A Finextra member 19 April, 2009, 04:01 0 likes

Real time isn't after the fact! After the card is skimmed you block all the cards used at the ATM, and I presume, send someone to remove the offending skimmer device? What, after the message you get which says something like "Skimmer like activity on cards xxx at ATM yyy?" "Panic and block our customers from our service". Er, didn't you think about any of this first? Designing in poor service?

A little note to any bankers reading this.

While monitoring trends etc can help mitigate continuation of fraud losses, stopping the customer's account isn't called customer service, certainly not at Transinteract.

We call it an admission of failure.

I tried to buy a laptop yesterday and my trusty card said the purchase was over my daily limit.

I had obviously forgotten that cards were only good for micro-payments and the risk is too high to default to allowing larger payments. For (my) safety?. I could always up my limit but then I would be liable for the highly likely losses I'd suffer as a result. If the bank thinks it is too risky then I would be stupid not to concur, after all they should know. Shouldn't they?

I could of course have called my bank from the point of sale and shared my my most personal identity details with a call centre while the other customers stood impatiently behind me hanging on my every word into the phone.

Real time is real time, prevention is before the fact. You get very few points from customers for bad methodologies that could never honestly be described as customer service, more like poor service. Undermining your own services.

Any institution which clings to outdated, inadequate and insecure systems is doomed to fail, crisis or no crisis. They will disappear like lights going out across a city during a rolling blackout.

Measuring trends is a great way to draw attention to failures and is quite useful to competitors.

It's all become such a hoohaa using cards, and an expense, for what? Paranoia, fear, fraud, failure?

The future is very dark for most banks, even the very big ones.

There will be no room for poor service or poor excuses, the customer is a wakeup to the flawed methodology and will not care - they'll switch to the future and ditch the past at the speed of (en)light(enment).

You'll be able to monitor that very easily, but knowing it won't save your business.

The age of enlightenment and empowerment in customer service is upon us.

A Finextra member 22 April, 2009, 12:10 0 likes

Well Michelle, if the current buzz-word is really 'real-time fraud prevention', then that will surely make my year!

You say that real-time fraud prevention is now a reality and that is has been successfully proven in the field. Please do tell us more...  How has this been proven, when and by whom? I would like to know...  Are you referring to banks such as Handelsbanken that enable their cardholders to dictate when, where and how they are using their cards and match those settings to authorization requests that the banks receive and process?

The example that you gave which is "if 3 customers of a bank experience fraud after using their cards at one ATM, the bank can quickly identify and flag all other cards used at that site,....  And when this is done in real-time, it can have a huge impact on stopping fraudster and preventing the loss before the fraud is attempted."  In your example, in order for this to be what you call real-time, what needs to happen first is that the banks need to determine that the 3 customers have experienced fraud. This can happen after the 3 customers themselves have become aware of their cards getting compromised. Without signals (setting of limits) from cardholders, what usually happens is that cardholders notice the fraudulent transactions only when they receive and check their card statements or after they receive and accept a call from the bank's customer service or after they receive and read a SMS alert. Many banks that I have spoken to say that consumers are flooded with SMS texts that most no longer bother to read them.

Therefore, given the current state of authorization systems, I would question the way you use the term 'real-time fraud prevention'.

With a system that enables cardholders to set their own limits (i.e., I'm in New York, so please do not allow any transaction outside of New York or I'm not buying anything online, so please do not allow any online payment...), only then can effective 'real-time fraud prevention' occur. Without this, what one has is 'real-time fraud detection'. 

With a system that enables cardholders to set their limits, an automated reporting system can effectively zero-in on the common point of compromise after a few authorization requests are declined. In addition, all other card accounts that used the same point that has been compromised can of course be listed and temporarily blocked while the cardholders are contacted by the bank. Funny thing is that this process description has been part of my "FEATURES/BENEFITS" documentation as I was asked to compare our real-time fraud prevention system to ACI's PRM, a year ago.

Once authorization systems are improved to enable cardholders to effectively signal where they are, how they are using their cards and when they are using their cards (user limits) and then match these limits with authorization requests, Card Skimming and ATM Fraud will then dissipate. 

All and all, I do hope that this type of advanced fraud prevention will find itself catapulted up the priority list for all financial institutions. Afterall, I designed the system that enables user limits and real-time fraud prevention.

Marite Ferrero

www.cardswitchtechnology.com

A Finextra member 23 April, 2009, 15:09 0 likes

It is pleasing to see both comments have picked up on my use of the term "real time fraud prevention" as it can be a term that is used rather loosely to describe a variety of fraud mitigation approaches.  I agree that real time means just that - real time decision making or, more simply put, fraud checking in the flight path of the authorisation response. 

It should be clarified for readers, however, that real time fraud prevention tools can be applied in conjunction with other fraud mitigation techniques like point of compromise analysis.  Yes point of compromise can take longer than an instantaneous response to pin point but it is the intelligence from the analysis that should be used with real time countermeasures.  To ensure fraud prevention with limited customer dissatisfaction it is important to be accurate - and to be accurate requires intelligence.

As a previous banker working within a fraud unit, I know only too well the difficult task of protecting the consumer from fraud whilst maintaining a fantastic customer experience.

A Finextra member 24 April, 2009, 05:42 0 likes

"To ensure fraud prevention with limited customer dissatisfaction it is important to be accurate - and to be accurate requires intelligence."

Signals from cardholders provide this accuracy and a system that enables cardholders to provide these signals/limits is better than any 'intelligence' a predictive transactional risk management system can bring.

Legitimate cardholders can best signal when they are doing an online payment and/or if they are travelling (as well as other user limits...).  Therefore, a system that enables cardholders to signal their usage of their cards provides an excellent quality of service to cardholders while preventing fraud on a real-time basis.  

A week ago, I decided to donate 55 euros to a NGO and I did an online payment/donation. Because my IPAddress/Geo location showed somewhere in Asia (as I am travelling), not only did this payment not go through but my account got blocked and it's still blocked. How is that for a 'fantastic customer experience'?

Indeed, it does not require much intelligence to enable cardholders to set their own limits based on how they want to use their cards. The intelligence needed here is knowing what to do with these user limits as well as providing cardholders a very easy to use (one-click) interface. The intelligence required here is providing a bank's authorization system the ability to 'pull' these user limits on a real-time basis and to properly categorize incoming authorization requests and match them with the appropriate user limits.