Assessing the Impact of PCI DSS and EMV Compliance on Fraud Reduction amongst Universal Banks in Ghana
Abstract
In the banking industry, protecting consumers' financial security is without a doubt a major issue of concern, especially in the modern world where the banking process has been digitalized and consumers are exposed to numerous new issues. Thus, this researcher was designed to understand the impact of PCI DSS and EMV standards on reducing payment card fraud in universal banks across Ghana. The research is divided into five sections. It was found from this research that both staff and management, as well as consumers, are worried about ensuring financial security. Additionally, it was discovered that the PCI DSS and EMV standards are far better than conventional approaches and have been able to reduce card payment fraud through double authentication and encryption.
Keywords: PCI DSS, EMV, Universal Banks, Ghana, Fraud, Customers
Chapter One
Introduction
Background research
Multinational banks play a significant role in the area of credit provision, with the objective of reaching and empowering economic activities in the nation. Their role in Ghana can be considered very strategic as they represent the point of economic growth for any given nation. In Ghana, multinational banks have also played a great role in providing employment opportunities. As Abor and Quartey (2010), Micro, Small and Medium Enterprises (MSMEs) are great employers in any given nation, and they account for 92% of all businesses in Ghana, with evidence suggesting that they contribute about 70% of the country’s Gross Domestic Product (GDP). They fund most of their operations through loans, further highlighting the importance of the banking industry to Ghana’s economic growth. However, there is a big issue in the industry as fraud seems to be prevalent in the Ghana banking industry.
One of the main issues with bank fraud is that it threatens the industry's institutional growth and causes numerous banking-related problems.This is due to the fact that the prevalence of fraud does lead to a decline in the volume of deposits, which will eventually result in the washout of banks’ capital bases (Asukwo, 1999). In any case, predicting the cause of fraud in the banking industry does not seem to be an easy task as frauds are not usually reported or exposed due to the fact that banks have the tendency to cover up frauds occurring in their sphere in order to ensure continued consumer goodwill and stimulation of overall consumer confidence. There are numerous consequences of fraud, but loss of consumers’ confidence and revenue for banks does top the chart (Akinyomi, 2012).
It is no longer news that the Ghanaian banking industry loses millions of cedis annually. These losses have an impact on both consumers and banks. They end up bringing about a higher level of insolvency and a loss of consumers’ confidence in the banking industry. Universal banks in Ghana are also not immune to these issues facing the banking industry. Perhaps, fraud can be considered the most lethal risk that these banks face because they stand to lose the most (Okaro, 2009). However, while fraud remains a big issue, it has been at least partially addressed within the banking industry. Thus, the importance of managing fraud risks in the Ghanaian banking industry cannot be overemphasized.
In recent studies, it has been discovered that security is one of the key and critical issues facing the modern banking industry (Kanniainen, 2010). In the course of the past decades, it has been discovered that the volume of fraudulent transactions that are performed by third parties in banks has greatly increased (Banks, 2005). As a result of that, preventing fraud has now become the focus of issues for banks, consumers, and makers of public policy (Sullivan, 2010). Considering that fraud in the banking industry will greatly affect the quality of consumer relationships and loyalty, it becomes clear that understanding ways to prevent fraud and the effects of such strategies do represent important topics of discussion in modern academic research.
In terms of who is affected, both consumers and banks are hurt by banking fraud. However, banks incur higher costs as they need to refund the consumers for monetary losses in most cases (Gates and Jacob, 2009), while the consumers are pushed through a considerable amount of emotional and time-based losses. The whole process of refund starts with the consumer detecting the fraudulent transaction, communicating it to their bank, initiating the process of blocking and re-issuance or re-opening of the affected account or card, and disputing the repayment of the monetary losses incurred (Douglass, 2009; Malphrus, 2009). Becoming victims of fraud can also influence how consumers view the level of security and protection offered by their banks. As a result of that, it should be noted that fraud has the power to damage the quality of consumer-bank relationships due to the dent in trust and confidence emanating from being a victim of fraud (Krummeck, 2000). Additionally, it also results in an increase in the level of consumer dissatisfaction as a result of perceived service failure from the bank (Varela-Neira et al., 2010). Consequentially, this can lead to a low level of consumer loyalty and trigger switching behavior (Rauyruen and Miller, 2007; Gruber, 2011), resulting in damage to the bank’s reputation and their ability to attract new customers (Buchanan, 2010).
As such, it is clear that fraud prevention does present banks with the opportunity to enhance their relationship with their consumers. It does allow banks to create some level of reassurance to their consumers as it relates to trust in their banking services (Guardian Analytics, 2011). Indeed, the added feeling of security can actually be an effective way for banks to retain their existing customers while attracting new ones (Behram, 2005). In any case, translating fraud prevention into high-quality relationships does demand effective communication, as it will allow banks to induce a shared feeling of value between themselves and their consumers (Asif and Sargeant, 2000). On that accord, it is considered vital for banks to showcase their clear understanding and competence as it relates to reducing fraud by ensuring that their anti-fraud measures are continually communicated in an effective way, as this will create a feeling of security between the banks and their consumers (Rauyruen and Miller, 2007). This higher feeling of security will likely improve the quality of consumer relationships and loyalty, which will in turn bring about better performance for banks—something that is considered vital in the highly competitive banking industry (Alexander and Colgate, 2000).
As noted in earlier discussions, the reputation of businesses is put at risk when consumers’ data is exposed. Thus, fraud prevention is considered critical in order to ensure that such outcomes are not experienced. A powerful combination for increasing the security of cards and reducing financial fraud is by combining EMV Chip technology with PCI Security Standards. The EMV Chip is a form of technology that adopts secret cryptographic keys to offer needed help against fraud at the point of sale and make it difficult to counterfeit payment cards (PCI SSC, 2010). On the other hand, PCI Security Standards is a form of security control for ensuring that consumers’ card data is kept secure in the course of their entire transaction process.
The authentication technology for the EMV chip is based on the point of sale in the course of a transaction when the card is actually present in its physical state. Once the chip has been embedded in the card, it offers necessary help towards ensuring that the card being used is actually real and that it does belong to the person making use of it (PCI SSC, 2010). This reduces the chances of businesses accepting counterfeited, lost, or stolen cards. On the other hand, the PCI security standards are designed to protect the confidential information of the cardholder in the course of a transaction, not just at the point when the card is dipped or swiped but throughout the whole transaction process. This security protocol is also applicable in the event that such payments are being delivered via telephone or online, where the card is actually not present, in order to ensure that the consumers’ data is always kept secured.
EMV smartcards were created and introduced for the purpose of reducing fraud that occurs in magnetic-stripe-face-to-face settings, as they adopt integrated-circuit (IC) protocols for the card and they are based on secret cryptographic keys used to generate both authorization and authentication of a consumer’s data (PCI SSC, 2010). On that note, successful implementation of the EMV protocols can bring about reduced risks associated with compromised cards being utilized to commit point-of-sale fraud. EMV implementations that authenticate cards by storing different card verification values on the chip from that which is contained in the magnetic-stripe image offer an effective barrier for producing magnetic strip cards from EMV magnetic-stripe image information that has been compromised. Additionally, in the event that such implementation is done with PIN or cardholder verification, EMV does limit the potential for stolen/lost/never-received types of fraud. There is evidence that in countries where EMV authentication and authorization are employed, the volume of point-of-sale fraud has been significantly reduced.
In any case, it is important to note that EMV does not offer protection against confidentiality of a consumer’s data or unwanted access to sensitive information of the cardholder. The EMV acceptance and processing environments that are presently being used are capable of processing both EMV and non-EMV transactions (PCI SSC, 2010). Non-EMV transactions do not possess the same level of fraud-reduction capabilities as EMV transactions and, as such, do require added protection. Also, it is important to note that within the EMV sphere, the PAN is not secret at any given point of transaction. In fact, it is actually considered important for the PAN to be processed at the point-of-sale terminal in order to effect completion of all steps during the EMV transaction process. The expiry date and other data of cardholders are also recorded in clear-text formats.
As a result, the risk of these types of transactions being exposed and used fraudulently at the point-of-sale and in electronic systems is the primary reason why PCI DSS must be implemented in today's EMV environment (PCI SSC, 2010).
The Payment Card Industry Data Security Standard (PCI DSS) is made up of 12 essential operational and technical requirements that are set by the PCI Security Standards Council (PCI SSC) (PCI SSC, 2010). Instead of focusing on certain kinds of fraud, the PCI DSS does seek to offer needed protection to both sensitive and authentication data at any point of such data being exposed within the payment environment. As such, it does limit the ability of fraudsters to access this data. The PCI DSS is able to achieve these security aims in two ways:
- Ensure that the system components containing cardholders and sensitive authentication data are kept under high integrity against attacks of logical and physical nature.
- protecting cardholder’s data confidentiality in the case that they are stored within an environment, or the cardholder and sensitive authentication data in the case that they are passed through an open or public network (PCI SSC, 2010).
In essence, compliance with these security protocols is expected to reduce fraud within the Ghana banking industry. This is because it will offer protection to consumers against exposure to fraudulent activities. Effectively, it will also help reduce losses for both the banks and consumers, resulting in a direct positive influence on the performance of the banks. This research serves as the basis of understanding how such success can be attained.
Motivation for this research
The Ghanaian banking industry is a highly competitive one. As banks fight head-on to meet the increasingly sophisticated needs of consumers (which serves as the basis for retaining existing customers and attracting new ones), it is worthy of note to understand that they might be faced with numerous security issues. In most cases, consumers are more exposed to these issues, mainly due to their lack of understanding of prevention measures and broadly exclusive clauses they have entered into with the bank in the course of account opening, which makes the maker non0liable in most of such fraudulent actions. The research and numerous other Ghanaians are one of the customers that can be exposed to these security issues. That alone is a big motivation for this research, as it will help understand the security issues facing Ghanaian financial institutions and the role that consumers will have to play in order to keep themselves protected.
Secondly, the banking industry is viewed as the backbone of any given economy. This is because it provides the needed financial resources for both existing and potential businesses to execute their corporate objectives. By serving as the foundation for the success of businesses, it is important to ensure that the banking industry does not fail, as their failure will bring about the subsequent failure of other industries. This is a significant motivator because the research will help shape the security protocols, approaches, and tools that the banking industry will need to use to better protect themselves and their customers.
Finally, while numerous research has been conducted in the area of banking-related frauds in Ghana, There seems to be little or no research when it comes to understanding how universal bank compliance with PCI DSS and EMV will help reduce fraud in Ghana. This is an important area of research considering the impact fraud can have on the banking industry. Thus, the researcher is motivated to understand as well as shed light on how compliance with PCI DSS and EMV can be used to reduce the level of fraud in the Ghana banking industry.
Justification for this research
Among the diverse service industries, it is notable to say that the commercial banking industry has the highest level of occupational fraud. As noted by Kiragu et al (2013), commercial banks have been found to lose at least 5% of their revenue to fraud annually. The unfortunate thing is that occupational fraud existing within the banking industry is prevalent in both the developing and developed world. For instance, the research conducted by Mahinda (2012) documented the prevalence of occupational fraud in the banking industry as follows: North America (23%), Canada (16%), Europe (16%), Mexico (23%), Latin America (18%), Middle East (19%), India (23%), China (20%), South East Asia (24%), and Africa (33%).
With a focus on Africa, the occurrence of occupational fraud in the banking industry has also seen a rise in recent years (Njanike, Dube, & Mashayanye, 2009). Taking Nigeria as an example, it was noted by Abiola and Oyewole (2013) that the banking sector experienced a general increase in both the frequency and volume of fraud. Thus, fraud is a big issue in the banking industry, and understanding ways to combat it is considered important. Thus, this research is justifiable for a number of reasons.
First, the research is aimed at understanding the fraudulent activities that occur in the Ghanaian banking industry. When it comes to providing a solution to any given problem, it is always important to understand the root of such issues. If the root causes are not known, then how can one be sure that the solutions provided can be effective? This is the first justification as it highlights the fraudulent activities within the Ghanaian banking industry. By so doing, both practitioners and scholars will be able to develop the right solution (not only for the issue at hand, but for other related issues in the banking industry).
Second, the research will look into understanding PCI DSS and EMV as well as how companies can comply with these protocols. As a result, the research will provide detailed insight into what these security protocols are all about, how they are used, and the anticipated benefits from such applications.Although these protocols exist, it should be noted that some banks do not employ them, thus exposing their consumers to the risks they mitigate. Their main reason for not implementing such measures could be a lack of understanding of what the protocol entails and how it can be implemented.Thus, this research is considered justifiable as it will help such businesses gain a clear understanding of what PCI DSS and EMV security standards are all about and how they can be utilized to offer higher protection to their consumers.
Finally, this research seeks to understand the impact of PCI DSS and EMV compliance on banks (universal) in Ghana. Understanding the outcomes of implementation is considered as important as the implementation process itself. This is because the whole process of implementation can only be considered justifiable if it has been able to produce a positive outcome in relation to the purpose for which it was employed. As such, this research is considered justifiable based on the understanding that it does allow readers to understand whether or not compliance with PCI DSS and EMV will in fact help reduce the level of fraud among universal banks in Ghana. If such is the case, then PCI DSS and EMV can be considered important approaches for protecting consumers in the banking industry.
In general, this research is geared towards understanding how banks and their consumers can be protected against fraud by implementing PCI DSS and EMV. Considering that the banking industry represents an important element for the sustainable economic growth of a nation, this research is considered justifiable as it is based on understanding ways to protect the banking industry and create sustainability in the economic growth of the nation as a whole.
Research Objectives
The primary focus of this research is to assess the impact of PCI DSS and EMV compliance on the reduction of fraud amongst universal bans in Ghana. However, this research will also seek to cover areas of fraud in the global banking industry as a whole; the kinds of fraud that have been recorded; measures that banks have employed to handle these issues; success stories recorded; and new innovative ways for financial institutions to protect themselves – before winding down to the Ghana banking industry as the main focus. In order to deliver the objective of this research, the whole process will be based on primary data gathering and analysis, as hearing from people within the Ghana banking industry is considered the best way to attain the objectives of this research.
Objectives of the research
The objectives of this research are as discussed below.
- RO1: To understand what fraud is all about, This objective will look into basic definitions, history, recorded cases, and efforts that have been made to combat fraud in general.
- RO2: To understand and discuss fraud that occurs in the banking industry. This objective will look into expanded discussions on fraud as they occur in the banking industry, sample cases, what has been done and what needs to be done in order to reduce fraud.
- RO3: To understand what PCI DSS and EMV are all about, Delivering this objective will look into the history, application, and pros and cons of adopting these security standards within financial institutions.
- RO4: To understand how financial institutions can comply with PCI DSS and EMV security standards. The focus should be on how these security standards can be employed to deliver better security for banks and their consumers.
- RO5: To assess the impact of PCI DSS and EMV compliance on the reduction of fraud amongst universal banks in Ghana. This is the pinnacle of the research and it will seek to understand whether or not success has been measured in the area of universal bank compliance with PCI DSS and EMV as it relates to fraud reduction in the Ghanaian banking industry.
Question for investigation
In order to achieve the set objectives above, the following questions will be asked:
- RQ5: What are the impacts of PCI DSS and EMV compliance on fraud reduction among universal banks in Ghana?
Research Organization
This research is organized into five chapters as below.
Chapter one is the introduction, and it provides a background overview of what the research is all about, what it hopes to achieve, and how it intends to do so.It is the foundation on which other chapters are built.
Chapter Two: This chapter presents a review of relevant literature in relation to the research topic. This will also function as the foundation on which the hypothesis will be developed as a guide for primary research.
Chapter three: this will be the research methodology, discussing the approach that will be used for primary research.
Chapter four—this chapter will analyze findings from the primary research in relation to how they prove or disprove the hypothesis and how the overall objectives of the research have been achieved.
Chapter five—this will be a summary of findings from the research, recommendations for involved parties, and a pathway for future related research.
Chapter Two
Review of literature
Introduction
A comprehensive review of the literature in the context of this research is presented. The literature review will shed light on the penetration of mobile banking in Ghana; what fraud is all about; types of fraud; and factors that influence the decision of fraudsters to commit fraud. Additionally, it will look into consumers’ relationship management and the impact of financial security on their overall brand loyalty. This chapter will also seek to understand the efforts being made by banks to better protect their consumers. Finally, it will review the context of PCI DSS and EMV as it relates to their compliance and how they can be used to reduce fraud in the financial sector.
