Credit unions and community banks served by The Members Group now have access to a fraud-prevention tool that adds flexibility for them and a more hassle-free experience for their cardholders.
Clients of the Des Moines, Iowa-based provider of card processing and payment services can lower false positives and boost fraud prevention with the ability to write their own rules onto DefenseEdge, a fraud-prevention platform from First Data Corp., Karen Postma, The Members Group senior cards risk manager, tells PaymentsSource.
The Members Group is making the service available to its clients, which would pay more than they would for First Data’s Falcon Fraud Detection system if they wanted the extra services DefenseEdge provides. Specific pricing was not immediately available.
Defense Edge has features that make employees’ monitoring more efficient and reduce bothersome authorization and verification checks with cardholders, Postma says. Cutting down on false positives means fewer calls to cardholders to verify a transaction or PIN-change request, Postma says.
To help in the fight against high speed and high volume computer-based attempts at guessing cards’ CV2 codes—known to Postma as “brute force attacks”–financial institutions can tell DefenseEdge to block a card if within two hours it has had three CV2 code mismatches, for instance.
The ability to specify parameters for DefenseEdge to monitor, such as transaction frequencies in certain time periods and transaction amounts, means financial institution employees spend less time looking for fraudulent purchases, Postma notes.
For instance, seeking a transaction of $20.02 with a product lacking DefenseEdge’s capabilities would require searching all transactions between $20 and $21. With DefenseEdge, which can also monitor signature- and PIN-debit transactions, “we can write rules to the penny,” says Postma.
Also on the rise are account takeovers, which occur when a criminal calls to change an account’s address and requests a new card, she says. When the financial institution checks charges, the criminal authorizes them because the criminal answers the verifying phone call. Criminals also try to change PINs for a stolen card or skimmed or hacked information.
When a caller tries to change an address or PIN, whether with a live customer assistant or with an automated system, DefenseEdge sends an outbound call to the cardholder as soon as someone requests the changes to verify the request is legitimate.
“(Defense Edge) not only will stop fraud quicker and give us more flexibility to get granular in writing those rules, you’ll have true cardholders that won’t get impacted as much, you’re going to have a lot more customer satisfaction, and potentially not as many costs for the outbound calling and verifications of transaction,” Postma says.
Fraudsters who skim card information or hack into a system for the information can make counterfeit cards. DefenseEdge monitors purchase behavior for this type of fraud, Postma says.
“They’re going to try to use it until they get declined, and that’s not typical consumer behavior,” says Postma.
Financial institutions also use logic to set parameters, she says. If a criminal uses a card from an Iowa cardholder in Florida for a $1,000 purchase at an electronics store, it raises suspicions; travelers don’t usually make such transactions, says Postma. The DefenseEdge manager can specify distance and transaction amount in telling DefenseEdge what should trigger authorization attempts.
Behavior also guides monitoring of fraudulent online purchases–how often has this cardholder bought online, and where?
Citing the 2011 data breach investigations report conducted by Verizon Wireless’s RISK Team, the U.S. Secret Service and the Dutch High Tech Crime Unit, Julie Conroy McNelley, research director for Boston-based Aite Group’s retail banking practice, tells PaymentsSource huge data breaches such as the one Sony Electronics Inc. experienced last year (see story) are down, but smaller merchants remain vulnerable.
Merchant Level IV, the class of merchants who process fewer than 20,000 transactions per year, includes 99% of businesses that process credit cards; the volume of transactions make such businesses a target for skimmers and hackers, McNelley says.
McNelley says both the smaller number of big breaches and the vulnerability of many small merchants mean criminals potentially have a lot of information and are anxious to use what they’ve stolen.
“What that translates to from a credit card-fraud perspective is increases in counterfeit card-not-present fraud, as the bad guys look to monetize all the credit card numbers that they’ve compromised,” she says. “Tools like DefenseEdge are very good at helping devise strategies that can nip those kinds of things in the bud.”
Smaller customers likely will allow The Members Group to write rules and operate DefenseEdge for them, while the larger clients may choose to customize more, Postma says.
McNelley says because of credit unions’ and community banks’ smaller sizes, a tool such as DefenseEdge offered by an organization like The Members Group can be beneficial.
“Credit unions are always out to provide a very user-friendly experience for their members, and it’s a tough balancing act between protecting both the credit unions and their members from fraud while not inconveniencing the members while they’re trying to conduct legitimate transactions on their cards,” she says. “All banks struggle with that friction, but credit unions tend to be smaller and so they tend to have less in the way of technological budget and resources they can bring to bear on this problem.”
What do you think about this? Send us your feedback. Click Here.