Rippleshot Blog

We have a good idea of the short-term consequences of data breaches- lawsuits, chargebacks, etc. But what about the long-term? A recent research report published by Claire Greene and Joanna Stavins of the Federal Reserve Bank of Boston sought to find a conclusive answer, leveraging consumer perceptions surrounding Target’s data breach as a case study. By examining longitudinal data on 1,908 US adults from results of the Survey of Consumer Payment Choice (SCPC), the report took advantage of a naturally ripe environment for experimentation, as some respondents were asked to rate payment instrument security before the Target data breach became public knowledge, and others answered the survey after news of the breach became widespread. Although the research has merit in identifying the inelastic behavior of consumers regarding payment instrument usage, it fails to address how data breaches contribute to costly card-reissuance and false-positive declines for banks and credit unions.

The aftermath of headline-grabbing data breaches at deep-pocketed retailers is almost always characterized by litigants of all sizes lining up to seek reparation for their legal injuries. These litigants can come in the form of disgruntled financial institutions, who demand compensation for breach-related expenses, or unhappy consumers who have suffered from theft of personal/ financial information and unauthorized charges on their accounts. Although consumer class-action lawsuits are a dime a dozen, they typically do not fare well in court, as courts generally conclude that their losses are covered in full by banks. On the other hand, financial institutions have a much easier time proving the costs associated with data breaches, such as card reissuance and reimbursement on fraudulent transactions. Follow along as we discuss the most recent data breach lawsuits including Target, Home Depot, and Wendy’s, and their effect on consumers, financial institutions, and retailers.

By 2019, the global e-commerce market is predicted to be worth US $2.4 Trillion. In short, e-commerce is growing at an unforeseen rate. Unfortunately, it also means that online payment fraud, a notorious companion, will tag along for the ride. In their latest research report, Fraud Trends 2016, WorldPay highlights the key issues at the fore of global risk and fraud prevention, such as perceptions regarding mobile fraud, the use of social media in risk mitigation, and the inability of companies to effectively leverage data.

The United States is often the target of most studies on widespread card fraud, due to its slow crawl to implement EMV technology. And because of this, it would be fair to assume that the United States is the only country uniquely experiencing significant levels of fraud and the ripple effects of skeptical customers and loss of revenue. But, that’s actually not the case. ACI Worldwide and Aite Group’s Global Consumer Card Fraud report sheds light on the issue across twenty nations, and provides a look into what even long-EMV compliant countries like Canada and Mexico are experiencing, decades after the implementation, and how consumers are reacting to it.

The landscape of fraud between 2015 to 2016 is best characterized as uncertain and dynamic. As government institutions such as the CFPB and FFIEC begin to play a bigger role in cybersecurity regulation, it has yet to be seen what data security protocols will be required of financial institutions. Also, pending legislation in Congress surrounding data security has the potential to determine federal standards of information security for merchants. Finally, with back-and-forth lawsuits between retailers, payment card networks, and issuers over disputes regarding EMV compliance and liability shift, nobody is exactly sure who will come out on top.

At Rippleshot, we understand how difficult it can be to juggle so many moving parts and develop actionable insights from them. That’s why we created a timeline for you to get up to speed on recent developments in card fraud and payments security.

Yesterday, news broke that supermarket chain Kroger had filed a lawsuit against Visa due to disagreements over chip and PIN transactions. If this is starting to feel like an echo chamber, it’s because Kroger is far from being the first merchant to sue a card network over the EMV conversion. In March, a small grocery chain and liquor store in Florida filed an antitrust lawsuit against all four card networks and a dozen banks. This was followed by Wal-Mart filing a lawsuit against Visa in May, and Home Depot filing one of their own against Visa and MasterCard in mid-June. What’s the issue behind all of this litigation? Follow along as we break each one down.

A fiery debate has resurfaced between financial institutions, merchants, and consumer groups regarding the Data Security Act of 2015. The bipartisan bill introduced to Congress as H.R. 2205 by Representatives Randy Neugebauer and John Carney on May 1st, 2015 explicitly states two purposes: “to establish strong and uniform national data security and breach notification standards for electronic data” and “to expressly preempt any related State laws in order to provide the Federal Trade commission with authority to enforce such standards for entities covered under this Act.”