2.1. Card-not-present fraud
In its simplest definition, payment card fraud can be described as any illegal use, alteration, or counterfeiting of payment cards unknown to the original cardholder that results in the repudiation by the cardholder of a transaction that has been debited, and also tampering with automatic teller machines or illegal use of Point of Sale (POS) terminals in order to effect fraudulent transactions on the card. Payment card fraud has been known to occur in two distinct transaction environments, which are: environments with the card present and environments with the card absent, and each of these environments does present unique acceptance and fraud issues in relation to the card being used (Visa, 2010). The Roman Ministry of Economic and Finance presented statistical reports of payment card fraud that occurred in 2012 and highlighted the following kinds of payment card fraud:
2.1.1. Card theft fraud
This is a situation where the payment card has been stolen or is being used without the authority of the original card owner. Such can occur as a result of the card becoming trapped in an Automated Teller Machine (ATM) or physically stealing the card.This can also occur in situations where the card is intercepted and stolen between the point where it has been mailed by the card issuer and the point where it reaches the legitimate cardholders. This form of card theft is described as "card not received fraud." In most cases, high-value transactions (such as expensive jewelries, clothes, etc.) are carried out on the card before the original owner will notice.
2.1.2. Fraudulent counterfeit card
This form of payment card theft involves material changes to payment cards with the aim of recording, transferring, cloning, altering or replacing the data that is contained in the original card in order to perform concurrent or subsequent illegal transactions. This type of payment card theft necessitates numerous activities such as physically designing the card, re-encoding, and skimming.
2.1.3. Card information compromise
This form of payment card theft normally occurs in situations where an individual accesses digitalized card information without the necessary authority by intercepting it on a remote network or on a physical workstation with the aid of software that supports key-logging. Card data can also be acquired fraudulently by sending false electronic mail messages to legitimate users with the aim of persuading them to directly reveal their card information. This process is known as phishing. Additionally, it is possible to acquire card information through discarded purchase receipts, receipts from banks and tellers, or accounting documents. It is also possible to produce card numbers illegally with the aid of computer programs that provide opportunities for the reproduction of the algorithms that are used to assign PIN codes to cards.
2.1.4. Fraudulent account takeover
This is a form of card payment fraud that involves using cards with false identities by falsifying the personal information of card holders in order to gain access to their accounts with the real information of the card holder. Two of the common ways that stolen information can be used are by making purchases online or counterfeiting the payment card and using it to withdraw money from the ATM or make a physical payment at a POS. Online purchases, which are known as card-not-present, are more vulnerable because it is impossible to inspect the payment cards (Sullivan, 2010).
The Effects of Payment Card Fraud
Across the globe, the migration of fraud is from more secured to less secured channels and regions. As MasterCard (2011) noted, an adept and organized criminal populace helps in the acceleration of this shift. There are a number of factors that create differences in the rate of fraud across regions, and they include: mixing payment cards in use, the system for authorizing transactions, the kind of payment made with the cards, the evolution of security standards, and the use of outdated card technologies that are relatively weak to present security features (Sullivan, 2010). The advancement in information and communication technologies has helped the evolution of card fraud. Across the world, organized international criminal bodies are making use of the global networks of communication to access and obtain card details and to defraud unsuspecting cardholders. In accordance with Europol’s report on Credit Card Fraud for 2012, it was noted that the crime market for payment card fraud in the European Union (EU) is mainly controlled by global activities and well-structured organized crime groups (OCGs). It was also noted that these criminal groups have been able to effect cashless payments in the EU to the extent that expensive protective measures are being adopted across the world. As a result of that, using cards for payment now comes with some levels of inconvenience, and the process is no longer considered fully secured for the cardholders.
Payment card fraud is considered a highly profitable and low-risk criminal activity that has been raking in huge payments for organized groups, with those in the EU enjoying a yearly income of €1.5 billion from these criminal activities. These groups also invest these revenues into further development of criminal approaches or for the purpose of financing other criminal activities or of creating legal businesses in their respective environments. The report also made known that the majority of the face-to-face illegal card payment frauds that are affecting the EU normally occur overseas, with the USA being the prime base for such activities (Siciliano, 2013). In 2012, a media report was presented, which noted that over 10 million debit and credit cards were compromised in a breach of Global Payment, a credit processor that is based in the USA (Global Payments data breach exposes card payments vulnerability, 2012).
Card payment fraud is also a big issue in Ghana. Although the exact losses are hard to estimate, it has been noted that such losses occur in millions of US dollars per annum (Abiage, 2011). Due to the frequent reports of rampant fraud cases, a direct was issued to all the banks to adopt chip-based technology for all their cards (Situma, 2013). Although these chip-based technologies have been effective in the case of face-to-face transactions, it should be noted that with the high penetration of cards in the country, many Ghanaians are now making online purchases and other payments. This also presents them with other issues as it relates to payment card theft in a card-absent environment.
The costs of these frauds are later transferred into society in the form of opportunity costs, increased consumer convenience, unnecessarily high prices of commodities, and criminal activities that receive funding from fraudulent gains. Across the world, major card organizations engage in tracking and reporting losses from fraudulent card payments as a percentage of total sales volume of outstanding loans, and the present figure does stand at around 8% per hundred, or on the grounds of eight basis points (Wilhelm, 2004).
There has also been an impact on the satisfaction level of consumers, which has been mainly a decline in transactions and cards being blocked and reissued. These issues have also been evidenced in numerous complaints that consumers have posted on social media and through press releases. As a result, the negative points that result from such can potentially harm the reputation of the affected banks, cause consumer upset, and lead to consumers switching to other competitors.This broad approach of blocking stolen cards and reissuing new ones has been considered costly, wasteful, and disruptive (Fico.Com, 2012). Further discussion of these major points is presented below.
2.3. Fraud definition
In accordance with the Chartered Institute of Managerial Accountants (CIMA) (2008), fraud can be used to describe activities like corruption, theft, money laundering, conspiracy, embezzlement, extortion, and bribery. In its legal setting, there are varied definitions of fraud across different countries. In any case, fraud must entail the use of deception to make dishonest personal gain for oneself and/or create loss and burden for another. Although the definition of fraud has been described as varied, the majority of these definitions are based on the terms defined here.
2.4. Various types of fraud
Fraud does mean different things, and it comes from different kinds of relationships between the victims and offenders. The examples of fraud are as described below (CIMA, 2008):
- Crimes committed by individuals against others (individuals or businesses) For instance, misrepresenting the quality of goods and pyramid trading schemes.
- employee fraud against the employer. For instance, falsifying expense claims, payroll fraud, cash theft, false accounting, theft of assets or intellectual property, and so on.
- Crimes committed by businesses against consumers, employees, and investors. For instance, financial statement fraud, selling inferior or counterfeited goods as quality or genuine ones, etc.
- Crimes against financial institutions For instance, using stolen or lost credit cards, fraudulent insurance claims, and fraudulent checks, so on.
- "Crimes that are committed by individuals or businesses against the government For instance, fraud in social security benefits, grant fraud and tax evasion are common.
- Crimes that are committed by professional criminals against top organizations For instance, mortgage fraud, top counterfeiting rings, advance fee fraud, money laundering, and corporate identity fraud.
- E-crime is committed by individuals that make use of technology and computers to commit crimes. For instance, spanning copyright crimes, phishing, hacking, and social engineering fraud.
The focus of this research will be on the fraud that is perpetrated by individuals against other individuals and organizations. The offenders can be either professionals or armatures. The care is especially significant when the offenders are professionals, because they will have the advantage of inflicting the most destructive damage on the victims.
2.5. Fraud theories
2.5.1 The Fraud Triangle Theory
Donald Cressey conceptualized the classical theory of fraud in the triangle (Adeyemo, 2012). This theory comprises different concepts of the fraud triangle that include perceived pressure, perceived opportunities, and realizations (Chiezey and Onu, 2013; Njanike et al., 2009; Ogechukwu, 2013). In an argument, it was noted by Ngalyuka (2013) that the fraud triangle is vital as the pressure, opportunities, and realization might not actually exist in the real context. The first temptation to commit fraud comes from both financial and non-financial pressure (Chiezey & Onu, 2013). Some of these pressures that can lead to the intention to commit fraud include financial pressures like debts, social vices (e.g. drug abuse), and pressures from work (such as sales-related pressures to show that one is performing more than others (Ngalyuka, 2013). In any case, Ngalyuka (2013) asserted that financial pressures cause a significant 95% of fraud.
The visualized opportunity falls on the potential fraudsters' ability and belief that they can actually get away with the fraud or the consequences that might emanate as a result of that if they happen to be caught (Wanyama, 2012). Chiezey & Onu (2013) also noted that the opportunity to commit fraud in the banking industry is mainly due to the employees’ access to the bank’s assets and information, which offers them an added advantage over committing the fraud and cleaning up their tracks. These opportunities normally emanate as a result of weakened control measures, poor enforcement of control measures, lack of necessary punishment measures to serve as a deterrent, and poor infrastructure (Kanu & Okorafor, 2013). In relation to access to critical information, the bank needs to strictly ensure full adherence to the Logical Access Management (LAM) process, in which the staff are granted access to only sufficient information that allows them to effectively perform their designated tasks only (Njenga & Osiemo, 2013). Additionally, perception of realization is also a contributor to fraud and fraud-related intentions. This involves justifying or realizing the fraudulent act as being acceptable (Njenga & Osiemo, 2013). On the same note, Ngalyuka (2013) made it known that realization can be used to reference justification for unethical behavior by considering the fraudulent act as something other than criminal. In the case that the individual finds it difficult to develop justification for such unethical decisions, it becomes clear that the person will be less likely to engage in fraudulent activities (Mahinda, 2012).
Agency theory (section 2.5.2)
In the agency theory, it is acknowledged that delegating the operations of a company to an employee outside the presence of the business owner does present an opportunity for the employee to engage in fraudulent activities (Onwujiuba, 2014). Thus, it is important for business owners to always ensure that their employees undertake designated tasks in the best interest of the shareholders by making use of the right fixed and variable rewards or incentives set aside for employees (Onwujiuba, 2014). The reward mix that exists in the fixed and variable rewards needs to be adjusted properly in order to ensure that the employees are always motivated. Such incentives can include performance bonuses, medical insurance plans, company-paid vacations, and a variety of other things (Mutesi, 2011).In any case, the agency theory has been criticized by numerous scholars and practitioners because of its overemphasis on the need for a reward matrix and its determination in the absence of relevant institutional pressures that exist on job performance and motivation for fraud (Wanyama, 2012).
2.6. Fraud Empirical Review
As noted earlier, the term "fraud" has been defined in different ways by both scholars and practitioners. In line with the definition presented by ACFE, which Adeyemo (2012) cited, fraud is considered to be any kind of illegal activity that features concealment of the truth, deceit, or violation of trust. These acts are independent of the need to apply the threat of violence or any kind of physical force. On a similar note, Mutesi (2011) presented another definition of fraud as any kind of premeditated criminal act of deceit, trickery, or falsification of any sort by an individual or a group of individuals that intend to change what is factual in order to obtain an undue personal monetary advantage. In line with Mahinda (2012), who inducted a new concept to the definition of fraud, it was noted that fraud occurs due to people in positions of trust or accountability making advances for their own personal interests at the expense of the public’s interest by digressing from what has been standardized as the rule. The main aim of fraud is to acquire monetary or property gain, in order to avoid making payment for the service of products that have been offered and to secure an advantage for one’s self or business (Kiragu et al., 2013). Effective utilization of internal control measures can be used to prevent fraud in an organization. In accordance with Abiola and Oyewole (2013), internal control measures can be defined as the entire system of control, both financial and non-financial, that is established by the organization for the purpose of carrying out its businesses in an orderly and efficient manner.
Adeyemo (2012) made it known that the control environment is used to set the standard for what the organization hopes to realize in terms of integrity, competence, and ethical values of its entire workforce. Some of the factors that have an influence on the internal control measures of an organization include their management philosophy and style of operation; adequate training for their staff; delegating authority to the right personnel; and effective compensation guidelines. (Charles, 2011). The internal control environment of a bank is used to identify, analyze, and manage uncertainties emanating from both the internal and external environment of the bank (Adeyemo, 2012). This uncertainty management includes assessing risks from different activities that are used to effect control and mitigate the identified risks. These control activities comprise procedures and policies that are designed to ensure compliance with organizational or departmental management directives. It also features authorizations, approvals, reconciliations, verifications, and reviews of operational performance, segregating duties, and management of asset security (Kanu & Okorafor, 2013).
2.7. Measures employed by banks to prevent the occurrence of fraud.
There are different measures that the bank can use in order to prevent the occurrence of fraud within their systems (Tunji, 2013). Generally, these measures can be categorized into: duty segregation; supervisory control; physical control of the bank’s assets; organizational control; and personal control (Wanyama, 2012). Some other measures are: review of audits, whistle-blowing, management review, process control, and effective methods that can be used to detect proactive fraud (Mutesi, 2011). In relation to the segregation of duties, it was noted by Charles (2011) that the four financial duties of authorization, reconciliation, recording, and custody need to be performed independently. Abiola & Oyewole (2013) also documented that the principles of internal checks mean that there is no single official control for two or more of these four financial responsibilities, and each of them exists to check the other. Ngalyuka (2013) also argued that the main purpose of segregating duties in an organization is to ensure that there is an accurate compilation of data and that the chances for intentional errors and fraud are limited. One major aspect of duty segregation is separating the duties within the accounting departments (Mahinda, 2012). This ensures that no single member of the back office staff is in charge of a transaction from the time it is recorded to the time it is posted.
In the course of setting up the matrix that will be used to segregate duties, it is always necessary to make sure that the employee’s approval level of authorities is in line with their responsibility levels (Wanyama, 2012). A critical component for preventing records is taking full control of the bank’s sensitive records, documents, and computer systems (Obeng, 2011). Other approaches that can be used to detect and deter fraud include whistle-blowing and employing strategic human resource management in the recruitment process (Njanike et al., 2009). The whistle blowing facility, when employed as a means for combating fraud, does work best in banks where safety measures have been provided for the whistle blowers and where there exists a well defined whistle blowing policy (Wanyama, 2012).
2.8. Internal control measures and the occurrence of fraud
There are numerous reasons why internal control measures are integrated into the banking systems. Some of these reasons are the circumstances that surround the segregation of duties through staff collusion, override of management controls, potential human errors that result from work stress, human ingenuity, carelessness, distraction, and alcohol addiction (Tunji, 2013). In any case, it is important to understand that working conditions can reduce the overall effectiveness of internal control measures (Njanike et al., 2009). Constraint from the staff does result in the dual control measures being compromised and duty segregation being enacted for the purpose of preventing the occurrence of fraud (Mutesi, 2011). When there is constraint from the staff, it can result in inadequate management of the juniors by their supervisors, with the subsequent creation of opportunities for the procedures to be compromised and staff to collide (Chiezey & Onu, 2013). Charles (2011) presented a further argument that staff constraints can also result in inadequate checks and checks that are poorly done, which can further compromise the measures that have been established for fraud detection and control.
2.9. Impact of fraud prevention measures on bank-customer relations
Security is vital and is increasingly becoming an important issue in the modern banking industry (Kanniainen, 2010). It has been noted that in the course of the last few years, the volume of fraudulent acts committed by third parties has been on a tremendous rise (Banks, 2005). As a result of that, the need to prevent fraud has become the main focus of banks, consumers, and makers of public policy (Sullivan, 2010). Considering that fraud in banks can have a direct effect on the quality of consumers’ relationships with the bank and their loyalty to the bank, the prevention of fraud and effective communication of such has become the central topic of discussion in modern day research.
