Can staying vigilant prevent fraud?

Despite banks’ efforts to thwart fraudulent or erroneous credit transactions, they still do occur. Merchants, service providers and banks sometimes make inadvertent errors, and fraud is an exponentially expanding threat.

The Federal Trade Commission (FTC) reported more than 390,000 credit card fraud incidents in 2020. According to the December 2021 Nilson Report, payment card fraud losses in the United States reached $10.24 billion in 2020 and accounted for 35.83% of global card fraud, even though they accounted for only 22.4% of total card volume.

Unauthorized credit transactions are a notable example of card fraud. This type of transaction is one not performed or authorized by the consumer, although it appears on their account. Common causes are lost or stolen cards; skimming information from the magnetic strip in an electronic device; obtaining confidential details via phishing emails or text messages; or fraudulently using account numbers and expiry dates obtained through other means to conduct a transaction.

What is a community bank’s responsibility for a customer’s erroneous or fraudulent transaction? And how can banks handle them for the best outcomes?

Ready for Regulation Z

Creditors must, under Regulation Z—the Truth in Lending Act, make certain initial and periodic disclosures to consumers about the terms and conditions of open-end accounts, including the consumer’s right to billing error resolution, according to the Consumer Financial Protection Bureau (CFPB). A creditor, for consumer-purpose open-end accounts, could be the bank itself or a third-party service provider. In any case, the bank is ultimately responsible for the account disclosures and operation of consumer compliance, including billing error resolution.

“There are steps banks can take to actively prevent [fraud], but it is critical that banks are prepared to respond quickly and effectively.”

—Rebecca Kruse, ICBA

Vigilant consumers may identify erroneous or fraudulent transactions soon after they occur. Many quick-equipped banks are also able to flag, intercept and resolve unauthorized or suspicious charges before an account holder is even aware of the issue. In many cases, however, unauthorized changes may not be identified until they receive a statement, or later.

A billing error, generally, is a “reflection on or with a periodic statement of an extension of credit that is not made to the consumer or to a person who has actual, implied or apparent authority to use the consumer’s credit card or open-end credit plan,” notes the CFPB. The transaction may be wholly erroneous, or it may be partly erroneous in the amount reflected or the number or type of transactions.

Creditors must conduct an efficient, effective resolution process, as specified in Section 1026.13 of Regulation Z. The process should include identifying the nature of the customer’s dispute; determining if an investigation is required; and ensuring that all the procedures, timing and notice requirements are met and documented. Creditors should take note of CFPB guidelines published in May 2020 pronouncing flexibility in enforcement of billing error resolution time frames that exceed the regulatory limits due to the COVID-19 pandemic, “so long as the creditor has made requisite good faith efforts to obtain the necessary information and make a determination as quickly as possible.”

“One of the primary responsibilities of community banks is being proactive,” notes Rebecca Kruse, executive vice president and chief operating officer for ICBA Bancard. “We know fraud is going to happen. There are steps banks can take to actively prevent it, but it is critical that banks are prepared to respond quickly and effectively. The ICBA Incident Response Plan is a good place to start. Fraud detection, generally provided by the processor, should have the ability to set up custom rules quickly to address fraud trends identified.”

Fraud prevention steps to take

Kruse suggests ways for community banks to increase success in preventing and mitigating the damage from fraud:

• Be able to quickly shut down the merchant, point of sale or merchant category code. This allows customers to still use their cards while foiling a BIN (Bank Identification Number) attack. BIN attacks, using a known BIN and systematically generating and testing the remaining digits of a card number to conduct fraudulent transactions, have increased.
• Monitor card networks and implement speedy and effective communication. For instance, VISA and MasterCard each have a program to identify when BIN attacks are happening and send notice to the bank.
• Identify other cards that might be at risk. This is generally done by analyzing the affected cards and the transactions that have occurred to determine if a pattern exists: where they have happened, similarities in the merchants, transaction amounts and time frames.

“About 85% of fraud attempts that we see are conducted online,” Kruse says. “3D Secure, a security protocol designed to provide an additional layer of security for online credit card and debit card transactions, is helpful, because the bank authenticates the cardholder before the transaction is authorized.

“The ultimate tool is a cross-channel fraud detection system,” she adds. “Detecting fraud down a silo for card transactions, ACH or other types is good, but it doesn’t reflect how customers conduct transactions. The most effective fraud detection works across different channels at the same time in real time.”

Kruse emphasizes how important it is for community banks to have proactive fraud guidelines in place.

“It’s critical to have a robust set of fraud rules to detect and prevent fraud during the transaction,” she says, “but it is equally important to plan ahead and be nimble enough to respond—because fraud will occur.”