Guest blogger Casey Merolla discusses credit & signature debit issuer net fraud loss decrease and migration from counterfeit fraud to Card-Not-Present fraud.
Issuer fraud rates have remained fairly constant across payment card products following the Europay, Mastercard and Visa (EMV) liability shift. Yet, issuers’ net fraud losses for credit and signature debit have decreased and the long-predicted migration from counterfeit fraud to Card-Not-Present (CNP) fraud is becoming visible, according to Accenture’s annual survey of US major card issuers.
Survey results¹ show slight changes in reported payment card fraud (“Gross Fraud”) from year-end 2016 to first quarter 2017:
- Average Gross Fraud rates for credit and signature debit declined slightly, from 23.1 bps on purchase volume to 22.6 bps, and from 17.3 bps to 16.3 bps, respectively.
- Gross fraud rates for PIN/ATM increased slightly, rising from 10.7 bps to 11.3 bps (Figure 1).
This is the first year in which the issuer study did not show a material rise in Gross Fraud rates across all transaction types.
Figure 1. Gross Fraud Ranges
Source: Accenture Card Fraud Study, July 2017
Despite modest changes in total reported Gross Fraud, issuers experienced a decrease in Net Fraud Losses on credit and signature debit cards due to higher recovery rates. The largest change was in recovery rates for counterfeit fraud, which increased to nearly 55 percent post-EMV, up from single-digit recovery rates in prior years. While average Net Fraud Losses for credit cards declined by 1.5 bps and average Net Fraud Losses for signature debit declined by 1.3 bps, Net Fraud Losses remained steady for PIN/ATM debit (Figure 2). We expect the recovery rates for PIN/ATM to increase significantly following the Visa ATM EMV liability shift in October 2017; some Mastercard debit issuers have already seen a significant increase in recoveries following that network’s ATM liability shift in October 2016.
Net Fraud Losses for credit and signature debit are significantly lower in this sample than in 2015, when average credit Net Fraud Losses were above 13 bps and signature debit Net Fraud Losses averaged nearly 7 bps (recognizing that the survey participant list varies from study to study). Average PIN debit Net Fraud Losses are more than a basis point higher than reported Net Fraud Losses in 2015. This increase is likely due to more frequent ATM and Automated Fuel Dispenser (AFD) skimming incidents and the delayed Visa EMV liability shift for ATM transactions.
Figure 2. Net Fraud Loss Ranges
Across the sample, most issuers reported that EMV migration efforts were almost complete for credit (for example, +95 percent of active cards were EMV-enabled); half of the issuers reported the same level of adoption for debit. Only one credit issuer indicated it was below 90 percent EMV enablement for credit, while three issuers reported lower than 75 percent completion of debit migration.
As issuers have migrated to EMV, fraudsters have moved away from the card-present environment, and CNP fraud has become the most common type of fraud. CNP fraud (with an average case size of ~US$175) accounted for 55 percent of Gross Credit Card Fraud reported in Q1 2017, up from 49 percent in 2016 and 39 percent in 2015. Counterfeit fraud (with an average case size of US$200) constituted only 23 percent, down from 29 percent in 2016 and 50 percent in 2015. Meanwhile, Lost/Stolen and Application fraud—with average case sizes of US$2,000 and US$5,700—have increased to 10 percent and 9 percent, respectively, a significant increase over prior periods.
In a post-EMV world, US issuers will continue to see fraud shift to areas that are more difficult to detect. Application channels and remote/digital servicing channels are prime targets for sophisticated fraudsters using ID theft and synthetic IDs to hit issuers for high-dollar losses on Account Take Over and Fraud Application cases. While issuer investment continues to focus on the core “blocking and tackling” of fraud management (such as alert engines, back-office efficiency and reporting and so forth), all issuers must be aware of these evolving threats to the card business.
Beyond EMV, card issuers must stay vigilant around their defense measures. They can continue to tap new technologies—from geolocation data and acoustic analyses to biometrics—to more tightly secure payments data and other assets, and outpace sophisticated fraud.
1 Findings are based on July 2017 survey responses from 6 major credit issuers averaging $14 billion in annual purchase volume and 8 major debit issuers averaging $7 billion in annual purchase volume. Issuers provided full-year data for 2016 and Q1 data for 2017.