Rippleshot Blog

A new industry study about consumer perception around fault over card compromises is a good reminder for financial institution leaders about what their cardholders are concerned about most this holiday shopping season. 

A November 2019 study from Terbium Labs titled "How Fraud Stole Christmas" details that a majority of consumers, or 68%, responded in a survey that they would hold their financial institution "at least partly responsible for fraudulent activity, regardless of how the compromise occurred." Even if the merchant was the source of the breach, consumer perception over how their bank or credit union is protecting them appears to play a role in who a cardholder is most likely to point the finger at after an incident occurs.

Rippleshot is excited to announce Rules Assist™, an AI-driven decision rules analytics solution to empower community banks and credit unions in the fight against emerging fraud trends.

E-commerce fraud now accounts for roughly 75% of all card fraud, causing financial institutions to race to keep up with fraudsters. In response, top Fortune 500 financial institutions have embedded artificial intelligence and machine learning into their core business models. The four biggest banks in the U.S. budgeted a collective $38.4 billion for innovation and technology in 2019 alone.

Faced with more limited resources, community banks and credit unions often lack the technological edge to keep pace with innovations that greatly impact customer experience. Rippleshot Rules Assist was developed to address technology gaps smaller financial institutions face in their back office to efficiently protect their customers. Financial institutions will be able to cost effectively leverage AI and Machine Learning within their existing infrastructure without adding IT resources or staff. 

With Halloween behind us, it's time to start thinking about what's next: The holiday rush. For banks and credit union leaders, this means thinking about the holiday card fraud rush that comes along with the increased card spend activity.

With more holiday shopping taking place online, CNP fraud continues to rise. E-commerce, or CNP, fraud is 81 percent more likely to occur than in-store, or card-present fraud. As seen every holiday season, we anticipate a surge in fraud this year. The holiday season is also a busy time for fraudsters who prey on financial institutions who are reluctant to decline a transaction or re-issue cards in order to lessen customer impact.

Being prepared to combat holiday card fraud means proactively preparing long before the storm hits. As a refresher for 2019, we’ve brought back our team’s tips on what issuers can do to manage incidents during this peak fraud.

California has set a new precedent for breach notification laws that is continuing to gain ground nationwide. A bill was signed into law by Gov. Gavin Newsom that adds passports and biometric data ad part of the PII covered by California’s data breach notification law. 

California now joins15 additional states that require notification if a resident’s fingerprint or other biometric information is breached. The other states include: Arizona, Colorado, Delaware, Illinois, Iowa, Louisiana, Maryland, Nebraska, New Mexico, New York, North Carolina, South Dakota, Wisconsin, Wyoming and Washington.

“Now, California law will require companies to treat consumers’ passport numbers and unique biometric data with the same security that they would a credit card or Social Security number — if you collect it, you must protect it,” California Attorney General Xavier Becerra said.

This addition to the data breach notification law follows trends across the country that aim to crack down on how quickly businesses and government organizations must alert customers about their personal data being compromised. Conversations about how data breach legislation will impact how banks and credit unions approach consumer privacy and protecting personal credentials is an ongoing topic in Congress as well.

The push for greater digitization across the financial services ecosystem has created another challenge for financial institutions: New channels for fraudsters to exploit and monetize. 

Banks must keep up with customer demand and offer more to compete, but they must also be mindful of the security measures needed to keep up with these trends. This has left many FIs with a Catch-22. Fraud trends are changing as fraudsters get more sophisticated in the methods they use to breach personal and financial data.

Big banks are proactively working to get ahead of fraudsters, but many smaller institutions are still relying on time-consuming, manual methods to spot fraud patterns — or count on their call centers to alert them when fraud occurs. This approach involves a lot of upfront time, money and analysis, only to fall short in being able to accurately pinpoint where an organization's biggest risks and how to get ahead of those trends. 