A study recently released by LexisNexis and Javelin found that card issuers are directly losing $10.9 Billion to card fraud annually. This survey of 100 card fraud and risk decision makers at U.S. card issuing financial institutions found that while the losses come from a mix of different areas - from counterfeit card and application fraud to account takeover, nearly all issuers anticipate fraud growth across the board, regardless of the implementation of EMV.

Criminals now have access to a wealth of personal information that is being exposed through data breaches - including, but not limited to names, dates of birth, email addresses, social security numbers, card numbers and home addresses. This information, paired with the implementation of EMV and the inevitable increased difficulty in committing card present fraud has led criminals to a new target - call centers. Armed with seemingly everything they need to know about a person, it often only takes one or two calls and a couple of good, educated guesses to get access to someone’s account.

Last year was a rollercoaster for the payments industry. An influx of mobile payment platforms, the start of EMV adoption, and a pack of criminals exploiting all of these uncertainties with a continued string of high profile data breaches has many fraud managers stressed beyond belief trying to manage it all. If it’s any consolation, Trustwave’s Global Security Report confirms that you’re not alone. Follow along as we highlight some of the report’s key insights on attacks, how they’re happening and what data criminals are targeting.

“I want it all…

I want it all…

I want it all…

And I want it NOW!” –Queen

Instant card issuance is the banks’ and credit unions’ ability to create debit, credit, prepaid and ATM cards right at the branch location, providing a new card instantly to the customer that can be used immediately.  Instant card issuance might not have been what Queen’s guitarist Brian May had in mind when he wrote “I Want It All” for Queen, but I think it applies. Fiserv recently produced a report on “The Role of Instant Card Issuance in Customer Satisfaction and Use.” Let’s use Fiserv’s report and May’s lyrics to dig in deeper on the many advantages and one big disadvantage to instant card issuance.

When large data breaches like the infamous ones at Target or Home Depot take place and millions of cardholders’ information has been stolen, it usually ends up on underground markets, where it’s sold in bulk. Many times, this information is purchased by criminals and used to create counterfeit cards to make purchases at brick-and-mortar stores. But with nearly 70% of credit cards currently EMV compliant (with chips) and debit cards slated to follow this year, making fraudulent purchases with counterfeit cards is becoming more difficult. As we’ve mentioned many times before, fraud is expected to shift to card not present channels, and the criminals have adapted with elaborate and sophisticated schemes to cash in on any weakness in the system they can find. Hewlett Packard Enterprise’s “Monetizing Stolen Credit Card Data” report gives us a window into the processes they’re employing to defraud U.S. cardholders and merchants of over $1 Billion each year.

We know that card not present (CNP) fraud, as a result of EMV implementation is on its way up and only going to continue to rise. In the U.K. and Canada, post-EMV ecommerce fraud spiked 80-100% in the three years following the conversion. Many financial institutions, knowing that most CNP fraud can be charged back to the retailer, have brushed off its impact. But according to a new study, the consumers affected by ecommerce fraud are taking more drastic measures that deserve the attention of both issuers and merchants.

As we’ve noted in previous posts, the heat is on in figuring out how to best stem fraud from gift and prepaid cards. Prepaid cards have long been a favorite of fraudsters looking for ways to move money anonymously, and the increased prevalence of reloadable prepaid cards (like those issued by Green Dot or Vanilla), where balances can be re-upped, are particularly susceptible to money laundering practices. The problem has been well-documented, with The Boston Globe reporting that in 2013, $30 million of the $20 billion loaded on Green Dot’s cards involved fraud. This week, The Federal Reserve, along with the FDIC, OCC, NCUA and the FCEN issued interagency guidance in an attempt to put an end to the problem.

Back in November, we covered online gift card fraud extensively - why it’s such a hot new target for fraudsters, and why it will only continue to rise. But a recent piece by Robin Sidel at the WSJ suggests that traditional brick-and-mortar gift card purchases with counterfeit cards isn’t going anywhere. Given the recent liability shift due to EMV, retailers are finding themselves more on the hook for fraudulent gift card purchases than ever, and are taking drastic measures to attempt to curb it.