Debit card issuers scrambling to ensure they have appropriate fraud-protection strategies in place before new debit-interchange rates kick in Oct. 1 are likely to confront some dilemmas, some analysts suggest.
Issuers having procedures “reasonably designed” to prevent debit card fraud may qualify for a one-cent upward adjustment in their debit interchange fees, the Federal Reserve Board said in its final rules issued in late June (
Virtually all debit card issuers will expect to qualify for the fraud allowance because of the basic existing fraud-prevention controls required to participate in the payment card networks, Beth Robertson, director of payments research for Javelin Strategy & Research, tells PaymentsSource.
But many issuers actually fall short of meeting best-practice standards in their level of fraud protection, and fraud itself is a moving target that creates potential risk and exposure for issuers that may exceed the Fed’s cost estimates, Robertson suggests.
The Fed has provided no specific guidance on the type and level of fraud protection debit card issuers are required to provide. The board is gathering industry comments on its final rule, including the fraud-prevention allowance, through Sept. 30. The Fed said it will re-evaluate the one-cent fraud adjustment in light of the feedback it receives.
“All debit card issuers have rudimentary fraud-prevention practices in place through their (Payment Card Industry Data Security Standard) requirements and card-network participation, so there is no reason to believe any issuer won’t qualify for the one-cent adjustment,” Robertson says. “But whether that cent per transaction will be enough to cover fraud as it evolves is another question that issuers need to analyze.”
Moreover, the leading debit card issuers Javelin studied earlier this year scored only 59 on the firm’s proprietary 100-point scale measuring effective fraud-management practices, which means many issuers could have broader exposure to fraud than they realize, Robertson says.
“The Fed developed its one-cent allowance based on historical data, but as fraud continues to evolve, so will costs, and debit issuers need to let the Fed know that during this comment period,” she says.
The one-cent fraud allowance may not cover all issuers’ needs because even among large debit issuers, products and systems vary widely, another observer suggests.
“Some of the most efficient debit issuers could find they are being fairly compensated for fraud under the one-cent allowance, but other operators could get squeezed,” says Mahesh Makhija, head of the cards and payments practice at Infosys Technologies, a unit of Bangalore, India-based Infosys Ltd., a consulting and fraud technologies systems-integration firm. “Actual fraud costs can vary widely from bank to bank, so a blanket allowance may not be fair.”
Debit card issuers concerned about “a rising tide of data breaches in the headlines this year” are looking not just at their own fraud controls, but they are trying to learn more about what kind of fraud controls their partners and suppliers have in place, Makhija tells PaymentsSource.
“Issuers this year are already dealing with a lot of headaches surrounding fraud, and because fraud costs can vary so widely I’m not sure the Fed’s allowance is going to be a good solution,” he says.
What do you think about this? Send us your feedback.
