Card fraud losses for US issuers continue to decline post-EMV rollout. Still, fraudsters are finding new ways to exploit gaps in counterfeit fraud protections and perpetrate fraud via remote channels. Issuers will need remain vigilant—and learn from their EMV experience.
Fraud loss is trending down
Findings from the Accenture Issuer Fraud Survey 2018 show that issuers’ average net losses on cards declined over the past year across products, from 8.3 bps on purchase volume in 2017 to 6.9 bps in the first half of 2018 for credit and 4.8 bps on volume to 3.5 bps for debit (Figure 1). For credit issuer respondents, the decline was driven by improved recovery rates: gross fraud levels remained stable at ~23 bps, but issuer recovery rates increased from 60 percent to 66 percent. For debit, the decline was the result of lower reported fraud: gross fraud levels declined from ~14 bps to just under 10 bps; recovery rates also decreased slightly, from 63 percent in 2017 to 60 percent in 2018.
Figure 1. Net Card Fraud Losses
Net CNP fraud losses are proportionately lower
The highest share of gross fraud for both credit and debit is card not present (CNP) fraud (58 percent and 43 percent, respectively). Because merchants are liable for CNP fraud, however, recovery rates for those losses are significantly higher. Credit issuers recovered 83 percent of CNP fraud, compared to 34 percent of other fraud; debit issuers recovered 81 percent of CNP fraud compared to 40 percent of other fraud.
Figure 2. Gross and Net Card Fraud Composition in 2017, by Category
As a result, net CNP fraud losses are proportionately lower and lingering counterfeit fraud accounts for the largest portion of fraud write-offs (36 percent and 60 percent of losses for credit and debit, respectively).
Synthetic identity fraud is a huge challenge
The challenge to issuers in combating fraud are two-fold: continuing to protect against traditional fraud sources while averting fraudsters’ use of more sophisticated technologies.
Issuers reported that fraudsters have found ways to circumvent EMV fraud protections. For example, automated fuel dispensers and fallback transactions provide an opening for continued counterfeit losses. Moreover, as cards have become more secure, fraudsters are showing renewed interest in “traditional,” payment channels, including check, ACH and products accessed through digital channels.
Many issuers cited synthetic identity fraud—where imposters open new accounts using a combination of real and fictitious information—as one of their biggest challenges. These types of attacks are difficult to accurately identify (as they often look like traditional credit losses) and have ramifications that extend beyond credit and debit portfolios. Issuers are focused on addressing these more sophisticated attacks with investments in identity verification tools, but many of these efforts are card-specific rather than enterprise-wide.
Rethink fraud prevention
If we have learned anything from EMV, it is that fraudsters will take advantage of any weaknesses to find new ways to penetrate existing defenses. As issuers focus on more sophisticated fraud trends, like synthetic identity and CNP fraud, they would be wise to think about fraud prevention differently. Product-specific strategies will eventually prove inadequate, and data and advanced tooling alone will not be enough to keep pace with fraudsters. Institutions must draw on enterprise-wide data, along with machine learning and artificial intelligence, to effectively understand who their cardholders are and how to appropriately identify and mitigate risk—or risk being a step behind the fraudsters.