As hordes of travellers descend upon Brazil to enjoy the once-in-a-lifetime festivities of the World Cup, many of them will be blissfully unaware that fraudsters are already putting into action new ways to steal their credit card details.
Brazil's ministry of tourism predicts that the 3.7 million people travelling in the country will collectively spend more than US$3 billion during the World Cup this year. Out of these, it is estimated that the average international tourist will attend at least four matches and spend at least US$2,500 during their stay in Brazil.
Like other emerging markets, Brazil faces a future characterised by just as many challenges as opportunities. Fraud in particular is a huge problem, and Brazil has experienced its fair share of ATM and counterfeit payment card fraud issues which directly led to the accelerated adoption of EMV within the country.
This combination of a glut of tourists into a market already struggling with complex fraud issues creates something of a perfect storm for organisations concerned about financial security. In fact, reports by Kaspersky Lab have already uncovered rampant cyber-attacks dubbed "World Cup Malware" which specifically target card and internet banking customers looking to buy tickets or browse for match information.
So how will this impact issuing banks and processors in Asia Pacific? Countless reports have talked about the Asian obsession with European football and the World Cup is no exception. Numerous European clubs from the likes of Manchester United to FC Barcelona have reported that the increasing affluent and connected Asian fans are their key supporters, and at the last count, the English Premier League alone had an estimated 820 million fans in Asia.
With such a fan base, it is safe to assume that a significant number of Asian supporters will make the pilgrimage to Brazil. These tourists will be using cards issued by local and regional banks and browsing for information on their laptops and mobile phones, potentially exposing themselves to fraudsters via skimmed terminals or infected wireless ports. Therefore, we advise banks and financial institutions to proactively build robust strategies to deal with a higher-than-expected level of fraud.
Card fraud hurts customer loyalty and we know from our own survey data that attrition rates average 21 percent after experiencing fraud. Moreover, cardholders are "very interested" to participate in the fight against fraud. Hence, banks should encourage cardholders to notify their destinations and travel dates in advance. These educational campaigns can be more relevant, by considering some level of filtering on demographics, frequent travel and the type of card (for e.g. one bank issues Man-U co-labeled cards in South East Asia). Some of our clients have even made this easy by digitising the function allowing customers to report their whereabouts via the internet and mobile banking apps. The authorisation strategy works both ways by allowing transactions (unless flagged suspicious for other reasons) in the notified period from that country as well as by declining them after the expiry and those that arise from other countries within that period.