By Karen Haywood Queen Published May 13, 2015 CreditCards.com
Fighting credit card fraud is a balancing act. On one hand, if you’re in Houston but your card account is buying expensive jewelry in Paris, you want that transaction stopped — now! On the other hand, if your first trip to the Bahamas includes renting a boat, you don’t want your day ruined by an overprotective computer program blocking the charge as suspicious.
New anti-fraud analytics and mobile phone geolocation tracking offer hope for both problems. Used on their own or together, these technologies can help your credit card issuer stop a fraudster early in that international spending spree, while also reducing “false positives” — those times when a legitimate purchase is flagged as fraudulent.
New analytics lessen anti-fraud failure
Consumers using this technology “now have peace of mind,” says Loc Nguyen, chief marketing officer for Feedzai Inc., a San Mateo, California, company that provides this technology to credit card issuers. “Knowing their bank is watching gives consumers satisfaction that their money is being protected.”
A lot is at stake. Currently up to 80 percent of transactions that are declined when consumers are traveling abroad actually are legitimate, says MasterCard spokesman Bernhard Mors. Issuers spend hundreds of millions of dollars annually to manage customer service calls related to pre-travel requests and to research declined transactions, according to estimates from Visa.
Visa, MasterCard, Feedzai and FICO all have new solutions designed to lower those costs and make fraud detection more accurate. So when that fraudster in Paris tries to use your card, the authorization is more likely to be declined, or you’re more likely to get a text or call alerting you to possible fraudulent activity.
And when you try to rent that boat in the Bahamas, these tools mean the credit card is much more likely to be honored.
FICO is one of the oldest and biggest players in anti-fraud analytics. Its Falcon Fraud Manager technology is 20 years old and is used by 9,000 banks worldwide covering two-thirds of payment cards, says Scott Zoldi, FICO’s vice president of analytic science.
In recent years, FICO has rolled out an updated version called Falcon 6 that is able to immediately learn when fraudsters change their methods, Zoldi says. More than two-thirds of the financial institutions using Falcon are either already using Falcon 6 or moving to it, he says.
“Fraudsters are continually adjusting their tactics and it’s a never-ending battle,” Zoldi says. “That is why in Falcon 6, the adaptive and self-learning models and capabilities are so important … the model can continually refine itself based on the motives and calculated movements of the fraudsters.”
The new technology also keeps track of your behavior and can quickly determine if an attempted transaction is part of your normal patterns. “When I go and take money out of an ATM, I don’t go to a random ATM — I have favorites,” Zoldi says. “If Falcon saw me taking a large dollar withdrawal from an ATM I haven’t been to before, that’s riskier.”
If we saw a score of 85, we consider that very risky. But when we see a location match, we’re able to say that decreases the risk.
— Eden Smith Visa
Although reducing fraud is important to card companies, reducing false positives may be even more important from a customer service point of view. A 2014 scientific national poll by CreditCards.com found that among frequent card users, 42 percent said having a legitimate transaction blocked made them feel annoyed, embarrassed or angry — conditions that would cause customers to turn away from their cards. In a 2012 study by Finsphere, a Bellevue, Washington, company that provides mobile identity-authentication services, 54 percent of those surveyed said they would be less likely to use a credit card in the future if it had been declined and 48 percent said they’d consider changing cards. “We are committed to reducing fraud,” says MasterCard’s Mors. “But we also want to drive a better consumer experience.”
Your history, habits go into a score
With a detailed history of your personal behavior, card issuers are better able to pinpoint activity that may be uncommon for others but isn’t for you — and thereby reduce false positives. “For example, if customer ‘Joe’ tends to frequently make a large number of large payments associated with online gambling, that is normal for ‘Joe’ but perhaps not for other customers,” explains Zoldi.
All of this information feeds into a numerical score. FICO’s Falcon systems rate credit risk from 1 to 999, with a score of 1 having the lowest probability for fraud and a score of 999 having a high probability, Zoldi says. The model also identifies the ratio of fraud to false positives at each score. For example, at a score of 960, for every three transactions, two are legitimate and one is a fraud, he says.
Banks target different strategies at the higher score ranges based on their fraud experience, Zoldi says. One bank may decline every transaction with a score of 980 and higher while another bank may decline purchases at 990 and higher, he says. Also, certain banks write rules to work at lower score thresholds for more risky international destinations, particularly high dollar transactions in risky merchant category codes.
Besides location, risk factors might include a fast pattern of purchases, especially of electronics and jewelry, Zoldi says.
The time it takes to rank those risks is now measured in milliseconds or less, drastically shortening those awkward moments waiting for a verdict from the cashier or card reader. “When you’re at a terminal and swipe the card, you don’t want to wait a long time,” Zoldi says. “You want it to go rapidly.”
In addition to advanced analytics, some of the new programs also rely on location tracking through your mobile phone. MasterCard, for instance, is working with Tampa, Florida-based technology provider Syniverse on a program that focuses on international transactions and will be available to consumers this summer.
Once you register for the service with your card issuer, a transaction can be matched to your location, which is revealed by data from your mobile network, says MasterCard’s Mors. Because all device types connect to the mobile network, this system is effective using both smartphones and phones that don’t have GPS.
We’re now in the era of the ‘always connected Internet of things’ where this digital exhaust can be captured and recycled to keep our money safe.
— Loc Nguyen Feedzai
Visa’s Mobile Location Confirmation program, which it developed with Finsphere, is due to be in the hands of consumers by the summer travel season and also focuses on international transactions, says Eden Smith, senior product analyst at Visa. To use it, you must download an app to your smartphone and agree to allow the company to use your location for fraud prevention purposes, according to Visa.
Mobile location can be determined using the mobile network, Wi-Fi or GPS. This is especially important for international travelers who may prefer not to use expensive data roaming services. Visa’s location analysis is ongoing so there is no need to wait for your location to be pinpointed after attempting to use the credit card. If your device is in the same location as the attempted transaction, the credit card issuer can more confidently confirm the transaction.
The Visa system scores risk from 1 to 99. “If we saw a score of 85, we consider that very risky,” Smith says. “But when we see a location match, we’re able to say that decreases the risk. Now we can approve the transaction because it’s not as risky as it seemed before.”
While it’s still early days, vendors say initial results look promising. In one pilot program, Finsphere reduced by 55 percent the number of times that legitimate transactions were either declined or required what it calls “intrusive customer contact,” according to a company news release. FICO says both generations of Falcon technology reduce fraud losses up to 50 percent. Falcon 6 also results in 25 percent fewer false positives, the company says.
Technology, attitudes enable results
The reason these programs are gaining traction now is because several factors have changed: computers are faster, smartphone adoption has increased and consumers are more open to being tracked.
Only in the last few years have location-based anti-fraud systems been capable of crunching data fast enough to quickly detect fraud, Feedzai’s Nguyen says. “Even three years ago, fraud systems weren’t able to do this in real time,” he says. “People moving around produce massive real-time data streams that come in too fast for legacy anti-fraud systems to process. We’re now in the era of the ‘always connected Internet of things’ where this digital exhaust can be captured and recycled to keep our money safe.”
Another change making the technology more marketable is the increasing consumer use of smartphones. Two-thirds of consumers now own smartphones, compared to 35 percent in 2011, according to a 2015 survey by the Pew Research Center.
And, as credit card fraud has increased, cardholders have become more open to having their credit card issuer know their location in exchange for improved security, Nguyen says. Nearly one-third of Americans (31 percent) are willing to have a financial institution access their mobile phone data in exchange for protecting their personal financial information from being stolen, according to a March online poll conducted by Harris Poll on behalf of Feedzai.
In exchange for protecting their personal financial information from being stolen, 29 percent of adults said they would allow a financial institution access to their online activity; 23 percent would allow access to their social network accounts and 23 percent would allow access to mobile phone, online activity and social network accounts, according to poll results.
“Five years ago, the attitude was ‘I don’t want anyone to know where I am,'” says Nguyen. “Now, for security purposes, consumers are more willing to make that barter.”
But Visa’s Smith stresses that consumers will still have a lot of control over their information. They first need to opt in to Visa’s Mobile Location Confirmation program, and then they still have options to limit tracking. “They can opt out any time,” she says. “Consumers can say ‘I would like to opt in to this, but for fraud purposes only — not for marketing.'”
CREDIT CARD ANTI-FRAUD SYSTEMS
New systems work both behind the scenes and with consumer-facing apps to better determine whether it’s a fraudster or you trying to make a transaction.
FICO’s Falcon 6
Capable of learning from legitimate cardholder behavior and from fraud attempts so it can more quickly identify new types of fraud. Uses merchant location and distance from consumer’s home in its fraud detection model but does not use mobile device analytics, yet. Future versions will incorporate mobile device location. Analyzes both domestic and international transactions.
This fraud-detection engine is used by banks, which may incorporate it into their banking apps. Can analyze tens of thousands of transactions per second in real time, track online and in-store consumer behavior and learn from that behavior. Analyzes both domestic and international transactions.
Visa’s Mobile Location Confirmation/Finsphere
Works through mobile banking apps offered by participating financial institutions, and focuses solely on international transactions. Once a cardholder opts in, their location can be determined using their mobile phone network, Wi-Fi or GPS. Those options are especially important for international travelers who may prefer to use Wi-Fi rather than GPS, which relies on expensive data roaming services.
Works even on mobile phones with no Internet access. No app required. Users register with their card issuer for the service, then travel with their mobile device. Location is tracked through the mobile service provider. Focuses solely on international transactions.