By Dave Orme, SVP, IDEX Biometrics
Clearing up the mess left behind by fraudsters is a serious challenge and sees financial institutions having to absorb the monetary and logistical damage of card payment fraud daily. Meanwhile, consumers are left with a feeling of dread when they see transactions, that they know they haven’t made, on their payment card accounts. Finding themselves needing to take time away from work or home, to report stolen cards, cancel cards and wait for new ones. Not only is this frustrating for cardholders, it takes a huge amount of time investment by banks to resource this process. Payment card fraud is a serious problem that affects every one of us.
In fact, card fraud is a serious and increasingly urgent problem. Financial Fraud Action UK (FFA UK) reports that in 2016, fraud across payment cards, remote banking and cheques totalled an astonishing £1.38 billion, an increase of 2% on the previous year. The overwhelming majority (80%) of this fraud involved payment cards; there was a particularly large (30%) increase in the proportion of cards lost and stolen, and these alone accounted for losses of £96.3 million1.
There is no single reason for these figures; impersonation and deception scams, as well as data breaches, have all played their part. But the UK is becoming an increasingly cashless state — debit card payments overtook cash payments for the first time recently — so we have no real option but to stop the fraudsters2. The obvious question is, how?
Financial institutions currently bear much of the impact of card fraud, and in response are investing heavily in machine learning, predictive analytics and other cutting-edge technologies to beat the criminals. These are having some effect; in 2017, fraud losses on payment cards fell somewhat (which contrasts with 2016, as we have seen), but even so there was still £566 million lost to payment card fraud alone and seven pence in every £100 spent was fraudulent — a very worrying statistic in a society that is rapidly increasing its reliance on cards3.
In other words, payment card fraud has been a huge problem for a sustained period of time and the steps currently being taken to stop it are not effective enough.
In a society that relies more and more on technology, payment cards are the weak link; or rather, the behaviours of the people who own and use payment cards are the weak link. It is human nature to make the mundane administration of life easier — but we all know how dangerous writing down your PIN because you keep forgetting it (and worse, keeping the card and the PIN together) can be. Many people are also guilty of sharing their PIN and card with their friend/partner/relative to enable transactions without the need to be present. Others give out cards and PINs to trusted people because they are elderly or have mobility problems and getting the necessities of life is so much easier that way. All these behaviours are very common, but they are also making card crime very easy.
People fail to keep their PINs or other card details safe not because they are inherently foolish or lazy, but because PINs are simply unfit for purpose. To be effective they demand a far higher standard of discipline and security from human nature than human nature is ever likely to give. The result is a massive headache for individuals, financial institutions and businesses all over the world.
But if not PINs, then what?
Giving the finger to fraudsters
Biometrics, including fingerprint recognition, is a field increasingly recognised as holding the key to card fraud prevention as such fraud becomes a more and more urgent problem. And while financial services may be looking at large-scale use of biometrics now, in other security-conscious sectors this has already happened. For example, many smartphones (which are themselves fast becoming the twenty-first century replacement for the wallet) are protected via fingerprint authentication, usually via a sensor on the lock screen. Passports are also routinely issued with biometric authentication built in, as are government ID cards. Biometrics are used where security is non-negotiable.
Until recently, including biometric authentication in a payment card was very difficult. This is because it required a sensor to be incorporated in the card and for many years those sensors were too large and inflexible to make that viable. However, there have been breakthroughs in this technology recently and we are now able to deliver a very thin, flexible fingerprint sensor that is easy to add to a standard card, so the major barrier to using biometrics with payment cards has now been overcome.
Biometrics companies are now working in partnership with banks and other financial institutions, smartphone manufacturers and payment processing firms, to make gold standard authentication affordable, practical and available for payment card users and issuers. This is very good news for those in financial and security businesses, because the roll-out of biometrics in those fields will relieve much of the pressure of fighting what is, frankly, now a losing battle. With the arrival of simple, secure and personal authentication for all, hopefully we will see the demise of that twenty-first century pickpocket that is the payment card fraudster.