Have you ever read or watched the news and come away convinced that threats lurk around every corner?
When bad news bombards your senses, it is only natural to assume that, for example, crime is increasing, especially if the news is reports on an incident close to home. Often, however, this is not backed by hard statistics.
In the same way, high-profile data breaches make the headlines so frequently that we find ourselves asking, have there actually been more breaches, or are those that take place now simply being reported more widely?
Regrettably, the numbers show breaches are indeed on the rise. According to the Identity Theft Resource Center, 1,579 U.S. data breaches were reported during 2017, a marked increase from 1,093 reported breaches in 2016.
As the number of data breaches continues to climb, consumers’ confidence and trust in their financial institutions are at stake. Financial institutions cannot afford to cut corners when it comes to shoring up their defenses.
A two-pronged approach to breach detection
Early breach detection is critical to fraud mitigation before the losses mount, yet it can often take time to confirm a compromise. As a result, financial institutions need to adopt a two-pronged approach to comprehensive risk mitigation.
Just as fighting crime today is a joint effort between law enforcement and the communities served, better breach detection involves collaboration between financial institutions and their cardholders.
Technology solutions exist that allow for early breach detection and enable financial institutions to identify potential compromises 30 to 60 days prior to network alerts in some cases (i.e., if a card was used at a location where a breach took place).
Those financial institutions can access information more quickly, as well as gain visibility to data related to localized breaches that networks may not normally investigate. Financial institutions use this data, derived from advanced analytic techniques such as machine learning, to inform and strengthen their risk-mitigation strategies.
This information also allows for the streamlining of costly card reissue strategies following breaches, eases payment friction, augments existing risk rules and fraud mitigation approaches, and reduces losses.
At the same time, there must be a balance for cardholders. They need to have confidence that their cards—and the information associated with them—are secure without the frustration of having legitimate card transactions incorrectly identified as fraudulent.
The prevalence of fraud “false positives” or “false declines” can prove costly monetarily and create frustration. Data shows that a relatively small percentage of compromised cards (less than one in five) are actually used fraudulently, underscoring the challenge of determining which cards require action.
Recent Fiserv research indicates that after two or more false positive denials, the number of active cards drops by approximately 20%, on average, over a six-month period after the last false-positive denial. This suggests that nearly one in five of the cardholders may stop using the card altogether.
Moreover, the average monthly spend per card after two or more false positive denials drops by 15%, on average.
Engaging cardholders in the joint fight against fraud is the best defense. This can be achieved by providing tools to help protect their cards against fraudulent activity.
Available mobile apps enable users to receive real-time notifications and alerts when their cards are used. Recent research from Fiserv found that nearly two-thirds of consumers with debit or credit cards receive transaction alerts, 42% of whom say they have detected fraud via alerts.
Cardholders also can establish spending limits and geographical restrictions on a card, and can turn off cards if they are stolen or misplaced (and on again if they are subsequently found, negating the need to go through the chore of ordering a new card if it had simply fallen behind the sofa).
In this way, cardholders have greater control over where, when, and how their cards are used. Such cardholders help increase the likelihood that more transactions are approved and reduce false positives
As a result, the financial institution can be more comfortable approving a transaction that might otherwise appear suspicious when it knows that the cardholder is actively monitoring his or her transactions.
The risk of fraud and data breaches is not going away, and financial institutions have a responsibility to protect, detect, and respond to their fraud risk exposure. It’s important for financial institutions to adopt solutions designed to help them take action to mitigate risk swiftly.
Sophisticated analytic techniques can identify and provide notification of a data breach well in advance of network alerts, as well as pinpoint small and localized compromises.
At the same time, equipping cardholders with user-to-user apps that provide greater control over their cards with a simple tap on their phones means financial institutions can ensure they are guarding against the ever-present threat of fraud on multiple fronts while still providing a first-rate customer experience.
PATRICK DAVIE is vice president, risk solutions, card services, for Fiserv.