Debit Card Fraud: A Growing Issue in Financial Services
Debit cards are among the most popular payment methods for both physical and digital transactions worldwide.
And, as the COVID-19 pandemic has led to a digital transformation worldwide, contactless methods like debit and credit cards as well as e-wallets have gained further traction since 2020. Indeed, payment cards allow people to spend money conveniently without resorting to cash or bank transfers.
On the other hand, this significant shift in consumer trends also opens up more possibilities for cybercriminals to steal victims' funds via debit card fraud. According to a FIS report, the pandemic-fueled digital transformation led to a 35% increase in the dollar volume of attempted fraudulent transactions in April 2020 compared to a year earlier.
While regulators are aware of this issue and are stepping up their game to protect citizens against fraudsters, criminals learn fast and utilise more sophisticated methods.
What are the most common types of debit card fraud?
Debit card fraud falls into two major categories: where the criminal uses the physical card of the consumer and card-not-present (CNP) fraud, in which fraudsters siphon money from the payment card via using it online or over the phone.
The prior can occur in many ways, from theft on the street and intercepting your mail to attaching a card skimmer device to an ATM to create a counterfeit card. In these cases, fraudsters use the physical card (or a cloned card) either at an ATM to withdraw cash or a point of sale (PoS) terminal at a merchant.
On the other hand, cybercriminals utilise a wide variety of tactics to acquire debit card details for CNP fraud, including hacking centralised databases of merchants or financial services, skimming, and phishing attacks.
After they have the necessary information – which is often paired with sensitive personal data like social security numbers, date of birth, name, and billing address, perpetrators use this to purchase products and services at merchants to be sold later or open new financial accounts to monetise the stolen card details.
How can businesses and consumers protect against debit card fraud?
No matter the industry or the company's size, the satisfaction and the protection of customers should be the top priority for every reputable business. Since card fraud is becoming a more significant threat each year, they have to offer the necessary safeguards to minimise the risks of successful attempts of fraudsters.
To achieve that, a business has to consider implementing multiple measures. For example, encrypting customers' card data at each stage of the payment process reduces the likelihood of fraud. Obviously, if you handle sensitive data from many customers, you need to spend the necessary resources to establish a highly resilient IT infrastructure that can effectively identify and respond to cybersecurity threats.
In addition to getting your business PCI DSS certified, utilising a combination of active fraud monitoring – preferably via artificial intelligence solutions – and mandatory 2-FA checks via 3-D Secure 2.0 (even outside the EEA) can help combat debit card fraud more efficiently.
However, to win the war against fraudsters, we also need cardholders to stay vigilant against scams. As a consumer, it's a good idea to set up spending alerts and monitor your account balance regularly so you can spot any irregularities. This is very important, as most regulatory laws protecting against card-not-present fraud require victims to report crimes within a specific timeframe.
Furthermore, phishing is among the most popular ways to steal financial or personal information from individuals to be later used for debit card fraud. Fortunately, by following some simple but reliable practices – such as double-checking website URLs, using good anti-virus software, refusing to open or download email attachments from recipients you don't know, and only sharing data with sites you know and trust –, a card holder can avoid falling victim to a phishing attack.
While it may sound obvious, it is hard to emphasise enough the importance of utilising strong passwords for online services, with two-factor authentication enabled even for your social media accounts. If you have many different logins, then it's a good idea to use a password manager so you don't forget them.
In terms of physical fraud, try to choose a service provider that offers one-click card freeze or block, so you can prevent criminals from siphoning money from your account if your card gets stolen or lost.
Cooperation is the key to combat debit card fraud
When it comes to any kind of fraud, there is no one-size-fits-all solution.
Unfortunately, cybercriminals are savvy and learn fast, which means that they will be able to bypass many of the anti-fraud measures we utilise now to secure consumers' sensitive information.
For that reason, businesses and their customers must work together to protect themselves against debit card fraud and other types of cybercrime on a case-by-case basis. If everyone does their share in this field, the card market in general will become more resilient against fraudsters' attempts.
Author: Alexander Vasiliev, Co-Founder and CCO at the global payment network Mercuryo