Current fraud management techniques in consumer lending

RMA Journal, The, Oct, 2004 by Michael E. Collins

The answer: Stringent measures and strong data protection by merchants, card issuers, and cardholders, as well as an environment of risk awareness in the industry. The question: What can substantially mitigate the threat of fraud in consumer lending? The consequences of a different answer: Jeopardy! In this article, the author provides an overview of mitigants for consumer fraud based on trends observed by the Federal Reserve Bank of Philadelphia.

Consumer lending has been a growth engine for the commercial banking industry for the past few years. In the last three years alone, consumer loan outstandings have grown 45% and now represent almost 54% of total loans. (1) Along with all of the usual risks in lending, such as underwriting, debt service/repayment, and interest rate risk, consumer lending--especially credit card lending--presents additional challenges with regard to fraud. Moreover, statistics show that fraud in consumer lending continues to increase. For example, a survey report by the Federal Trade Commission (FTC) estimated that identity theft losses over a 12-month period in 2002 and 2003 totaled $47.6 billion for businesses and $5 billion for consumers. (2)

As a banking regulator in the Third Federal Reserve District, the Philadelphia Fed closely watches fraud trends in the consumer lending industry, since 36% of all managed credit card receivables emanate from Delaware-based institutions. Poor control by an issuing bank over PINs, return mail, credit limit increases, and name and address changes can contribute to credit card fraud.

What can be done to stem the increase in fraudulent credit card activity? For a start, three key players must take stringent measures to prevent fraud: merchants, card issuers, and cardholders. In addition, strong data protection practices at each level and an environment of risk awareness in the financial services industry can also substantially mitigate the threat of fraud.

Merchants/Point-of-Sale

Preventing credit card fraud at the point-of-sale may not be as easy as it sounds. Although many people still buy goods and services in the brick-and-mortar retail world, more and more people are buying items in the virtual world of the Internet. Transactions over the Internet are harder to authenticate and therefore make fraud prevention trickier. However, many companies have established techniques to lower the risk of credit card fraud over the Internet.

In person. For in-person retail transactions, merchants can do at least three things to prevent credit card fraud. They can ensure that the customer initiating the transaction is authorized to use the credit card by verifying the card user's signature. Unfortunately, many merchants are reluctant to be too aggressive in trying to verify a customer's identity because they fear damage to their reputation will result if a customer is falsely accused of credit card fraud.

It also is incumbent on merchants to implement and enforce measures that control access to card readers and customer information. Furthermore, merchants must have confidence in the honesty and integrity of their employees.

Internet. The virtual world presents many opportunities for credit card fraud. Consequently, companies have developed a number of fraud-prevention techniques to deal with the additional risks of online transactions. One such technique is the use of card verification value (3), which requires the customer to provide the three digits found on the reverse side of the credit card before initiating a transaction. (American Express cards use a four-digit number found on the front of the card.) Because these digits are not embossed and, therefore, do not appear on a receipt, having the customer provide these digits adds another layer of assurance that the person initiating the transaction is in possession of the card. (4)

Another technique for protecting credit card transactions over the Internet involves account number masking, also known as substitute credit card numbers or virtual account numbers. Such a technique helps prevent criminals from intercepting and stealing the real credit card number. To use this technique, the customer has to go to the card issuer's Web site to start the transaction. In turn, a new card number is established and sent to the merchant's site for the purchase, thus keeping the original credit card number secret.

Since merchants cannot verify a customer's signature in the virtual world, typically the merchant is responsible for fraud charge-backs.

Biometrics. In the future, merchants may be able to use even more sophisticated methods to prevent credit card fraud. Although many of these technologies are currently available, each has had varying degrees of acceptance, and some require substantial up-front investments. Whether used independently or to supplement existing security measures, such as those embedded in smart cards, biometric technologies offer merchants at the point-of-sale legitimate alternatives for protecting themselves and their customers against illicit criminal activity, such as identity theft, account manipulation, and fraud. (5) Following are some of the more widely used biometric solutions.