The latest biennial report from the Bureau of Consumer Financial Protection found that the total number of credit card accounts and enrollments in associated online services continue to increase. In fact, more than 75% of U.S. consumers now own credit cards. This trend was especially prominent in 2017, when the number of new card accounts activated came close to pre-recession numbers. In the third quarter alone, U.S. consumers opened 91.6 million new accounts.
Unfortunately – yet unsurprisingly – increased credit card usage has resulted in higher rates of credit card fraud, according to a recent report from the Federal Trade Commission. The report found that in 2017, credit card fraud rates increased by 23% over the previous year. Additionally, credit card fraud topped the list of identity theft complaints received last year. This continues a steady, multiyear rise in credit card fraud, which has been growing in frequency and severity since 2013.
The introduction of EMV chip cards has made a dent in “card-present” credit card fraud, in which a fraudster physically presents a counterfeit card to a merchant in person. While this is obviously a positive development, it unfortunately has had an unintended consequence – an increase in “card not present” (CNP) fraud. According to a recent report from Javelin Strategy & Research, CNP fraud was 81% more prevalent than card-present fraud in 2017. Additionally, account takeover (ATO) fraud continues to grow, tripling over the past year to reach a four-year high. ATO occurs when a fraudster poses as a legitimate customer, gains control of an account and then makes unauthorized transactions. Total ATO losses in 2017 reached $5.1 billion, a 120% increase over 2016. As fraudsters largely commit ATO fraud via phishing or malware schemes, EMV chips also cannot prevent this type of fraud.
Who is paying for credit card fraud?
Despite the alarming rise of credit card and ATO fraud, which does not appear to be slowing down anytime soon, the average U.S. consumer lost a median of only $429 from credit card fraud in 2017. In fact, 79% of those who experienced credit card fraud did not suffer any financial loss whatsoever. The question naturally follows – who is paying for this rampant fraud if not the consumer?
The answer: financial institutions. Global credit and debit card fraud resulted in losses totaling $21.84 billion in 2015. Card issuers and merchants incurred 72% of those losses, or almost $16 billion. While the adoption of EMV chips has cut out a solid chunk of card-present fraud, as described above this has unfortunately resulted in the rapid rise of CNP fraud. Clearly, EMV chips alone are nowhere close to sufficient for preventing fraud, and financial institutions must look to other methods to reduce the impact on their organizations.
Financial organizations should, without question, implement technology safeguards and cybersecurity best practices in order to reduce the impact of credit card fraud. While crucial to preventing fraud, these strategies alone will not wipe out credit card fraud. Underscoring the particular challenges that financial institutions face, 30% of all data breaches result in some form of credit card fraud – but less than 10% of breaches actually occur at financial organizations. The majority of the time, the financial organization is not responsible for a breach, but will nonetheless be liable for potentially massive damages stemming from resulting credit card fraud.
The point is, no cybersecurity investment can completely eliminate fraud – that’s just the world we live in. However, financial organizations can implement programs and services that can help to identify and stop fraud before it can cause significant damage. The earlier that credit card fraud is caught, the sooner financial organizations can take action to remedy the situation. This also ensures that identity thieves have less time to rack up charges using stolen information, which is critical as it can reduce the costs ultimately incurred by the associated financial organization.
As you might hope, the vast majority of credit card issuers already have fraud prevention services in place that monitor for and alert customers about suspicious activity on their existing accounts. In fact, most credit card companies and banks can now detect certain types of fraud almost immediately. However, many financial institutions lack monitoring services that alert customers about new accounts opened in their names. This is especially troubling as the specter of synthetic identity fraud looms ever larger.
The new menace: Synthetic identity fraud
Synthetic identity fraud occurs when perpetrators use either a combination of real and fake information (such as a real Social Security number along with a false name, address and date of birth), or entirely false information to create a new, phony “individual.” Criminals increasingly commit manufactured synthetic identity fraud, which involves the creation of fake identities composed of entirely false information to open new accounts that do not belong to any known consumers. Fraudsters cultivate these identities and develop credit histories over time.
As mentioned above, most financial organizations do not currently have the capability to detect new account fraud, and as a result criminals utilizing manufactured synthetic identity fraud can operate for years undetected before they max out their credit lines and disappear without a trace. Of course, this leads to significant financial loss for the card issuer and any associated entities.
Even compared to the major threat of traditional credit card fraud, synthetic identity fraud is a rapidly growing issue. The outstanding balances of suspected synthetic fraud identities increased to $885.42 million in the fourth quarter of 2017, according to TransUnion. In addition to billions of dollars lost due to this type of fraud, synthetic identity fraud costs financial organizations countless hours of lost productivity as they chase down people who do not actually exist. Synthetic identity fraud alone may account for 5% of all uncollected debt and up to 20% of all credit losses. This type of fraud also causes problems and losses for credit issuers and lenders, as they are the organizations that inadvertently issue cards to a fake identity.
New approaches to fighting credit card fraud
One potential solution to synthetic identity fraud, as well as credit card fraud more broadly, is the use of artificial intelligence engines to comb through the growing repository of digital data to better verify identities. Of course, AI presents both pros and cons. Many, including certain regulators, have expressed concern that AI analysis equates to a breach of privacy, which is of course a tremendously hot-button issue. In order to effectively employ AI to combat fraud, financial organizations would need to comb through digital records to determine whether or not they should issue a credit card to a specific person.
AI is only one potential solution to reduce the impact of credit card and synthetic identity fraud on financial institutions. Another example is voice recognition technology at call centers, which can help to flag whether a specific voice has called before under a different identity. Additionally, many financial organizations are currently experimenting with blockchain, which could offer a solution due to its cryptographic protection capabilities.
In addition to the solutions described above, comprehensive identity protection that includes identity theft resolution can help to protect against fraud and thereby prevent losses, while also promoting greater trust between financial organizations and their customers. A critical component of effective identity protection is credit monitoring that alerts customer when new accounts are opened in their names. This can cut down on multiple types of identity theft, including synthetic identity fraud, by enabling financial organizations to more quickly catch and close out fraudulent accounts. Additionally, many new account types, such as payday loan or telecom accounts, are difficult to monitor for fraud without identity protection technology in place.
Identity protection promotes consumer trust in financial institutions
As mentioned above, identity protection can also engender consumer trust in a financial organization. Identity theft resolution services specifically are critical to promote trust. Certified identity resolution specialists are specially trained to restore identities and related assets to good health when fraud does occur. This benefits the consumer as well as the financial organization, as resolution services alleviate the costs, time, and emotional toll resulting from identity fraud of any type.
50% of respondents in a recent consumer survey indicated that they would prefer to purchase identity protection services from their trusted financial institution. One of the key reasons for this is that consumers already trust financial organizations with much of their most sensitive information. Deploying identity protection can fulfill that trust and heighten positive brand perception, while most importantly protecting the assets of the institution and its customers.
Finally, while financial institutions continue to combat credit card and other types of fraud through technologies and processes including identity protection services, it remains critical that stakeholders of all types collaborate to find continued solutions. Law enforcement, technology vendors and developers, government agencies including the Social Security Administration, financial organizations and consumers themselves all have a role to play. Financial organizations may need to lead the charge, but they will certainly not be without help.