The High Cost of Fighting Fraud

Ivan Schneider, Writer, specializing in financial technology | 4/6/2012 | 11 comments

Ivan Schneider
Fraud rates for payment card transactions are at historic lows: seven basis points (0.07 percent) globally and five basis points (0.05 percent) in the US, according to a CEB TowerGroup blog. The fraud rate for riskier online transactions is down from 90 basis points (0.9 percent) in 2010 to 60 (0.6 percent) in 2011, according to an article citing the Visa subsidiary CyberSource.

But let's not start patting ourselves on the back just yet. Not only are online transactions 12 times more likely to be fraudulent than card-present transactions, but CyberSource puts the damage from online theft at $3.4 billion in 2011 (up from $2.7 billion in 2010), reflecting the tendency for thieves to go after higher-value merchandise through fewer transactions.

US cardholders spent about $3.5 trillion last year. A back-of-the-envelope calculation shows online fraud represents almost 0.1 percent of card transaction volume across all major card types -- credit and debit. By way of comparison, the payment card industry, including issuing banks, merchant banks, payment processors, and card associations, collects and splits among them approximately 2 percent of total transaction volume as interchange revenue.

From these figures, we might infer that the entire card payment industry earns about 20 times the revenue as the online fraud industry. I have no information about the relative profitability of the two industries, but I have to imagine that the online theft racket involves fewer fixed costs, fewer employees, and fewer regulations, leading to high profit margins. If online theft increases this year at the same rate as it did last year (i.e., to $4.4 billion of annual revenue), then Online Theft Inc. would earn itself a spot on the Fortune 500.

The good news is that federal law states consumers are not responsible for charges incurred using a stolen credit card number. The bad news is that everyone still pays for theft indirectly, through higher prices charged by merchants who need to cover unreimbursed fraud losses, along with higher fees charged by banks.

Online fraud is a systemic problem driven by factors ranging from the absence of robust card-not-present authentication methods, the ease of spoofing IP addresses, and the perils of the packet-switched Internet to the demonstrated security vulnerabilities of major companies in the payment ecosystem (e.g., Global Payments). Accordingly, we shouldn't expect a silver-bullet fix.

Even the much-touted move to chip-based cards won't solve the problem of card-not-present transactions, the CEB TowerGroup analyst Brian Riley said in a Webcast. Though chip cards will have some impact on fraud involving counterfeit or stolen cards, the technology won't substantively change the incidence of online fraud, he said, citing parallels in the Canadian, UK, and Australian markets.

Instead, the suggested approach includes a range of logical controls, rather than physical ones, set up throughout the phases of cardholder authentication, card processing, and transaction authorization. One example would be for multi-line financial services firms take an enterprise view of a cardholder's activities across all accounts. Then, using adaptive analytics and knowledge-based neural networks powering rule induction, the risk of a given transaction can be assessed based on that cardholder's previous activity, as well as consumer behavior in aggregate.

I'm all for logical controls where they make sense, but the problem with relying upon this approach is that it greatly favors the larger card issuers. In the absence of stronger physical controls for card-not-present transactions, it has become the responsibility of card-issuing banks and merchant banks to invest in expensive technology as a workaround. As with other areas of banking, scale and scope in technology and information will confer competitive advantage.

If the best line of defense against fraud is a knowledge-based neural network, the largest institutions having the biggest repositories of customer knowledge will be best equipped to repel fraud. Conversely, smaller financial institutions that don't know enough about customers' purchase behaviors will face higher risks and higher fraud rates until they acquire the needed information and algorithms at a premium price.

Once again, the costs of fraud mitigation are not costless to consumers, who will pay for the deployment of this technology through higher costs for basic banking services, within an industry further pressured by scale effects to consolidate into larger institutions. Meanwhile, the scope of information collected about consumers in the name of fighting fraud will itself become a tempting target for thieves and an epic privacy breach in the making.

I'd like to think that there can be a more secure Internet, through which two parties could exchange payments safely and securely without having to support the expense of an all-knowing financial network having data rivaling that of a nosy intelligence agency. Furthermore, it would be wonderful to select a bank based on prices, products, and services, rather than being limited to just those banks large enough to erect a credible defense against the criminal element.

That's probably not in the cards -- or is it?

In the comments, let's hear what you think should be the appropriate mix between logical and physical controls.

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
nasimson   The High Cost of Fighting Fraud   5/4/2012 9:13:28 AM
Frauds can never be completely shunned

We live in a world where nothing is impossible. So we can easily assume the fact that if something can be done, it can be done in many different ways. Fraud was and will always exist in our society, no matter what possible security traps are applied, physical or logic based defenses. An intruder will always be able to find the long road to a single point, whether it is hacking an intelligence site or obtaining a credit card's pin number. Companies should do a complete background check before giving out credit cards as if they were Christmas gifts and keep such frauds to the minimum, if not completely shunned.

fbpmt   The High Cost of Fighting Fraud   4/14/2012 5:57:17 PM
Re: The High Cost of Fighting Fraud
@Angelfuego - but if we weren't paying for fraud prevention, don't you think we would be paying for something else, say, taxation.. !
User Ranking: Blogger
angelfuego   The High Cost of Fighting Fraud   4/9/2012 5:37:48 PM
The High Cost of Fighting Fraud
It is a shame that we have to shell out money and jump through hoops because of greedy, fraudulent beings.
batye   The High Cost of Fighting Fraud   4/9/2012 2:44:28 PM
Re: Another Cost to Consider
I trust at the end we all end up paying out of our pocket for the Fraud...

