A penny per transaction may be enough to cover issuers' costs of preventing credit and debit fraud now, but that math could change if fraud incidents spike.
The Federal Reserve Board in late July approved a 1-cent fraud-prevention adjustment on debit card transactions, which certain merchants complained is too much to pay when requirements imposed on issuers for blocking fraud seem relatively lax.
Although neither side seems thrilled with the rule, "it's a pretty fair deal if existing fraud-prevention measures are working, which is generally the case this year," Doug Clare, Fair Isaac Corp.'s vice president for fraud, said in an interview.
But if fraud levels spike in the U.S., issuers would likely have to spend more to add further layers of protection to existing systems, he warns.
Fair Isaac's FICO Falcon fraud-detection and neural network is one of the most widely used services of its kind by U.S. credit and debit card issuers, covering about 90% of the nation's credit card transactions and about 60% of debit card transactions, Clare says.
So far this year U.S. card fraud rates are holding steady at 5 to 7 basis points for every $100 spent on signature debit and credit card transactions and 2 to 3 basis points for PIN-debit fraud, according to FICO data.
But various factors could cause that to change, Clare says.
The potential for major data breaches remains high and although issuers are keeping it pretty well under control, "the threat exists for fraud to spike, given the fact that sensitive data on millions of card accounts have been exposed," he says.
Some of the industry's largest data breaches occurred within the last year, including new attacks on cloud-based servers. More scams are also targeting corporations and wealthy individuals.
"The vast majority of card data that was compromised has not been used fraudulently, but issuers have not reissued new cards for all the exposed accounts because it would be too massive of an undertaking," Clare says. "They would go broke."
Instead, issuers are betting that existing fraud-prevention systems will continue to keep a lid on fraud, even as risks rise.
And Clare says Fair Isaac is taking steps to make Falcon more resilient to ever-changing fraud levels.
Fair Isaac this year has further refined a series of new "adaptive analytics models" developed within Falcon during the last two years. These models automatically recognize fraud patterns and pull that information back into the system to spot new scams, he says.
"Our systems can pick up on new types of fraud as they emerge and calibrate it into models so we catch it sooner," Clare says.
Issuers are now receiving more detail than ever before from FICO about potentially fraudulent transactions, and their response varies, he says.
"What issuers do with that information is up to them," Clare says. Most issuers have proprietary fraud-monitoring systems they use in conjunction with Falcon.
"Based on the level of fraud issuers are experiencing, they decide how to react to fraud incidents as they occur," he says.
As a result, individual issuers' costs for handling fraud may vary widely.
"Ultimately the responsibility for how to block fraud falls on issuers and most use a combination of strategies that are working pretty well at the moment," he says.