Corporate Card Fraud
May 7th, 2011A recent study by Richard J. Sullivan of the Federal Reserve Bank of Kansas City looked at security within the corporate purchasing card industry. Like the article’s title indicates, “The Changing Nature of U.S. Card Payment Fraud: Issues for Industry and Public Policy,” focuses primarily on potential public policy responses to payment card security . Even so, Edit this texthe article consists of significant insight and information of use for accounts payable professionals. Including some direction as to how to conduct a purchasing card transaction recovery audit.
Since 2005, at least 2,221 breaches of card data in the U.S. have been made public; these breaks in security include nearly 500 million records. In this time period there were eight extraordinarily large breaches – TJX, TD Ameritrade and Heartland Payment Systems, to name a few – account for about four-fifths of these records. So, while nonbank payment processors accounted for just two percent of the breaches, these covered nearly forty percent of the records compromised. Nearly two-thirds (64 percent) of breaches are the work of outsiders. However, it is important to realyze that not all security breaches are a result of theft. More than a fifth of the security breaks were due to unintentional disclosures by insiders .
The rate of data breaches rose steadily between 2005 and early 2009, when it began trending down. Though it is too early to tell this trend seems sustainable.
Unfortunately for those of us living in the US, the study shows that the rate of payment card fraud is higher in the U.S. than in several other similar countries. for example : in 2006, the total loss in the U.S. on debit and credit card payments topped $3.7 billion, or $.092 per $100. In contrast, the loss rates for Australia and Spain were $.024 and $.022 per $100, respectively. That means the loss rate in the U.S. was four times that in Spain.
Several factors likely account for the differing fraud rates : the use of older card technology with relatively weak security, the types of payments being made (Internet versus point-of-sale), and the mix of procurement credit cards, among others. For instance, what are known as “chip-and-PIN” payment cards, which have an embedded computer chip yet also require the user to enter an ID number before starting a transaction, are more secure than magnetic-stripe cards. Keep in mind that some of these monies will be recovered as a result of Duplicate payment audits like those performed by Lavante. For more information contact www.lavante.com
That said, several countries that have largely migrated to chip-and-PIN technology have higher fraud rates than countries, such as Spain and Australia, which remain heavier users of older, mag-stripe cards. The study authors theorize that the counter-intuitive findings may be a result of countries that have experienced high rates of payment, credit card, fraud accelerating their shift to chip-and-PIN cards. That said, some of the countries that have the highest fraud rate also have the lowest penalties for people found to be stealing credit card information.
When it comes to implementing efforts to control payment fraud , the U.S. faces many difficult obstacles unique to the US procurement card system , Sullivan says. For starters, companies of all sizes have depended on paper checks for so long that the shift to electronic payments, as well as the security measures they require, still is ongoing. In addition, the need to coordinate efforts between thousands of financial institutions, card issuers and payment processors is, not surprisingly, leading to redundancy and slowing the development of standards. Further, Corporate America has spend a lot of effort on EDI and ACH security. This coordination has been successful in developing security for the ACH system, and would be of value with card payments, as well, Sullivan indicates.
Tags: accounting, credit, credit card, finance, fraud, lavante, profit recovery, purchasing card, recovery audit
