Bank Takes Tough Stand on FraudBlocks Signature-Based Debit Transactions in 3 States
"I don't think this is decision to block entire states is indicative of a trend at all," says Jerry Silva, a financial industry consultant and owner of PG Silva Consulting. "But I think it does show that banks have ways of combating fraud, even if it's heavy-handed, such as this move."
Bonneville Bank declined to comment on its decision to cut off signature debit transactions in those three states; but according to the bank's website, Bonneville announced on July 6 that "high amounts of fraudulent card activity in California, Florida and Georgia," pushed the bank's leadership to cut off all signature-based debit transactions in those markets. Only PIN-debit will now be allowed.
Signature-based debit transactions do not require the entry of a PIN. When the debit card is swiped, the transaction is run like a credit transaction, and therefore carries a higher interchange fee. But signature-based transactions also are more prone to fraud, because they do not have the second layer of authentication that the PIN provides.
Doug Johnson, vice president of risk management and policy for the American Bankers Association, says he does not expect the cutoff of signature-based debit transactions among U.S. states to become a common practice, but adds that banks should do what they deem necessary to help reduce fraud losses.
"I do not know of other institutions that have taken the strategy that the Utah bank took," Johnson says. "But I don't think it's an unreasonable approach for this bank." Banks in the past have temporarily limited or cut off certain debit transactions in markets where fraud levels are high. Given Bonneville's small footprint, it likely has few transactions in those markets anyway. "It would probably just be easier for them to require PIN for those specific transactions," Johnson says.
Signature-based debit transactions, because of the relatively higher interchange fees, are more profitable for banks than PIN-based debit transactions. But Mike Urban, senior director of global fraud solutions at FICO, says losses in the U.S. from signature debit fraud are more than double the losses from PIN-based fraud. "There's much more signature-based fraud, from a dollar perspective and a transaction perspective," he says.
That's because it's relatively for fraudsters to copy or skim magnetic stripe details and create fake cards. Urban points to the TJX and Heartland Payment Systems breaches as examples. "In several of the big hacks, the PIN was not compromised because it was encrypted in the transaction message," he says. "They just got the card details."
Urban agrees that Bonneville's strategy seems aggressive, but given the bank's size and cardholder base, the decision might make sense. "A smaller financial institution such as Bonneville Bancorp is not going to have the same level of fraud that a larger, national financial institution would," he says. "The bank's management might not have or need to have the same focus or strategy on fraud prevention that a larger banking institution does."
Most banks and credit unions, Urban says, are leaning more on behavioral analytics to determine whether certain debit transactions should be approved or denied. "Usually you have a finer-grained fraud strategy, where you would look at particular zip codes, particular transaction volumes," he says. "You don't usually block an entire state."
Silva says institutions do have the ability to shut off certain transactions based on customer options, allowing bank customers to set their own parameters. "But every institution is different and the fraud levels are going to vary per institution," he says "What works for one is not going to work for all."