Some tweaks to its travel-related fraud-protection strategies helped an Iowa credit union last year reduce its credit card charge-offs by 16%.
The University of Iowa Community Credit Union, with guidance from credit-union payment system consultants The Members Group, began changing its card-fraud prevention strategy three years ago.
The adjustments bore fruit in 2011. Besides the reduction in charge-off expense after all recovery efforts, the institution experienced a 27% drop in gross fraud (the amount of fraudulent purchases posted on cardholders' accounts, before any recovery efforts) per case and a 41% drop in fraud losses charged off per case.
"Even if the dollar amount of what you're writing off is the same or more, if you reduce how much you're writing off per case, you're being very effective with your strategies," says Karen Postma, The Members Group's senior card risk manager. "I can't control how many accounts a fraudster has of yours, but I can control how much they get per case."
The 90,000-member Iowa Community Credit Union uses First Data Corp.'s Falcon fraud-prevention system, which uses Fair Isaac Corp.'s fraud-scoring model and allows The Members Group to write and attach customizable rules depending on financial institution, Postma says.
The credit union also changed its procedure for compromised accounts. Instead of reporting a compromised account to the warning bulletins of Visa Inc. and MasterCard Inc., thereby preventing use of the card, the credit union issues the cardholder a new card and keeps the account open so the cardholder can continue to use the account. This ensures no gap in customer service, and it saves the credit union the expenses associated with reporting the account to the warning bulletins.
"Whether or not this is the best approach is debatable among credit unions," Chris Carlson, the credit union's credit card manager, said in a press release. "For us, the cost savings and, more importantly, the uninterrupted service to our members far outweighs the slight additional risk by not listing the cards in the warning bulletin."
The credit union has a member portfolio that includes not only University of Iowa students but also faculty and researchers and administrators who travel frequently domestically and internationally.
The $1.4 billion credit union and The Members Group made changes to the system so it would know the distance between the cardholder's home and where a transaction is initiated. The system will stop transactions initiated at a far distance and at merchants considered high-risk, such as electronics stores.
Because of its members' travel habits, the credit union and The Members Group tightened travel restrictions.
Previous efforts to lower the risk of transaction declines for traveling members also raised the risk of fraud. Now, instead of removing restrictions from the accounts, the credit union routes flagged transactions to The Members Group's in-house work center where a fraud analyst can review them.
A financial institution's decision-making regarding compromised accounts is not simple, says Julie Conroy McNelley, senior analyst with Aite Group. And erring on the side of caution can backfire, she says.
"We're seeing so many data compromises that crop up, a lot of times they don't necessarily directly translate into fraud risk," she says.
Many financial institutions instead deploy a new strategy in their risk system to have a closer watch on those accounts for a period of time to make sure fraud doesn't crop up, but they don't automatically do a blanket reissue, McNelley says.
"As one financial institution said, 'In some geographies, we're seeing these compromises due to data breaches or skimming so often if we did a re-issue every time you'd have cardmembers getting new cards three times a year,' " McNelley says. "Every time you do a reissue like that you run the risk that the consumer is going to have a perceived level of insecurity associated with that card and they'll use it less."
14-Day Free Trial
Corrected March 8, 2012 at 11:53AM: An earlier version of this story used an incorrect name for The Members Group.