Debit card fraud is on the rise. It accounts for about 40% of all card fraud. Here’s what our SHAZAM fraud specialists are noticing and what financial institutions can do to protect their cardholders.
Social Engineering Scams Are Still Common
Bad actors continue to use social engineering schemes to trick cardholders into providing their sensitive information or making fraudulent transactions. In these schemes, bad actors often claim to be a trusted financial partner or a representative of a well-known merchant. In their calls, emails or text messages, they will allege there’s a problem with a person’s card or account. These false narratives are meant to play on cardholders’ emotions to trick them into giving up their sensitive data, such as their card number, log-in credentials or a one-time password.
Education is key in protecting cardholders from being caught up in these malicious attacks. Remind them to be skeptical of unsolicited calls or emails. Cardholders should avoid giving out sensitive information over the phone or via email. Financial institutions may need to verify personal information if a cardholder calls them, but never the other way around.
Financial institutions should also review their internal verification processes. Pay attention to customer behaviors and listen to their responses. Empower staff members to investigate further if a cardholder request is unusual behavior from previous interactions. If their gut is telling them something is off, odds are they are probably right.
Fraudsters Lurking to Attack BINs
Cybercriminals are constantly looking to stay in the shadows to get their hands on cardholder information. The industry continues to see this behavior by fraudsters through enumerative account testing to identify validly issued cards and solve card issuance strategies.
To make it more difficult for fraudsters to predict patterns, it’s our recommendation, and industry best practice, to randomize card issuance in your assigned bank identification number range. Think of it this way — randomization is the equivalent of finding a needle in a haystack. Who wants to go searching for that? Certainly not a criminal.
Account Testing: The First Sign of Fraud
Fraudsters often test the waters on any cardholder information they may have illegally obtained by making a small transaction, typically under $5. If a test authorization is approved, fraudsters then use the information to commit more fraudulent transactions or sell the information on the dark web.
The ability to detect these threats before they can cause damage is critically important. Review active cases and submit updates when you confirm the activity with your cardholder. Our fraud escalation team constantly analyzes fraud cases and is always available to help explore custom research and rule‑strategy options to respond to issuer-specific fraud trends.
Protecting Financial Institutions and Cardholders
Fraud is more complicated than ever. Having sophisticated tools to fight back is paramount for a financial institution’s fraud mitigation strategy.
Review active cases and submit updates when you confirm the activity with your cardholder. If the cardholder can’t be reached or the activity can’t be verified, request to update the case status to “unable to confirm.”
You can also adjust your financial institution’s daily limits. A daily limit on debit card withdrawals ensures the account associated with the debit card is safe and cannot be emptied in the event a person’s debit card is compromised. If your cardholders, in general, are not asking to raise limits, consider lowering them to better protect your cardholders and your financial institution.
Financial institutions can go even further with card blocks. This gives you the power to manage authorization blocking at the primary account number (PAN) and BIN levels. You can implement blocks by combinations of criteria or just one for a specific amount of time or indefinitely. The wide array of available blocking criteria allows you to create blocks easily based on cardholder requests and fraud trends identified by your institution.
Fraud investigations are a constant balance of risk versus convenience. It is important to remember even small fraudulent transactions can quickly become big problems for you and your cardholders if they go undetected. But by investing time and resources into fraud mitigation strategies you can reduce fraud losses for your financial institution and provide peace of mind for your cardholders.
Ryan Dutton is an experienced fraud strategy manager with a 17-year history of working in the fraud detection industry, focusing on the management of payment card fraud. Ryan’s focus is managing payment card fraud. His work at SHAZAM gives him a front-row seat to the challenges facing community financial institutions.