Blog
/
Guides
Shielding Your Business: Fraud Protection for Business Debit Cards in Embedded Finance
Preventing card fraud has never been more important for embedded finance companies. As card spending continues to rise, so does card-related fraud: the Nilson Report found that U.S. fraud losses are expected to amount to $165 billion over the next 10 years. Since cards are a common offering of embedded finance programs, it’s imperative to leverage the latest technology and tactics to combat card-related fraud.
Card fraud is costly for companies and their partner banks because federal laws and network policies generally protect consumers over businesses. That means that businesses are left bearing the bulk of financial responsibility. According to the Nilson Report, card issuers assumed 88% of fraud losses, with merchants and ATM acquirers making up the rest.
That said, the industry’s efforts to combat fraud are incrementally improving, according to the report. In the U.S., card fraud losses were 10.6 cents per $100 in 2021, down from 10.7 cents in 2020. Card and fraud prevention companies are leveraging machine learning and AI to enhance their capabilities in combating fraud. The introduction of other innovative tools enables companies to further bolster their anti-fraud measures, fostering continual improvement in those efforts. One of the key ways that businesses are combating fraud is through the use of machine learning and artificial intelligence (AI).
These advanced technologies have revolutionized the way fraud prevention is approached. By analyzing vast amounts of data and identifying patterns, machine learning algorithms can quickly detect suspicious transactions and flag them for further investigation. This not only saves businesses time and resources but also helps to minimize the financial impact of fraud.
In addition to machine learning, the introduction of other innovative tools has further strengthened anti-fraud measures.
For example, biometric authentication methods, such as fingerprint or facial recognition, have become increasingly popular. These methods provide an extra layer of security by ensuring that only authorized individuals can access sensitive information or make transactions.
Furthermore, companies are also investing in robust encryption technologies to protect customer data. By encrypting sensitive information, businesses can significantly reduce the risk of data breaches and unauthorized access. This not only safeguards customer trust but also helps to mitigate potential financial losses due to fraud.
The continuous improvement in anti-fraud efforts is a testament to the industry's commitment to protecting businesses and consumers alike. As technology continues to advance, so too will the tools and strategies used to combat fraud. By staying ahead of the curve and embracing these innovations, businesses can better safeguard their financial interests and maintain the trust of their customers.
These advancements highlight the need for proactive measures to ensure the compliance and long-term security of embedded finance companies and their customers. Establishing and maintaining a protective plan of action is crucial for sustained success.
This card fraud guide will dive into issues embedded finance companies are facing, and how companies can prevent and address card fraud. Topics covered include:
- Common types of card fraud
- Methods for preventing and limiting card fraud
- The importance of having the right fraud partners
- How embedded banking software can simplify fraud prevention
Download this full guide as a pdf:
Different types of card fraud in embedded finance
Card fraud may come in many different shapes, but the impact on embedded finance companies can be equally damaging. A serious breach can:
- Tarnish a company’s reputation and diminish customer trust
- Negatively impact the bottom line due to higher chargeback fees and increased risk for more financial loss
- Drain time and resources away from other areas of operation
How to protect your business from debit card fraud
To safeguard your business, it’s crucial to understand the tactics employed by fraudsters and where fraud most commonly occurs, says John Cates, Product Manager at Treasury Prime. Here are examples of the most common types of card fraud.
1. Data breaches
A card data breach occurs when personal credit data, like the cardholder’s name, address, and card information is exposed to an unauthorized person. Breaches can happen if a company’s data protection program suddenly fails, or if bad actors deliberately steal information.
The ways thieves steal card information can range from small-scale card skimming, to large-scale tactics like email phishing and text messaging scams. Statista found that the average data breach in the U.S. costs nearly $9.5 million annually.
2. Card skimming
Card skimming (also referred to as card cloning) is wheTn fraudsters illegally install devices on ATMs, point-of-sale terminals, or fuel pumps to capture card data. Sometimes the devices are planted into the card reader, or a hidden camera is installed to record a customer’s PIN. Fraudsters then use this information or data to replicate those cards and steal from consumers.
According to the FBI, card skimming costs consumers and institutions more than $1 billion each year — and this type of fraud has been on the rise. FICO found that in 2022, card skimming fraud increased by a whopping 368% from 2021.
3. Chargeback fraud
There are two kinds of illicit chargeback fraud: criminal and friendly. According to Unit21, criminal chargeback fraud is when a fraudster steals a card or card information and uses it to make purchases.
Friendly chargeback fraud is when a customer disputes a legitimate charge on their card, without having a legitimate reason. It occurs more often than people think: A 2022 Sift report on chargeback fraud found that 23% of respondents admitted to engaging in this type of fraud — and that number is reportedly on the rise.