Banking fraud has an impact on both the banks and their consumers. In any case, it should be noted that banks incur significant operating costs by refunding consumers that are victims of fraud within their systems (Gates and Jacob, 2009), and bank consumers experience huge losses in both time and emotional aspects. This is mainly due to the fact that consumers will need to detect these fraudulent activities, communicate them to their banks, initiate the process for blocking and reissuing or re-opening the account or card, and dispute for their monetary losses to be reimbursed (Douglass, 2009; Malphrus, 2009). Being a victim of fraud can also affect how customers perceive their security and protection in the bank.As such, fraud has the potential to damage the relationship between consumers and the bank, as the trust that the consumers have in the bank will be shattered once they experience fraud (Krummeck, 2000). Adding insult to injury, there will also be a subsequent increase in the level of dissatisfaction as consumers begin to view the bank as a failure (Varela-Neira et al., 2010). Eventually, this will lead to a negative influence on the consumers’ level of loyalty and trigger the switch intention (Rauyruen and Miller, 2007; Gruber, 2011), which will hurt the present reputation of the bank and limit their ability to attract new customers in the future (Buchanan, 2010).
As such, it can be said that preventing fraud is the best chance that banks have to enhance their overall relationships with consumers. This is based on the understanding that it allows the bank to assure or reassure customers that they can tryst in their service (Guardian Analytics, 2011).In fact, it can be said that the added feeling of being secured does present the bank with the means to retain their existing customers and also an edge to attract new ones (Behram, 2005). In any case, transferring fraud prevention into a higher-quality relationship also requires quality communication between the banks and their consumers. This is based on the understanding that effective communication presents the bank with an opportunity to evoke shared values between themselves and their consumers (Asif and Sargeant, 2000). This highlights the importance of banks demonstrating a clear understanding and competence of what fraud is and how it can be prevented by communicating the efficacy of their anti-fraud measures, thereby instilling a sense of safety in their customers (Rauyruen and Miller, 2007).This feeling of safety is expected to bring about an improvement in the quality of relationship between the bank and their customers and overall consumer loyalty, which are the main success factors in the retail banking industry that is presently highly competitive (Alexander and Colgate, 2000).
2.9.1. Fraud management in retail banking
When it comes to understanding what fraud is all about in retail banking, it basically entails any criminal activity that is geared towards achieving financial gain at the expense of a legitimate consumer or financial institution through any channel of transaction such as ATMs, credit or debit cards, cheques, or online banking (Sudjianto et al., 2010, p. 5). In terms of classification, fraud can be classified in relation to the person performing it as: first-party and third-party fraud. In first-party fraud, it means that a legitimate consumer has betrayed the bank, while third-party fraud means that the consumer has become a victim of fraudsters that steal identities, use stolen or lost cards, counterfeit cards, or access the consumers’ accounts without appropriate authorization through other means (Gates and Jacob, 2009; Greene, 2009). The focus of this study is on third-party fraud.
Also, third-party fraud can be subdivided into different classes. This kind of fraud is commonly differentiated between identity theft and payment fraud. Payment fraud implies that the offender has engaged in an activity to use information from any kind of payment transaction for an unlawful gain (Gates and Jacob, 2009, p. 7). This is experienced when a fraudster accesses the consumer’s account and makes use of this account for their personal financial gains (Sullivan, 2010; Malphrus, 2009). On the other hand, identity theft fraud comprises of the fraudster gaining access to the consumer's account (Hartmann-Wendels et al., 2009), but this usually occurs by opening an account in the name of the victim (Malphrus, 2009). The focus of this study will be on payment in general and particularly on card fraud due to the fact that there is a global rise in the importance of such (Worthington, 2009) and PCI DSS and EMV compliance are applicable only to card related transactions.
2.9.2 Fraud in the Banking Industry: Nature and Trend
As noted earlier in the PWC survey on Ghanaian bank executives, consumers now heavily rely on the web for banking services, and this has led to a rise in the volume of online transactions (Berney, 2008). This is a positive breakthrough for fraudsters as the internet offers them the opportunity to attack consumers without being identified (Gates and Jacob, 2009). Electronically, consumers are not able to physically authenticate transactions, and this enhances the overall desire to effect fraudulent activities on innocent consumers (Malphrus, 2009; Gates and Jacob, 2009). Orad (2010) proceeded to make the claim that the internet allows fraudsters to form a network that can offer support for each other in these malicious activities.
The main interest of criminals in relation to fraudulent activities online is to access the consumers’ bank accounts or credit card details. The most common way of doing this is called "phishing," a situation where an e-mail is sent to the consumer from an allegedly credible source that represents the consumers’ bank, requesting sensitive information from the consumer (normally online username and passwords). In recent years, phishing has transformed into a serious security threat for online banking consumers (Bergholz et al., 2010). Considering that cards (credit and debit) have become a major instrument for making online-based transactions, it becomes clear that they have the potential to attract the attention of fraudsters (Malphrus, 2009). Irrespective of the difficulties experienced in relation to providing exact information on cards (credit and debit) as a result of differences in tracing banks' fraud and the absence of consumer reporting, it is acknowledged that across the world, card-related fraud reached an excess of $10 billion in 2009 (ACI Payment Systems, 2009). Generally, whether the fraud is online or offline, it does hurt the performance of retail banks and increase their overall costs (Gates and Jacob, 2009). In accordance with Greene (2009), the economic impact of this issue represents about 150% of the total actual fraud loss.
2.9.3. How do consumers view retail banking fraud?
Being a victim of fraud has a negative influence on consumers, not only in the area of financial losses, which in most cases are refunded by the banks, but also in the efforts that the consumers need to make towards restoring the original issue (Malphrus, 2009; Douglass, 2009). On the same note, the confidence and trust that they have in the bank might be shaken by fraud-related issues. Consumers could have the perception that the bank is not a safe place for them to keep their money and that the bank is not capable of protecting their clients (Krummeck, 2000, p. 268). They trust the bank and become dissatisfied with their services (Varela-Neira et al., 2010), and may eventually switch to another financial service provider (Gruber, 2011; Bodey and Grace, 2006).When the incidence of fraud increases over time, it has the potential to harm the band's reputation in a variety of ways (Krummeck, 2000; Malphrus, 2009).
Therefore, it can be said that proactive management of fraud presents the bank with an opportunity to assure or reassure the consumers that they can trust them (Guardian Analytics, 2011) and could end up becoming a way for these banks to retain their present consumers while attracting new ones (Behram, 2005). Customers of financial service providers are always concerned about fraudulent activities, and past research has shown that many of them are willing to pay added fees in order to ensure that their assets are properly protected against such acts (Detica, 2010). In essence, it can be said that effective communication between the banks and their consumers presents an opportunity for shared understanding of the values that the banks offer and the beliefs that exist between the banks and their consumers (Asif and Sargeant, 2000). As a result, proper communication of anti-fraud policies is critical in fraud prevention (Krummeck, 2000) and may allow banks to materialize on topics that consumers consider important (Krummeck, 2001).It was discovered by Liu and Wu (2007) that service features like fraud prevention can have a positive influence on the sustainability of consumers’ relationships and cross-buying. Once the bank clearly demonstrates that they understand what fraud prevention is all about and know how to execute it, they can create a feeling of safety in the consumers’ minds (Rauyruen and Miller, 2007), and this will eventually lead to an enhanced quality of relationship, which will ultimately improve the level of loyalty that consumers have for their banks (Morgan and Hunt, 1994).
2.9.4 Customer interactions
The ability of banks to effectively manage and communicate anti-fraud measures with consumers has the potential to enhance the quality of the relationship, as noted earlier, and it can lead to an ultimate increase in loyalty. Although various kinds of relationships that are differentiated by their types or participants exist (Morgan and Hunt, 1994), the focus here is on the type of relationship that banks have with their consumers. From the bank’s angle, consumer relationships can either be built on the employee or corporate level (Rauyruen and Miller, 2007; Liu et al., 2011). Considering that the management of fraud requires a corporate-wide approach (Malphrus, 2009), the focus of this study is on corporate level relationships. Previous research has identified quality relationships and consumer loyalty as being critical factors in the area of consumer relationship management.
Basically, a quality relationship refers to the strength of a given relationship (Dimitriadis and Papista, 2010), and it is generally made up of satisfaction, commitment, and trust (Morgan and Hunt, 1994; Dimitriadis and Papista, 2010; Liu et al., 2011). These three facets are crucial when it comes to establishing a relationship on a long-term basis (Gutierrez, 2005) and are normally considered to have a positive influence on a consumer’s loyalty (Liu et al., 2011; Garbarino and Johnson, 1999; Dimitriadis and Papista, 2010; Morgan and Hunt, 1994; Randall et al., 2011).
So, how can one be sure that consumers are satisfied with the services provided by banks? Satisfaction on its own means how positively consumers evaluate the products or services that they have been offered (Liu et al., 2011; Randall et al., 2011). Customers make use of their past experience, goals, predictions, and desires (Liu et al., 2011), the quality of all past interactions in relation to products and services they bought from a company (in this case, the bank). Thus, satisfaction goes beyond basic fulfillment of what consumers expect, as exceeding expectations has a way of fostering the intention of consumers to remain with their present bank (Aldas-Manzano et al., 2011; Dimitriadis, 2010). Thus, building a great customer relationship will entail not only meeting the basic needs of consumers from the banks (saving and managing their assets), but also exceeding their expectations by making sure that they are never victims of fraud. This will require a proper policy for fraud management that is integrated into all aspects of the bank’s operations with the goal of detecting potential for fraud and stopping it before it reaches innocent consumers.
Another critical factor in the company-consumer relationship is trust (Sua rez A lvarez et al., 2011). In this study, trust is defined as what customers perceive as credible and benevolent behavior from the bank toward their customers (Doney and Cannon, 1997; Liu et al., 2011; Rauyruen and Miller, 2007).Basically, the trust that consumers have towards companies is expressed in the form of confidence in the quality and reliability of the products and services that their companies make available to them (Liu et al., 2011; Garbarino and Johnson, 1999). It plays a mediating role in the behavior of consumers prior to and post-purchase decisions (Liu et al., 2011), and plays the crucial role of building the foundation for a successful firm-customer relationship (Rauyruen and Miller, 2007). Morgan and Hunt (1994) discovered that the quality of trust a consumer has towards a firm is normally influenced by the quality of communication and shared values. If the consumer can access meaningful information at the right time, there is the potential for trust to be fostered along with expectations and perceptions (Morgan and Hunt, 1994, p. 25). Liu and Wu (2007) illustrated that how consumers perceive the bank’s competence level determines their level of trust in the bank and the ability of the bank to effectively fight fraud through effective communication about the anti-fraud measures they have planted into their system (Krummeck, 2000).
Commitment can be defined as the efforts that partners in a relationship are willing to make in order to ensure that the relationship is sustainable, following proper evaluation that the relationship is important to them (Morgan and Hunt, 1994). It does express an emotional bond and a high sense of belonging that the consumers perceive towards the bank (Lewis and Soureli, 2006, p. 18). Commitment is considered to have evolved if the consumers view the present relationship as being of such high importance that they become interested in putting in the highest level of effort in order to maintain it (Randall et al., 2011, p. 7). It was discovered by Morgan and Hunt (1994) that commitment is greatly influenced by the expected benefits from a relationship and shared value in a relationship. Preventing fraud is highly interesting to the bank and their consumers and, as such, forms a kind of shared value between them. Thus, it is expected that banks will be committed towards preventing fraud in their systems and consumers will make whatever effort necessary to ensure that this kind of relationship that secures their financial assets is protected.
Once there is a quality relationship, enhanced loyalty from the consumers is a typical outcome (Rauyruen and Miller, 2007). Customer loyalty is normally defined as the commitment of consumers to re-purchase a given product or service (Liu et al., 2011), irrespective of business pressure and marketing efforts geared towards them that might have the power to effect behavior change (Aldas-Manzano et al., 2011, p. 1167). In the banking context, the level of loyalty is normally high because the relationships are normally based on long-term orientation (Liu et al., 2011; Morgan and Hunt, 1994) and substantial costs are required to switch to another financial service provider (Kumar et al., 2008).
Loyalty normally comes in the form of behavioral and attitudinal loyalty (Rauyruen and Miller, 2007; Lewis and Soureli, 2006; Aldas-Manzano et al., 2011; Baumann et al., 2011). Behavioral loyalty can normally be seen through actual re-buying, while attitudinal loyalty comes in the form of consumers’ preferences or intentions (Aldas-Manzano et al., 2011; Lewis and Soureli, 2006). In essence, loyalty leads to both sustainability and enrichment of a relationship (e.g., Liu and Wu, 2007). In essence, it can be seen that fraud prevention has a strong influence on consumers’ loyalty and attitude towards a bank. In the event that the bank is able to create the right stream of efforts that can limit the potential for consumers to become victims of fraud within their sphere and communicate such measures with the bank, it is expected that overall trust the consumers have for the bank will be increased with a subsequent increase in loyalty. Eventually, this will lead to sustainability in the performance of the bank as this gives them a high competitive edge against their competitors. Thus, measures to prevent fraud will be the focus of the preceding discussions.
2.10. Practical ways to create and sustain compliance with the PCI DSS
Regardless of whether a firm is into retail or is a provider of financial services, if the company processes any kind of credit or debit card, they must make sure that they clearly understand the Payment Card Industry Data Security Standards (PCI DSS) and the impact it has on their company (Dimension Data, 2016).
This boils down to the fact that the personal information of cardholders is increasingly becoming the target of cyber criminals. In an effort to ensure that transactions and data are secured, the PCI Security Standard Council created the PCI DSS. This standard is meant to apply to all organizations that process cards (debit or credit), which also include third-party service providers and merchants that store, process, and transit data.
There are 12 requirements specified in the DSS and these requirements are structured under five major areas with the aim of ensuring that there are no open pores when it comes to ensuring that transactions and personal data of cardholders are kept safe. These key areas are (Dimension data, 2016):
- Creating and sustaining a secured network (requirement 1-4)
- Maintaining a program for managing vulnerabilities (requirement 5-6)
- Implementing strong measures to control access (requirement 7-9)
- Constantly monitoring and testing existing networks (requirement 10-11)
- maintaining an information security policy (requirement 12).
While it can be said that the DSS is concisely structured, it should also be noted that corporations might consider it challenging to interpret how these processes match with their overall security blueprint and also the past investments they have made in technology and processes. Any single misinterpretation of any of these requirements has the potential to bring about non-compliance status with all of the other requirements, which will eventually end in having the companies fined, suspended or restricted from conducting card related processing in the future. Thus, a crucial first step to being able to achieve and maintain compliance is to understand what PCI DSS means to a corporation and how this standard can be articulated outside the company’s IT department. The requirements are as discussed below.
2.10.1. Requirement 1: Install and maintain a firewall configuration that will protect the data of cardholders.
In order to comply with this standard, the bank needs to show that it has a firewall and that the route for this firewall is maintained correctly as well as tested independently.
Requirement 2: Don’t adopt vendor-supplied defaults for system passwords and other security parameters
A firewall represents the basics of network security. Proceeding with the initial step, a firewall that has been correctly implemented will actually comply with this requirement. However, the question remains whether or not such is easy, and the answer is "yes," as the company will be able to prove that the necessary steps have been taken both in the implementation stage and change management stage. Additionally, the whole system is about process and people – and not just the product that has been adopted for providing the desired technical support. This requirement includes wireless LANs adopted after the v1.2 updates and clarifications.
2.10.3. Requirement 3: Protect the cardholder’s stored data
It is mandated that all stored data be encrypted. If the company has access to where their credit information is being stored, they can easily determine compliance with this step through the help of numerous tools that are commercially available. There are some details that should never be stored, such as PIN numbers and the complete details that are contained on the magnetic strip.
2.10.4. Requirement 4: All transmission of a cardholder’s data across public and open networks should be encrypted
Considering that the modern day supply chain and service relationships are highly distributive, they have created dependency on public networks. As a result of that, the most common way to fail this requirement is if the company does not address its wireless networks and does not configure its remote access solutions. The majority of other transmissions can be configured to apply VPN software like IPSec and SSL. Determining the transmission route will easily show the areas that require encryption. Since the 31st of March 2009, all wireless networks make use of the WEP encryption standard, and they are no longer permitted to transmit any kind of card data.
2.10.5. Requirement 5: Employ antivirus software that is regularly updated.
It should be noted that the capability of cyber criminals to break into different networks is increasing at an alarming rate. While companies have different anti-virus software designed to safeguard them against such attacks, it should be noted that such software requires frequent updates. Sometimes cyber criminals might bypass setting features in this software, which makes frequent updates the only means for the company to retain protection.
