Bank Takes Tough Stand on Fraud

Blocks Signature-Based Debit Transactions in 3 States
Bank Takes Tough Stand on Fraud
An extreme decision made by one small bank in Utah to reduce fraud losses is not likely to become the norm. But the move by Provo, Utah-based Bonneville Bancorp ($34 million in assets) to block signature-based debit transactions in California, Georgia and Florida does show that banking institutions have recourses to pursue in their fight against card fraud.

"I don't think this is decision to block entire states is indicative of a trend at all," says Jerry Silva, a financial industry consultant and owner of PG Silva Consulting. "But I think it does show that banks have ways of combating fraud, even if it's heavy-handed, such as this move."

Bonneville Bank declined to comment on its decision to cut off signature debit transactions in those three states; but according to the bank's website, Bonneville announced on July 6 that "high amounts of fraudulent card activity in California, Florida and Georgia," pushed the bank's leadership to cut off all signature-based debit transactions in those markets. Only PIN-debit will now be allowed.

Signature-based debit transactions do not require the entry of a PIN. When the debit card is swiped, the transaction is run like a credit transaction, and therefore carries a higher interchange fee. But signature-based transactions also are more prone to fraud, because they do not have the second layer of authentication that the PIN provides.

Doug Johnson, vice president of risk management and policy for the American Bankers Association, says he does not expect the cutoff of signature-based debit transactions among U.S. states to become a common practice, but adds that banks should do what they deem necessary to help reduce fraud losses.

"I do not know of other institutions that have taken the strategy that the Utah bank took," Johnson says. "But I don't think it's an unreasonable approach for this bank." Banks in the past have temporarily limited or cut off certain debit transactions in markets where fraud levels are high. Given Bonneville's small footprint, it likely has few transactions in those markets anyway. "It would probably just be easier for them to require PIN for those specific transactions," Johnson says.

Signature-based debit transactions, because of the relatively higher interchange fees, are more profitable for banks than PIN-based debit transactions. But Mike Urban, senior director of global fraud solutions at FICO, says losses in the U.S. from signature debit fraud are more than double the losses from PIN-based fraud. "There's much more signature-based fraud, from a dollar perspective and a transaction perspective," he says.

That's because it's relatively for fraudsters to copy or skim magnetic stripe details and create fake cards. Urban points to the TJX and Heartland Payment Systems breaches as examples. "In several of the big hacks, the PIN was not compromised because it was encrypted in the transaction message," he says. "They just got the card details."

Urban agrees that Bonneville's strategy seems aggressive, but given the bank's size and cardholder base, the decision might make sense. "A smaller financial institution such as Bonneville Bancorp is not going to have the same level of fraud that a larger, national financial institution would," he says. "The bank's management might not have or need to have the same focus or strategy on fraud prevention that a larger banking institution does."

Most banks and credit unions, Urban says, are leaning more on behavioral analytics to determine whether certain debit transactions should be approved or denied. "Usually you have a finer-grained fraud strategy, where you would look at particular zip codes, particular transaction volumes," he says. "You don't usually block an entire state."

Silva says institutions do have the ability to shut off certain transactions based on customer options, allowing bank customers to set their own parameters. "But every institution is different and the fraud levels are going to vary per institution," he says "What works for one is not going to work for all."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.