Digital Transactions Authoritative, insightful and timely information for payments professionals
Data Insecurity
Part 5
While absolute dollars of fraud are rising with volume, the payments industry has done a commendable job in managing risk. For every $100 in purchases with signature-based credit cards, only about a nickel winds up as fraud?about one-third what it was 15 years ago?and that rate is holding pretty steady. Even in the unnatural domain of the Internet, where handwritten signatures are an anachronism, larger merchants are keeping fraud down to a little more than 1% of transactions. And a long-time source of signature card fraud?card skimming when the waiter or other service employee takes the card to a back room for an imprint and authorization call?looks to be trumped by contactless transacting right at the table. Billions have been spent achieving this proficiency, and still the efforts continue to make signature cards safer. Dozens of security mechanisms for signature cards have already been invented, and startups regularly appear with polished business plans based on a new breakthrough in card protections. And as we saw in Part 4, there's not really enough true fraud to justify significant security investments. On its face, this would be a major success story for financial institutions, processors, and merchants alike, except for one thing: At the other end of the business?the granting of credit and processing of signature-based debit–the track record is vastly different. In the U.S., for every dollar of transaction-based fraud, there are $30 or more in charge-offs. Credit risk?even with the tightening in bankruptcy laws in late 2005?is back on the rise, and in this part of the business, the issuers and their supporting risk-management providers are pretty much starting from scratch. A cynical observer might opine that an industry that routinely writes off $30 billion to $40 billion a year in chargeoffs and still makes $20 billion to $25 billion in profits can afford the luxury of marginal credit-granting decisions and debit approvals. After all, issuers make the lion's share of the more than $8 generated by the average credit card transaction, and more than $2.40 on each signature-debit card transaction. If they can assemble enough outstandings, which can earn high rates of interest, along with penalty fees and charges for nonsufficient funds (fully half of the industry's signature-debit card revenue comes from $25-to-$30 NSF fees that stem from two-to-three-day clearing and settlement for most transactions), then even $30 billion to $40 billion in chargeoffs can easily be covered! Many thought the Bankrupcy Act would provide some material assistance in reducing bank exposure to defaults, and for a while it did. Net chargeoffs for general-purpose credit cards dropped in 2006 by more than $10 billion. But the Act's limitations addressed only one problem: the consumer who got into financial trouble, then tried to lay off debits and start over. It didn't address new types of credit risk, especially the growing problem of elderly “fraud.” The elderly, who constitute a substantial portion of both credit card users and households dependent on Social Security checks, regularly fall prey to data thieves and predatory telemarketers. In a recent case, reported in the New York Times, an elderly victim declared that he happily took the calls of these n'er-do-wells, just to have the pleasure of any conversation. But these days, at the end of life, the elderly, or at least their surviving family members, might have the last laugh. In many states, in the estates of the deceased, lingering credit card debts?which tend to amass with declining incomes pitted against soaring interest rates on growing outstanding balances and cascading penalty fees?don't get much in the way of legal protection. Estates that don't enter probate (a $50,000 threshold is common) don't provide issuers or their collection companies much recourse, and in surging volumes, the families just decide not to pay. This burgeoning source of credit risk has its own irony. Data on cardholders are proliferating wildly, with a growing list of companies amassing hordes of information on tens of millions of consumers. One would think that the seemingly simple task of knowing the age and housing status of the elderly would help issuers identify other data, monitors, and measures needed to manage this growing exposure. But issuers of all sizes bemoan the fact that they don't profile their elderly customers, and that their credit-granting algorithms and systems routinely hike credit lines?and risk?based mostly on payment regularity and account longevity, even if monthly payment amounts steadily decline and payments are increasingly being made by family members. Thus, the card-payments industry faces a new twist on the old “Russian roulette” risk- management game it plays with chargeoffs generally: String out the old person's account as long as possible, and hope his wealth lasts longer than he does. One top-three issuer has confronted a major risk-management provider with this and other risk dilemmas. “We came to the realization that our legacy systems are largely inadequate for building a life-cycle profile of our consumers, and managing products and credit risk to their life stages,” this executive vice president said. “Even if we could do it technically, though, all those privacy protections get in the way of doing anything with it.” So this bank has asked the risk-management provider to build an entirely new way of collecting, monitoring, and analyzing data on a consumer's financial status and well-being. Building and deploying it will take years. But it sure beats a bullet in the head. —Steve Mott