In the classification of v1.2 and PCI DSS standards, it is noted that anti-malware needs to be included in all the operating systems and all kinds of malware. Bypassing, detection, and prevention systems are actually becoming more crucial forms of protection because they don’t require to be regularly patched (as is the case with anti-virus software, which is basically dependent on regular patching) and they can be aware of both the devices and networks. This system should be installed in front of devices that companies use to store confidential details in order to ensure that they have maximum protection. An alternative way of ensuring that all anti-virus software is patched is to compare the total number of devices that are connected with the number that are being updated. Also, Network Access Control (NAC) is another way that can be used to ensure that the anti-virus patches have been applied to individual workstations when they make attempts to connect to the established network.
Requirement 6: Create and maintain secure applications and systems.
Considering that in the present world of applications, servers, and middleware are increasingly becoming complex and integrated, maintaining a comprehensive view of security does represent a major challenge for companies. As such, it is imperative that companies constantly review the alerts that all software vendors adopt in their systems and ensure methodical application of all patches as necessary. In the case that the application has been customized, it might be very difficult to patch it because the extended code might be affected by the patch. If such is the case, it is important to properly test the application in order to determine whether or not it is vulnerable and to make necessary plans to address the issues that have been highlighted during such a test. Also, if the company adopts a customized application, it might consider performing a vulnerability assessment. In v1.2 of the standard, it is indicated that a risk-based approach can be used to make patching a priority. Additionally, v6.6, which is related to web-based applications and their protection, is also considered mandatory. That is to say, the application code needs to be either assessed regularly or guarded with an application firewall. In some cases, it is mandated that merchants employ both application checking and firewall protection.
Requirement 7: Restrict access to cardholder data by business need-to-know
It is both critical and important that any access to the critical data of the cardholder should be restricted and recorded. For instance, access should only be accorded to the staff that work with card details. It is important to understand that by making use of direction and encryption access control, there is the possibility of the support and administrative staff having access to the information they need without allowing them to see sensitive data. Additionally, it is important to note that all access needs to be documented and audited regularly.
2.10.8. Requirement 8: Assign a unique ID to each staff member that has access to the computer.
It is a well-documented fact in the banking industry that the majority of the database breaches are internally generated. Therefore, giving each person a unique ID that they can use to access the computer does ensure that the actions taken on critical data and systems are actually undertaken by, and can easily be traced to, a known and authorized person. All the remote users need to access the data through two-factor authentication (for instance, smartcards and tokens). Also, it is important to log off all inactive devices following a predetermined period of inactivity. It is also a requirement to test the password in order to prove that it cannot be read during storage or transmission.
Requirement 9: Resist physical access to the data of cardholders
Physical access to any building where the data of cardholders is kept needs to be made through a reception area with all the visitors and contractors mandated to sign in. All the devices that store or have the potential to store credit cards need to be kept in a secured environment. The server rooms need to be locked up with CCTV installed to monitor all actions. The company must restrict all access to wireless and wired network components.
2.10.10 Requirement 10: Track and monitor all cardholder access to network resources and data.
It is important to record and analyze logs for all networks and appropriate devices for the existence of abnormalities. Additionally, the log should be stored in order to ensure that legitimate access, intrusion, and attempted intrusion can be traced. It is mandated that the log be made available as evidence in the event that there is a breach, and this is possible through the use of log management, Security Information and Events Management (SIEM), and Security Event Management (SEM). All the external systems logs, like the firewall, wireless networks, DNS, etc., are mandated to be internally sourced. It is also compulsory to effect penetration tests, and such tests do not have to be performed by the QSAs (Qualified Security Advisors) or ASVs (Approved Scan Vendors).
2.10.11 Requirement 11: Processes and systems must be tested on a regular basis.
It is also mandated that all organizations regulated by the PCI DSS should perform regular scans on their vulnerabilities in order to detect possible weaknesses that can be exploited. In the case that significant changes to the network are recorded in installed applications or operating systems used in their devices, it is important to run both an internal and an external vulnerability scan.
2.10.12. Requirement 12: Create and maintain a policy that tackles the issue of information security.
It should be noted that businesses are becoming more IT dependent, which implies that companies need to be fully aware of their IT security and integrate it as part of their overall risk management strategies and policies. The ownership of such items should be assigned to a given individual or group within the company. The importance of a strong security policy is that it sets the standard for the entire organization and also communicates the company’s aims to the employees. In this standard, it is also specified that critical technologies that the employees might face include: remote access technologies, removable electronic media, wireless technologies, laptops, e-mail usage, internet usage, and Personal Data Assistants (PDAs). It is also standard in the standards that service providers need to be monitored and managed.
In essence, it can be seen that full integration of these 12 requirements into the security parameters of an organization will go a long way in providing them with needed assistance and strength to better protect their consumers. This is because it helps limit the overall potential of fraudulent activities to occur within their systems and also enables them to trace such acts in the event of their eventual occurrence. Thus, companies that comply with the PCI DSS standards will offer consumers higher protection, lead to an increase in consumers’ brand loyalty, and effectively lead to a positive response in the performance of their business.
2.11 EMV as a fraud-reduction tool
The basic logic of EMV is that terminals are designed to gather the operating instructions from the card and initiate the stage for authenticating and processing transactions (MasterCard Advisors, 2012). Just like the PCI DSS, the EMV is also designed to control access to financial customers’ data and offer them better protection against fraud.
In essence, it should be expected that the process of deploying EMV will present numerous challenges, but there are also numerous benefits that initiators will have. They include the fact that deploying the core competences of EMV will offer them differentiation and help provide the opportunity for them to gain more share with the aid of enhanced service offerings, support for high-quality EMV migration, and support for new mobile Near Field Communication (NFC) acceptance together with value-added service opportunities. In any case, any decrease in the volume of investment made towards EMV deployment will result in a subsequent decrease in the potential of the system to effectively provide support for terminals on a regular basis (MasterCard Advisors, 2012). Thus, retailers are encouraged to carefully review the challenges and expected benefits from the integration of EMV into their system before running down on such a decision.
2.12 The EMV paradigm shift and its operational implications
2.12.1. EMV paradigm shift
In order to fully appreciate the possible impact of EMV on the operations of an acquirer, it is necessary to have a clear understanding of the basic shifts in modern forms of payment and terminals, and the impact that these shifts have on offline authentication and authorization. Presently, all the magnetic chips used in cards are encoded with the basic information of the cardholder; the function of the terminal simply becomes to acquire this information and pass it for authentication and authorization.
Thus, EMV brings about a radical change between the form of payment and the terminal through which the transactions are executed by significantly increasing the role and sophistication of the terminal application. The present change in modern payment infrastructure can be compared with the change in the music industry, which shifted from analog to digital; and the sustainability of this change will bring about the facilitation of more innovation.
EMV takes advantage of the security chip memory and intelligent processors to determine how different cards are defined for authentication and verification of the cardholders’ information, as well as the risk parameters that have been set by the issuer. The data and processing functions presented in the terminal may differ from one issuer to the next (MasterCard Advisors, 2012).The main idea behind the EMV terminal is to acquire operating instructions for each and every transaction recorded on a card, thereby initiating the process of authenticating and processing the transaction. Considering the rise in two-way interaction between the terminal and the form of payment used, there is a need to increase testing before the terminal is deployed, as this will bring about greater knowledge for troubleshooting both before and after terminal deployment.
2.12.2. Impact of EMV on operations
It should be noted that EMV is continuing its evolving nature, and it’s designed with the purpose of enabling implementation of tougher security over the course of time. Some of the changes experienced in EMV include varied key lengths and different cryptographic algorithms for the future (MasterCard Advisors, 2012). It should be expected that there will definitely be a higher level of terminal application and EMV updates in the future, or at least the need to input new keys in the tool. As such, investing in management systems for terminals that have remote download potential for upgrading the applications and EMV offline authentication keys will end up being valuable. It is also possible to leverage cost-effective methods in order to enhance overall support for the efficiency of the terminal, analysis of fraud by the merchants, and opportunities for adding new services as well as improving the satisfaction level of consumers.
Considering the kinds of changes that are experienced in EMV, creating core competencies in contact and contactless measures does present acquirers with the opportunity to create higher value for consumers. This is because the merchants will require support to understand and integrate the EMV acceptance systems into their daily business activities. Thus, the initial effort that the acquirers will need to put in will be to attain compliance with the network. Besides that, there are also two other vital steps that should be taken in order to completely meet the minimum requirement for the deployment of EMV terminals at the location of the merchants. They include:
- Identify the terminals that have the right EMVCo3 approach, and
- Confirm that the payment network-specific application logic is loaded onto the terminal.
2.13. Seven EMV compliance guiding principles
2.13.1 Make certain that all EMV payment networks have been approved.
The acquirer needs to consolidate all the known network requirements and plant flexibility in order to meet future requirements with minimal effort put into rectification. Each of the payment networks requires that the terminal be tested and approved before it is deployed. The main purpose of testing these terminals is to make sure that implanting any of the applications, especially the payment applications, in the merchant environment will not have any adverse impact on the functionality of the EMV (Kernel) that has been approved for use (MasterCard Advisors, 2012). Therefore, it is important to make sure that the acquirers have all the EMV terminals approved by all the payment networks before they are deployed into the terminal. Deploying the EMV into the terminals without the approval of all networks will bring about issues of interoperability that will require the software to be upgraded and redeployed.
2.13.2. Select the EMV terminal.
The next step is to select the EMV terminal that has the needed capabilities and approval that will be used to meet the needs of consumers. EMV is a specification that is based on options. Some of the options that the terminal might or might not provide support for are: PIN support and Offline Data Authentication (ODA). Normally, the payment methods will define which of these EMV options are required and which of them should serve optional roles in providing support for the market. As such, the merchant and acquirer also need to determine which of the options they intend to support. They will also need to determine the kind of environment in the terminal where they will need to be deployed. In order to provide support for the merchants and acquirers towards determining the terminal that meets their needs, terminal vendors offer Implementation Conformance Statements (ICS) that highlight the EMV features that are supported by each of the terminals.
2.13.3: Management of the terminal
The acquires need to insert an automated POS management system that will be used to update the terminal remotely. It has been noted that when compared with software, EMV parameters require more frequent updates and EMV-specific parameters also require more frequent updates than traditional terminals. Thus, it is required that there should be a centralized terminal management software that can be used to remotely update the terminals (MasterCard Advisors, 2012).
EMV Key Management (2.13.4)
There should be trained resources and support for key management, even if the company is not using them. That is to say, key management should be considered the center of the acquirer’s implementation plan. This is because cryptographic keys play a vital role when it comes to authenticating offline cards and devices as well as providing support for PIN offline. Keys are required to be periodically updated and deleted as necessary (MasterCard Advisors, 2012).
EMV testing and testing tools
In addition to the specific network approval tests, it is also important to conduct additional tests. Everything in the network and terminal should be tested to check for vulnerabilities. Before the EMV terminal is deployed, it is important to test each of the terminal brand models and configurations that are being deployed. These tests need to be conducted on both the hardware interface and the kernel interface and approved before the terminal can be deployed. The payment networks also need to be tested, with each of the payment networks given a specific kind of test that will need to be passed before the network will be approved to provide support for the terminal’s EMV chips.
EMV merchant onboarding procedure
It is also important to employ tools that can possibly be used to reduce the required volume of time and technical expertise. This is because the deployment process for each EMV will vary according to the type of customer it is being deployed for. Thus, the approach employed in the deployment process needs to be carefully communicated in order to ensure that efficient and effective control measures are put in place.
2.13.7 Monitoring after deployment
Once the terminal has been deployed, it is also important to monitor performance data in order to highlight required changes as early as possible and provide enhanced customer service. The main aim of post-deployment monitoring is to identify areas that have issues, such as challenges in the exception process and system issues during the early implementation stage. Other areas also include data capturing for better analysis. Another reason why monitoring should be incorporated is to ensure observance of chip utilization rates and the volume of magstrip fallback that can be used to alert customers about their private data being abused. This can result in an increase in the volume of consumer satisfaction, opportunities for service revenue, and needed data that can be used to build better business cases for merchants who have yet to integrate EMV into their systems.
From the above discussions, it can be seen that EMV has the potential to enhance the overall security of financial transactions, something that will bring about enhanced satisfaction for the consumer and better performance for the banks. Thus, it is expected that banks that desire to offer higher security to their consumers will also need to comply with the standards that have been set by EMV systems.
In conclusion, it can be stated that this chapter has been able to serve the purpose for which it was developed. This is because it has shed needed light on what financial fraud is all about, the causes of financial fraud and the efforts being made by financial service providers to curb it. Additionally, it noted that the process of preventing financial fraud does require a huge commitment from the banks. The expected benefits of which will be higher trust and loyalty from consumers. Once the consumers trust the services offered by the bank and become loyal to them, it is expected that such a development will have a subsequent positive influence on the performance of the bank because switch intention will be significantly reduced. Thus, this research will proceed to conduct a primary study on how compliance with the PCI DSS and EMV standards will help universal banks in Ghana reduce fraud in their systems.
Chapter Three
RESEARCH METHODOLOGY
3.0. Orientation
In this chapter, the focus will be on detailed analysis of the approaches used in the primary research. In essence, discussion will be held in relation to the research strategy, research design, research tool, and approaches for data gathering and analysis. Essentially, it is expected that by the end of this chapter, a clear and concise understanding of the primary research will be presented.
3.1. Theoretical framework
Figure 1: Conceptual Framework
Source: Author
From the above framework, it is understood that compliance with PCI DSS and EMV will reduce the volume of card payment fraud in universal banks in Ghana, which will effectively enhance consumers’ level of satisfaction with these banks. The idea behind this is that since fraud has been significantly reduced, consumers will be happy and feel secure. As such, their loyalty will be restored as they begin to feel protected by the bank. Additionally, the bank’s performance will also be enhanced due to the higher repurchase intention, loyalty, and recommendation from the consumers. Thus, it can also be said that compliance will go a long way in helping universal banks in Ghana gain competitive advantage.
Research strategy and design
In general, the approaches to research are grouped into three: qualitative, quantitative, and mixed. It is also important to note that while these research strategies might appear discrete, that is actually not the case in a real setting. What is implied here is that quantitative and qualitative research strategies need to be considered distinct research categories, with polar opposites and dichotomous in nature. Simply put, these research strategies represent opposite ends of a continuum (Newman & Benz, 1998).The reason for this is that no matter how the research is constructed, it seems to be more qualitative than quantitative and vice versa. The mixed approach does rest in the middle of these two strategies as it combines the elements of qualitative and quantitative research.
Under normal circumstances, the difference between qualitative and quantitative research methods is based on the word (qualitative) instead of the numbers (quantitative), and they can also be differentiated by the use of close-ended questions (in the form of quantitative hypotheses) instead of open-ended questions (that involve qualitative interview questions). A better way to understand the difference between these two kinds of research is to view it from a philosophical assumption which the researcher attaches to the research process, and this can come in the form of research strategy (for instance, quantitative experiment or qualitative case study) and the defined approaches that the researcher uses to conduct the research (for instance, gathering of quantitative data with the aid of data instruments like questionnaires instead of the observational form of data gathering used in qualitative research). Also, each of these research approaches has a historical evolution. In the case of qualitative research, it occupied social research in the late 19th century, but a quantitative approach dominated the 20th century, and the 20th century also featured wide penetration of the mixed research method. Before deciding on the research strategy that will be used in this study, it is important to have an overview of the different kinds of research methods, as it will help readers to understand the strategy chosen, while also helping the researcher to determine the best strategy for this particular research.
Qualitative investigation
This is a kind of research that is used to explore and understand the meaning attached to a given social or human issue by an individual or group of individuals. In this form of research, application is mainly based on the emergence of procedures and questions, and the data is usually gathered in the environment of the participant, inductively analyzed while referencing established terms in the research process, as the researcher looks to interpret the data in relation to the social or human issue being studied. This form of research allows for flexibility in structures in its final reports, and the researchers that make use of this form of research aim to provide a way to support an inductive approach by focusing on the meaning that individuals attach to a given issue and the need to read meaning into the complex issue that is being studied.
Quantitative analysis
This is a form of research that is used to test the objectivity of a theory by defining the kind of relationship between variables loaded into the research. Usually, the approach for measuring these variables is with the use of instruments, which provide statistical formats that can be used to analyze the numbered data. Usually, the final report comes in the form of a structured set that contains an introduction, review of literature, research methodology, analysis of findings, and discussions. Like with qualitative research, the researchers that adopt this kind of research do it for a purpose, which is to deductively test theories that will eventually help them to build protection against biases, control alternative explanations, and allow them to replicate as well as generalize the findings from the research.
