Remember Card Fraud?

Back in the day, the former Gambino crime family mobster Louis Ferrante and his enterprising confederates had discovered that you didn’t need to be able to forge cards terribly well to enter the counterfeiting business, provided you had the right collaborators…

For years I made big wood with Sonny’s “dupes”, phoney credit cards with real numbers. He sold them to me for a hundred bucks a piece. Sonny had salespeople in retail stores on the take, boosting charge card receipts… I’d visit a jeweller who was in on the scam and buy a Rolex. If the watch retailed for five grand, I’d tell him to hit the card for ten. I’d leave with the watch. He’d made money. Both of us happy.

What the wise guys really wanted though was cash. Card fraud was a means to that end.

If I knew a guy who sold stuff I didn’t want, like Paulie Flowers, I’d work out a cash split. I’d show up and tell him “hit my card for four grand, keep two and give me two when you get paid”. He’d tell the card company he’d delivered arrangements to a wedding, and send them a phoney bill of sale, and that was that.

Things have changed since then. At the time that the US Credit Card Fraud Act (1984) was passed — which included the provision that the use of an account number, without the card itself, could constitute credit card fraud — petty crimes constituted the majority of credit card fraud incidents but organised crime was already accounting for half of the losses.

Since then, organised crime has followed the finance sector and globalised. Nowadays it’s about investment and return on investment. In the UK, credit card fraud rates have now reached a five-year high. The European Central Bank's most recent report on card fraud, from October 2021, calculates losses at around 3.6 basis points (of which 80% comes from "card not present" transactions) which appears manageable. It all adds up though. According to The Nilsson Report, card fraud will mean over $400 billion in losses globally over the next decade.By 2030, US fraud losses are expected to increase their share of the pie to $17 billion in a total card volume of nearly $19 trillion.

Those figures sound huge, but by comparison with the losses in Louis’ day, they are manageable. The invention of tamper-resistant chips, PINs, 3D Secure, online authorisation, tokenisation and so on mean that while card fraud might sound enormous it is down to a few basis points compared to the 14 basis points that we saw in the UK before we began the transition to chip and PIN.

New Kids

We’ve entered a new era where payment card fraud is no longer the biggest problem in retail payments. Last year, authorised push payment (APP) fraud - that is, direct from account frauds where consumers are tricked into authorising transfers - hit ￡583m, a 39% increase on 2020 and in the UK the losses due to instant payments exceed the losses due to card fraud.

Consumers are beginning to discover that the comforts afforded card users are noticeably absent in the post-card world. The New York Times reports on a consumer who lost $500 to a scammer impersonating a Wells Fargo official. The consumer assumed that the bank would refund the money but the bank said (correctly) that since the consumer had authorised the transaction (which he had), it wasn't from their point of view fraudulent.

If you think that instant payments fraud is a disaster, hold on to your hat…In the UK, card fraud and APP fraud and other vanishing crimes such as cheque fraud didn't add up to a billion last year, a figure that pales into insignificance when set against the backdrop of the wider fraud landscape. Across the UK, fraudsters might have stolen as much as ￡37 billion of pandemic support funds from the taxpayer, according to analysis by University of Oxford researchers!

Similarly terrifying figures can be seen in the US, about 10 percent of the $800 billion Paycheck Protection Program, was pilfered. That's on top of the $90-$400 billion that NBC News report was stolen (at least half taken by international fraudsters) from the $900 billion Covid unemployment relief program in addition to something like another $80 billion looted from a separate Covid disaster relief program. ?

Action

What is going to stop payment frauds from spiralling out of control now? Well, my view has always been that the real problem is identity and that banks should work together to provide the crucial digital identity that society needs to transact in safety, so I was interested to see that Early Warning Services (EWS) and seven of the largest banks in the US have launched Authentify, a new identity verification service for consumers and businesses.

When consumers visit a participating site, they can choose to be redirected to log in via their bank, share their bank-trusted data with that company, giving a safe and secure means of identity verification. The bank will encrypt the data and pass it to the business (or government department, or whoever) so that consumers can access services using personal information that the recipient can have confidence in.

This is a significant announcement and I hope it means that a new era is upon us, where banks work together to provide a federated identity infrastructure to the great benefit of society as a whole.

One final thought. The advantages of a working infrastructure extend beyond trusted personal information. A bank log in is valuable, even if no personal information is shared. Imagine seeing a green tick on a social media or internet dating site. It would tell you that the account is a real person who logged in via their bank. You wouldn’t know who they are, or which bank, or anything else about them, but you would know that they are real and that a bank, thanks to rigorous KYC, knows who they are if they break the law.

Book Dave

Are you looking for:

• A speaker/moderator for your online or in person event?
• Written content or contribution for your publication?
• A trusted advisor for your company’s board?
• Some comment on the latest digital financial services news/media?