If there is one thing that most people in today’s world of payments agree on it’s this: fraud and fraud schemes are seemingly in a perpetual state of evolution. As soon as one scheme is uncovered, the fraudsters have inevitably moved on to a new one. Fraud in the ecosystem is not only costly to issuers and merchants; consumers can also end up paying the price. Consulting firm McKinsey predicts that by 2025*, direct fraud will amount to $45B with a 7-8% CAGR. Even scarier, they predict an indirect impact of fraud has a 2x-3x multiplier, or $90-$150B, due to increased operating expenses and impact on customer loyalty.
In order for issuers to help protect their cardholders (and ultimately themselves) from potential fraud schemes, it’s imperative they understand the rules of the road. As with most rules of the road, there is a balance between speed and safety. It’s not just about getting to your destination in record time. It’s equally important that you get to your destination safely and with your vehicle still intact. In payment terms, that means you need to strike a balance between approvals in real-time and authentication.
“Being able to fine-tune the controls that you need to mitigate transaction fraud in real-time and in the decision flow,” said Adam Christensen, VP of Product Management with Marqeta. “Sometimes a score alone isn’t always good enough and you need more flexibility. That’s why we built our Real-Time Decisioning product, so we could provide over 300 data elements to our customers. ”
Reducing fraud throughout the cardholder journey
Building a comprehensive fraud mitigation strategy runs far beyond any one individual transaction. For an issuer, it begins with pre-account generation (where issuers need to fulfill certain regulatory compliance and due-diligence) also known as Know Your Customer (KYC), and it is inclusive of many parts of the cardholder journey which may include verification, 3D Secure, and post transaction disputes resolution and chargebacks. Whether you are building a new card program from scratch or you are looking to fine tune your existing one, a clear plan around how you will manage fraud is one of the most important decisions you will make.
Three areas to prioritize
The pandemic changed many things about the way we live and transact. One of the offsets of a global pandemic has been a sharp increase in card-not-present (CNP) transactions. Often with this increase, issuers will need to get clear on their fraud strategies to combat the potential for more fraudulent activity that can occur on their card portfolio. So what can you do to help keep your organization prepared to mitigate fraud? We suggest a 3 part approach.
1. Utilize your data
Data is a powerful tool when it’s harnessed correctly. Too many issuers are inundated with data, but they don’t know how to manage it or how they make the data work for them. Using the risk scores from major card networks, like Visa and Mastercard, is a step in the right direction, but diving into your own data can give you insights into who your customer is and how they behave. Did you cardholder just insert a chip card into a POS in one city and then make another POS charge in another city on the other side of the country? These are situations where using transaction data can help you assess the likelihood the transaction is not fraudulent.
2. Focus on real-time decisioning
Maintaining high authorization rates while keeping your incidents of fraud low is a balancing act. The steps needed to authenticate, process, and approve incoming transactions happen in milliseconds. This enables fine-tuned control of transactions. Building, editing, and implementing rules for fine-tuned control over card transactions means an issuer can better protect themselves from local fraud schemes in a specific geographic region or build rules based on velocity and transaction amounts. With a well defined real-time decisioning function in place, an issuer should be able to do these three key things:
- Build and implement rules that give you fine-tuned controls over your card transactions
- Invest in programs that will allow you to create rules based upon data attributes that include card network risk scores
- Help mitigate fraud while also reducing false positives
3. Decide which rules are right
While using the card network scores and having a real-time decisioning model in place are crucial, they won’t get most issuers all the way there. The ability for an organization to create and write their own rules means they have greater control over the authorization process.
For instance, card network risk scores, merchant category code, merchant ID, user group, and spend amount can all be built into a rule to determine if a transaction should be authorized or not.
Another consideration should be rules based on velocity. Velocity rules allow an issuer to set rules that range from “only allow up to X number of transactions in one day” to profile based complex rules such as “decline progressively small value transactions originating from a high risk geolocation at a high risk merchant”. This flexibility allows for custom rules that align to business logic and specific use cases.
Detailed or turnkey?
Risk strategies and support can be as detailed or as turnkey as you want them to be. Some issuers want to invest in an in-house fraud support team to work with their vendors. Work with partners who understand the layered approach to fraud mitigation and who can help you maintain authorization rates without putting your card portfolio at risk.
Want to learn more? Check out our recent webinar with Aite or read our white paper with Aite’ to get a deeper dive into how you can build a fraud strategy that works for your organization. Or if you’d rather talk to a fraud expert, we can help you with that too.
*McKinsey