Rippleshot Blog

There's a common question we hear a lot in the market: How does my fraud performance compare to my peers? Are my fraud losses higher or lower than others? What about reissuance costs?

Insight into these questions was part of the our latest webinar with the ABA. In this webinar, "State of Card Fraud 2019: How Does Your Bank Stack Up?", Rippleshot Co-Founder Canh Tran dives into what happened in 2018, how this is shaping the first quarter fraud trends for 2019 and what we predict is going to shape the rest of the year. This webinar, which aired on Thursday, May 2, is now available to listen to at your convenience. 

Topics covered include:

• What Banks are Concerned About Most

• Emerging Trends

• Preliminary Fraud Benchmarks 

• Assessing Readiness Guidelines

• Internal Checklist for Banks 

 With the first quarter of 2019 behind us, we're starting to get a better picture of the trends that will define this year's card fraud narrative. Of course, with eight months left in the year, there's plenty of time for new threats to emerge across the card fraud ecosystem. 

The real question on every financial institution leader's mind is how they can get ahead of the fraud trends in order to reduce their fraud losses, reissuance costs — all while minimizing customer impact. The number of data breaches isn't increasing, but the impact of them certainly is. That's why it's so imperative to get ahead of the next big threat.

Rippleshot Co-Founder Canh Tran will share his take on the latest card fraud trends in a webinar with the ABA on Thursday, May 2 at 2 p.m. EST. Topics covered in this webinar include:

• What defined 2018’s state of card fraud story
• What’s in store for 2019
• How bank leaders can determine where they stand
• How to assess your own fraud performance against the market

Synthetic identity fraud continues to be a hot topic across the financial ecosystem. The Fed is taking a deeper dive into this subject in a webinar today, April 23 at 11 a.m. EST, titled 'Ask the Experts: Synthetic Identity Payments Fraud.'

Among the featured panel members will be Justin Davis, fraud manager for Digital Federal Credit Union. Learn what this team of experts has to say on this subject. 

Keeping up with card fraud means anticipating what's going to be the next big problem. Understanding patterns and trends are a core component of this puzzle. Of course, that's why a fraud analytics platform like Rippleshot exists. But the Rippleshot team is also here to be your resource for keeping up with the latest trends in card fraud and understanding how they're evolving.

To keep you updated with what you should know, we've gathered a list of six resources worth bookmarking when you're looking to learn the answers to what's motivating fraudsters this season and what's likely going to be the next big trend that banks and credit unions must monitor. Check back weekly for new reports on trends that are impacting the payment fraud ecosystem. 

In an era of rising card fraud and data breaches, credit union leaders are constantly analyzing how they are protecting themselves, and their members. One of the biggest problems today? Waiting for network alerts can be costly in terms of fraud loss and customer experience.

That was one perspective Rippleshot’s Customer Success Manager Jesse Sherwood shared in a webinar she recently participated in hosted by CUNA Mutual Group titled “Managing Risk Through Big Data, Analytics & Machine Learning.” Managing that risk, Sherwood said, starts with determining how data can be used to identify and act on fraud sooner.

“When we are thinking about data, we have to start with the problem. What problem are we trying to solve?,” Sherwood said during the webinar. “Data breaches are becoming more and more common and at very large scale. What this means is credit unions and members are being impacted. How do we protect them?”

The answers to those questions start by determining what tools can help credit unions boost fraud prevention performance.

The latest report from the Federal Reserve Board of Governors provides insight into how card fraud trends are impacting issuers, specifically related to debit and prepaid card fraud losses.

The latest report, issued March 21, compiled the latest available data on interchange fee revenue and issuer fraud losses as it relates to debit transactions to provide FIs with an overall outlook into how fraud patterns are shifting and how EMV chip card adoption is impacting counterfeit card fraud.

In the last quarter of 2018, Rippleshot’s State of Card Fraud highlighted account takeover fraud as a rising trend for financial institutions to watch. We predicted it would define one of the major hurdles for FIs. The latest report from Javelin Strategy & Research provides deeper insight into how that problem is evolving.

The 2019 Identity Fraud Study, released this month by Javelin, indicates existing card fraud losses from $6.4 billion from the $8.1 billion seen in 2017. That doesn’t mean the fraudsters are staying quiet. In 2017 alone, account takeover jumped 300 percent. What's contributing to this rise is the ability for cyber criminals to gain access to bank accounts easier than a credit card.

As fraudsters target new account openings and mobile account takeover tactics, these are fraud trends worth paying attention to over the next few years. Account takeover accounted for $4 billion in losses, which was slightly down from the year prior ($5.1 billion), but was up significantly when compared to data in recent years. Overall, fraud incidents and fraud losses hit $14.7 billion in 2018. There's a number of factors contributing to these trends. 

When your organization is part of a data breach as big as Equifax and Marriott, expect to stay in the headlines. Those two corporations continue to be under a congressional review microscope following the incidents that left millions of consumers’ data exposed.

