A study recently released by LexisNexis and Javelin found that card issuers are directly losing $10.9 Billion to card fraud annually. This survey of 100 card fraud and risk decision makers at U.S. card issuing financial institutions found that while the losses come from a mix of different areas - from counterfeit card and application fraud to account takeover, nearly all issuers anticipate fraud growth across the board, regardless of the implementation of EMV.
Credit, Debit, Prepaid - Where are the Losses Happening?
Over the past year, out of the $10.9 Billion in total losses, 71% were from credit cards, at $7.6 Billion. An unsurprising conclusion, due to credit limits being much more attractive to criminals than dollars available in a deposit account. Debit cards claimed another 25% at $2.7 Billion, and then prepaid cards with 4%, or $500 Million.
With these numbers in mind, it’s also no shock to see that credit cards were reported to have the highest losses on a per card in circulation basis at $9.00. This means for every single credit card in an issuer’s portfolio, they’re losing $9.00 off the top due to fraud. Losses on prepaid amounted to approximately $4.70 per card, and $2.80 per card for debit.
These numbers should not be confused with the average loss per fraudulent card, which the team here at Rippleshot estimates is typically somewhere between $250 and $500, depending on where it was compromised and what financial institution it belongs to.
Issuer Expectations Regarding EMV
While an overwhelming majority of issuers agreed that the EMV migration will reduce fraud at the brick and mortar store level, 62% felt that it will also cause increases in card-not-present fraud on cards that they issue. Over half of issuers surveyed (57%) felt that counterfeit card fraud would continue to grow, regardless of the EMV implementation. In fact, it was the fraud channel most expected to see growth over the next twelve months, with account takeover coming in the second place slot.
What Does Account Takeover Have to Do With This?
As LexisNexis mentioned in the report, “mobile wallets in particular offer unique opportunities for fraud rings built around POS card fraud, even as EMV reduces their window of opportunity for counterfeit cards.”
Because of the complexity of these fraud rings, it’s actually quite difficult for the criminals to transition straight to CNP fraud. Certainly not impossible, as we’re already seeing the shift in the transactions that we monitor here at Rippleshot, but mobile wallets have opened an opportunity to use CNP credentials in a CP environment, giving criminals an easy way to use the credentials they have available, while maintaining the existing structure that they’re used to. To maintain access to and control of the account, fraudsters can now subvert many identity authentication techniques, including social engineering through the call center (as we covered back during the launch of Apple Pay), to route all communication efforts through their own channels. Once this happens, it’s incredibly difficult for the bank or credit union to determine whether or not they’re speaking with the legitimate account holder, making it nearly impossible to check the validity of possibly fraudulent transactions.
Seventy-five percent of issuers surveyed believe that account takeover will become a much bigger problem as mobile wallets grow to be more prevalent. Unfortunately, the growth of mobile wallets, paired with EMV’s impact on traditional CP card counterfeiting will likely quickly amplify the problem.
Rippleshot’s signature card fraud detection tool, Sonar, is portfolio, device and fraud type agnostic. Have you checked it out yet? We’d love to show you around. Click below to set up a quick demo: