Abstract
Boston, MA -- Debit cards represent only one access device through
which fraudsters might attack a depository institution' s account assets.
Though cards supporting "signature" debit (and, to a smaller degree, PIN
debit) have enabled fraudsters to access deposit accounts through fraudulent
point-of-sale or card-not-present purchases, the variety of schemes that
target demand deposit accounts (DDAs) often utilize multiple channels and
access devices to target the cash itself in fraudulent withdrawals and
transfers.
Check fraud, ACH fraud, wire transfer fraud, ATM fraud, and online banking and
mobile banking fraud (in addition to debit card fraud) collectively comprise
what we' ve come to know as deposit account fraud. Since fraud schemes that
target the DDA through multiple channels are proliferating, the business case
for implementing a multi-channel fraud solution has never been clearer.
Mercator' s new report, Multi-Channel Deposit Account Fraud and Vendor
Solutions, discusses and tries to answer these essential questions: How are
these schemes being executed today by fraudsters hoping to exploit financial
institutions' vulnerabilities? How are the solutions that vendors have brought
to market evolving to counter these threats? This report reviews extant
research and data to illuminate today' s DDA fraud landscape, provides case
examples of recent fraud schemes that target deposit accounts, and profiles
selected vendor solutions that help banks and payment processors manage fraud
risk associated with at least one channel or device that accesses DDAs.
"A variety of point solutions exist in the market to address the risks
associated with DDA fraud of different types in a specialized fashion, often
looking at only one aspect of the usage of the instrument or channel without
providing the user with a comprehensive understanding of the account-level
behavior that underlies the broader customer relationship," David Fish,
Senior Analyst at Mercator Advisory Group and author of the report comments.
"Some of these solutions have evolved more recently to do exactly that, or to
at least aspire to multi-channel and even "enterprise-wide" fraud management.
The path to a comprehensive DDA fraud solution has been paved by specialists
in various channels, however, with best-of-breed solutions in debit card
fraud, for instance, requiring significant modification when applied to a
different type of payment instrument or access channel."
Highlights of this report include:
Cash is a high priority for financial criminals committing payments fraud, and
the variety of access devices and channels associated with demand deposit
accounts makes them an increasingly attractive target.
Debit card data compromise is a chief concern to DDA risk managers due to the
fact that counterfeit cards can be used both for fraudulent purchases at the
point-of-sale and at ATMs for fraudulent withdrawals if the PIN has also been
compromised.
Solutions vendors have typically specialized in one kind of fraud prevention
over another, but the varieties of access to DDAs necessitate a broad view on
the part of risk managers.
Vendors offering more comprehensive solutions tend to have aggregated point
solutions that were developed by their acquisition targets ??? consolidation
and rationalization of these has finally produced compelling results.
Strategic concerns for DDA risk include the outcome of the Durbin debate, the
rising focus of fraudsters on commercial accounts, the ways in which vendors
deliver and support their fraud risk management solutions, and the coming
revisions to the Federal Financial Institution Examination Council' s (FFIEC)
guidance for online authentication.
One of 12 exhibits in this report:
This report is 30 pages long and has 12 exhibits.
Companies mentioned in this report include: ACI Worldwide, Aldi,
American Bankers Association, Comerica, CyberSource, Early Warning Services,
Experi-Metal Inc., FFIEC, FICO, First Data, FIS, Fiserv, Global Payments Inc.,
Hancock Fabrics, LastPass, MasterCard, Michaels, NACHA, Pulse EFT, RSA,
Verizon, Visa.
Table of Contents
Executive Summary
Introduction
Six Ways ' til Sunday - Fraud Schemes Increasingly Target Deposit Accounts through Multiple Channels
- Check
- Wire / ACH
- Debit Card / ATM
- Online / Mobile
Fraud Solutions from Selected Vendors
- ACI
- Early Warning Services
- FICO
- First Data
- FIS
- Fiserv
- MasterCard
- Visa
Conclusion - Strategic Concerns for DDA Risk Managers
- The Durbin Amendment
- Corporate Account Takeover
- Online Authentication
- Fraud Systems Delivery
- The Issue of Collaboration
- Can "Enterprise Wide" Fraud Management Languish if "Multi-Channel" Will
Suffice?
- Copyright Notice
TABLE OF FIGURES
- Figure 1: Fraudsters Access Deposit Accounts Through Several Channels and
Devices
- Figure 2: Total Card Payment Volume Shifts Toward Debit
- Figure 3: Dump Sellers Capitalize on Level of Detail
- Figure 4: Skimmers Turn Attention Back to ATMs
- Figure 5: For Debit, Fraud Migrates to Signature and Card-not-Present
- Figure 6: PIN Debit Less Vulnerable
- Figure 7: Counterfeit Cards Account for Most Fraudulent Signature and PIN
Debit Purchases
- Figure 8: Payment Card Numbers Still Primary Target of Hackers
- Figure 9: Phishing Schemes Increasingly Target Larger FIs
- Figure 10: ACI Secure Marketing Material
- Figure 11: First Data FastData Screenshot
- Figure 12: Visa Risk Manager Screenshot
