Collaboration is Key in the Fight Against Fraud
The proliferation of card-not-present (CNP) transactions in recent years has caused a sea change in the battle against payment fraud. Jordan Schaefer, PULSE Director of Client Services, recently discussed shifting fraud trends in an increasingly digital world with the Fintech Cowboys on an episode of their podcast. In this Q&A session, Jordan addresses CNP transaction growth, advances in PULSE’s fraud-detection capabilities and the question of liability for growing “scam fraud.”
What are you seeing in the fraud world, and what is important as it relates to debit?
There are a couple of trends that we’re seeing in fraud lately. The first one is the saturation of CNP transactions across the payments ecosystem. The second aspect is regulation – specifically the Reg II clarification that took effect in July 2023. More than a third of our network volume is now CNP transactions. Along with transactions shifting, we’ve seen fraud shift as well.
What difference is the Reg II clarification making?
For the average cardholder, there is not much of a difference, but there is a big difference for merchants. They are presented with options they haven’t had before. As a network, we are now seeing transactions that we didn’t see before. Token card-on-file transactions are starting to route through the PULSE network. For issuers, these transactions that previously were coming from your front-of-card brand now might be coming from your unaffiliated network. We’re making sure our issuers are prepared to see these transactions over both of their networks.
With fraud, I like to say it’s not that there’s a problem there that can’t be solved. It’s that you solve one and there’s another one right behind it. Is that a true statement?
Yes, it rears its head in different ways. The use of artificial intelligence (AI) and its ability to quickly gather information from cardholders to imitate them – from voice to chat – has risen to a new level. We used to see unauthorized third-party fraud – someone stealing your information and making a purchase using that information. With scam-based fraud – also called first-person-authorized fraud – the cardholder is making the purchase, then they have buyer’s remorse afterwards.
Is fraud going to get worse as technology continues to advance? The threats are getting more sophisticated, but so are you. Will we ultimately win?
I have seen fraud act like a hydra. You take one head off, and out pops another one. We will continue to cut off hydra heads and we will continue to see others pop out. The place I’m worried about is AI. The more fraudsters can convince call centers or dispute agents that they are the cardholder, the riskier it is for fraud losses.
If something got hacked and it wasn’t the cardholder’s fault, they get their money back from the card issuer. But if they got scammed into giving out their information, will it ultimately end with the consumer getting their money back? Where are those lines, and have they been moving?
I have been to conferences in the past year where that is the number one question: Who is liable for scam fraud? Today, if a cardholder gets scammed, they are liable. Because they performed that transaction, the merchant is going to be able to provide all the compelling evidence to show that the cardholder authorized it. They may have the IP address of their phone and be able to see that the geolocation was at their home address when the transaction was authorized. But I’m waiting to see how the conversations and regulations will turn out with social media platforms that may have allowed that individual to be influenced.
It’s kind of a badge of honor that doing so well to fight fraud is forcing fraud to the scam side. That’s not your fight – it’s a fight that needs to be held more at the Congressional level. What do you think?
Our mission is to help our issuers. Who best knows the cardholder? This is an area where a community bank can have a great advantage. We have developed a product to help with this: DebitProtect® Communicate. If there’s a transaction that is suspicious, we can send a text to the cardholder, or a phone call or email. We can say, “We suspect that this is a scam. Are you sure you want to complete this transaction?” This will get the cardholder thinking about it. That kind of hyperpersonalization is super important.
Final thoughts – is there anything else on your mind?
We place the most importance on understanding our processors, merchants, and financial institutions. We have account executives assigned to all these different accounts. We talk to our customers daily. This is the same opportunity a community bank has. Solving fraud is about communicating and working together as an industry. As a network, we can put in fraud rules that are high-level rather than specific to your situation. There is a lot of value in that. There’s also value in an issuer processor or core processor having fraud services in place. Forums like this are a great way to reach out and have conversations like this. We need to keep doing this to cut off the different heads of the hydra that pop up.
Learn more about PULSE DebitProtect, or connect with us to talk to a PULSE representative about upgrading your fraud protection.