Not only do businesses lose out on that revenue, but they’re also responsible for the chargeback fees, which range from $20 to $100, depending on the acquiring bank.
4. Lost, stolen, or shared cards
Consumers lose their cards, either by their own fault or because of bad actors. Consumers aren’t financially liable for unauthorized purchases made after their card is reported lost or stolen. That liability typically falls on the merchant or merchants where those fraudulent transactions occurred. However, depending on how the merchant processes transactions and what safeguards they have in place, that responsibility could then fall more on the fintech.
For example, if a merchant implements safeguards like requiring a CVV, matching the billing address to the one on file with the card issuer, and using 3D Secure, then the fintech is more likely to take on the fraud loss.
5. Card-not-present fraud
With the rise of digital commerce comes the rise of card-not-present fraud, which occurs whenever the customer does not present a physical card during a fraudulent transaction, usually on an e-commerce platform. Card-not-present fraud accounted for 72% of all card payment fraud in 2022 and is expected to increase in 2023.
6. Identity theft
Card-related identity fraud includes when thieves steal a physical card or account number and use it pretending to be the cardholder, or they steal a consumer’s personal information to open new cards and accounts.
7. Account takeover fraud
Account takeover fraud is a form of identity theft. It happens when a legitimate customer opens an account, but then that account gets hacked and taken over by a fraudster who has somehow obtained the customer’s password or other account information.
Those fraudsters often make changes to the account, such as requesting new cards, modifying personally identifiable information, adding authorized users, and changing passwords.
8. Social engineering scams
Social engineering scams occur when fraudsters try to leverage some form of deception against customers. Typically, scammers leverage a customer’s publicly available information, often from social media, to commit fraud and trick customers into giving up personal information.
Most common phishing scams involve email, voicemail, and text. Business email compromise occurs when fraudsters send emails from spoof accounts of legitimate businesses.
There is no doubt that card fraud directly impacts a business’s bottom line, but what is more concerning is the impact on customer trust and long-term business growth.
A PwC report on business trust found that 73% of respondents said they would spend significantly less if a company lost their trust. A separate PwC report also found that 44% of respondents completely stopped buying from companies that lost their trust.
If embedded finance companies want long-term growth and viability, they need to have thorough compliance and fraud prevention programs.
Embedded finance solutions can prevent and limit fraud
Given the widespread use of cards in embedded finance, putting rigorous card fraud prevention policies and procedures in place is crucial.
Effective card fraud prevention requires both proactive and retroactive measures, says Cates. While proactivity is the best first defense, the rapid advance of AI and technology means that bad actors are becoming increasingly more sophisticated and more likely to slip through even the toughest defenses. Therefore, a robust two-pronged approach is necessary for any embedded finance company.
Proactive card fraud prevention methods
Know Your Customer (KYC) and customer onboarding
A robust Know Your Customer (KYC) process is the first line of defense against card fraud because it establishes and confirms your customer identity before they are onboarded.
KYC entails three main components: customer identification program (CIP), customer due diligence (CDD), and ongoing monitoring.
CIP includes confirming a customer’s personal information like name, date of birth, address, and identification number like a Social Security number. CDD is a process used to evaluate customer risk and trustworthiness.
If there is a suspected fraudulent customer, it’s imperative for the embedded finance companies to thoroughly review how they got through and adjust their KYC rules accordingly. Fintechs can work with third-party partners like Alloy to set up custom workflows. That way, the fintech and their bank partner can choose which evaluations they want to run and decide how to proceed with each person or business.
Real-time transaction monitoring
No matter how comprehensive a company’s fraud detection is, the sheer volume of payment transactions means that some fraudsters will manage to slip through. Partnering with third-party fintechs like Unit21 and Sardine to monitor transactions in real time can help catch and stop suspicious activity early on.
With the help of artificial intelligence and machine learning, transaction monitoring speed and accuracy can be improved. Embedded finance companies can integrate fraud detection algorithms to analyze customer activity, such as card frequency and places of usage, to identify any anomalous behavior.
There are a number of automatic triggers embedded finance companies can build into their fraud detection algorithms to alert both themselves and their bank partners.
Some common signs of card fraud include last-minute shopping sprees, using a card in a new store or different location from the customer’s normal zip code, or using a card to get cash.
BaaS API tools
Treasury Prime’s API allows embedded finance companies and their banks to customize card controls. Here’s a breakdown of how businesses can leverage Banking as a Service tools to prevent fraud.
1. Card Controls
Treasury Prime’s Card Controls lets fintechs customize where cardholders can use the card, and how much they are allowed to spend and withdraw, on whichever cards they choose.
