Consumers Get More Comfortable with Fraud-Protection Efforts
Community-sized institutions with cybersecurity gaps are facing new attention from regulators under a pilot exam project.June 27
Over half of Americans blame Target and Neiman Marcus for the recent data breaches suffered by their customers and think merchants should prevent future incidents, according to a national survey commissioned by Feedzai.March 18
Banks are drawing more applause from consumers as they become more vigilant fighting fraud, even in cases where doing so creates inconvenience.
Scams abound in society, and banks must be cautious about everything from debit and credit cards to wire transfers, industry experts say. Financial institutions have been on high alert since Target (TGT) suffered a massive data breach late last year.
As a result, many banks are ramping up efforts to flag more suspicious card transactions. In doing so, more legitimate purchases are at risk to be inadvertently blocked. Though it annoys or angers some cardholders, half seem unbothered or relieved to know that their bank is trying to protect them, a new study found.
"Customers are aware and understand how hard it is for banks to protect them in an age where there's one data breach after another," says Shirley Inscoe, a senior analyst at Aite Group. "Customers are loyal to financial institutions that are trying to protect them."
Nearly 40% of frequent credit card users, or those that swipe plastic at least five times a month, have been alerted to a potentially fraudulent transaction or had one blocked, according to a June survey by CreditCards.com. Two-thirds of those respondents said the purchase was actually a legitimate transaction.
The frequency of false positives makes sense given an environment of heightened awareness of potential fraud, says Matt Schulz, senior industry analyst at CreditCards.com. Banks had to reissue millions of cards after the Target breach, costing $172 million, the Consumer Bankers Association said in February.
"There's always room for improvement and there's no perfect system," Schulz says. "I think this shows that banks are willing to flag as many transactions as needed so they can protect themselves."
The survey showed that many consumers were forgiving when a legitimate purchase was blocked. Nearly 30% said they were unbothered and 22% were relieved. To be sure, a quarter of respondents said they were annoyed, while 9% were embarrassed.
Two-thirds of the survey's participants said that credit card issuers were blocking transactions "as often as they should," while 23% said issuers should be even more aggressive.
This reaction likely relates to the amount of attention recent breaches have received, industry observers say. This is especially true for the Target breach, which took place around Thanksgiving and likely became a hot topic as people gathered for the holidays, says Doug Johnson, vice president of risk management policy at the American Bankers Association.
"The Target breach kind of illuminated these issues," says Vann Abernethy, a senior product manager at NSFOCUS Information Technology, a network security firm. "Everyone is comfortable with the false positives. If you haven't been a victim of fraud yet, at some point someone will probably get a hold of your credit card information."
MidSouth Bancorp (MSL) in Lafayette, La., which has been issuing credit cards for years, uses a combination of in-house resources and outsourced vendors to combat fraud, says Rusty Cloutier, the company's president and chief executive. MidSouth's three full-time employees dedicated to dealing with security "stay busy every single day," he says.
The $1.9 billion-asset company has experienced quarters where it lost more on fraud than it did on loans, Cloutier adds.
During his tenure at MidSouth, Cloutier says he has seen a change in customer attitudes toward potential fraud alerts. Frustrated and confused cardholders used to call MidSouth about blocked transactions. In recent years, sentiment has shifted to understanding.
"It pays to err on the side of stopping the transaction," Cloutier says. "The biggest loser in this game is the bank. It isn't the customer and it isn't the retailer. This will be a continuing issue and we're just seeing the beginning as we go to more mobile."
Banks are constantly refining the analytics and technology they use to flag fraud, Johnson says. In network security, banks are turning more to computers that are "almost learning in real-time to spot patterns," says Rohit Sethi, vice president of product development at Security Compass, an information security firm.
Fraud protection is a balancing act for banks. If banks prevent too many purchases, or if fraud occurs, a consumer might stop using particular cards, costing banks revenue, Inscoe says.
Banks must also avoid appearing like they watch customers' activities too closely, says Dave Aitel, chief executive of Immunity Inc., a firm that conducts data assessments and penetration testing. So far, banks have managed this pretty well, he adds.
"There's a good balance between feeling comfortable that your bank knows you as a customer and feeling weirded out that your bank knows you a little too well," Aitel says. The key is "restricting the information human beings can look at. People are more comfortable with machines analyzing their data."