Card Fraud: 4 Keys to Building a strong Program

Card Fraud

Card fraud has a special place in my heart. It’s where I began my career in fraud, and what helped propel me to where I am today. As a card issuer there aren’t many ways to differentiate your product from your competitors other than the benefits that are offered and APR (Maybe a cool design or color?). But what if there was something you had a little more control over that could help you stand out?

Success isn’t just measured by how many customers you can bring on, but also by how many you can retain. One of the leading causes for customers to close their cards is the feeling that their issuer isn’t doing enough to secure their accounts. Another is the experience that they have at the POS. By declining good sales, you could be inadvertently denying all future sales.

You see, when it comes to card fraud I can stop 100% of it. But you might not have a business for very long. Card fraud is a balancing act, and one that needs to be walked delicately. Below are 4 keys that I believe will help you strengthen your card fraud program and increase your overall customer experience.


1. Data Driven Decisions

This is the first step. By leveraging data you can identify gaps, patterns, and trends at a much quicker pace. The faster you are able to identify a problem, the faster you can react and adapt. Having methods to track your key performance indicators (KPIs) is going to be essential in ensuring that your program is running as efficiently as possible and you aren’t missing instances of fraud. I’ll follow up with another article that explains what KPIs I have used, and why I believe they are important. But for now here are a few:

  • Gross Loss by Product
  • Fraud To Sales
  • Authorization Declines
  • Fraud By Type
  • Rule Performance

2. Proactive Reissue Strategy

Whether this is the typical MasterCard/Visa alerts, or leveraging systems that attempt to identify the point of compromise before it’s “public”, it’s important to create an efficient way to reissue potentially compromised cards. Since the introduction of EMV we have seen a dramatic shift in fraud trends towards card not present (CNP) activity. It is much harder to write accurate rules around CNP activity because you don’t have the enriched location data.

The use of dark web data can help quickly find cards that are at a high risk of being used and allow you to act on those. Create criteria that segments the “at-risk” population into risk tiers and immediately block/reissue the highest risk cards.

I have personal experience working with two different vendors that assist with this problem.

Card Fraud Vendors

Gemini Advisory– Gemini Advisory leverages dark web data to deliver insight into ‘at risk’ cards. They are able to deliver raw data as well as intuitive dashboards to review multiple different elements. Shops, compromises, average price of cards, and many other useful data points. By ingesting data at this level, institutions are able to create proactive reissue strategies focused on true ‘at risk’ cards for sale on the dark web.

Rippleshot – Have you ever been interested in where cards have potentially been compromised? Have you ever had a problem taking a batch of cards and accurately pinpointing where the information was stolen? Well Rippleshot assists with this by utilizing authorization data, instances of fraud, and their cloud to identify exactly where cards have been compromised. By being able to leverage the consortium to identify points of compromises it will allow you to quickly identify your potentially ‘at risk’ cards and reissue based on their Fraud Forecast score.


3. Leveraging Lists

For the cards that don’t meet the criteria for immediate reissue, you can leverage lists within your fraud auth systems to write more efficient and accurate rules on your ‘at risk’ population. This can help reduce the negative impact on your overall customer base that might receive declines for normal purchases and give you the ability to hone in on specific fraud trends. Depending on the capabilities of your fraud software you can leverage multiple lists and segment your strategy based on point of compromise.

My first recommendation would be to create a master file for base scoring purposes. Then, create additional lists based on the type of data stolen and the trends associated with that specific compromise. Finally, for scoring you could even keep CNP and Track 2 compromises separate because your scoring thresholds might differ based on the transaction type and compromise method.


4. Dynamic Rule Writing

“If-then” logic is getting less and less beneficial as fraudsters begin to adapt and leverage technology to quickly identify thresholds and rule logic.  Rules, to me, are becoming more of a last-ditch effort to pick up the fraud that gets through the previous layers. Don’t get me wrong, I believe auth rules are important. They should continue to have focus from fraud analysts across financial institutions. But if this is the only approach your fraud shop is currently utilizing, then I would venture to guess you have an increasingly large fraud problem, as well as declining customer satisfaction due to false positive declines.


Cards are an easy way to commit fraud. They are relatively cheap, and rarely do fraudsters get caught. As a professional fraud fighter you should shift your focus from how often a fraudster attempts, to how often they are successful. You can’t control how many times they swipe/key that card. But you can control how many times that transaction is approved.

I hope this helped give additional insight into new ways to approach card fraud.

Never stop chasing checkmate.

Leave a Reply

Scroll to Top