Data breaches, point-of-sale attacks, the creation of sophisticated new forms of malware and the introduction of “cybercrime-as-a-service” are now key issues affecting the security of payment card data. Managing each will require overcoming formidable challenges.
"Transaction authorization blocking rules may include one record or multiple records, and records may contain a single rule or a combination of rules set by the client"
When Margaret Thatcher once said, “You may have to fight a battle more than once to win it” she could have been referencing the challenge that financial institutions face when it comes to combating data breaches and safeguarding card payments. Cyber-security incidents are evolving at a rapid pace and have become an industry-wide challenge. However, this challenge can be effectively dealt with once financial institutions and their valued customers are armed with the necessary tools and knowledge.
The Rise in U.S. Retailer Breaches
Criminals are seizing on older technology and outdated security to compromise card data at an alarming rate, complicating the question of who bears the expense in the aftermath. Once a breach is announced financial institutions must act swiftly to protect their customers. Historically, the immediate options included enhanced monitoring of cards, sometimes temporarily lowering transaction limits on debit cards and reissuing compromised cards.
Reissuing hundreds or thousands of debit cards can be very expensive for banks and credit unions. It is estimated that it costs approximately $5 per card to manufacture and reissue cards to their customers.
The one piece of good news is that companies in the retail sector are now scrambling to protect their systems from cyber-attacks after the string of recent data breaches. These high-profile breaches have prompted lawmakers to call for stronger cyber-security to guard consumer information and retailers are also taking matters into their own hands to protect sensitive data with some of them rapidly moving up the date to replace magnetic-stripe swipe cards with EMV chip cards at the point-of-sale.
New types of Malware and Cybercrime-as-a-Service
Security researchers at McAfee Labs have identified hundreds of new malware samples with a marked upswing in point-of-sale attacks.
A recent McAfee Labs threats report highlights the role of new malware as a key enabler of the high-profile point-of-sale (POS) attacks and data breaches that have been striking US retailers.
The report brings to light the growing ease of purchasing POS malware online, and selling stolen credit card numbers and other personal consumer data. It finds that the POS malware used in the attacks were likely purchased "off the shelf" from the Cybercrime-as-a-Service community, and then customized specifically for these attacks.
Time to Fight Back
Javelin Research recently reported that data breach victimization has been increasingly correlated with fraud incidence over the past three years, with a walloping 23 percent of data breach victims becoming fraud victims.
While not all data breaches can be prevented, there is some technology and best practices for minimizing and even preventing some breach events and protecting consumers in their aftermath.
What initiatives and technology offerings can institutions deploy right now that will help them turn the tide and safeguard customer card payments?
Verification of the Transaction and Transaction Authorization Blocking
One of the most effective methods is by empowering your staff to use tools that can block Point of Sale (POS) and ATM transactions in real-time, using a combination of criteria defined in a pre-set authorization process. This type of service lessens fraud losses by allowing financial institutions to manage their own conditions for denying a transaction.
These transaction authorization blocking rules are designed to increase protection against potential payment fraud situations, such as when the theft of debit card data results in fraudulent transactions from a specific location, such as a data breach at a merchant site or a gas pump embedded with a skimming device.
Transaction authorization blocking rules may include one record or multiple records, and records may contain a single rule or a combination of rules set by the client. For example, a rule may contain only a geographic region, a dollar amount, and/or a Standard Industrial Classification (SIC) code.
In the past a software vendor’s fraud specialists would work with financial institution clients to block ATM or POS transactions. Now these software vendors are improving and speeding up the process by allowing the institution to add and manage their own real-time transaction denials through transaction authorization blocking. With real-time transaction monitoring and an intuitive user interface financial institutions can decline potentially high-risk transactions at the point of authorization with a click of their mouse. Transaction authorization blocking is a collaborative offering that compliments other fraud detection tools financial institutions are using and helps stabilize and reduce escalating fraud losses.
Pairing Transaction Authorization Blocking with Mobile-based Account Controls
To take the battle to the next level financial institutions should recommend and provide mobile-based account controls to their customers debit cards to thwart card fraud. The latest Insight Summary Report from Mercator Advisory Group’s Customer Monitor Survey Series finds consumers expressing a growing interest in adding mobile-based account controls to their for debit cards to avoid fraud.
Mobile-based account controls are a consumer-facing feature proving to be very effective and popular with customers. Cardholders feel protected when they receive a real-time text message alerting them of potential fraud. These messages are a quick and easy way for a cardholder to temporarily block and unblock their cards as needed. Whenever banks can partner with their customers they will do a better job of keeping fraudsters out.
Now is the Time to take Action!
In today’s environment card fraud needs a constant watchdog and that is why your institution should consider the deployment of fraud protection products that provide two strong layers of security - from transaction authorization blocking and neural network transaction monitoring to mobile-based account controls. These fraud prevention and monitoring tools are designed to work together and provide the type of analytics that will shore up both your financial institution’s back-end and consumer-facing fraud detection systems.