Before answering the question the title poses, let me introduce myself. I'm the newest blogger in the Risk Forum. Recently, I was the faster-payments-product guy in the Retail Payments Office (RPO) at the Atlanta Fed. While in the RPO, I was a cheerleader who pushed and cajoled the industry to get same-day ACH off the ground. Incidentally, same-day ACH is due to become available universally as early as September 2016 due to a recent rule change passed by NACHA.
Back to my question—while doing some research on expanding fraud data coverage in the Fed's upcoming triennial payments study, I came across a gap in publicly available detailed fraud data for the United States compared to other geographies. As the table shows, the gap is evident from the Fourth Report on Card Fraud published in July 2015 by the European Central Bank. You probably see the "Not available" designation in the card-present subcategory.
What gives? What could be gained if this information were made available? As the footnote shows, the high-level data is taken from the Fed's last triennial payments study published in 2014. And as a previous post notes, the United States does not have a publicly available, single, uniform repository for payments fraud data. Back in 2009, the problem was covered in detail in the briefing paper "The Benefits of Collecting and Reporting Payment Fraud Statistics for the United States" by my colleague Rick Sullivan from the Kansas City Fed. In fairness, it should be noted that information is available in the United States to varying levels of detail as a paid service or through surveys conducted by such organizations as the Association of Financial Professionals and is typically distributed only to the organization's membership.
So that you know what we are missing out on in the United States, here are capsule descriptions of each card-present fraud type:
- Counterfeit/Skimming: Fraud is perpetrated using an altered or cloned card.
- Lost/Stolen: Fraudulent transactions result from the use of a lost or stolen card.
- Card not received: A newly issued card in transit to a card holder is intercepted and used to commit fraud.
- Fraudulent application: A new card is issued based on a faked identity or using someone else's identity.
- Other: This is a catchall category for fraud not covered above.
The card-not-present subcategory, which is fully reported on in the triennial study, generally covers fraudulent payments initiated online, or by mail or telephone. Unlike card-present fraud, this type of fraud is not usually subdivided any further.
It should be noted that the current study was the first of the triennial series to report on fraud. Unfortunately, scope limitations precluded breaking out fraud further. As it is, the current study offers a wealth of payment and fraud data for cards and all other forms of noncash payments.
Adding a level of specificity for card-present fraud in the United States will help in tracking the movement of fraud from one type to another and the migration of fraud to other countries. In the United States, fraud is likely to further shift from card present to card not present due to increased counterfeiting controls at the point of sale from the anticipated broad adoption of EMV (chips) for cards and POS terminals. The Federal Reserve, in partnership with other payment system stakeholders, hopes to track these and other developments by collecting additional fraud data for the next triennial study due to be published in 2017.
What suggestions do you have for identifying and collecting other fraud data?
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed