1. Field of the Invention
The present invention generally relates to identifying credit and debit card fraud and, more particularly, to a computer based system for identifying a relatively few suspect counterfeit card transactions from among the massive number of card transactions which occur on a daily basis.
2. Description of the Related Art
Over the past few decades banks and other financial services organizations have been developing and implementing electronic on-line systems to better serve their retail customers. These systems have involved access devices such as credit cards and debit cards. These cards usually comprise a embossed account number on one side and a magnetic-stripe containing account information in machine readable form on the other side. Debit cards, which deduct funds directly from the user's bank account using an automated teller machine (ATM) or point of sale (POS) terminal, generally require the user to enter a personal identification number (PIN) in order to complete a transaction as a modicum level of security against fraudulent use. Credit cards, on the other hand, do not take money form the user's account, but rather are more akin to a loan from the issuing financial institution to purchase goods and services and, to a lesser extent, obtain cash advances. Credit cards transactions are therefore signature based and generally do not require a PIN number, but simply a signature to complete the transaction. A class of debit cards, known as check cards, now carry the major credit card association and can be used like a credit card in a signature based mode or like a debit card in a PIN based mode at the option of the card holder and the ability of the merchant to handle the transaction. For purposes of this discussion, when credit is used this hybrid card is equated to a signature based card, and when debit is used it is equated to a PIN based card. Since it is in the financial institution's best interest to make using a credit card as carefree as possible, it is generally not required to show a second form of identification when using a credit card. It is thus virtually impossible for a sales clerk to verify the authenticity of a signature or the true identity of the person before them.
The nature of organized, multiple-card debit fraud (PIN based) is markedly different from that of credit card fraud (signature based). Much of this difference stems from the differences in nature between credit card and on-line PINed debit card transactions. The following points identify some of these key differences.
No human interaction is needed to complete on-line debit transactions, unlike the case for credit card transactions. This means that a perpetrator with an "inventory" of counterfeit cards can take a sizable number of cards to a "faceless" ATM (especially during off-hours) and complete many transactions.
Unlike credit cards, debit card transactions require no signature; thus no paper trail exists.
Fraudulent credit card transactions require that the goods purchased be "fenced" in order to give the perpetrator the cash value being sought. Fraudulent debit card transactions can yield cash directly.
Spending with credit cards is limited only by the account's credit limit, while on-line debit cards are limited by a daily withdrawal.
On-line debit transactions have PIN protection, for which there is nothing comparable for credit cards. Once criminals learn how to compromise PIN security, however, PINed debit cards could become more risky than credit cards.
For distribution and economic reasons, FIs share usage credit, ATM and POS terminals used to gain entry to their systems. This shared environment has grown to the point where tens of millions of transactions worth tens of billions dollars flow through it each month. This has translated into a real convenience for FI customers and a business success for the industry. However, as the volume of dollars moved by these services has grown, more attention is being focused on the potential security threats, particularly fraud. Card fraud is increasing, and the potential for more and larger losses is significant. The industry has inadequate technical solutions in place to prevent this fraud and lacks a monitoring system for its early detection and control.
A promising solution has been implemented on a very limited basis in the form of smart card technology which entails placing an electronic chip in the card which is difficult to counterfeit. Smart cards promise multiple-level protocol capabilities for cardholder identification thus having the potential to be more secure than magnetic stripe technology. However, it probably will be at least ten years before smart cards are implemented industry-wide. It will still be necessary to secure the magnetic stripe, therefore, since the two technologies will coexist on the same card during that interim period, the magnetic stripe serving as the primary means to transfer value from a deposit account onto the chip.
Traditional fraud involves one cardholder and one bank issuer. Counterfeit fraud involves an unknown number of banks and an unknown number of their respective cardholders. It is this unknown extent of the counterfeit debit fraud that makes the threat so menacing. Once a scam is discovered, it is often difficult to ascertain whether the problem is a minor one, or a major one.
Using a disease analogy, traditional fraud can be compared to a wound. That is, when the cardholder reports the fraud, the bank has a good reading on its dimension and the necessary treatment. The dimension is the amount reported by the cardholder as missing, and the treatment is to status the card and research the transactions involved. Counterfeit fraud, however, like a disease, is often mis-diagnosed and treated as a wound, which allows it to spread unchecked among other segments of the bank's card base, as well as to those of other institutions, until it is finally uncovered.
Counterfeit card fraud is a two-part crime. In the first part, access to the account is compromised, in the second, funds are stolen or unauthorized merchandise is purchased. The first part leaves no obvious physical trail, but it is the key to determining the dimension of the fraud. The second part of the crime, the theft, separated in time from the first part and resembling traditional fraud, may be misdiagnosed, and hence mistreated, unless information on its incidence is shared and matched with other incidences.
Many financial institutions are currently fairly well able to identify specific instances of card fraud. For example, many FIs employ neural networks which monitor and "learn" an individual customer's spending behavior. Thus, when a card is being used in an unusual manner, such as many large purchases or many purchases at unusual locations, the neural network will flag that particular card for possible fraud and further investigation. Usually, this investigation simply involves a representative of the FI calling or writing to the customer to which the card was issued to verify that the use was authorized. However, while this type of detection is a useful tool to determine isolated incidences of fraud, such as a stolen card, it is ineffective in detecting patterns from among all card transactions indicating the possibility of multiple counterfeit card fraud.