The Senate Permanent Subcommittee on Investigations has been probing these breaches and its members have been vocal about the lack of oversight in protecting people’s personal and financial credentials. Members across party lines called on the organizations to do better to proactively protect their customers’ data. These discussions have also spurred conversations across the financial services industry.

"When hackers are able to obtain someone's personal information, the consequences are real," said Democrat Sen. Tom Carper. "The constant stream of data-breach notifications we see year in, and year out, is a sign we could be doing better."

“I think it’s long past time for us to come to an agreement on a federal data security law that lays out for private industry what we expect from them, both in data protection and in data breach notification,” Carper noted.

This begs the question: "What's next for financial institution data breach regulation?"

It’s no secret that AI, machine learning and big data are going to transform how financial institutions protect their customers from the influx of card fraud that continues to rise each year. It’s why the Rippleshot team decided to bring a new solution to the market six years ago.

Financial institutions are getting faster and better at preventing, detecting and stopping fraud, thanks to help from more sophisticated software. But fraudsters are getting faster. As everyone knows, card fraud is skyrocketing and reissuance costs are at an all time high as the price to produce EMV chip cards rises. Banks and credit unions are absorbing these costs, while still having to learn how to keep up at the rate fraudsters are evolving their techniques.

Our sales pitch will tell you all you need to know about why we believe in our mission of collaboratively fighting fraud with data. Through the power of machine learning and big data, we help banks and credit unions reduce fraud, decrease re-issuance costs, and minimize customer/member impact. The quick answer of how we do this is that we’re able to analyze millions of card transactions daily, proactively helping FIs detect where gaps exist and how then can address the biggest risks first in order to achieve those three core goals of any organizations highlighted above.

As payment technology evolves, so does the techniques of hackers. Gas stations skimming fraud has been one of the hot topics that continually falls onto the list of latest and greatest ways that fraudsters compromised payment card data at the pump. This is going to continue being a major topic of discussions across the financial services ecosystem long after the EMV deadline sets in for gas stations in October 2020.

This week, reports surfaced about gas station skimmer fraud. This issue made headlines after Krebs on Security reported about a memo sent out by the U.S. Secret Service. Krebs initially reported that the skimmers discovered were part of new bluetooth and SMS technology that were being used to steal payment data from consumer's devices. Krebs updated his report to include some clarifications after getting more information from sources close to the matter. He concluded that skimming fraud did occur, but not through SMS-enabled devices. 

As we detailed in our recap of 2018’s data breaches last week, patterns are shifting as fraudsters look for new ways to monetize data through more targeted, wide-reaching attacks that gathers more personal information in each sweep. Less breaches, but bigger impact — that was the story of 2018.

What the Identity Theft Resource Center’s report detailed about 2018 was that the number of personal records exposed more than doubled in 2018. Exposed PII records rose 126%. To be more specific, this was a sharp increase from 197,612,748 records exposed to 446,515,334 records exposed.

This aligns with what we shared in our State of Card Fraud: 2018 report we detailed why fraud is going to continue to get worse before it gets better. With new threats emerging at a pace faster than most organizations can keep up with, data breaches have become the status quo. Managing the fallout from these breaches has become as important as detecting when they occur. That's the story that's emerging in 2019. 

As 2019 enters its second month, financial institutions are ready to move on from 2018, and are rapidly focusing on how to prepare and protect their customers from the next big wave of credit card fraud. As the trends show, it's going to get better before it gets worse. This has been the storyline that continues to play out year after year. 

But to fully prepare for the year ahead, it's worth taking a quick recap of how 2018's figures stacked up, including data on what fraudsters are targeting most. After all, last year's figures give valuable hints into what 2019's biggest data breach headaches will likely be. The latest data from the Identity Theft Resource Center (ITRC) breaks down which sectors were hit the hardest, along with details about the biggest threats to emerge in 2018.

It should be no surprise that payment fraud increased during the recent holiday season as this is the trend each year. What is noteworthy, based on the latest ACI Worldwide benchmark data report on this subject, is what's contributing to that increase.

The report indicates that cross-channel payment fraud increased 13 percent globally during the 2018 peak holiday season, with an increase in "buy online, pick up in-store" being a major target for fraudsters as card-present fraud becomes increasingly difficult. Card-not-present (CNP) fraud has also grown as a result.

The latest report from Juniper Research indicates that eCommerce retailers are in store for a storm of card-not-present (CNP) fraud over the next 5 years. 

The research indicates that retailers should expect to see CNP fraud losses around $130 billion between 2018 and 2023. More sophisticated fraudster techniques, coupled with a delayed rate at which merchants invest in the latest FDP solutions as eCommerce transactions increase, is what's contributing to the record-setting fraud loss estimates. 

The latest report to come out of the Marriott data breach was a mixed bag of good news, bad news. The good news?The breach doesn't appear to have impacted as many people as originally thought. The bad news? An estimated 5.25 million unencrypted passport numbers, along with an estimated 8.6 million encrypted credit cards were stolen.

From what's been publicly reported, of those estimated 8.6 million credit cards, all but 354,000 were expired. It's believed that  2,000 unencrypted card numbers may have been stolen as part of the data breach.