Demystifying Cards

Card Control: Fraud, decisioning and authorisation

Unfortunately, wherever you find financial services you’ll find some level of fraud or attempted fraud. And it’s the same in the card payments sector – especially when a new card programme goes live.


Fraudsters know this is when a card programme is at its most vulnerable, so it’s essential to get on the front foot to tackle fraud and build it in as a key pillar of your business strategy.


You may want a payment processor that offers real-time access to controls so if you identify fraud you can respond immediately, rather than having to go through your processor. You may also want a payment processor that allows you to get involved in both decisioning and transaction authorisation.


Put simply, you may want to make sure you have the agility and processes to be able to change rule sets immediately – from day one. Consider choosing a partner that enables you to change fraud rules in real time to respond to threats. Also consider whether you want to be part of the authorisation flow of a transaction. This is possible with modern issuer processors like Marqeta, for example. We call it gateway Just In Time (JIT) funding. It is often referred to as external authorisation more broadly. This puts you in full control of the authorisation of every transaction and combined with a fraud tool this can be a very effective way to mitigate fraud. More on this later.

Controlling card usage and spend in real-time


We think it’s important to be able to set up the parameters of who, where and how cardholders can use their cards, using APIs in real-time. That way you can accommodate rapid change and offer an array of configurations at individual card level. Consider looking for a processor that offers dynamic spend and velocity controls, so you can have power over where a cardholder spends – for example, by country or merchant type (no gaming or alcohol, for example). Or how many times, or how much, cardholders can spend on travel or withdraw from an ATM over a pre-defined time period.


You can layer these controls together. The trick is to set controls that are flexible enough to accommodate cardholder behaviour to ensure a good payment experience, while mitigating fraud in line with your business objectives.


Putting some of these card controls in the hand of the customer is also becoming more commonplace. They may wish to pause e-commerce transactions, ATM or contactless, for example.


A notable case is Monzo including a Gambling Block option as part of their card controls area. The intention being to give those people with gambling problems the option to completely block gambling transactions. Large financial institutions are also sitting up and taking note of customer demand for more control of their card. Santander, for example, has recently launched several new in app capabilities. View PIN, report a card lost or stolen and PIN not working functions have all been added to the app.

Real-time fraud


We think it’s about detecting fraud as it happens rather than ‘reactive identification’ that reviews transactions after they’ve occurred to spot fraudulent activity. Using machine learning and behavioural analytics to predict, prevent and manage fraud and financial crime, the latest solutions cover things ranging from application, card and payment fraud mitigation to merchant monitoring and anti-money laundering. It’s essential all this is up and running before you launch, as day one is when fraudsters will be testing your systems looking for weaknesses to exploit.

Flexible decisioning


Further information on intelligent and real-time authorisation of transactions can be found in this blog.


Taking part in the authorisation process Your card programme can benefit if you can automate certain processes, access near real-time data, and have the ability to add functionality to the authorisation process. So let’s look at the transaction components that can give you real control over an authorisation.


Simplifying legacy challenges Authorising transactions from Visa and Mastercard means working with the ISO 8583 standard messaging format. But integrating this complex messaging standard into your card programme can be a headache for developers and time-consuming. The good news is that some processors will convert ISO 8583 into a much more user-friendly open JSON message format, eliminating the need for your developers to build an integration altogether. This can free up your resources to focus on building a compelling customer proposition.


Managing risk and minimising fraud Who controls decisioning? As mentioned, some processors allow you to define your own rules on their platform and notify you of any breaches. So on top of any 3D Secure solution, you may need some kind of algorithm-based fraud engine at the front end of the transaction-authentication process to score each transaction for potential fraud. If you know there’s a high propensity of cards being attacked in certain merchants in a particular country for example, you can change the rules around decisioning to help minimise the risk.


Involving you in the authorisation decision Once a transaction has passed dynamic spend and velocity controls and a fraud-decisioning engine, your processor can authorise on your behalf or, if you prefer, involve you directly in the decision using just-in-time (JIT) gateway functionality (Marqeta’s version of external authorisation.) This gives your card programme the ability to approve or decline a transaction using real-time business logic.

The power of real-time


As an existing or prospective card programme owner, how do you bring the real-time experience to life? At Marqeta, there are a number of ways we’re helping to support this, including through the use of webhooks and by allowing three seconds for authorisations. Our blog provides more detail here.

Top tip: How can you use real-time for real action? Ever used the wrong CV2 code making a purchase online? Challenger bank Starling use their real-time authorization data to help their customers transact by reaching out with in-app notifications. Should you key in the wrong details with a merchant you’ll be told why the transaction was declined and prompted to check your CV2 in the app.

Post-authorisation

Risk and fraud analytics Once a transaction decision has been made, it can be useful to update your cardholders. For example, you might want to confirm their purchase (from a fraud mitigation perspective), or tell them why their transaction was declined, or simply help them understand their spending habits. Using real-time information in this way can help you provide the best possible real-time user experience – which we believe to be an essential ingredient in any successful modern card programme. With the increased regulatory requirements from the second Payment Services Directive (PSD2), customers will need to authenticate their transactions much more often so using this real-time information can become more important to provide seamless customer experience.

lendable

Lendable

Lendable uses Marqeta’s proprietary 3DS solution in conjunction with their rules based fraud decisioning for transactions. These rules were intentionally set quite conservatively for initial launch and have been refined over time. In addition to these controls Lendable have a suite of transaction monitoring tools to highlight unusual account behaviour.


Not having data to look at from the start was a challenge. The machine learning tool needed data input in order to work properly, so access to fraud data from the off is incredibly useful and something Marqeta is looking to provide in the short term, via a third party.


Lendable uses a variety of third parties for fraud and AML screening. As with transactions this process has been refined over our launch period. In addition to this further protection gained from fraud from controls on our introducers side.

Continue reading

Demystifying Cards - Previous Arrows

Monetising your card programme

Previous chapter

Every card programme needs to turn a profit, and there are different ways to generate income. Learn about the most common ways card programmes can drive revenue.

Demystifying Cards - Next Arrows

Launching a card programme

Next chapter

Find out the steps needed to launch a card programme, whether it’s licensed, BIN Sponsored or programme managed.

Marqeta Cards

Launch your next payment innovation

Let's talk about your use case and how we can help.