[Stuart Fiske] Fraud bad, reporting fraud good, right? That’s certainly the layperson’s view and while no-one is going to argue that fraud is a good thing, what to do about it is a lot more nuanced than some MPs may realise.
There’s certainly a lot of it about. The National Fraud Authority’s figures for the previous year released in June 2013 estimated that fraud against the individual in the UK equated to a loss of £9.1 billion. Of that £475 million was attributable to retail banking fraud and online banking fraud specifically was up 40% against 2011.
However this isn’t the full picture. Analysis by Action Fraud of cyber-enabled frauds suggests that at least one quarter of them is not reported externally.
Why is that? Given that fraud is both bad and prevalent, shouldn’t banks, for example, or merchants, both report it and stamp it out at any cost when it affects them and their customers?
In the real world it’s not that simple. The “21st century response” that Keith Vaz calls for has to take into account the business reality of 21st century shareholder capitalism and that means that money spent on fraud reduction has to viewed in terms of return on investment, just like any other business expenditure.
How much should a bank or merchant spend to stamp out £100 worth of fraud? Perhaps £100? Or maybe £90? But would that £100 or £90 spent elsewhere (on lending to SMEs perhaps) generate a better rate of return? Maybe the bank has a target ROI of 200%. That leaves it with no more than £33.33 to spend on fraud reduction per £100 and if that’s not going to help then again, that sum could, on this view, be better spent elsewhere.
Furthermore, greater investment in more rigorous fraud controls can often lead to a rise in false positives. Different organisations take different views on this. Amazon does not ask for a cvv2 because inconveniencing a customer may lead to losing a customer. Banks can seem less concerned about customer convenience at the lower end of the customer income scale because, after all, switching banks isn’t that easy (although it’s about to get quicker and simpler) but may prefer to make life easier for the higher value customer.
Again though, even this is too simple or one-sided a view. That £100 of fraud that the bank or merchant write off may not just be £100 in a finite sense. Fraudsters may use the proceeds of fraud to fund other criminal activities such as drugs, people trafficking and other types of organised crime. The laundering of the proceeds of fraud can even impact a country’s economy. The cost to society of that £100 of fraud is therefore a lot larger than £100. This is known as the social cost of fraud.
There’s also a recognised multiplier effect that hits merchants too – the LexisNexis True Cost of Fraud study from Javelin calculates that merchants incur $2.70 in costs for every $1 of fraud that occurs through consequences such as customer attrition. But the same study shows that only 39% of merchants think (incorrectly, it is implied) that lower fraud increases customer retention.
So perhaps while banks or retailers may be hesitant about the amount they invest in reducing fraud, either because of ROI concerns or because of fear of losing customers, there arguably is a case for governments forcing them to invest.
After all, that’s what made Chip and PIN happen in the UK and I think it’s safe to say that overall that has been viewed as a net good. Equally, it’s worth noting that there’s no similar intervention threat in the US where government prefers to push measures to enhance market freedom such as Durbin and that may be one reason why EMV has a more uncertain future there than here.