Issuers contending with payment card fraud will have to factor in mobile wallets, especially as the battle to thwart account takeovers intensifies.
A majority of issuers—56%—said they cannot further reduce account takeovers without hurting the customer experience, according to a card-issuer fraud study released recently by LexisNexis Risk Solutions and conducted by Javelin Strategy & Research. The survey, executed in June 2015, canvassed 100 U.S. card-issuing executives. Payment card fraud is receiving additional attention because of the ongoing migration to EMV chip cards, which address counterfeit cards at the point of sale, but not online fraud. Issuers experience $10.9 billion in card fraud each year, the report says.
Indeed, 75% of issuers said that account takeovers will become more of a problem as mobile wallets proliferate. The reason is that the wallets, as a form of remote transactions, tie into the broader situation with card-not-present fraud, Kim Little Sutherland, LexisNexis senior director for identity management, tells Digital Transactions News. “If that’s the case, then EMV was not designed to be the solution for CNP fraud,” Sutherland says. “The tool that has been designed to address manipulating cards and making counterfeit credit cards in a mobile wallet doesn’t work.”
Because mobile wallets enable card-not-present payment credentials at the point of sale, they provide a mechanism by which POS fraud rings can make use of available credentials while maintaining their existing infrastructure, the report notes. “In some cases, they may need to take over fraud victims’ accounts, subverting step-up authentication by diverting bank communication to a channel they control.”
The phenomenon is amplified by the EMV migration, which squeezes the POS fraud rings away from their usual conduct and increases the number of near-field communication-enabled readers where mobile wallets could be used.
Mitigating this type of risk requires a combination of steps, Sutherland says. For example, an issuer may want a consumer to input some personally identifiable information, but not in a way that invites abandoning the process. That may mean using a mobile device’s camera to capture data from a driver’s license. It could mean using data from the mobile device itself, such as if the SIM card was recently changed, to determine if there are fraudulent components to the device, Sutherland says.
Such efforts are necessary because issuers said contacting the legitimate accountholder is the most significant challenge to counter account takeovers. In fact, 24% said it was the most difficult challenge and 23% said it was the second-most difficult task.
As for fraud by card type, credit cards account for $7.6 billion, or 71%, and debit cards account for $2.7 billion, 25% annually. Prepaid card fraud total $500 million, or 4%.