 The bigger banks with deep pockets are gaining a FinTech edge with teams of data scientists and sophisticated software tools to keep their fraud detection tools aligned with what the market demands. Smaller FIs know to compete they must embrace new technologies such as AI and machine learning. But knowing how and where to start can be the biggest hurdle.

As we approach the 10th month of the year, it's clear that 2019's data breach statistics will once again be one for the record books. The Credit Union National Association (CUNA) has made addressing this rapidly-growing problem part of its mission as it continues to push the U.S. Congress to pass meaningful data security legislation.

Last month, CUNA created ‘Stop the Data Breaches’ MAP campaign (member activation program) directed "credit unions to make Congress aware that there cannot be data privacy without data security." Earlier this month, CUNA continued on its mission with additional updates to the campaign.

“Credit unions already know that they bear the costs of these data breaches, so the goal of the campaign is to educate credit unions members about the issue in order to have them reach out to their Members of Congress to demand action,” said Adam Engelman, CUNA’s director of federal grassroots and programs. “Congress has indicated they are aware of the privacy issue, our mission is to get them to realize we cannot have privacy without security, and we need a data security standard for all entities that handle sensitive consumer information.”

Data breaches are happening more frequently and when they are occurring the number of impacted consumers is growing. Not to mention, the scope is widening as droves of sensitive data is filling the dark web for fraudsters to monetize for their next big fraud scheme. This story is all too familiar for banks and credit unions leaders today.

At Rippleshot, we're in the business of proactively protecting our customers from the impact of data breaches, card fraud and other incidents that put your customer's data at risk. We're here to help you protect your own customers. We also recognize the reality that data breaches happen when gaps exist in other organization's security protocols, which can leave your own customer's sensitive data vulnerable. That's why we're also here: To help you educate your customers and members when the next big data breach happens — and what to do about it.

Below are our tips to bookmark to remind yourself what steps you should take when that next data breach occurs. True customer service means giving your customers actionable steps to ensuring they're protected. Learn how you protect your organization and your customer's trust with our 10 tips.

Increasingly, as fraudsters get smarter and faster, you'll find the mention of AI in discussions about tools to combat the rise of card fraud. Security professionals have already bought in and are leading the charge for more advanced technology investments.

In fact, a recent Forbes article cited a stat saying "80% of fraud specialists using AI-based platforms believe the technology helps reduce payments fraud." To that same effect, this same percentage of fraud specialist have noted they've seen "AI-based platforms reduce false positives, payments fraud, and prevent fraud attempts." 

What's leading this push toward AI is the application of predictive technology that can help organizations, such as banks and credit union leaders and credit unions, learn how to prevent fraud before it actually happens by proactively spotting patterns. Of course, Rippleshot has bought into this philosophy, as are a growing number of financial institutions. 

That same Forbes piece noted that "63.6% of financial institutions that use AI believe it is capable of preventing fraud before it happens, making it the most commonly cited tool for this purpose." This data was sourced from a PYMNTS.com report, AI Innovation The AI Innovation Playbook that takes into account insight from 200 financial executives from commercial banks and credit union leaders, community banks and credit union leaders and credit unions across the United States.

What's driving this latest attention?

Staying up-to-date with the latest insight into payment fraud trends should top the priority list for any financial institution leader — but there aren't always enough hours in the day to keep up. That's one of the reasons Rippleshot exists. We're here to be your trusted advisor on what we're hearing in the marketplace about fraud trends, fraud benchmark data and what financial institutions should be doing about it all. 

To help keep your team educated about some of the latest trends we've observed, we've gathered 5 resources worth bookmarking when you need to report on how fraud trends are evolving and how your team can stay prepared. For those who would like to chat about these trends more in depth – or would like to share their own card fraud pain points - we are always here to listen and lending a helping hand.

The details about the Hy-Vee data breach reported this week show the long-lasting impact to cardholders: The possible sale of lots of credit card data on the dark web. According to Krebs on Security latest report, information has made its way into a popular carding forum indicating card data is being sold on the dark web.

