Our Card Fraud survey is still open — we’re trying to answer the question of who first detects card fraud: cardholders or their banks? The survey can be found here.
I’ve received a couple of comments suggesting I left out an important fraud detector in the survey: merchants! In the card not present (CNP) space, merchants are often the first detectors of fraud, noticing suspicious buying behavior even though the issuer is happily approving the transaction. This is a big issue and challenge in the CNP world today: how do merchants communicate information and insight such as this to issuers? There is no good way to carry this information in the current authorization message and “out of band” information transmission systems between merchants and issuers have yet to land on a single standard.
Merchants know things about consumers and transactions that issuers don’t, just as issuers know lots of things merchants don’t. For example, what if the merchant was able to tell the issuer “I’ve seen this customer many times before, but this is the first time he’s using your card”? Or an issuer could tell a merchant: “That is my cardholder’s current billing address, but it was just changed in the last 3 days”? This kind of two-way dialogue could certainly make the authorization decision smarter.
The fact is, today’s authorization system wasn’t designed for a world where merchants worked to actively detect fraud as they do today, at least in the CNP world. When the world was mostly “card present” transaction, as long as the merchant got a mag stripe read, an authorization and a signature, they were generally off the hook for fraud. So the authorization just needed to carry a few pieces of information one way for that issuer to make the authorization decision.
Contrast that to the CNP space, where merchants are always on the hook for fraud — even if authorized by the issuer — and therefore have implemented sophisticated fraud monitoring activities, doing a sort of “authorization” themselves often before sending the traditional authorization out to the issuer. In this new world, we need a two-way street of authorization data, not the one-way street that used to work so well.
Anyway, back to our Card Fraud survey… I didn’t allow for the choice of “merchant” as the first fraud detector because this is a consumer facing survey and I don’t think consumers are usually aware that merchants are often the first fraud detectors in a CNP environment. But maybe I’m wrong. Maybe a lot of merchants are proactively contacting consumers when a suspected fraudulent card transaction is turned away. In fact, that seems like a really good idea, since it would create cardholder pressure on issuers to shutdown compromised cards.
I think I have enough elements in the survey to test whether consumers are learning of card fraud first from CNP merchants and I’ll certainly be looking for that as we study the survey results. And heck, if I didn’t get it right this time, it will be an opportunity to try again — the one thing I’ve learned in doing surveys, it’s really important (and hard) to get the questions just right. Or, as e.e. cummings said: “Always the beautiful answer who asks a more beautiful question.”
This post was written by Glenbrook’s Jay DeWitt.