With thousands of confirmed data breaches last year, the security of the financial services is a topic of concern for all security professionals. Organized fraud rings are constantly coming up with imaginative new methods of stealing funds and identities and consumers are increasingly losing confidence that there is anything that can be done to reverse these trends and protect their interests. This is also evident with the increase in number of cases registered for compensation under civil remedies provided by Information Technology Act with Adjudicating Officer. The Maharashtra Adjudicating has received 11, 44 and 30 cases in 2012, 2013 and 2014(till June 2014) respectively. Though very few people are aware about Civil remedies the increase in frauds are sending shivers to Banks since they are made liable to pay compensation under section 43A of Information Technology Act for failure in protecting Sensitive Personal information of the customers. As most of the victims preferring non- reporting of the incident except to their respective banker those few who report the card fraud incident to Police often believe that crime committed against them is of criminal nature only and hence they can not get their lost money back. They are thus required to be made aware about available civil remedy under Information Technology Act.
As per RBI April 2014 statistics with about 40 crore debit/credit cards issued across India and 85000 and 77500 Online and Offline ATM’s installations Indian card holders are most vulnerable to various cyber financial attacks. With 554034275 actual ATM transactions amounting Rs.1743462.56 millions and 56266452 POS (Point of Sale) transactions amounting Rs.86847.83 millions, Indian card users are required to be taught more and more about security and protection of their sensitive personal information.
Aite Group , an independent research and advisory firm having Head office in Boston, with expertise in banking, payments, securities & investments, and insurance, delivered its comprehensive survey report titled “Global Consumers: Losing Confidence in the Battle against Fraud” regarding various categories of online frauds in June 2014.This report, based on a Q1 2014 ACI Worldwide study of 6,159 consumers in 20 countries, provides an overview of respondents’ attitudes toward various types of financial fraud and discusses the actions they may take subsequent to a fraud experience.
The salient features of the findings are as below.
1) Of all cardholders—debit, credit, and prepaid—27% have experienced card fraud in the past five years.
2) After experiencing fraud, 63% of consumers use their card less, at least in some situations, than they used their card previously.
3) In 2014, 14% of debit and credit card holders cite having experienced fraud multiple times during the past five years.
4) Of cardholders who received replacement cards as a result of a data breach or fraudulent activity in the past year, 43% used the new card less than the original.
5) Consumers who are dissatisfied with how they are treated by their financial institution after experiencing fraud sometimes change providers, resulting in a global attrition rate of 23%.
6) Fifty-five percent of respondents are “very concerned” about reclaiming their financial identity if they become a victim of identity theft; this represents a twofold increase in consumers with this level of concern from 2011.
7) Eighteen percent of global consumers lack confidence that their financial institution can protect them against fraud.
8) Forty-nine percent of global consumers exhibit at least one risky behavior, which puts them at higher risk of financial fraud.
The study was conducted in a total of 20 countries in the following regions:
The Americas (North and South America): Brazil, Canada, Mexico, and the United States. MEA (Europe, the Middle East, and Africa): France, Germany, Italy, the Netherlands, Poland, Russia, South Africa, Sweden, the United Arab Emirates, and the United Kingdom. The Asia-Pacific: Australia, China, India, Indonesia, New Zealand, and Singapore.
In total, 6,159 consumers were included in the research: approximately 300 consumers, divided equally between men and women, participated in each of the 20 countries. Of the total, 6,041 own one or more type of payment card (i.e., credit card, debit card, prepaid card).
41% Indian card users have Experienced Card Fraud in the Past 5 Years, @ 10% increase over 2012. The United Arab Emirates (UAE) has the highest rate of fraud overall at 44%, followed by China at 42%, and India and the United States at 41% each.
Consumers in the UAE experience the highest rate of credit card fraud at 39%, followed by the United States at 36%. Sweden is the only country surveyed for which credit card fraud is in the single digits—8%; it is important to note that consumers in countries such as Sweden, Poland, and Germany are low users of credit cards. Consumers in the Netherlands also enjoy a low rate of credit card fraud; only one consumer in 10 experienced it in the past five years.32% Indians have experienced Credit card fraud which is @ 15% more as compared with 2012.
Consumers in China experience by far the highest debit card fraud rate at 30%, followed by India at 23%, and Mexico at 20%. The United States is in fourth place again at 18%.
The highest rate of fraud on prepaid cards is experienced by consumers in India at 18%, followed by China at 17%, Indonesia at 11%, and Italy and Singapore at 10%.
Consumer behavior in Australia and New Zealand tend to be far less risky than the rest of the Asia-Pacific. The very low percentages of consumers who carry their PIN with a card (India topping with 25%) or respond to emails and calls asking for bank account information(India topping with 22%) more closely resemble consumers in the Americas and EMEA than the other countries in the Asia-Pacific. Over 20% of consumers in all countries leave smart phones unlocked when not in use (India tops with 29%) and 28% Indian users throw documents with bank account numbers in the trash. In all countries except Australia and New Zealand, over 20% of consumer’s bank or shop online on computers without security software or on public computers but unfortunately India again tops with whopping 31% users.
This implies a lack of consumer education or a lack of belief by consumers that their behavior really has an impact on the likelihood of fraud. Educating consumers about risky behavior and the need to avoid them can help reduce fraud incidents and help consumers feel some element of control and confidence over their ability to protect themselves from becoming a victim of fraud.
High percentages of consumers were unhappy after their fraud experience: 33% were at least somewhat unhappy in Singapore, 40% in China, 50% in Indonesia, and 56% in India should be cause of concern for Indian financial institutions. In China, India, and Indonesia, between 44% and 58% of consumers switch financial institutions after their fraud experience. These very high rates of customer attrition are very costly to financial institutions.
Consumers in India have the most confidence that their financial institution can protect them against fraud—43% feel absolute confidence in such protection, and an additional 46% feel the financial institution is doing all it can to protect them. No more than 25% of consumers in other countries express absolute confidence in the financial institution’s ability to protect them.
Consumers are putting their personal and financial data at risk when they act in risky ways, and they deserve better education related to protecting themselves against fraud. Encouraging consumers to work with their financial institution to protect themselves is a true win-win scenario. Financial institutions can lower customer attrition rates and back-of-wallet behavior through better consumer communication and education.
Recommendations by AITE group for financial institutions 1) Educate and engage consumers: Help consumers understand how they can help protect themselves against fraud, and work with the financial institution to combat it.2) Provide specific examples: Consumers do not understand the importance of avoiding risky behavior such as shopping online on a public computer or not securing their Smartphone or tablet when it is not in use. Public computers or those without adequate security software put consumers’ personal and financial data a high risk of being stolen. As adoption of mobile wallets and online banking increases, securing mobile devices is increasingly important. 3) Communicate more effectively: Ensure consumers understand that replacement cards are safe to use, even after a data breach. Make fraud protection protocols easy to understand and available at all customer touch points (i.e., online, contact centers, mailers, etc.).4) Improve customer service: After experiencing fraud, consumers may be traumatized or emotional. Ensure agents are sympathetic and helpful to the greatest extent possible in order to retain victimized customers.
Advocate Mahendra Limaye a noted Cyber Legal Expert opinioned that all banks must undertake Customer Awareness initiatives to educate card holders about current trends used by Cyber criminals to lure them and how to keep their personal sensitive information most secured.
Advocate Mahendra Limaye
Cyber Legal Consultant