Rippleshot Blog

As we approach the 10th month of the year, it's clear that 2019's data breach statistics will once again be one for the record books. The Credit Union National Association (CUNA) has made addressing this rapidly-growing problem part of its mission as it continues to push the U.S. Congress to pass meaningful data security legislation.

Last month, CUNA created ‘Stop the Data Breaches’ MAP campaign (member activation program) directed "credit unions to make Congress aware that there cannot be data privacy without data security." Earlier this month, CUNA continued on its mission with additional updates to the campaign.

“Credit unions already know that they bear the costs of these data breaches, so the goal of the campaign is to educate credit unions members about the issue in order to have them reach out to their Members of Congress to demand action,” said Adam Engelman, CUNA’s director of federal grassroots and programs. “Congress has indicated they are aware of the privacy issue, our mission is to get them to realize we cannot have privacy without security, and we need a data security standard for all entities that handle sensitive consumer information.”

Data breaches are happening more frequently and when they are occurring the number of impacted consumers is growing. Not to mention, the scope is widening as droves of sensitive data is filling the dark web for fraudsters to monetize for their next big fraud scheme. This story is all too familiar for banks and credit unions leaders today.

At Rippleshot, we're in the business of proactively protecting our customers from the impact of data breaches, card fraud and other incidents that put your customer's data at risk. We're here to help you protect your own customers. We also recognize the reality that data breaches happen when gaps exist in other organization's security protocols, which can leave your own customer's sensitive data vulnerable. That's why we're also here: To help you educate your customers and members when the next big data breach happens — and what to do about it.

Below are our tips to bookmark to remind yourself what steps you should take when that next data breach occurs. True customer service means giving your customers actionable steps to ensuring they're protected. Learn how you protect your organization and your customer's trust with our 10 tips.

Increasingly, as fraudsters get smarter and faster, you'll find the mention of AI in discussions about tools to combat the rise of card fraud. Security professionals have already bought in and are leading the charge for more advanced technology investments.

In fact, a recent Forbes article cited a stat saying "80% of fraud specialists using AI-based platforms believe the technology helps reduce payments fraud." To that same effect, this same percentage of fraud specialist have noted they've seen "AI-based platforms reduce false positives, payments fraud, and prevent fraud attempts." 

What's leading this push toward AI is the application of predictive technology that can help organizations, such as banks and credit union leaders and credit unions, learn how to prevent fraud before it actually happens by proactively spotting patterns. Of course, Rippleshot has bought into this philosophy, as are a growing number of financial institutions. 

That same Forbes piece noted that "63.6% of financial institutions that use AI believe it is capable of preventing fraud before it happens, making it the most commonly cited tool for this purpose." This data was sourced from a PYMNTS.com report, AI Innovation The AI Innovation Playbook that takes into account insight from 200 financial executives from commercial banks and credit union leaders, community banks and credit union leaders and credit unions across the United States.

What's driving this latest attention?

Staying up-to-date with the latest insight into payment fraud trends should top the priority list for any financial institution leader — but there aren't always enough hours in the day to keep up. That's one of the reasons Rippleshot exists. We're here to be your trusted advisor on what we're hearing in the marketplace about fraud trends, fraud benchmark data and what financial institutions should be doing about it all. 

To help keep your team educated about some of the latest trends we've observed, we've gathered 5 resources worth bookmarking when you need to report on how fraud trends are evolving and how your team can stay prepared. For those who would like to chat about these trends more in depth – or would like to share their own card fraud pain points - we are always here to listen and lending a helping hand.

The details about the Hy-Vee data breach reported this week show the long-lasting impact to cardholders: The possible sale of lots of credit card data on the dark web. According to Krebs on Security latest report, information has made its way into a popular carding forum indicating card data is being sold on the dark web.

The supermarket chain issued a warning to customers on August 14 revealing that a data breach had occurred at point-of-sale systems used by the firm's fuel pumps, coffee shops, and restaurants including Market Grilles, Market Grille Expresses, and Wahlburgers. The grocery store terminals itself are not believed to be impacted.

According to Krebs On Security, the breach is tied to the sale of 5.3 million new accounts from cardholders in 35 states.

It was clear shortly after the EMV liability shift that traditional credit card fraud was going to move to another channel: Card-not-present fraud became that vessel. The real question issuers care about today is how this fraud has evolved and what's next? 

Both CNP fraud and CP fraud can take many forms. For example, we've been hearing a lot about how card-present fraud (and CNP fraud) is being perpetrated across digital wallet schemes. These fraudsters are targeting a merchant to acquire small amount of cards, and then acquired sufficient PII associated with those cards to attempt to simultaneously configure dozens of them for digital wallets. Many fraud schemes that used to be reserved for CP fraud are now evolving into new ways to perpetrate fraud without having the physical card on hand. 

What we do know is that CNP fraud is on the rise and it's spreading to new avenues. As new technologies are developed, fraudsters find a way to breach those too. We've gathered the latest CNP fraud intel to help you understand the scope of this ever-evolving problem. 

The Capital One data breach was a harsh reminder for financial institutions and their customers that data breaches are an all too common occurrence growing at scale each time the next one hits. 

The sheer scope of this incident shows how the fallout from this breach could be unknown for years: “Consumers and small businesses who applied for Capital One credit cards from 2005 through early 2019 are most at risk,” the company revealed.

The mainstream media highlighted the core of what everyone should know about the breach itself:

The fallout from the Equifax breach has kept companies and financial institutions on high alert for how their customers are impacted by evolving fraud schemes. Newly released data from IBM this week confirms what many already suspect: Data breaches are getting much, much worse. And the sting from not proactively detecting them has long-lasting financial impacts.

