Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
June 19, 2017
Calculating Fraud: Part 2
Part 1 of this two-part series outlined an approach for whittling down credit card transactions to the value or number of authorized and settled payments as the denominator for calculating a fraud rate. This post reviews the elements needed to quantify the numerator.
To summarize from the previous post, when analyzing credit card fraud rates, you should consider what is being measured and compared. To calculate a fraud rate based on value or number, you need a fraud tally in the numerator and a comparison payment tally in the denominator. The formula works out as follows:
Fraud Rate = Numerator
Where, for any given period of time
Numerator = Value, or number of fraudulent payments across the payments under consideration,
Denominator = Value, or number of payments under consideration.
Before calculating the numerator value, you must first decide what types of fraud to include in the measurement. One stratification method divides fraud into the following two categories:
- First-party payments fraud results when a dishonest but seemingly legitimate consumer exploits a merchant or financial institution (FI). That is, the legitimate cardholder authorizes a credit card transaction as part of a scam. One manifestation of this is "friendly fraud," whereby a consumer purchases items online and then falsely claims not to receive the merchandise.
- Third-party payments fraud occurs when a legitimate cardholder does not authorize goods or services purchased with his or her credit card. Besides the victimized cardholder, the other two parties to the transaction are the fraudster and the unsuspecting merchant or FI.
Sometimes no clear delineation between first-party and third-party fraud exists. For example, a valid cardholder may authorize a payment in collusion with a merchant to commit fraud.
The 2016 Federal Reserve Payments Study used only third-party unauthorized transactions that were cleared and settled in tabulating fraud. The study measured and counted fraud as having occurred regardless of whether a subsequent recovery or chargeback occurred. Survey results had to be adjusted because some card networks report gross fraud while others report net fraud, after recoveries and chargebacks. Furthermore, the study made no effort to determine which party, if any, in the payment chain may ultimately bear the loss. Finally, the study did not measure attempted fraud.
Excluding first-party payments fraud
The study excluded first-party fraud due to the greater ambiguity around identifying and measuring it along with the idea that it is difficult to eliminate, given that controls are relatively limited. One control option would be to place repeat offenders on a negative list that, unfortunately, might not be shared with other parties. As a result of excluding first-party fraud, the study focused on fraud specific to the characteristics of the payment instrument being used.
Paraphrasing from page 30 of the 2013 Federal Reserve Payments Study, first-party fraud, while important, is an account-relationship type of fraud and typically would not be included as unauthorized third-party payments fraud because the card or account holder is by definition authorized to make payments. Consequently, first-party fraud can occur no matter how secure the payment method.
As with tallying payments, you could follow a similar process for tallying fraudulent payments for other types of cards payments, with more questionnaire definitions and wording changes needed for other instruments such as ACH and checks.
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Looking for Partners in Safer Payments
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud