Merchants’ use of fraud fighting technologies is growing as payment fraud continues to be at the top of mind of many retailers. New technologies are also coming on the market to try to combat fraud.
    There’s little question that increasing levels of protection are needed. In April, HSBC Holdings, Plc notified some 180,000 people who used MasterCard credit cards to make purchases at Polo Ralph Lauren Corp. that criminals may have obtained access to their credit-card information, and that they should replace their cards.
    The situation involved a General Motors Corp.-branded MasterCard, which is one of the most widely held credit cards in the United States.
    Several smaller incidents are in the news nearly every day, leading to more efforts to combat card fraud, which often is closely related to or the trigger for identity theft. According to a U.K. company, card fraud in that country jumped 20 percent in that country during the first quarter of 2005, compared to the same period in 2004. Similar figures for the United States were not available at press time.
    One of the most widely used such technologies for fighting payment card fraud is Verified by Visa, a cardholder authentication service that helps protect Visa card numbers against unauthorized use. In the past year alone, Verified by Visa's share of e-commerce transactions has grown over 40 percent and transaction volume during the first quarter of 2005 has increased more than 230 percent over last year, according to company officials.
    For participating Verified by Visa merchants, more than $3 of every $10 of ecommerce processed by Visa comes from Verified by Visa authenticated transactions. The average Verified by Visa transaction is now $173, an increase of 4% from last year. The value of the average Verified by Visa transaction is more than triple the $56 average size of a Visa transaction.

    CyberSource Corp. recently launched its PCI Compliance Service, an assessment and readiness program for ecommerce merchants seeking full compliance with the Payment Card Industry Data Security Standard (PCI), the unified data security standard developed by Visa and MasterCard.
    Merchants not PCI certified could face fines as high as $500,000 or be permanently barred from the card acceptance program. Certification is a proactive step by the card associations aimed at limiting the growing threat of cardholder information theft. For ecommerce merchants, cardholder security breaches can threaten the overall value of a business, seriously impacting customer and investor trust and loyalty long after the story has faded from the headlines.
    The CyberSource service engagement focuses on a set of three readiness phases, followed by an independent audit. The readiness effort begins with compliance planning, carried out with all appropriate customer stakeholders. This stage is followed by a pre-assessment audit in which all affected systems, policies, and processes are reviewed and a detailed list of projects required to achieve compliance is compiled. Remediation then addresses those compliance gaps and concludes with a statement of audit readiness. At this point, CyberSource engages a third party for an independent compliance audit. Following compliance, CyberSource offers compliance maintenance services by managing quarterly vulnerability scans, assessing scan results, monitoring changes in PCI requirements and managing associated readiness efforts.

    Visa USA recently added a new layer of technology to help its member financial institutions reduce application fraud losses and account takeover fraud. The new fraud fighting effort is being developed through an association with Chex Systems, Inc., a wholly owned subsidiary of eFunds Corp., and will only be available through Visa to its card-issuing members.
    Visa is offering this service with eFunds to provide members a tool to fight fraudulent consumer card applications and change of address-based identity theft. Specifically, issuers will screen their Visa debit and credit card applications and change of address requests against an enhanced database to verify a range of information variables such as address, phone numbers, bankruptcy information, and now related checking account fraud from eFunds.
    In a recent study with three U.S. member financial institutions, the new service could have prevented an estimated 23.5 percent of their total fraud and charge-off losses. This improvement was above and beyond existing fraud and risk management solutions in place at the time of origination. The addition of checking account industry fraud data on balance provided in this study a nearly 50 percent increase in detection performance.
    This new service joins the Issuers' Clearinghouse Service (ICS), an application verification database populated with Visa and MasterCard application and fraud data, in the fight against fraud and is only available from Visa and its exclusive partnership with eFunds. Full availability of this application risk tool is planned for third quarter 2005.