I think same as with concept of internet, part of the credit system got build created with principal of trust... new rules of the game trust no one - verify and check... 

Now Canadian Mint - creating whole new concept of virtual money and credit - if I understand correctly - simular to web coin or

Gigi   The High Cost of Fighting Fraud   4/9/2012 8:15:27 AM
Re: Another Cost to Consider
Ivan, you are very right. The cost to prevent fraud and fraudulent transactions are high. The entire system has to revamp as a part of fraud protection, which can brings a huge burden to companies. The funniest part is such R&D and implementation has only a lesser life because hackers come up with other technologies, which can easily tamp the security.
sohaibmasood   The High Cost of Fighting Fraud   4/7/2012 3:50:26 PM
Re: Another Cost to Consider
@Ivan: I have not been much of an online shopper but I think in some cases even if the check out fails the cart items still remain. So, you could just go to the check out page again and perform the transaction. I am not too certain about airline tickets but I am confident it happens with some of the other stuff we buy online. 
Ivan Schneider   The High Cost of Fighting Fraud   4/6/2012 2:17:41 PM
Re: Another Cost to Consider
@fbpmt: It is annoying to go through an entire checkout process (e.g. for airline tickets with seat selection and all the other rigamarole) and then have something go wrong after you click the "purchase" button. It's like walking around with a bunch of $20s in your pocket, not knowing whether they're real or counterfeit. 

It would be nice if card payments, whether card-present or not, were secure enough by design that you wouldn't have to worry about being turned down for a legitimate transaction. The question is whether that's a possible state of affairs.
User Ranking: Blogger
Ivan Schneider   The High Cost of Fighting Fraud   4/6/2012 2:11:22 PM
Re: Another Cost to Consider
@David: The reason you're getting those false-positive "declined" messages is because the industry relies too heavily on logical defenses (e.g. pattern recognition) and not enough on physical defenses (e.g. security tokens, biometrics). 

The choice isn't strictly between open and secure, it's between unwieldy physical security with a low rate of false positives on the one hand, and convenient logical security that will occasionally decline your transaction on the other. The payment industry has gone with the logical security approach because the fraud losses of the lighter-touch approach would be outweighed by the "I can't figure out how to use this" and the "I forgot my SecureID at home" revenue losses. 

Unfortunately, the rapidly rising rate of fraud has negative externalities in that the people who commit the fraud are not nice people, who likely reinvest a portion of their proceeds into other criminal enterprises. 
User Ranking: Blogger
David Wagner   The High Cost of Fighting Fraud   4/6/2012 1:51:47 PM
Re: Another Cost to Consider
@fbpmt- I suppose, but i don't know how you could change it. How could a credit card company know a card has been compromised before someone tries to use it?
fbpmt   The High Cost of Fighting Fraud   4/6/2012 1:46:16 PM
Re: Another Cost to Consider
But, David and Ivan - isn't part of the problem that you fnd out if the card is acceptable until after you sign up etc. and then something happens, like being blocked from a purchase?
User Ranking: Blogger
Page 1 / 2   >   >>

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Ivan Schneider
Ivan Schneider   10/30/2013   29 comments
Sears and Whole Foods will take a go-slow or no-go approach to microlocation services, executives from the companies said during a panel discussion Monday at the Seattle Interactive ...
Ivan Schneider   10/15/2013   8 comments
Alex S. Jones, lecturer on the press and public policy at the Harvard Kennedy School of Government, recently spoke to Harvard alumni in Seattle, and he pointed out that the invention of ...
Ivan Schneider   9/19/2013   23 comments
In response to the expanded range, frequency, and ferocity of cyberattacks against financial institutions, the financial services industry has upped spending considerably on ...
Ivan Schneider   9/11/2013   9 comments
Central clearing and other Dodd-Frank Act regulations have made it more expensive for the banks and brokerages to manage the tangled processes involved in post-trade activity: matching, ...
Ivan Schneider   8/13/2013   7 comments
With virtualization driving IT servers and storage toward a cloud-powered market for IT services, CIOs have to prepare themselves for what it means to be a buyer of commodities in a global ...
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
A Video Case Study – Translational Genomics Research Institute
e2 Video

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   46 comments

Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   16 comments

New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   16 comments

The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments

We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments

Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments

Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments

Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments

On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments

Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments

A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments

VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments

Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments

Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments

Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments

The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.