Mixed methods research
In this form of research, both qualitative and quantitative data are collected, analyzed, and interpreted, and these data are normally based on distinct approaches that can contain philosophical assumptions and theoretical frameworks. The main assumption here is that by combining the two research methods, the researcher can be able to present a better and more complete understanding of the issue at hand as opposed to a situation where only one of these approaches is utilized.
Normally, processes in research do not stop at selecting the research method that will be used to conduct the research, because it is also crucial that the research make sure that the method selected is actually the best for the research. Having a clear understanding of the approaches used in research will help the researcher to make sure that there is a defined and specific direction for the research, which is known as the research strategy (Denzin & Lincoln, 2011).
The quantitative method is the chosen strategy for this research. Throughout the late 19th century down to the entire 20th century, strategies of enquiry that were based on quantitative research did aid in triggering a global view on positivism and originality, which was mainly based on psychology. The form of research comprises true experiments and quasi-experiments, which is a less complex method (Campbell & Stanley, 1963). Other experimental designs featured during this time period include single-subject experiments and applied behavioral analysis, in which an experimental treatment is administered to one group while another group is denied the same treatment, and the two groups are compared in terms of how the experimental treatment influences outcomes (Cooper, Heron, & Heward, 2007; Neuman & McCormick, 1995).Non-experimental forms of quantitative research also exist, with casual-comparative study as one of the most prominent examples. This form of research involves the comparison of two or more groups by referencing casual factors (which are the independent variables) to issues that have already taken place. Another kind of non-experimental research is correlation design. This kind of research is all about the researcher adopting correlation statistics to describe and measure the extent of relationship (or how things are associated) between sets of variables by referencing established scores (Creswell, 2012). In any case, it should be noted that in recent years, there have been advancements in these research designs, and this has led to the research process being described in the form of more of a complex relationship between variables that are contained within a structured technique like logistical regression, modeling, or linear modeling. Recently, complex experiments that contain different variables and treatments (for instance, factorial designs and designs that are based on measures) have also been featured in quantitative studies. On the same note, elaborate structural equation methods are also featured in this form of research, and they involve the identification of the combined strength of different variables across a defined casual path. In any case, the focus of discussion will be on survey-based experiments as that is the approach adopted in this research.
In a survey-based form of research, the researcher actually offers different or quantitative descriptions of perceptions, attitudes, or trends within a defined population by analyzing a sample of that population. This form of research involves cross-sectional and longitudinal studies that adopt a questionnaire or structured interview as the instrument for gathering data, and the main purpose of this research is to present a general view by sampling the population (Fowler, 2008).
Experimental research, on the other hand, is designed with the intention of determining whether or not a given treatment does influence the research outcome. In this form of research, the research actually measures the extent of such influence by offering some treatments to a given individual or group while withholding the same treatment from another individual or group and comparing both in order to determine the differences in terms of treatments initiated. There are two types of experiments: true experiments, in which subjects are assigned at random, and quasi-experiments, in which no subjects are assigned (Keppel, 1991).The quasi-experiments also contain single-subject designs. For this research, the chosen approach is quantitative research, and the data gathered will be gathered with a questionnaire-survey.
Variable definition
In the research process, it is important to understand what variables are all about and the different kinds of variables because they present reference steps that can be used to develop a research or quantitative theory. Variables can be defined as the features or attributes of a person or company that can be observed through measurement and are not the same for different individuals or companies. Due to these differences, it is possible to attach a score to a given situation that falls into two or more categories that are also mutually exclusive (Thompson, 2006). The preferred term for the above definition in psychological research is construct, and it is defined as the volume of abstract ideas that are weighted against a defined term. However, social research (which is where the present research falls into) uses the term variable. Some of the most commonly measured variables are gender, age, behavior, and attitudes. Numerous researchers (e.g., Isaac and Michael, 1981; Keppel, 1991; Kerlinger, 1979; Thompson, 2006; Thorndike, 1997) have provided detailed discussions on the various types of variables, their applications, and measurement scales.There are two categories used to differentiate variables: temporal order and measurement.
In the case of measurement, it simply means that one of the variables comes after the other within a given time frame. Due to the timing order, it is possible to state that one variable will have an influence on another. In any case, the right statement should be that one of the variables has the potential to influence the outcome of another variable. The reason for this is that in research that is focused on human and natural themes, it might be impossible for the researcher to determine the absolute cause and effect (Rosenthal & Rosnow, 1991), which means that the researcher will have no other option than to adopt the term "probable causation." On the other hand, temporal order means that the research views the variables in sets of order, moving from right to left (Punch, 2005), and these variables are ordered according to the purpose of the research, research question, and visual models that move from left to right in a form of cause and effect presentation. The different kinds of variables are as discussed below.
Independent variables
They are the variables that have the possibility of causing, influencing, or altering the outcome of a given circumstance. They are also called manipulated, antecedent, predictor, or treatment variables.
Variables that are dependent
They are the variables that depend on the independent variable, which implies that they are the outcome or product of the effect that the independent variable has on a situation. They are also called response, criterion, effect, or outcome variables.
Intervening or mediating variables
These kinds of variables function between the independent and dependent variables, playing a mediating role in the effect that the independent variables have on the dependent variables. For example, if a patient takes medications for an illness and ends up getting well, the independent variable (medication) caused an effect (healing the patient, which is the dependent variable). However, the extent of healing does depend on the patient’s decision to take the medication in the right order and as prescribed. That is to say, the mediating variable (decision of the patient to take the medication) influences the actual outcome (perfect healing).
Moderating factors
They represent independent variables that influence the direction and strength of the relationship between the dependent variables and independent variables (Thompson, 2006). It is viewed as the new variable which the researcher constructs in order to determine the combined influence that two variables can have on a given situation. They are normally found in experimental studies.
From the above figure (3.2), EMV and PCI DSS are the independent variables that influence the level of reduced card payment fraud in universal banks in Ghana. However, this influence is mitigated by the extent to which the banks comply with the PCI DSS and EMV standards. That is to say, the higher the compliance, the lower the level of card payment fraud and vice versa.
Hypothesis of research
HP1: Compliance with PCI DSS and EMV standards will help reduce card payment fraud in universal banks in Ghana.
HP2: The higher the level of compliance by these banks to these standards, the lower the rate of card payment fraud.
HP3: A lower rate of card payment fraud will boost consumers’ satisfaction and loyalty to the bank.
Participants
For this research, there are two sets of respondents. The first set are employees of universal banks, while the second set are their consumers. This implies that two sets of questionnaires were used to gather data in this research. The reason for this is that the research method gathers both internal and external data. From the internal data (employees), information will be gathered on overall compliance with PCI DSS and EMV standards. Essentially, the researcher will be able to understand the level of implementation of these standards by the bank as it relates to the overall commitment of the bank to protect their consumers. The second set of respondents are the consumers, and questions asked them about their overall fraud experience, the influence of fraud on their brand loyalty, and what they think about the principles of EMV and PCI DSS as it relates to the prevention of card payment fraud.
For the first set, 50 responses were gathered. That is to say, 50 employees were interviewed. For the second set, 150 responses were gathered, which implies that 150 consumers were interviewed. In essence, a total of 200 responses were gathered for this research.
Prior to data gathering, samples of the questionnaire were distributed to potential respondents from each of the two sets. The purpose was to understand their overall assimilation of the questions asked. This is because respondents' understanding of the question does have a direct influence on response pattern and overall data quality. In this case, a random sampling method was used for both the sample and actual data gathering. Necessary corrective measures were enacted once the response from the sample had been gathered. Overall, the distributed sample questionnaire is the same as the final questionnaire used to gather data, except for some cases where changes (grammatical) were made in order to ensure that all respondents can easily understand the questions and respond as necessary.
Data gathering methods and measurement
As noted earlier, this is survey-based research. Thus, a questionnaire was used to gather data in this case. There are two questionnaires in this case, one for the employees and the other for the consumers. The questionnaire was divided into two sections. The first section gathers demographic data while the second section presents close-ended questions for the respondents to attend. For the closed-end questions, Likert’s 5-point scale was used and respondents had to choose from 1–5 as it relates to the point that best represents their view. A random-based sampling method was used. That is to say, all the staff and consumers have the chance to participate in this research. Through this approach, the research was enhanced because responses were gathered from different people with different backgrounds as opposed to selective sampling methods. The gathered data was analyzed with the aid of the SPSS statistical tool. Findings from the data are discussed in Chapter Four below.
The research's ethics
In the process of conceptualizing the writing process for any research, it is also important to put into consideration the issues that might arise in the course of delivering a given research study (Berg, 2001; Hesse-Biber & Leavy, 2011; Punch, 2005; Sieber, 1998). The reason behind this is that research is normally based on data, and this data is gathered from different people and sources (Punch, 2005). On that note, it is important to look into issues of ethics as it helps develop the background for argumentation as well as format the right order of the topics. It is also important that the researcher offer the respondents necessary protection by creating trust with them and promoting the research’s integrity, while also creating a barrier for misconduct or improper actions that could have an effect on the company or institution where the research is taking place, while also presenting the researcher with opportunities to cope with new challenges as the research develops (Israel & Hay, 2006). Therefore, it is evident that it is important to address the question of ethics, especially in modern research, because it does help in handling issues of credibility, disclosure, privacy, authenticity, and other cross-cultural issues (Israel & Hay, 2006). The advancement in internet technology has actually made these issues very complex. For this research, the ethical issue comes mainly from data gathering and analysis.
For this research, two forms of data were gathered. The first set of data (which was used for the review of literature) is secondary data, and the second set (which is analyzed in chapter four) is primary data. The quality of these two data sets determines the overall quality of this research as they shape the findings made in this research. First, the secondary data: it was gathered from reliable journals, government publications, and corporate press releases. This data is used to develop the variables (which were later loaded into the primary research), so necessary measures were taken in order to ensure that it was of the highest quality. While there is a wealth of secondary data on fraud, little research and secondary data focused on fraud as it relates to card payments.In the case of the primary data, it is gathered from real respondents in real settings. In the course of gathering the primary research, the researcher ensured that respondents’ choices were not influenced in any form and that the respondents had a clear understanding of the questions loaded in this research. Gathered data was keyed in and analyzed in the right order without any manipulation. Thus, it can be said that the data used in this research is of top quality, which implies that the findings will also be of high quality.
Chapter Four
DATA ANALYSIS
Introduction
In this section, the findings from the primary research are presented. To start with, a test of reliability and validity is conducted. This is followed by demographic analysis, descriptive statistics, correlational analysis, and other statistical measures considered important in this chapter. Finally, existing findings were used to test the hypothesis.
Reliability and validity tests
In psychological tests, reliability is a big issue for concern as such research involves the measurement of human attributes and behavior (Rosenthal and Rosnow, 1991). As an example, if a test is conducted and the researcher desires to understand the functionality of such a test, it is vital that the test used consistently discriminates individuals at a given point or another. What is implied here is that reliability is the level to which measurements can be repeated — in the case that the measurement is performed by different people, on different occasions, under different settings, with expectably alternative instruments that are used to measure the exact same thing. In essence, reliability is all about how consistent these instruments are (Bollen, 1989), or how stable these instruments are when applied over different conditions, and the basis is that the same result should be obtained although the instruments used might be different (Nunnally, 1978).
The main importance of testing data reliability is that data obtained from behavioral research is normally influenced by measurement errors at random. These measurement errors normally arise either in the form of random error or systematic error. Bathroom scales are one good example of what is implied here (Rosenthal and Rosnow, 1991). In the case that one repeatedly weighs himself or herself on a bathroom scale, it is obvious that systematic error will be featured considering that the scale should maintain a consistent measure of the person’s weight, but it will always turn out to be 101b even when the person is actually heavier than that. If the scale was actually accurate, there would still be a random error, but the individual would misread it in the process of weighting him or herself. Due to these errors, it becomes clear that one will actually read the weight to be slightly higher on some occasions and lower on others than what it actually is. However, if a single person is repeatedly measured, the random error will eventually cancel out on average. System error, in any case, doesn’t cancel out and this contributes to the mean score of the subject that is being studied, which will make the mean value be either small or big.
In a test, a random error can have different kinds of influence. For instance, in the case that the test only has a small number of units, the extent of students’ performance will be influenced by the extent of their luck in relation to the right answers. On the same note, if a student is given a test while sick, the person might not perform as well as they would when healthy. In conclusion, when a student decides to guess an answer on an exam, such a guess will usher in a level of unreliability or randomness in the overall result of the test (Nunnally, 1978).
In essence, what is implied here is that variations in the forms of tests can bring about different kinds of errors due to the situational factors that influence the subject being studied, the approaches adopted by the researcher for such a study, and the other factors that can influence the outcome of the research process. As such, researchers are normally limited by the reliability of the measurement instrument or the reliability they use in a given research project.
Something that inexperienced researchers find confusing is that a reliable measure does not necessarily mean a valid measure. This can be deduced from Bollen’s (1990) explanation where it is made known that reliability is a kind of measure that doesn’t contain purely random error and it is not mandated in the description of reliability that the measure must be valid. Simply put, it is very possible to have a reliable measure that is not valid. However, this is wider than what this section is talking about.
Table 1: Reliability of staff's data
Case Processing
Summary |
|||||
|
N |
% |
|||
Cases |
Valid |
50 |
100.0 |
||
Excludeda |
0 |
.0 |
|||
Total |
50 |
100.0 |
|||
a. Listwise deletion based on all variables in the procedure. |
|||||
Reliability Statistics |
|
||||
Cronbach's
Alpha |
N of
Items |
|
|||
.272 |
14 |
|
In testing data reliability, the Crombach’s Alpha is one of the most prominently used tools (rule). In this rule, it is stated that a data set is considered reliable if the alpha score is 0.5 or above, where the higher the alpha score, the higher the reliability.
From the above table 1, it can be seen that the reliability test returned a value of.272, which could generally be considered unreliable. However, this is not the case as the data gathered in this set is limited and the reliability of data in terms of Crombach’s Alpha is highly influenced by the volume of data gathered. That is to say, the higher the volume of gathered data, the higher the expected level of reliability. Considering that the data used in this case is gathered from real staff in real universal banks across Ghana, the data can, as such, be described as reliable.
Table
2: Reliability of customer data
Case Processing
Summary |
|||||
|
N |
% |
|||
Cases |
Valid |
150 |
100.0 |
||
Excludeda |
0 |
.0 |
|||
Total |
150 |
100.0 |
|||
a. Listwise deletion based on all variables in the procedure. |
|||||
Reliability Statistics |
|
||||
Cronbach's
Alpha |
N of
Items |
|
|||
.654 |
14 |
|
|||
In terms of the customer data, the reliability level is found to be 0.654, or 64.5% reliable. Thus, it exceeds the minimum standards and does indicate a high level of reliability for the gathered data. This does go to confirm the earlier statement that in statistical research, the reliability of data is sometimes influenced by the volume of such data. As such, earlier assumptions as to why the staff data wasn’t so reliable have been justified. What can be concluded in this case is that the data gathered for this research is reliable and, as such, the findings can be applied in a real-life setting.
Analysis of findings from bank staffs
Demographic research
Table
3: Age of staffs
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
male |
22 |
44.0 |
44.0 |
44.0 |
female |
28 |
56.0 |
56.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
From the above analysis, it can be seen that male respondents represent 56% of the total responses, while females represent 44%. What can be deduced from this analysis is that both genders are fairly represented and, as such, findings from this research can be applied to both genders.
Table
4: Age of respondents
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
below 20 years |
3 |
6.0 |
6.0 |
6.0 |
21-30 years |
28 |
56.0 |
56.0 |
62.0 |
|
31-40 years |
11 |
22.0 |
22.0 |
84.0 |
|
41-50 years |
4 |
8.0 |
8.0 |
92.0 |
|
above 50 years |
4 |
8.0 |
8.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
The table 3 above indicates that majority of the staffs are aged between 21-30 years old (56%), followed by those aged between 31-40 years old (22%), with those aged 41-50 years and those aged above 50 marking up 8% each and the least are those aged below 20 with only 6%. What can be deduced here is that the findings are in line with what is obtainable in the banking industry as age is a predetermining factor for employment in the industry. The industry seems to focus more on young adults with the right energy to deliver set corporate objectives. However, such is not the context of this research.