Merchant restrictions: For example, companies can restrict the cards from being used at certain merchants, such as gas stations, that are at high risk of fraud.
Spend velocity restrictions: They can also implement spending restrictions, such as only being able to spend $1,000 within 24 hours, which can protect businesses from increased chargeback fraud.
Withdrawal Velocity restrictions: Companies can also configure a maximum dollar amount for ATM withdrawals within a timeframe (e.g. not more than $400 in ATM transactions within 24 hours).
2. Card Event API
The Card Event API shows network data and metadata about each card transaction to determine whether there was a likely fraud event.
The data will show if it was a card-not-present transaction, whether a PIN was present, or if there was chip fallback, which is when an EMV chip “fails” and then requires a card to be swiped. That then makes it easier for fraudsters to skim card data from the magstripe.
3. Card address verification
Treasury Prime can enable address verification on your card products of choice. When this is enabled, the street address, zip (or both depending on what is enabled) will be checked against what the merchant submits through the network. If there is not a match the authorization will be declined.
4. Card Auth Loop
Compliance and risk management is not a one-size-fits-all, and fintechs and embedded finance companies need to be able to develop their own card rules. If companies want more granular control, they can use Card Auth Loop to include their own business logic to determine whether to accept or decline a transaction.
“Fintechs can develop way more advanced rules,” says Cates. “Basically, it just gives them more control.”
For example, in the event of a chip fallback, fintechs can use Card Auth Loop to automatically decline those card events.
Treasury Prime will also help embedded finance companies monitor network data and chargebacks to determine patterns and identify potential fraud.
Education for embedded finance providers
Education is twofold: embedded finance companies need to educate themselves on the latest fraud trends, but they also should educate customers on how to protect themselves and spot scams.
Educating customers can come in various forms, such as blog posts and webinars detailing common fraud schemes like email phishing and online safety best practices like strong passwords. Businesses should also detail very clearly to customers their policies and protocols, so customers don’t accidentally provide personal information to fraudsters.
Fintech fraud partners are also excellent resources for embedded finance companies. Fintechs like Alloy, Unit21, and Sardine are experts in their areas, knowledgeable of the latest fraud schemes, and provide helpful educational resources.
Retroactive card fraud prevention methods
Review chargeback data
Chargeback disputes are extremely costly to businesses, but embedded finance companies can use this data to improve their card fraud prevention programs.
“The fintech should go look at their application and KYC and ask, how did this person get through?” says Cates. “A lot of fintechs will experience fraud and say, ‘We don't understand it.’ Well, did they look at how the fraudsters got through in the first place? In general, it’s important to constantly review KYC rules and make sure you're building the right rules.”
Understanding customer chargeback data informs both KYC processes and real-time transaction monitoring. Merchants should keep track of their transactions so they can analyze customer patterns and trends. Businesses can then use this information to identify high-risk customers and payment methods and establish triggers that immediately reject transactions that fall under these categories.
For example — is there an abundance of card-not-present transactions? Are there a lot of account signups coming from a single location? Are they frequently maxing out their cards and then transferring out the balance? These are all common signs of credit card fraud.
Businesses can either manually manage chargeback data via spreadsheets, or use a chargeback management system to streamline the process.
Finding the right fraud prevention partner
In the face of these challenges and risks, enhanced debit card fraud prevention measures are not just prudent — it's critical. Proactive strategies are essential in the dynamic landscape of embedded finance, where card fraud prevention can spell the difference between success and failure.
To combat fraud effectively, companies must consistently evaluate and strengthen internal controls, invest in advanced fraud detection technologies, foster a culture of fraud awareness, and stay updated on the latest prevention techniques. From having a robust KYC process, real-time transaction monitoring, and customer education, to monitoring chargeback data to regularly improve processes, embedded finance companies can be proactive in how they protect themselves and their customers. In addition, mitigation through additional BaaS API controls and third-party tools is essential for safeguarding business interests and maintaining customer trust.
Most embedded finance companies don’t have the resources to tackle all fraud-related issues on their own — that’s why it’s important to work with the right partners.
Working with an embedded banking software provider like Treasury Prime can help streamline a company’s compliance and risk management programs. Treasury Prime fosters a direct relationship between brands and banks so they can design a compliance program together. Through Treasury Prime’s partner marketplace, embedded finance companies can also access a suite of fraud prevention tools from top-tier third-party partners like Unit21, Alloy, and Sardine, with bank approval. These pre-integrations make it more seamless for fintechs and their bank partners to collaborate on KYC, identify risks, and flag potentially fraudulent activity.
Managing card fraud is imperative, but embedded finance companies don’t have to do this alone. At Treasury Prime, we empower fintechs and brands to develop compliance and risk management programs that fit their specific needs.
Share
