Card businesses (whether credit cards, debit cards, Mastercard, Visa, ATM cards, those for bespoke or other scheme or systems etc.), whether they are card acquirers or card issuers will have fraud and other attacks – they always do. Card losses rise and fall too over time.
Generally, our team of card risk and fraud experts team gets called upon when the loss levels are rising, but of course when card fraud losses are going down, we still need to be vigilant and find more preventative measures all the time. Otherwise:
- Complacency can set in
- The general focus upon fraud can start to wane
- Creating new ways to find fraud and fraudster methods fall-off too
- We can become the the target for fraudsters or bad-debt as our systems, processes or team focus/resources have fallen behind (when either people were transferred out or promoted as the losses fell).
- Investment in risk management measures fell as management team/directors failed to find business cases and temporarily there was no serious challenge to the losses; and finally……
- The losses start to rise rapidly again ‘ahead of the curve’ and we find ourselves in expensive ‘panic mode’ again and in need of faster reactive actions to quell the losses.
Sadly, much of what we do involves working with schemes and regulators when they have already removed licences or imposed big fines. This means that the losses and fines have already caused big losses with high frauds or debt losses. When this happen, a lot of ‘fire-fighting’ activity and ‘quick-fix’ solutions are needed. This means that we need to work faster, and more aggressively to deliver change in everything from culture to the way that decisions are made and implemented.
Interestingly, the problems that we see, generally have little to do with the actual risks, fraud, debt losses or the fines themselves; they are nearly always about Management, Measurement, Ownership, Accountability and Culture i.e. in 2013, the European Central Bank published a report on card fraud levels (for credit cards and debit cards both), which makes interesting reading, but does not propose any way of addressing the problems, and certainly none that address industry solutions, new ideas or for taking a European leadership itself.
Ensure management are fully behind the need to address the issues and be prepared to invest in the solutions even if they will take more than a few months to deliver results. Left without a solution, fraud can rise exponentially, so quick ‘payback’ can be achieved. Continual investment is often needed to prevent this….. again.
Make sure that the losses are measured and reported. There is little benefit in investing in, say improved POS identity validation or rule-sets if the problem is in the e-commerce losses, and equally little point in spending money on a overseas issue or a portfolio review if we do not identify our new customers properly. So we need to measure the problem, focus our attentions on the right solutions, and ensure that the right management can see and interpret the trends to assign the right investment in the right direction.
We see problems where there is investment and there is measurement and management, but no-one on the board is accountable i.e. has 'ownership' of the rising losses that start to kill the profitability. Someone's head has to be ‘about to roll’ if issues do not get addressed.
Lastly, the losses and trends do not get addressed when the culture and ethos of an organisation is not right. Without a hunger to address the problems, e.g. to find the losses or confront the liars and cheats, then the problems will continue. Demanding immediate action and ‘taking the fight’ to the right place is often all that is needed. This can be as simple as addressing IT challenges, rule corrections, falling staff levels, loss of focus in the management team etc. A focus on early prevention or follow-up corrective actions are often missed, when we are too busy with urgent detection and investigation of cases and events.
We probably can't help you if you have all of these things in place, and we probably won't help you unless you are ready to be taken through a journey of change to reduce loss-levels, or to prepare you for the next attack.
At Riskskill we get to the underlying causes of losses - which invariably relate to any number of the sub-sets of challenges discussed above. Every business that we work with suffers in a different way and needs a different combination of solutions which we help businesses to find.
In the card industry (credit cards, debit cards, MasterCard cards, Visa Cards, ATM cards, or other schemes or evolving payment methods, etc.) our clients are the biggest banks, card processors, issuers, and acquirers in Europe and indeed across the globe; so we specialise in helping make rapid and permanent changes to the business that will support stronger risk management efforts in these businesses.
Where you have them, and everyone does have them, we find the holes in your systems, processes, management and culture and then we work with you to fill them. Our customers have seen us work with teams of 10-15, but also with teams of up to 14,000 - and whilst the scales and the challenges are very different, the problems that exist are always unique combinations of the same things.