Table
5: Years of Working Experience
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
1-10 years |
21 |
42.0 |
42.0 |
42.0 |
11-20 years |
9 |
18.0 |
18.0 |
60.0 |
|
21-30 years |
9 |
18.0 |
18.0 |
78.0 |
|
above 30 years |
11 |
22.0 |
22.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
When it comes to the question loaded in this research, experience is very crucial because it does determine the extent to which respondents can understand as well as contribute to the research. From the above analysis, it can be seen that 58% of the respondents have worked for over 10 years and this means that they are well positioned to contribute positively to the quality of this research.
Table 6: How many years have you been working for your bank?
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
1-5 years |
19 |
38.0 |
38.0 |
38.0 |
6-10 years |
15 |
30.0 |
30.0 |
68.0 |
|
above 10 years |
16 |
32.0 |
32.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
Besides having regular working experience, having experience with banking functions does contribute positively to the quality of this research. This is because this research is based on issues that occur in the banking sector and it is only through such experience that respondents will be able to positively contribute to the quality of the research. As indicated in the table 5 above, majority of the respondents 62% have been working in the banking sector for over 5 years. Thus, it can be concluded that they are well positioned to address the questions raised in this research.
Descriptive
statistics
Figure
4: Card payment fraud is a common facet in
the corporate world
The first question loaded was geared towards understanding respondents general perception of fraud in the corporate setting and it can be seen from the above figure 4 that they consider card fraud to be common in the present global business world (see appendix 3 for exact percentage value). In essence what can be derived here is that card fraud is a serious issue and it does need the urgent response this research has accorded it.
Figure
5: The rate of card payment fraud in my bank
is worrying
The second question was designed to understand respondents’ perception of the rate of card payment fraud in their bank. As indicated above, over 60% disagree that the rate of card payment fraud in their bank is worrying, while over 25% agree that such cases are worrying (see appendix 3 for exact percentage of response). What can be gathered here is that the banks studied have been able to adopt a number of necessary measures towards preventing card payment fraud. However, the fact that over 25% of respondents agree that the issue of card payment fraud in their banks are worrying also reflects the fact that banking consumers need to be protected and financial institutions in Ghana need to up their games to such effect.
Figure
6: I think customers will easily lose trust
with my bank if they ever become victims of card payment fraud
For every business, consumers represent the link between success and failure. This is because the more sales a company can make (through huge consumer base), the higher the company’s potential to ensure sustainable profitability. As indicated above, over 70% of respondents (see exact percentage volume in appendix 3) agree that their consumers will likely lose trust with the bank if they ever become victims of card fraud payment. What can be gathered in this effect is that preventing card payment fraud is more important than remedying for such occurrence. This is because once consumers experience such, they are more or less certain to lose trust and that will mean reduced loyalty, patronization and profitability for the bank in question. Essentially, the essence of this research is further acknowledged based on the understanding that this research is designed to study how such card payment fraud issues can be combated in the Ghana banking industry with PCI DSS and EMV.
Figure
7: Our top management knows and understands
that card payment fraud is a big issue in the banking sector
The solution to any problem starts with the top management being fully aware of such issue. Thus, this question was loaded into the research and as can be seen from the above figure 7, over 70% of respondents agree that their top management are aware of the issues card payment fraud poses to their sustainability, while over 15% of the respondents think that their management are not fully aware of the issue card payment fraud and the risk it poses to their sustainable business performance. By being aware of the threats posed by card payment fraud, it is clear that the top management will also be willing to address such issues by enacting practices such as the PCI DSS and EMV standards. However, it is important to note that the 15% of respondents who think that their management are not fully aware of such threats also presents worrying signs in the banking industry as the threat is something that all managements should be aware.
Figure
8: The management is committed towards
offering consumers the right protection against fraud
In the figure 7, it was noted that the level of awareness management have as it related to the issue of card payment fraud will definitely determine their level of exposure to necessary approaches that can be used to tackle this issue. The above figure 8 is in line with such understanding as it is developed to analyze the management’s commitment towards protecting consumers from card payment fraud. As can be seen above, over 70% of the respondents (see appendix 3 for exact percentage) agree that their management are committed towards protecting the customers against such fraudulent cases. Thus, it can be said that they must at one point implemented necessary remedies to such effect (which can include PCI DSS and EMV) and such will be further tested in this in this research.
Figure
9: Necessary security measures and protocols
are being put in place by the management to offer customers desired financial
protection
Still in line with discussion on figures 7 and 8, the above figure 9 tests the extent to which the management of universal banks in Ghana have put in necessary measures and protocols to offer customers desired financial protection. As indicated above, over 75% (see appendix 3 for exact percentage of response) agree that their banks offer consumers necessary financial protection by adopting the right standards and measures in terms of their banking practices. In essence, it is expected that the large volume of customers in these banks will feel an air of security with the measures that these banks have implemented. However, such will be further tested in the consumers’ response as contained below.
Figure
10: Our card processing measures are based on
PCI DSS and EMV standards
Overall, the context of this research is geared towards understanding the extent to which PCI DSS and EMV standards are being implemented in universal banks in Ghana as well as the impact of such implementation on overall customer security. These standards are vividly described in the review of literatures and as such loaded in this research in order to understand the extent to which they are being implemented by the banks studied. From the above analysis, over 75% of respondents (see appendix 3 for exact percentage figure) agree that PCI DSS and EMV are employed in their bank’s card processing measure. This is in line with earlier understandings where it was made known that top managements are aware of the threats posed by card processing frauds and they enact necessary measures to combat such outcomes as well as to offer consumers desired financial protection. The overall impact will be a resulting increase on brand loyalty because the basic thing consumers need (as indicated in the review of literatures) in the banking sector is total financial security.
Figure
11: I think my bank complies with all the PCI
DSS and EMV standards
In
the figure 10, the exact level of implementation as it relates to all the
points indicates in the two standards were not clearly measures. Basically, the
figure 10 above measures whether or not such standards are implemented (and not
whether the entire principled in each of these standard are complied with).
Thus, the figure 11 above was developed to analyze whether or not these banks
apply all the principles (or just pick few related to their taste and
capabilities). From the above analysis, over 50% agree that their banks apply all
the principles in the standards when it comes to card process, while over 25%
do not agree to such effect (see appendix 3 for exact percentage of response).
What is interesting here is not the volume that agree, but the significant
(> 25%) that disagree. That is to say, not all universal banks in Ghana
actually employ all principles of PCI DSS and EMV standards but that does not
mean they do not employ any of such at all. Thus, one must be worried out the
potential outcome of financial secure measured offered by the banks that
decides to emit some of the principles. This is based on the fact that emitting
some of these principles could create loophole for hackers to threaten
consumers’ safety in the bank. However, the significant volume (> 50%) of
those that comply with all principles is a welcomed discovery.
Figure
12: I believe that full compliance with the
PCI DSS and EMV standards will help offer customers better financial protection
against card payment fraud
The
figure 11 above, it is shown that over 75% of the respondents are of the view
that if their banks are able to comply with all principles of PCI DSS and EMV
standards, they will be better positioned to offer their customers advanced
level of financial security. Thus, this finding further justifies the idea in
the review of literatures where it was made known that compliance to these two
standards will inevitable help to prevent card payment fraud.
Figure
13: When compared with previous measures, I
think that PCI DSS and EMV standards have reduce the rate of financial fraud in
my bank significantly
Finally,
the staffs where asked to compare between the present standard of PCI DSS and
EMV with standards that were previously employed in their banks. The essence is
that such will help in further justification of the existing idea that PCI DSS
and EMV standards offer advanced security protection when compared with
conventional approaches. As indicated above, over 70% (see exact percentage
rate in the appendix 3) of the respondent agree to that. Thus, it can be stated
that PCI DSS and EMV standards are the right remedies for preventing as well as
combating card payment fraud.
From the above analysis of staffs’ data, a number of findings have been discovered in relation to the context of this research. First, it is now clear that card payment fraud is a widely acknowledged issue not just in the banking industry but in the wide corporate settings at large. Secondary, the management of universal banks in Ghana are aware of this issue and the threat it poses to overall security of their customers. Thus, these management have enacted a number of security measures in order to help protect their customers. The overall benefit of such protection will be subsequent increase in level of brand loyalty, which will help create sustainable performance for the bank. Finally, it was also discovered that PCI DSS and EMV standards are much better ways for protecting consumers when compared with the conventional methods. In order to ensure that such objective is fully attainable, it is recommended that banks must comply with all principles of the standards as such will better ensure full protection against issues of card payment fraud. However, the consumers have a role to play to this effect and such will be discussed below in relation to the data gathered from customers.
Customers’ response
Demographic
analysis
Table
7: Gender of respondents
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
male |
73 |
48.7 |
48.7 |
48.7 |
female |
77 |
51.3 |
51.3 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
The
gender of consumers is the first variable loaded in this research and as can be
seen from the table 7 above, majority of the respondents are female with a
total 51.3% of the response while the outstanding 48.7% are male. It is
important to note that this does not in any form mimic a picture of the gender
distribution in terms of banking customers in Ghana. This is because this is a
random based sampling research (which means that only those present and willing
to participate contributed to this research). Additionally, such measure is not
in the context of this research and will not be addressed in any form. However,
what can be stated here is that since the genders are well represented, the
findings from this research can be applied to both genders.
Table
8: Age of respondents
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
below 20 years old |
30 |
20.0 |
20.0 |
20.0 |
20-30 years old |
54 |
36.0 |
36.0 |
56.0 |
|
31-40 years old |
35 |
23.3 |
23.3 |
79.3 |
|
41-50 years old |
20 |
13.3 |
13.3 |
92.7 |
|
50 year and above |
11 |
7.3 |
7.3 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
As
shown in the table 8 above, majority of the respondents are aged between 20-30
years with 36% of the total response, followed by those aged 31-40 years with
23.3% of the response. Those aged below 20 years have 20% of the total
response, those aged between 41-50 years have 13.3% of the total response while
those aged above 50 come in as the least with 7.3% of the response. Once again,
this is a random based research and the findings above does not in any
represent actual age distribution among consumers in the banks studied, but it
can be said that all ages are well represented and findings from this research
can be applied to consumers of all ages.
Table
9: How many years have you been using banking
services?
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
1-10 years |
35 |
23.3 |
23.3 |
23.3 |
11-20 years |
55 |
36.7 |
36.7 |
60.0 |
|
21-30 years |
37 |
24.7 |
24.7 |
84.7 |
|
Over 30 years |
23 |
15.3 |
15.3 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
Experience
is a key factor when it comes to addressing the questions in this research.
This is based on the view that the more someone has used a banking service, the
higher the person’s chances of being exposed to the issues that form the basis
of this r research. From the above analysis, it can be seen that majority of
the respondent (76.7%) have been making use of banking services for over 10
years. What is reflected here is that they are better positioned to address
questions raised in this research as they must at one point being exposed to a
number of banking related risks.
Table
10: How many years have you been banking with
this particular bank?
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
1-5 years |
45 |
30.0 |
30.0 |
30.0 |
6-10 years |
72 |
48.0 |
48.0 |
78.0 |
|
Over 10 years |
33 |
22.0 |
22.0 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
One
of the man benefits of providing banking customers with sound security is that
it makes them feel safe with the banks services and as such enhance their
overall security level. On that accord, the case of security is discussed above
as it related to how many years the respondents have been banking with their
present bank. As indicated above table 10, 70% of the respondents have been
banking with their present bank for over 5 years. The years of experience is
significant and it must have exposed them to a number of the bank’s
characteristics, allowing for better understanding of the overall quality of
the services offered by the bank (in terms of security features and others). In
essence, what can be said here is that the respondents are well positioned to
address the questions raised in the research, further validating the quality of
findings from this research.
Descriptive statistics
Table
11: When I make decision on banking service
providers, financial security is a key factor
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
63 |
42.0 |
42.0 |
42.0 |
Agree |
67 |
44.7 |
44.7 |
86.7 |
|
Neutral |
6 |
4.0 |
4.0 |
90.7 |
|
Disagree |
10 |
6.7 |
6.7 |
97.3 |
|
Totally Disagree |
4 |
2.7 |
2.7 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
The
first question is designed to understand whether or not financial security
influences consumers’ choice of banking service provider in the Ghanaian
universal banking industry. The finding is presented in table 11 above and it
shows that 42% of respondents totally agree and another 44.7% of respondents
agree (a total of 86.7%) that their choice of banking service provider is
influenced by the level of financial security offered by the bank. This is in
line with earlier views from the review of literatures where it was made known
that the main feature customers look for in the banking industry is the security
level of services offered by these banks.
Table
12: I think the issue of financial fraud is
something that must be handled
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
84 |
56.0 |
56.0 |
56.0 |
Agree |
57 |
38.0 |
38.0 |
94.0 |
|
Neutral |
3 |
2.0 |
2.0 |
96.0 |
|
Disagree |
5 |
3.3 |
3.3 |
99.3 |
|
Totally Disagree |
1 |
.7 |
.7 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
Earlier
on, the staffs were asked about their view on the security issues facing
financial institutions and they acknowledged that such represent a big risk to
the overall sustainability of the industry. This same question has been loaded
for the consumers with the same objective. From the table 12 above, 94% of the
respondents agree to such. This is in line with earlier views in the review of
literature where it was made known that the rate of financial fraud in the
banking industry is on the rise and necessary measures need to be employed in
order to combat such situation.
Table
13: I am always worried about my financial
security
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
83 |
55.3 |
55.3 |
55.3 |
Agree |
55 |
36.7 |
36.7 |
92.0 |
|
Neutral |
3 |
2.0 |
2.0 |
94.0 |
|
Disagree |
5 |
3.3 |
3.3 |
97.3 |
|
Totally Disagree |
4 |
2.7 |
2.7 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
In
the tables 11 and 12, the customers made known that quality security services
influences their choices of banking service providers and the rate of security
issues in the industry is something that the managements need to look into. In
order to understand why such views, the question in table 13 was loaded as to
understand the extent of concern these respondents have in relation to the
security of banking services offered to them. From the above table 13, 92% of
the respondents are always worried about the security of banking services made
available to them. This is understandable in relation to the review of the
literatures where it was made known that banking customers are normally worried
about security of the financial services provided by their banks because money
is not something that it is easy to come by.
From
the tables 11 to 13, what can generally be gained here is that providing
quality security services to the banking customers is very crucial for both
their loyalty and performance of the bank. This is because money is hard to
earn and they don’t want negative stories in relation to something they have
fought hard to acquire.
Table
14: I don’t really understand the security of
card payment process
|
Frequency |
Percent |
Valid Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
71 |
47.3 |
47.3 |
47.3 |
Agree |
59 |
39.3 |
39.3 |
86.7 |
|
Neutral |
5 |
3.3 |
3.3 |
90.0 |
|
Disagree |
8 |
5.3 |
5.3 |
95.3 |
|
Totally Disagree |
7 |
4.7 |
4.7 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
The
process of providing solution to a problem as discussed in the case of staffs’
data begins with having a clear understanding of what the problem is all about
and such is behind the decision to load this particular question into the
research. As noted above, 86.7% of the respondents are of the view that they
don’t actually understand the process involved in securing card payment. This
is understandable because it is not a process the banks disclose (considering
the security issues it might create), but at the same time, it does reduce the
overall potential of the customers to protect themselves because success can
only be measured to such effect when they know what to expect. As such, what
can be gathered here is that banks now have a huge role to ensure that
consumers are protected because these consumers don’t actually have clear
understanding of the process for such protection. Essentially, PCI DSS and EMV
standards implementation as is the basis of this research becomes much more
important.
Table
15: I am willing to pay more for added
security of my banking information
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
44 |
29.3 |
29.3 |
29.3 |
Agree |
38 |
25.3 |
25.3 |
54.7 |
|
Neutral |
8 |
5.3 |
5.3 |
60.0 |
|
Disagree |
38 |
25.3 |
25.3 |
85.3 |
|
Totally Disagree |
22 |
14.7 |
14.7 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
In the review of literatures, it was made known that consumers are always willing to pay more for quality services. Considering that securing the card payment process might come at added costs to the banks, it becomes important to test customers’ willingness to incur this added costs. From the above analysis, 54.7% are willing to pay more if such will guarantee overall security of their card payment process. However, another 40% of respondents are not willing to pay more for such as they believe security should be the basic function and duty of the banks. Thus, it can be stated that transferring the cost of maintaining a secured card payment system might reduce consumers’ loyalty and banks needs to find an efficient way of doing such on their own.
