As hordes of travelers descend upon Brazil to enjoy the once-in-a-lifetime festivities of the World Cup, many of them will be blissfully unaware that fraudsters are already putting into action new ways to steal their credit card details.
Brazil’s ministry of tourism predicts that the 3.7 million people travelling in the country will collectively spend more than USD 3 billion during the World Cup this year. Out of these, it is estimated that the average international tourist will attend at least four matches and spend at least USD 2,500 during their stay in Brazil.
Like other emerging markets, Brazil faces a future characterised by just as many challenges as opportunities. Fraud in particular is a huge problem, and Brazil has experienced its fair share of ATM and counterfeit payment card fraud issues which directly led to the accelerated adoption of EMV within the country.
This combination of a glut of tourists into a market already struggling with complex fraud issues creates something of a perfect storm for organisations concerned about financial security. In fact, reports by Kaspersky Lab have already uncovered rampant cyber-attacks dubbed “World Cup Malware” which specifically target card and internet banking customers looking to buy tickets or browse for match information.
So how will this impact issuing banks and processors in Asia Pacific? Countless reports have talked about the Asian obsession with European football and the World Cup is no exception. Numerous European clubs from the likes of Manchester United to FC Barcelona have reported that the increasing affluent and connected Asian fans are their key supporters, and at the last count, the English Premier League alone had an estimated 820 million fans in Asia.
With such a fan base, it is safe to assume that a significant number of Asian supporters will make the pilgrimage to Brazil. These tourists will be using cards issued by local and regional banks and browsing for information on their laptops and mobile phones, potentially exposing themselves to fraudsters via skimmed terminals or infected wireless ports.
Therefore, we advise banks and financial institutions to proactively build robust strategies to deal with a higher-than-expected level of fraud.
Card fraud hurts customer loyalty and we know from our own survey data that attrition rates average 21% after experiencing fraud. Moreover, cardholders are "very interested" to participate in the fight against fraud.
Hence, banks should encourage cardholders to notify their destinations and travel dates in advance. These educational campaigns can be more relevant, by considering some level of filtering on demographics, frequent travel, and the type of card (for e.g. one bank issues Man-U co-labeled cards in South East Asia).
Some of our clients have even made this easy by digitising the function allowing customers to report their whereabouts via the internet and mobile banking apps. The authorisation strategy works both ways by allowing transactions (unless flagged suspicious for other reasons) in the notified period from that country as well as by declining them after the expiry and those that arise from other countries within that period.
While it is natural to increase the level of defense on the usual strategies of detecting skimming, point of compromise, phishing, malware etc, we advise our clients to also put in place strategies to reduce the likelihood of a disgruntled customer.
Profiling can dramatically reduce the false positive rate by providing a sneak peek at the customer's behavior. For high transaction amounts, behavior and revenue scores can also provide a good measure of the risk and opportunity cost of losing share of wallet in the long run.
Considering that Brazil is almost half a day behind the Asian time zones, a banks’ operating hours and the customer's normal hours are unlikely to overlap. An effective and event-triggered two-way communication strategy for customers should underpin any fraud prevention strategy to minimise the likelihood of a disgruntled customer.
It can be the medium for the customer to keep the bank informed of their travel plans. And not just during the World Cup. This is best practice for financial institutions at any time of the year as globalisation and increasingly dynamic populations mean consumers and their money are always mobile, and always on.
A quick exercise to validate and refresh fraud strategies against the events that will dominate the world's attention for the next one month or so will not only protect the interests of banks and their customers in the short run, but also make it healthier and ready for future.
The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Asian Banking & Finance. The author was not remunerated for this article.
Do you know more about this story? Contact us anonymously through this link.
Subhashish Bose is a senior consultant for prevention of financial crimes with ACI Worldwide. He is an expert in payments fraud and credit risk and has worked with many top banks in the APAC region to formulate strategies, systems and processes to effectively manage risk. Prior to joining ACI, Mr. Bose spent many years with FICO. Mr. Bose's qualifications includes an MBA from the Indian School of Business (ISB) and B.Tech from the Indian Institute of Technology (IIT).