To put the evolution of data breaches into context, IBM's data said the average cost of a data breach to a company has doubled since 2006 — to more than $8 million in the U.S. (More than double the $3.92 worldwide average). This report doesn't account for the true impact of a breach since it doesn't factor in the costs shouldered by the banks and credit unions connected to these businesses.

For financial institutions tracking these fast-growing problems, IBM's data indicates that many of the companies involved in data breaches are small businesses. Fraudsters are continuing to target more vulnerable operations. The report also details the high costs resulting from delays in detecting data breaches. 

Bank Director has announced the finalists for the 2019 Best of FinXTech Awards, which recognizes the efforts of the emerging financial technology solutions within their FinXTech Connect platform that best help financial institutions grow revenue, create efficiencies or reduce risk.

 Based on Bank Director’s analysis of each solution’s capabilities—including actual results and feedback from bank partners — awards are given to the top-rated financial technology companies within various categories. Rippleshot was nominated in the "Best Solution for Protecting the Bank" category. As described by Bank Director, "this category awards technology companies that are making their clients—and their client’s customers—safer by offering protective solutions."

Synthetic identity fraud isn't a new concept, but it recently has gotten a lot of attention across the financial ecosystem. A new white paper put out by the Federal Reserve examines what's causing the problem and why it's getting worse. 

Industry experts peg synthetic identity fraud as the "fastest growing type of financial crime in the United States." This type of fraud is largely underreported since may victims of this crime are children, the elderly and homeless individuals, which allows fraudsters to scale this type of fraud without being noticed as easily. This has led to bigger payouts and attracted more fraudsters to commit this type of crime. 

"Synthetic identities tend to be more prevalent in the United States than in other countries because identification in the United States relies heavily on static personally identifiable information (PII), including Social Security numbers," the report authors write. 

In fact, Between 2017 and 2018, the volume of PII data exposed in data breaches increased by 126% with more than 446 million records exposed, according to the Fed's report. 

By July, most financial organizations are deep into the budgeting season for the upcoming year. Thinking where new technology solutions — particularly fraud detection and mitigation tools — is a critical part in shaping a strategic plan for getting ahead of unforeseen threats.

In 2019, with data breaches and emerging fraud tactics driving daily headlines, determining how to integrate more sophisticated solutions has become part of the larger story in arming fraud teams with the right tools to proactively combat these rapidly-growing problems. Here at Rippleshot, we're here to join your team in the fight against card fraud — but we're also here to help educate the marketplace on the latest and greatest trends impacting this complicated and ever-evolving industry.  

Over the past six months, we've dove into what's impacting banks and credit unions most and what fraud teams can do about these increasingly expensive and complex issues. As you prepare your 2020 technology budgets, we've broken down what's defined the first half of 2019 and what this means for next year's plans. 

"Card issuers walk a fine line between alerting and alarming consumers who could become victims of cardholder fraud because of breaches."

Using more sophisticated technology to manage potential compromised card fraud was the basis of the latest article featured on FIS Payments Leader, titled "New Machine Learning Tools Advance the Fight Against Card Fraud." Dondi Black, VP of Payment Strategy for FIS, details how machine learning tools can deliver greater accuracy when it comes to fighting card fraud — and in a way that lessens the impact on the customer experience. The key to achieving the outcomes desired today by bank and credit union fraud and risk managers? Early detection.

Fighting the rise of payment fraud and cyber attacks has also fueled the growth of the fraud prevention, detection and risk mitigation markets. Among those trends is the multi-factor authentication market that continues to see new investments as financial fraud rises. 

A new report from Adroit Market Research indicates that by 2025, the multi-factor market will be worth roughly $20.41 billion — a growth of roughly 24% over the next six years. In North America alone — the top multi-factor authentication market — it's already more than a $1.8 billion industry. 

In an era of rising card fraud and data breaches, financial institution leaders are constantly analyzing how they are protecting themselves, and their customers. One of the biggest problems today? Waiting for network alerts can be costly in terms of fraud loss and customer experience.

When relying on network alerts, by the time the information about fraud or a breach is realized, the amount of fraud loss and compromised card fraud can reach high levels. That’s where the power of fraud analytics, big data and machine learning comes into the mix. Financial institutions are getting faster and better at preventing, detecting and stopping fraud, thanks to help from more sophisticated software. But fraudsters are getting faster. 

It’s no secret that AI, machine learning and big data are going to transform how financial institutions protect their customers from the influx of card fraud that continues to rise each year. Fraud and fraud patterns are evolving and change more rapidly than financial institutions can keep pace with. That’s where better data analytics tools bridge the gap by helping financial institutions detect breaches, risk and fraud faster, and at their source.

Industry data from the first quarter of the year shows what many financial institution leaders probably fear: CNP and mobile fraud are still rising rapidly.

As we covered in our 2019 Card Fraud Trends webinar, mobile fraud has increased by 600% over the last 3 years. As fraudsters find new avenues to target, fraud trends will continue to shift and financial institutions will have evolving issues to manage as they craft their annual revenue and customer impact goals. 

Data from RSA Security indicates Q1 fraud attacks involving rogue mobile applications jumped nearly 300%, while fraudulent CNP transactions jumped 17%. Within those incidents, 56% of the fraudulent transactions originated from mobile devices. Fraud attacks from "rogue mobile applications" increased 300% — up from 10,390 rogue apps in Q4 to 41,313 in Q1 of 2019. And that's just those they track — showing just a slice of the whole picture.