Table
16: I will switch from my present bank if I
see another bank that can offer me better security.
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
28 |
18.7 |
18.7 |
18.7 |
Agree |
54 |
36.0 |
36.0 |
54.7 |
|
Neutral |
21 |
14.0 |
14.0 |
68.7 |
|
Disagree |
33 |
22.0 |
22.0 |
90.7 |
|
Totally Disagree |
14 |
9.3 |
9.3 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
The
table 16 tests the influence of secured banking services on consumers’ loyalty
by asking consumers if they will be willing to switch to another bank that
offers better secured banking services than their present bank. 54.7% of the
consumers said yes, while 31.3% said no, and 14% are undecided. What can be
said here is that secured of financial services does influence loyalty of consumers
in the financial industry. However, switching due to poor secured services is
not an easy decision for the consumers. This can be related to the fact that
there are a number of other factors (such as location of banks, cost of
transaction, number of tailored services etc.) that influence overall potential
of the consumers to switch to another financial service provider.
Table
17: I think the double-line authentication for
online transactions offer me better security
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
40 |
26.7 |
26.7 |
26.7 |
Agree |
35 |
23.3 |
23.3 |
50.0 |
|
Neutral |
63 |
42.0 |
42.0 |
92.0 |
|
Disagree |
10 |
6.7 |
6.7 |
98.7 |
|
Totally Disagree |
2 |
1.3 |
1.3 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
As
discussed in the review of literatures, PCI DSS and EMV standards involved
double process authentication (where users get verified two times before a
transaction is considered successful). This was asked to the consumers to
understand their view of the process. From the table 17 above, it can be seen
that 50% agree that such is good when it comes to offering better security for
the customers. However, 42% are not sure about the effect of such on security
of card payment systems, while 8% think that it does not enhance security levels
as such can still be hacked by cyber criminals. The main factor for confusion
from the respondents can be due to the fact that they do not understand the
process of card payment security as discussed earlier. In any case, a higher
percentage consider such to have strong positive influence on the security of
card payment systems – which is good news for the purpose of this research.
Table
18: I don’t like buying things online because
I am worried about the security of my account details.
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
47 |
31.3 |
31.3 |
31.3 |
Agree |
43 |
28.7 |
28.7 |
60.0 |
|
Neutral |
23 |
15.3 |
15.3 |
75.3 |
|
Disagree |
24 |
16.0 |
16.0 |
91.3 |
|
Totally Disagree |
13 |
8.7 |
8.7 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
In
some cases, financial security threats are due to cyber criminals accessing the
personal information (card details) of the customers from either a reliable
sources that has such details or by directly hacking the consumers’ system.
Thus, it is expected that such could have effect on the way consumers view
online purchases with their cards. From the above analysis, 60% of consumers
agree that they are worried about the security of their account details (in
terms of the capability of the service providers and retailer to protect such
information against unauthorized access) when making online purchases.
Considering the advancement in information and communication technology, it is
without a doubt that online sales have a big feature and of course big risks
for users. Thus, banks should also stretch their security networks to online
settings.
Table
19: I think quality of service in the banking
industry is a matter of how secured my account and financial assets are.
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
57 |
38.0 |
38.0 |
38.0 |
Agree |
53 |
35.3 |
35.3 |
73.3 |
|
Neutral |
19 |
12.7 |
12.7 |
86.0 |
|
Disagree |
17 |
11.3 |
11.3 |
97.3 |
|
Totally Disagree |
4 |
2.7 |
2.7 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
From
the above consumer data, there is a question that remain unanswered and that is
how consumers’ measure quality. From the above table 19, consumers think that
quality in the banking industry is a matter of how secured their services are
as a total of 73.3% agree to that. Thus, the idea of PCI DSS and EMV
implementation as is the basis of this research is very important in the
banking industry.
Table
20: I feel secured with the services of my
current bank.
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
Totally Agree |
53 |
35.3 |
35.3 |
35.3 |
Agree |
54 |
36.0 |
36.0 |
71.3 |
|
Neutral |
25 |
16.7 |
16.7 |
88.0 |
|
Disagree |
12 |
8.0 |
8.0 |
96.0 |
|
Totally Disagree |
6 |
4.0 |
4.0 |
100.0 |
|
Total |
150 |
100.0 |
100.0 |
|
Finally,
consumers where asked about whether or not they feel secured with the services
offered by their present bank. As indicated in the table 20 above, 71.3% of the
respondents feel secured with their services, 16.7% are not sure, while 12%
don’t feel secured with the services of their current bank. As such, it can be stated that majority of
the consumers are satisfied with the quality of services offered by their banks
but enhancing such quality is still vital.
One-way
Anova Analysis
Table
21: One-way ANOVA
|
Sum of
Squares |
df |
Mean
Square |
F |
Sig. |
|
When I make decision on banking service providers, financial
security is a key factor. |
Between Groups |
.251 |
2 |
.125 |
.131 |
.877 |
Within Groups |
140.583 |
147 |
.956 |
|
|
|
Total |
140.833 |
149 |
|
|
|
|
I think the issue of financial fraud is something that must be
handled |
Between Groups |
.078 |
2 |
.039 |
.067 |
.935 |
Within Groups |
85.095 |
147 |
.579 |
|
|
|
Total |
85.173 |
149 |
|
|
|
|
I am always worried about my financial security |
Between Groups |
.575 |
2 |
.288 |
.355 |
.702 |
Within Groups |
118.998 |
147 |
.810 |
|
|
|
Total |
119.573 |
149 |
|
|
|
|
I don’t really understand the security of card payment process |
Between Groups |
2.551 |
2 |
1.275 |
1.151 |
.319 |
Within Groups |
162.843 |
147 |
1.108 |
|
|
|
Total |
165.393 |
149 |
|
|
|
|
I am willing to pay more for added security of my banking
information |
Between Groups |
5.562 |
2 |
2.781 |
1.271 |
.284 |
Within Groups |
321.532 |
147 |
2.187 |
|
|
|
Total |
327.093 |
149 |
|
|
|
|
I will switch from my present bank if I see another bank that
can offer me better security. |
Between Groups |
5.178 |
2 |
2.589 |
1.628 |
.200 |
Within Groups |
233.815 |
147 |
1.591 |
|
|
|
Total |
238.993 |
149 |
|
|
|
|
I think the double-line authentication for online transactions
offer me better security. |
Between Groups |
.965 |
2 |
.482 |
.492 |
.612 |
Within Groups |
144.029 |
147 |
.980 |
|
|
|
Total |
144.993 |
149 |
|
|
|
|
I don’t like buying things online because I am worried about
the security of my account details. |
Between Groups |
.683 |
2 |
.342 |
.196 |
.822 |
Within Groups |
255.857 |
147 |
1.741 |
|
|
|
Total |
256.540 |
149 |
|
|
|
|
I think quality of service in the banking industry is a matter
of how secured my account and financial assets are. |
Between Groups |
.914 |
2 |
.457 |
.376 |
.687 |
Within Groups |
178.660 |
147 |
1.215 |
|
|
|
Total |
179.573 |
149 |
|
|
|
|
I feel secured with the services of my current bank. |
Between Groups |
5.028 |
2 |
2.514 |
2.128 |
.123 |
Within Groups |
173.665 |
147 |
1.181 |
|
|
|
Total |
178.693 |
149 |
|
|
|
A
number of variables have been analyzed in the descriptive statistics as
contained in section 4.3.2 above. From the analysis, a number of understandings
in relation to security and its effects on consumers’ loyalty in the banking
industry. Thus, it becomes important to analyze the extent of the significance
of such findings. They were loaded in ANOVA system and the analysis is as
contained in table 21 above. Anova is a test used to prove or nullify a
hypothesis. If the value of significance is 0.005 (that is 5%) and above, the
hypothesis is adopted, else the null hypothesis will be adopted. From the above
table 21, it can be seen that all the variables have values higher than the
minimum significance levels, which implies that the findings in section 4.3.2
are valid.
Correlation
analysis
Table
22: Correlation of variables
|
How
many years have you been banking with this particular bank? |
I feel
secured with the services of my current bank. |
I will
switch from my present bank if I see another bank that can offer me better
security. |
When I
make decision on banking service providers, financial security is a key
factor. |
|
How many years have you been banking with this particular
bank? |
Pearson Correlation |
1 |
-.016 |
.141 |
-.029 |
Sig. (2-tailed) |
|
.846 |
.086 |
.726 |
|
N |
150 |
150 |
150 |
150 |
|
I feel secured with the services of my current bank. |
Pearson Correlation |
-.016 |
1 |
-.133 |
.021 |
Sig. (2-tailed) |
.846 |
|
.105 |
.799 |
|
N |
150 |
150 |
150 |
150 |
|
I will switch from my present bank if I see another bank that
can offer me better security. |
Pearson Correlation |
.141 |
-.133 |
1 |
.103 |
Sig. (2-tailed) |
.086 |
.105 |
|
.211 |
|
N |
150 |
150 |
150 |
150 |
|
When I make decision on banking service providers, financial
security is a key factor. |
Pearson Correlation |
-.029 |
.021 |
.103 |
1 |
Sig. (2-tailed) |
.726 |
.799 |
.211 |
|
|
N |
150 |
150 |
150 |
150 |
Analyzing
the relationship between variables is also important as it helps to understand
how one variable influences the other. Through such understanding, solutions
can better be designed to provide enhanced remedy for the issue at hand. For
instance, is age influenced experience, then it should be expected that the
older someone gets the more experienced the person will become. Effectively, if
the quest is for experienced people, then consultations must be with older
people. Variables are considered to be correlated if a significance value of
0.50 or higher is obtained. That is to say, the more the values are closer to
one, the higher the level of correlation between these variables.
Similarly, a number of variables where tested in terms of how they are correlated. From the table 22, it can be seen that the years consumers have been banking with a given bank influences their sense of security with the services offered by that bank (as a significance value of .846 was obtained). However, with a significance value of .086, the number of years a customer has been banking with a given bank is not correlated with their switch intention when it comes to switching to another bank with better quality. That is to say, at any given point (in terms of years they have been with the bank), the consumers will likely switch to other banks with higher security features if the security settings of their present bank declines. Still on years of banking loyalty, a significance value of .726 was obtained, which shows that consumers putting financial security into consideration when it comes to choice of banking services is correlated with the number of years they have been with their banks. That is to say, the more the trust (in terms of the security services offered by these banks), their loyalty to the bank will be higher and vice versa.
CHAPTER FIVE
CONCLUSION
Summary of findings
From
the onset of this research, the purpose was defined as to: access the impact of
PCI DSS and EMV compliance on the reduction of card payment frauds amongst
universal banks in Ghana. As such, the research was divided into five sections
in order to ensure easy execution of the set objectives. In the first section,
a background review of fraud and its impact in the banking industry was
presented. Added to this, the first section also defined the objective
comprehensively and contains research questions that will be addressed in the
course of attaining this objectives. The research outline and significance were
also discussed in the first chapter.
The
second chapter is a review of relevant literatures in relation to the research
topic. In this chapter, fraud was comprehensively defined, together with
factors that bring about fraud, and the impact of fraud on the banking
industry. A number of finding were also made in this chapter and they include:
1) fraud is a serious issue in the banking industry and it has crippled
numerous financial institutions across the world; 2) the advancement of
information and communication technology now means that fraud has significantly
risen and detecting tem is now more complex as they can be executed far away
from the banks without any trace; 3) consumers are increasingly becoming
cautious of their activities in the financial institutions due to the threat
that fraud pose and this has changed their purchase behavior (for instant they
don’t like buying goods online anymore); and 4) top managements are also aware
of the impact that fraud can have on their business in terms of financial loses
(for money they will need to pay back to the consumers) and reduce loyalty as
well as trust from the consumers. Essentially, it became obvious in this
chapter that implementing necessary preventing measures in the banking industry
is no longer a matter of whether it should be the case but a matter of when
such should be. In terms of answering when such should be, findings indicate
that it is a matter of urgency and as technologies improve, attackers also
improve their potentials - thus,
financial institutions need to ensure that their arsenal for combating these
financial risks are always updated in terms of competencies and capabilities.
In order to ensure that consumers are always protected during card payment
process, a detailed discussion was presented on PCI DSS and EMV standards with
discoveries showing that full implementation offers banks a better edge in
terms of preventing card payment fraud through feature such as double
authentication and encryption of data variables. Therefore, it was hypothesized
that banks who fully implement these measures will most certainly offer
consumers better protection. The importance of such advanced security level is
that consumers will trust the banks, leading to higher level of loyalty from
the consumers and enhanced performance for the company in return.
Following
success with the chapter two, the chapter three was developed as the research
methodology. It detailed the approaches that will be used for the primary
research. In this chapter, it became clear that the research will be
quantitative in nature and two sets of data will be gathered. The first of such
will be from the bank staffs while the second data set will be from the
consumers. Random based sampling method was used, and 50 responses were
gathered from the staffs while customers offered 150 responses. The responses
were gathered from only universal banks across Accra.
Analysis
of findings were presented in the chapter four. In terms of the first set of
data, the staffs acknowledged that the issue of card payment fraud is something
that is very eminent in the financial institutions. This has also resulted in
numerous losses for both the banks and their customers. The managements are
also aware of these issues and have implemented a number of measures which
include integration PCI DSS and EMV standards. The staffs also consider the
present protective measures (which of course includes implementing PCI DSS and
EMV standards) as being more counter protective than previous measures. In the
case of the customer data, it was discovered that the consumers are presently
worried about card payment fraud as such exposes them to numerous financial
losses. Considering that the consumers normally go through varied hard times in
order to obtain their money, such losses is not something that they can easily
forget. As such, it also results to huge impact on the loyalty of these
consumers towards the banks. One striking discovery is that the respondents are
willing to pay more if their financial security will be guaranteed and they
determine overall quality of service by the level of financial security banks
offer them. Therefore, it becomes clear that successful implementation of PCI
DSS and EMV as a tool for preventing card payment fraud does bring more
happiness to the customers with reduced level of fraud in the financial
industry and ensures business sustainability for the banks. Additionally, it
was discovered that the number of years consumers spend with a bank doesn’t
determine their potential to switch as they are always willing to switch to
banks that offer better financial security is they consider their present bank
void of such opportunity.
In
essence, it can be said that this research has been successful with attaining
the desired objectives. This is because it has proven that card payment fraud
is a serious issue in the banking industry and it need to be addressed by both
the customers and the managements. From the side of the management, they need
to implement necessary preventive measures that while give consumers better
security assurance, while the consumers need to ensure that their financial
information are kept secret and never exposed to anybody. Such will limit the
potential for unauthorized access and the eventual outcome of card payment
fraud.
Recommendation
One
important discovery made in this research is the fact that the increased
advancement in information and communication technologies does increases the
capabilities and competence of cyber criminals. That is to say, they can make
use of updated technologies to penetrate consumers’ personal data and utilized
the obtained information for their desired intentions. In essence, companies
(in the financial institution) that wishes to offer better security for their
customers need to ensure that their protective systems are always updated to
offer protection even against the modern and most advanced technologies. PCI
DSS and EMV standards represent the most advanced features for such purpose.
Therefore, it is recommended that universal banks in Ghana need to implement
these measures to its fullest in order to obtain the value it comes with. The
impact of successful implementation of PCI DSS and EMV standards is that it
will make it easy to utilized gathered banking information of consumers for
fraudulent purposes.
Further research
Considering that the focus of this present research is on understanding the impact of PCI DSS and EMV standards implementation on reduction of card payment fraud amongst universal banks in Ghana, it is recommended that future research should extent such understanding to all other commercial banks in Ghana. That is to say, the focus of future researches should be on how PCI DSS and EMV standards can be implemented in other commercial banks in Ghana in for the same purpose of reducing card payment fraud. This is because card payment fraud is not limited to only universal banks but instead is something that affects all financial institutions in both Ghana and the world at large.