The supermarket chain issued a warning to customers on August 14 revealing that a data breach had occurred at point-of-sale systems used by the firm's fuel pumps, coffee shops, and restaurants including Market Grilles, Market Grille Expresses, and Wahlburgers. The grocery store terminals itself are not believed to be impacted.

According to Krebs On Security, the breach is tied to the sale of 5.3 million new accounts from cardholders in 35 states.

It was clear shortly after the EMV liability shift that traditional credit card fraud was going to move to another channel: Card-not-present fraud became that vessel. The real question issuers care about today is how this fraud has evolved and what's next? 

Both CNP fraud and CP fraud can take many forms. For example, we've been hearing a lot about how card-present fraud (and CNP fraud) is being perpetrated across digital wallet schemes. These fraudsters are targeting a merchant to acquire small amount of cards, and then acquired sufficient PII associated with those cards to attempt to simultaneously configure dozens of them for digital wallets. Many fraud schemes that used to be reserved for CP fraud are now evolving into new ways to perpetrate fraud without having the physical card on hand. 

What we do know is that CNP fraud is on the rise and it's spreading to new avenues. As new technologies are developed, fraudsters find a way to breach those too. We've gathered the latest CNP fraud intel to help you understand the scope of this ever-evolving problem. 

The Capital One data breach was a harsh reminder for financial institutions and their customers that data breaches are an all too common occurrence growing at scale each time the next one hits. 

The sheer scope of this incident shows how the fallout from this breach could be unknown for years: “Consumers and small businesses who applied for Capital One credit cards from 2005 through early 2019 are most at risk,” the company revealed.

The mainstream media highlighted the core of what everyone should know about the breach itself:

The fallout from the Equifax breach has kept companies and financial institutions on high alert for how their customers are impacted by evolving fraud schemes. Newly released data from IBM this week confirms what many already suspect: Data breaches are getting much, much worse. And the sting from not proactively detecting them has long-lasting financial impacts.

To put the evolution of data breaches into context, IBM's data said the average cost of a data breach to a company has doubled since 2006 — to more than $8 million in the U.S. (More than double the $3.92 worldwide average). This report doesn't account for the true impact of a breach since it doesn't factor in the costs shouldered by the banks and credit unions connected to these businesses.

For financial institutions tracking these fast-growing problems, IBM's data indicates that many of the companies involved in data breaches are small businesses. Fraudsters are continuing to target more vulnerable operations. The report also details the high costs resulting from delays in detecting data breaches. 

Bank Director has announced the finalists for the 2019 Best of FinXTech Awards, which recognizes the efforts of the emerging financial technology solutions within their FinXTech Connect platform that best help financial institutions grow revenue, create efficiencies or reduce risk.

 Based on Bank Director’s analysis of each solution’s capabilities—including actual results and feedback from bank partners — awards are given to the top-rated financial technology companies within various categories. Rippleshot was nominated in the "Best Solution for Protecting the Bank" category. As described by Bank Director, "this category awards technology companies that are making their clients—and their client’s customers—safer by offering protective solutions."

Synthetic identity fraud isn't a new concept, but it recently has gotten a lot of attention across the financial ecosystem. A new white paper put out by the Federal Reserve examines what's causing the problem and why it's getting worse. 

Industry experts peg synthetic identity fraud as the "fastest growing type of financial crime in the United States." This type of fraud is largely underreported since may victims of this crime are children, the elderly and homeless individuals, which allows fraudsters to scale this type of fraud without being noticed as easily. This has led to bigger payouts and attracted more fraudsters to commit this type of crime. 

"Synthetic identities tend to be more prevalent in the United States than in other countries because identification in the United States relies heavily on static personally identifiable information (PII), including Social Security numbers," the report authors write. 

In fact, Between 2017 and 2018, the volume of PII data exposed in data breaches increased by 126% with more than 446 million records exposed, according to the Fed's report.