Detecting suspicious activity sooner rather than later

This is what Michelle Weatherhead, manager, EMEA, Risk Solutions for payments software provider, ACI Worldwide, had to say recently about the rise in UK card fraud in 2008.

The APACS annual statistics finding that UK card fraud in 2008 increased by 14% is, unfortunately, relatively unsurprising. The one statistic that was immediately notable was the increase in card ID theft, which was up 39%.

Card ID theft, which is when someone gets hold of your card details and PIN and starts to use them on an ongoing basis, is a real problem. There is the issue of consumer education - encouraging members of the public to shred card statements when they dispose of them, change PINs regularly and carefully check statements to make sure they are accurate, is a first step. However, there are techniques that the bank can use to help prevent this type of fraud.

One step that many banks are turning to is monitoring all activity on an account, both financial and non-financial transactions, as well as combining intelligence about how a customer uses all their cards and accounts, not just an individual one.

This helps the banks build up a complete profile of that individual - how often they travel, where they tend to shop, how much they usually spend - so that as soon as a transaction occurs that is outside that customer's usual spending patterns, alarm bells start to ring and that transaction can be flagged as suspicious. What is important is that the banks detect suspicious activity as soon as the account is taken over, otherwise the fraudster will build up their own 'profile' so activity may appear genuine.

This leads to tools such as SMS alerting, which banks are starting to implement to help them stop fraud early. SMS alerting means that if suspicious activity occurs, such as a transaction that is overseas, over a certain value, or in a type of outlet the customer hasn't used before, the bank can send a text message to the customer immediately, informing them of the transaction and asking them to respond if it isn't genuine.

This can also be used to confirm with customers that they have changed their address or requested a new PIN for example, which can be a first sign of account takeover.This combination of activity can enable the banks to block compromised cards quickly, protecting themselves from losses, and also building confidence with members of the public that they are protected too.

Fraud is always changing and moving - the APACS’ statistics for 2009 when they come out in 12 months’ will show similar trends to those we have seen in this announcement - but as banks embrace the latest technology, just maybe some of these numbers will start to come down.