How issuers can mitigate payment card fraud

Effective fraud mitigation in the payment card industry requires a blend of industry knowledge, technical skills, and a highly integrated and complementary set of tools and technologies. This is part 3 of a 3-part series of posts previewing, “Payment Card Fraud: Classification, Detection and Prevention,” from Aite-Novarica Group, commissioned by Marqeta.

As described in part 1, it’s essential that issuers be well-armed to defend against increasing attacks by organized crime rings. In part 2, we covered the primary payment card fraud types. In this, the last of our series, we examine what Aite-Novarica Group describes as “the control layers” that are essential for the detection and prevention of fraud.

Multi-layered approach

Taking a multi-layered approach to network and data security is nothing new. Nearly 20 years ago, a Global Information Assurance Certification Paper touted layered security as an integration of multiple applications and products that wrap a network in a “security blanket.”

A layered approach effectively entrenches a level of flexibility and nimbleness. This enables issuers to adapt and react quickly as new patterns emerge. Aite-Novarica Group describes three control layers: identify verification/know your customer (KYC), identity authentication and transaction monitoring. We’ll also outline one of the “core issuer capabilities” the white paper addresses: case management. 

KYC: Everything starts with determining whether the identity a person presents when applying for an account is legitimate. Through this process, KYC is an essential step in building a complete profile of the cardholder. This, in turn, makes a risk-based approach to mitigation possible.

Identity Authentication: Once a card is in the wild, issuers need to ensure the verified cardholder is the person using it. For online transactions, this can be a real challenge. One key authentication tool is 3D Secure (3DS). It is a fraud mitigation measure that has been broadly adopted since launching in 2001, and provides an added layer of authentication for online shopping. Marqeta’s 3DS system enables issuers to define how risk is evaluated. When more authentication is needed, the system either sends a one-time password or triggers the issuer’s customized authentications. The goal is assurance with no unnecessary friction.

Transaction Decisioning and Monitoring: The final control layer evaluates each individual transaction for the risk of fraud. Of course, this only has value if it can be executed in real-time as a transaction is being attempted. Using artificial intelligence and machine learning, transaction decisioning instantly estimates the likelihood the true cardholder is attempting the charge. It weighs the cardholder’s past behavior, related merchant data, and other available information. When it comes to identifying likely fraud and minimizing false positives, the more data the better. As stated in the white paper, “Data provides visibility, fraud moves fast and it’s important to respond quickly – now more than ever.”

Think holistically

The three control layers are most effective when implemented holistically. In isolation, any single layer wouldn’t be particularly effective in detecting and preventing payment card fraud. However, collectively, each complements the other.

Additionally, Aite-Novarica Group lists Case Management among the issuer core capabilities that fortify the control layers. Case management supports investigations, post-transaction monitoring, and record-keeping. It often comes to life as transaction disputes, which is a necessary albeit unfortunate part of card issuing. Most important are timeliness, consistency and quality. The highest risk cases need to be worked by the right resource in a timely manner. Having a platform that allows for routing and prioritization capabilities is a strong foundation.

“Ultimately, issuers with an intimate understanding of the cardholder can gain the upper hand in the fight against fraud,” said Shivanshu Singh, Director of Risk Products with Marqeta. “Applying that knowledge using flexible, finely tuned controls puts the power of risk-aware growth in the hands of the issuer.”

You can read the full report from Aite-Novarica Group and Marqeta if you want to talk about how you can better protect your cardholders from payment fraud chat with one of our modern card issuing experts