Small Issuers Get Fraud-Fighting Muscle from Members Group

Credit unions and community banks served by The Members Group now have access to a fraud prevention tool that allows them to set more detailed parameters for spotting suspicious transactions.

Clients of the Des Moines, Iowa, provider of card processing and payment services can write their own fraud-spotting rules with DefenseEdge, a fraud prevention platform from Kohlberg Kravis Roberts & Co.'s First Data Corp., says Karen Postma, senior cards risk manager at The Members Group.

DefenseEdge has features that make employees' monitoring more efficient and reduce authorization and verification checks with cardholders, Postma says. Cutting down on false positives means fewer calls to cardholders to verify a transaction or PIN-change request, Postma says.

The technology can help fight "brute-force attacks," which are high-speed and high-volume computer-based attempts at guessing the security codes written on the back of payment cards. Financial institutions can tell DefenseEdge to block a card if within two hours it has had three security code mismatches.

The ability to specify parameters for DefenseEdge to monitor, such as transaction frequencies in certain time periods and transaction amounts, allows financial institution employees to spend less time looking for fraudulent purchases, Postma says.

For instance, seeking a transaction of $20.02 with a product lacking DefenseEdge's capabilities would require searching all transactions between $20 and $21. With DefenseEdge, which can also monitor signature and PIN debit transactions, "we can write rules to the penny," Postma says.

Also on the rise are account takeovers, which occur when a criminal calls to change an account's address and requests a new card, she says. When the financial institution checks charges, the criminal authorizes them because the criminal answers the verifying phone call. Criminals also try to change PINs for a stolen card or skimmed or hacked information.

When a caller tries to change an address or PIN, whether with a live customer assistant or with an automated system, DefenseEdge sends an immediate outbound call to the cardholder to verify the request is legitimate.

DefenseEdge "not only will stop fraud quicker and give us more flexibility to get granular in writing those rules, you'll have true cardholders that won't get impacted as much, you're going to have a lot more customer satisfaction, and potentially not as many costs for the outbound calling and verifications of transactions," Postma says.

DefenseEdge also monitors purchase behavior to detect the use of a counterfeit card, Postma says.

"They're going to try to use it until they get declined, and that's not typical consumer behavior," she says.

Financial institutions also use logic to set parameters, she says. If a criminal uses a card from an Iowa cardholder in Florida for a $1,000 purchase at an electronics store, it raises suspicions; travelers don't usually make such transactions, Postma says. The DefenseEdge manager can specify distance and transaction amount in telling DefenseEdge what should trigger authorization attempts.

About 99% of the businesses that handle credit cards are the smaller merchants that process fewer than 20,000 transactions per year, says Julie Conroy McNelley, research director for Aite Group's retail banking practice.

The high volume of transactions make such businesses a target for skimmers and hackers, McNelley says. "From a credit card fraud perspective … [that translates to] increases in counterfeit card not present fraud, as the bad guys look to monetize all the credit card numbers that they've compromised," she says. "Tools like DefenseEdge are very good at helping devise strategies that can nip those kinds of things in the bud."

Smaller customers likely will allow The Members Group to write rules and operate DefenseEdge for them, while the larger clients may choose to customize more, Postma says.

McNelley says because of credit unions' and community banks' smaller sizes, a tool such as DefenseEdge offered by an organization like The Members Group can be beneficial.

"Credit unions are always out to provide a very user-friendly experience for their members, and it's a tough balancing act between protecting both the credit unions and their members from fraud while not inconveniencing the members while they're trying to conduct legitimate transactions on their cards," she says. "All banks struggle with that friction, but credit unions tend to be smaller and so they tend to have less in the way of technological budget and resources they can bring to bear on this problem."

For reprint and licensing requests for this article, click here.
Community banking
MORE FROM AMERICAN BANKER