Card Fraud - Holiday flags

Now that Spring has sprung, cardholders are looking to the
forthcoming Easter break and planning their summer breaks. Inevitably, thoughts
will be turning to their holidays and planning trips away.

As part of this, some cardholders will be diligently
contacting the issuers of their debit/credit cards to advise of the trip
overseas, to ensure that they will not have the embarrassment of having their
cards declined by the bank due to a transaction that does not meet their normal
profile of spending. Indeed, many card issuers are keen to ensure that their
cardholders’ experiences are not impacted by such events thereby ensuring their
brand remains “front of wallet”. This often means encouraging cardholders to call
in to notify their card issuer of any upcoming travel, where upon a holiday
flag is set in the issuer’s fraud monitoring systems in an effort to prevent
fraud alerts and temporary card blocks.

However, is the desire to remove any negative experiences
for cardholders by adopting a customer centric risk strategy causing more harm
than good? For a number of years now there has been a growing trend of fraud
occurring in locations such as Florida, with spend occurring in and around
tourist locations such as Miami and Orlando, mainly at large department stores
and shopping malls. In these instances, the cardholder has been subjected to a
skimming attack, and the fraudsters use counterfeit cards encrypted with the
victim’s card details to make purchases at outlets in the vicinity of the
crime.

Because the cardholder has made their issuers aware that
they are travelling abroad; and the bank has applied a flag to the cardholder’s
account to ensure that the card will not be declined, the fraudulent transactions
are often overlooked (even though in many cases the issuer’s fraud detection
systems flag them up). By the time the cardholder is aware of the fraud
(usually upon their return home) significant sums have been spent fraudulently.

So how can card issuers manage the balance between customer
centricity and a cautious risk strategy within their Risk Management
department?

First, when flags such as this are applied, the issuer’s
fraud monitoring system will usually still detect the fraudulent transactions. Card
issuers should consider applying more sophisticated strategies that will allow
flexibility for foreign transactions but still identify patterns that are
likely to be fraudulent.

Second, better utilisation of customer contact strategies will
help. While an automated phone call may not be appropriate due to time
differences, the use of SMS or email notifications can still be an effective
way of contacting a customer abroad, especially with the level of smart phone
usage by cardholders.

Third, utilising other monitoring solutions, such as Device
(POS and ATM) and merchant profiling will add additional data elements to
enhance an issuer’s detection and monitoring capabilities. Consideration should
be given to monitoring merchants with a history of fraudulent transactions, and
pre-emptive blocking of very high risk outlets. While blocking a department
store or retail outlet may cause too much impact to the cardholder, blocking
merchants such as DIY stores are surely a reasonable action to take. Likewise, fraudulent
transactions in pharmacy stores are a common occurrence, so applying a rule to
block a transaction above a certain value at a merchant under the pharmacy
Merchant Category Code is surely a legitimate strategy to apply.

Finally, issuers could find additional data within existing
Management Information on pockets of fraudulent activity. A combination of
additional use of MI and a regular review of the rules and risk strategies in
place will allow issuers to react more effectively to these kinds of scenarios.

So, as the holiday season looms, maybe now is the
opportunity to review fraudulent activity from previous holiday periods, and
consider what the best strategy is to prevent such events from having a large
impact. In most cases, cardholders are reassured by issuers who can balance a
careful eye on fraud with the desire to provide a frictionless payment
experience.