journeys. FIs that detect suspicious activities can then temporarily interrupt transactions and require potential customers to confirm their identities on secure webpages. This is typically done by asking consumers to present one-time passcodes or undergo biometric authentication, and those who successfully complete these steps can proceed with checkouts.
3D Secure 2.0 may be useful to retailers, but many complained that the protocol’s earlier versions resulted in too many false positives and eventual cart abandonments. Beating the false positive problem requires FIs to fine-tune their approaches to monitoring suspicious activity, and ML tools could be the key to doing so. One way FIs can protect themselves is to take advantage of processor- and network-level transaction monitoring. Advanced learning-powered defenses can respond flexibly and adjust their assessments based on results, which can help FIs reduce false positives while maintaining strong defenses.
Fraud threats are ever-changing, and losses associated with digital money transfers are projected to rise 130 percent worldwide by 2024. This can make investments in advanced security tools especially timely, and issuers may find that ML solutions are well-suited to digital challenges. ML solutions can help FIs spot well-known red flags as well as new behaviors that indicate fraud, and this adaptability can help debit issuers keep their defenses sharp as fraudsters switch up their attacks.
Issuers must make bold efforts to stem the rising tide of fraud while safeguarding smooth shopping experiences for merchants and consumers. Adaptable security tools like ML can help FIs strike that balance.