References
Abiage, J. N. (2011, May 5). Internet
fraud costs Kenyan banks $ 36 Million. Retrieved June 17, 2013, from
Africareview.com: http://www.africareview.com/Business---
Finance/Internet-fraud-costs-Kenyan-banks-dearly/-/979184/1156782/-/usmbrdz/-
/index.html
Abiola, I., & Oyewole, A. T. (2013).
Internal Control System on Fraud Detection : Nigeria Experience. Journal of
Accounting and Finance, 13(5), 137–148.
Abor, J. and Quartey, P., (2010).
“Issues in SME Development in Ghana and South Africa”, International Research
Journal of Finance and Economics ISSN 1450-2887 Issue 39, Euro Journals
Publishing, Inc. [Online] Available at http://www.eurojournals.com/finance/htm
[Accessed April 2, 2017].
ACI Payment Systems (2009), “Stopping
card fraud in its tracks”, available at: www.
aciworldwide.com/what-we-know/Document-library.aspx (accessed December 1,
2011).
Adeyemo, K. (2012). Frauds In Nigerian
Banks : Nature , Deep-Seated Causes , Aftermaths And Probable Remedies.
Mediterranean Journal of Social Sciences, 3(May), 279–290.
Akinyomi, O. J. (2012), Examination of
Fraud in the Nigerian Banking Sector and Its Prevention, Asian Journal of
Management Research Volume 3 Issue 1.
Aldas-Manzano, J., Ruiz-Mafe, C.,
Sanz-Blas, S. and Lassala-Navarre, C. (2011), “Internet banking loyalty:
evaluating the role of trust, satisfaction, perceived risk and frequency of
use”, Service Industries Journal, Vol. 31 No. 7, pp. 1165-90.
Alexander, N. and Colgate, M. (2000),
“Retail financial services: transaction to relationship marketing”, European
Journal of Marketing, Vol. 34 No. 8, pp. 938-53.
Asif, S. and Sargeant, A. (2000), “Modelling
internal communications in the financial services sector”, European Journal of
Marketing, Vol. 34 Nos 3/4, pp. 299-317.
Asukwo, P. E. (1999), “Bank Frauds: A
Look at the Nigerian Banking Clearing System”, ICAN News, January/March, pp
19-24.
Banks, D.G. (2005), “The fight against
fraud”, Internal Auditor, Vol. 62 No. 1, pp. 62-6.
Baumann, C., Elliott, G. and Hamin, H.
(2011), “Modelling customer loyalty in financial services”, International
Journal of Bank Marketing, Vol. 29 No. 3, pp. 247-67.
Behram, D. (2005), “Fraud management as
tool to attract new customers”, American Banker, Vol. 170 No. 38, pp. 12.
Berg, B. L. (2001). Qualitative research
methods for the social sciences (4th ed.). Boston: Allyn & Bacon.
Bergholz, A., Beer, J. de, Glahn, S., Moens,
M.-F., Paaß G. and Strobel, S. (2010), “New filtering approaches for phishing
email”, Journal of Computer Security, Vol. 18, pp. 7-35.
Berney, L. (2008), “For online
merchants, fraud prevention can be a balancing act”, Cards & Payments, Vol.
21 No. 2, pp. 22-7.
Bodey, K. and Grace, D. (2006),
“Segmenting service ‘complainers’ and ‘non-complainers’ on the basis of
consumer characteristics”, Journal of Services Marketing, Vol. 20 No. 3, pp.
178-87.
Buchanan, R. (2010), “Banks on Guard”,
Latin Trade, Vol. 18 No. 5, pp. 58-60.
Campbell, D., & Stanley, J. (1963).
Experimental and quasi-experimental designs for research. In N. L. Gage (Ed.),
Handbook of research on teaching (pp. 1–76). Chicago: Rand McNally.
Chartered Institute of Managerial
Accountants (CIMA) (2008). Fraud risk management: A guide to good practice.
Available at:
http://www.cimaglobal.com/documents/importeddocuments/cid_techguide_fraud_risk_management_feb09.pdf.pdf
[Accessed on: June 11th 2017].
Chiezey, U., & Onu, A. (2013).
Impact of Fraud and Fraudulent Practices on the Performance of Banks in
Nigeria. British Journal of Arts and Social Sciences, 15, 12–28.
Cooper, J. O., Heron, T. E., &
Heward, W. L. (2007). Applied behavior analysis. Upper Saddle River, NJ:
Pearson/Merrill-Prentice Hall.
Creswell, J. W. (2012). Educational
research: Planning, conducting, and evaluating quantitative and qualitative
research (4th ed.). Upper Saddle River, NJ: Merrill.
Denzin, N. K., & Lincoln, Y. S.
(Eds.). (2011). The SAGE handbook of qualitative research (4th ed.). Thousand
Oaks, CA: Sage.
Detica (2010), “Mehrheit der Deutschen
u¨ber Bankbetrug Besorgt und Bereit, fu¨r Betrugspra¨vention zu Zahlen”,
available at: www.prnewswire.co.uk/cgi/news/release? id¼298713 (accessed
December 5, 2011) (in German).
Dimension data (2016). Understanding the
12 Requirements of PCI DSS: Practical steps to achieve and maintain compliance.
Available at:
https://www.dimensiondata.com/Global/Downloadable%20Documents/Understanding%20The%2012%20Requirements%20Of%20PCI%20DSS%20Opinion%20Piece.pdf
[Accessed on: June 11th 2017].
Dimitriadis, S. (2010), “Testing
perceived relational benefits as satisfaction and behavioral outcomes drivers”,
International Journal of Bank Marketing, Vol. 28 No. 4, pp. 297-313.
Dimitriadis, S. and Papista, E. (2010),
“Integrating relationship quality and consumer-brand identification in building
brand relationships: proposition of a conceptual model”, The Marketing Review,
Vol. 10 No. 4, pp. 385-401.
Douglass, D.B. (2009), “An examination
of the fraud liability shift in consumer card-based payment systems”, Economic
Perspectives, Vol. 33 No. 1, pp. 43-9.
Fico.Com. (2012, June). Managing Card
Compromises from the issuers perspective. Retrieved from www.fico.com.
Fowler, F. J. (2008). Survey research
methods (4th ed.). Thousand Oaks, CA: Sage.
Garbarino, E. and Johnson, M.S. (1999),
“The different roles of satisfaction, trust, and commitment in customer
relationships”, Journal of Marketing, Vol. 63 No. 2, pp. 70-87.
Garbarino, E. and Johnson, M.S. (1999),
“The different roles of satisfaction, trust, and commitment in customer
relationships”, Journal of Marketing, Vol. 63 No. 2, pp. 70-87.
Gates, T. and Jacob, K. (2009),
“Payments fraud: perception versus reality – a conference summary”, Economic
Perspectives, Vol. 33 No. 1, pp. 7-15.
Global Payments data breach exposes card
payments vulnerability. (2012, April 3). Retrieved from www.forbes.com
Greene, M.N. (2009), “Divided we fall:
fighting payments fraud together”, Economic Perspectives, Vol. 33 No. 1, pp.
37-42.
Gruber, T. (2011), “I want to believe
they really care: how complaining customers want to be treated by frontline
employees”, Journal of Service Management, Vol. 22 No. 1, pp. 85-110.
Guardian Analytics (2011), “2011
business banking trust study”, available at: http://info.
guardiananalytics.com/2011-TrustStudy-Download.html (accessed January 6, 2012).
Gutierrez, S. (2005), “Consumer-retailer
relationships from a multi-level perspective”, Journal of International
Consumer Marketing, Vol. 17 No. 2, pp. 93-115.
Hartmann-Wendels, T., Ma¨hlmann, T. and
Versen, T. (2009), “Determinants of banks’ risk exposure to new account fraud –
evidence from Germany”, Journal of Banking & Finance, Vol. 33 No. 2, pp.
347-57.
Isaac, S., & Michael, W. B. (1981).
Handbook in research and evaluation: A collection of principles, methods, and
strategies useful in the planning, design, and evaluation of studies in
education and the behavioral sciences (2nd ed.). San Diego, CA: EdITS.
Israel, M., & Hay, I. (2006).
Research ethics for social scientists: Between ethical conduct and regulatory
compliance. Thousand Oaks, CA: Sage.
Kanniainen, L. (2010), “Alternatives for
banks to offer secure mobile payments”, International Journal of Bank
Marketing, Vol. 28 No. 5, pp. 433-44.
Kanu, S. I., & Okorafor, E. O.
(2013). The Nature, Extent and Economic Impact of Fraud on Bank Deposits in
Nigeria. Interdisciplinary Journal of Contemporary Research in Business, 4(2),
253–265.
Keppel, G. (1991). Design and analysis:
A researcher’s handbook (3rd ed.). Englewood Cliffs, NJ: Prentice Hall.
Kerlinger, F. N. (1979). Behavioral
research: A conceptual approach. New York: Holt, Rinehart & Winston.
Kiragu, D. N., Wanjau, L., Gekara, M.,
& Kinali, C. (2013). Effect of Bank Growth on Occupational Fraud Risk in
Commercial Banks in Kenya. International Journal of Economics and Finance,
1(3), 1–11.
Krummeck, S. (2000), “The role of ethics
in fraud prevention: a practitioner’s perspective”, Business Ethics: A European
Review, Vol. 9 No. 4, pp. 268-72.
Kumar, V., George, M. and Pancras, J.
(2008), “Cross-buying in retailing: drivers and consequences”, Journal of
Retailing, Vol. 84 No. 1, pp. 15-27.
Lewis, B.R. and Soureli, M. (2006), “The
antecedents of consumer loyalty in retail banking”, Journal of Consumer Behaviour,
Vol. 5 No. 1, pp. 15-31.
Lewis, B.R. and Soureli, M. (2006), “The
antecedents of consumer loyalty in retail banking”, Journal of Consumer
Behaviour, Vol. 5 No. 1, pp. 15-31.
Liu, C.-T., Guo, Y.M. and Lee, C.-H.
(2011), “The effects of relationship quality and switching barriers on customer
loyalty”, International Journal of Information Management, Vol. 31 No. 1, pp.
71-9.
Liu, T.-C. and Wu, L.-W. (2007),
“Customer retention and cross-buying in the banking industry: an integration of
service attributes, satisfaction and trust”, Journal of Financial Services
Marketing, Vol. 12 No. 2, pp. 132-45.
Mahinda, C. G. (2012). Determinants of
Occupational Fraud in Commercial Banks in Kenya. Journal of Modern Accounting
and Auditing, 2(3).
Malphrus, S. (2009), “Perspectives on
retail payments fraud”, Economic Perspectives, Vol. 33 No. 1, pp. 31-6.
MasterCard Advisors, (2012). Emv for
U.S. Acquirers: Seven Guiding Principles for Emv Readiness. Available at:
http://www.mastercardadvisors.com/_assets/pdf/emv_us_aquirers.pdf [Accessed on
June 11th 2017].
MasterCard. (2011). Advancing Fraud
Management for More Secure Payments.
Morgan, R.M. and Hunt, S.D. (1994), “The
commitment-trust theory of relationship marketing”, Journal of Marketing, Vol.
58 No. 3, pp. 20-38.
Mutesi, J. (2011). Information Sharing,
Risk Management and Financial Performance of Commercial Banks in Uganda.
Journal of Emerging Issues in Economics, Finance and Banking (JEIEFB), 2(2).
Neuman, S. B., & McCormick, S.
(Eds.). (1995). Single-subject experimental research: Applications for
literacy. Newark, DE: International Reading Association.
Newman, I., & Benz, C. R. (1998).
Qualitative-quantitative research methodology: Exploring the interactive
continuum. Carbondale and Edwardsville: Southern Illinois University Press.
Ngalyuka, C. (2013). The Relationship
between ICT Utilization and Fraud Losses in Commercial Banks in Kenya.
International Journal of Business and Public Management, 2(3), 56–59.
Njanike, K., Dube, T., & Mashayanye,
E. (2009). The Effectiveness of Forensic Auditing in Detecting, Investigating,
and Preventing Bank Frauds. Journal of Sustainable Development in Africa,
10(4), 405–425
Njenga, N., & Osiemo, P. (2013).
Effect of Fraud Risk Management on Organization Performance: A Case of Deposit
Taking Microfinance Institutions in Kenya. International Journal of Social
Sciences and Entrepreneurship, 1(7), 1–17.
Obeng, C. K. (2011). The Impact of
MicroCredit on Poverty Reduction in Rural Areas; A Case Study of Jaman North
District, Ghana. International Journal of Business and Social Research, 2(3).
Ogechukwu, O. J. (2013). Bank Fraud and
Its Effect on Bank Performance in Nigeria. International Journal of Business
and Management Invention, 2(2).
Okaro, S. C., (2009) “The Role of Micro
Finance Banks in the Economic Development of Nigeria” Journal of Business and
Financial Studies, 1(1), 113-123.
Onwujiuba, M. (2014). Overview and
Impact of fraud in the commercial banks in Nigeria (A case study of first bank
of Nigeria PLC). International Journal of Research in Management, Economics and
Commerce, 2(3).
Orad, A. (2010), “Combat fraud with
flexible strategies”, American Banker, Vol. 175 No. 184, p. 9.
PCI SSC (2010). Payment Card Industry
Security Standards. Available at: https://www.pcisecuritystandards.org/documents/PCI%20SSC%20-%20Overview.pdf
[Accessed on: June 11th 2017].
Punch, K. F. (2005). Introduction to
social research: Quantitative and qualitative approaches (2nd ed.). Thousand
Oaks, CA: Sage.
Randall, W.S., Gravier, M.J. and
Prybutok, V.R. (2011), “Connection, trust, and commitment: dimensions of
co-creation?”, Journal of Strategic Marketing, Vol. 19 No. 1, pp. 3-24.
Rauyruen, P. and Miller, K. (2007),
“Relationship quality as a predictor of B2B customer loyalty”, Journal of
Business Research, Vol. 60 No. 1, pp. 21-31.
Rosenthal, R., & Rosnow, R. L.
(1991). Essentials of behavioral research: Methods and data analysis. New York:
McGraw-Hill.
Rosenthal, R., & Rosnow, R. L.
(1991). Essentials of behavioral research: Methods and data analysis. New York:
McGraw-Hill.
Siciliano, R. (2013, March 15). Europol:
Credit Card Fraud Spells Low Risk and High Profits. Retrieved June 17, 2013,
from https://www.iovation.com:
https://www.iovation.com/blog/europol-credit-card-fraud-spells-low-risk-andhigh-profits[6/16/2013
10:40:54 AM]
Sieber, J. E. (1998). Planning ethically
responsible research. In L. Bickman & D. J. Rog (Eds.), Handbook of applied
social research methods (pp. 127–156). Thousand Oaks, CA: Sage.
Situma, E. (2013, April 11). Banks to
adopt new ATM cards in fight against fraud. Retrieved August 22, 2013, from
http://www.businessdailyafrica.com:
http://www.businessdailyafrica.com/Banks-to-adopt-new-ATM-cards-in-fightagainst-fraud/-/1248928/1745746/-/11guukm/-/index.html
Sua´rez A´ lvarez, L., Va´zquez Casielles,
R. and Dı´az Martı´n, A.M. (2011), “Analysis of the role of complaint
management in the context of relationship marketing”, Journal of Marketing
Management, Vol. 27 Nos 1-2, pp. 143-64.
Sudjianto, A., Nair, S., Yuan, M.,
Zhang, A., Kern, D. and Cela-Dı´az, F. (2010), “Statistical methods for
fighting financial crimes”, Technometrics, Vol. 52 No. 1, pp. 5-19.
Sullivan, R.J. (2010), “The changing
nature of U.S. card payment fraud: industry and public policy options”,
Economic Review, Vol. 95 No. 2, pp. 101-33.
Thompson, B. (2006). Foundations of
behavioral statistics: An insight-based approach. New York: Guilford
Thorndike, R. M. (1997). Measurement and
evaluation in psychology and education (6th ed.). New York: Macmillan.
Tunji, S. (2013). Effective Internal
Controls System as Antidote for Distress in the commercial banks in Nigeria.
Journal of Economics and International Business Research, 1(3), 1–15.
Varela-Neira, C., Va´zquez Casielles, R.
and Iglesias, V. (2010), “Lack of preferential treatment: effects on
dissatisfaction after a service failure”, Journal of Service Management, Vol.
21 No. 1, pp. 45-68.
Visa. (2010). Best Practices to Optimize
your Fraud Strategies. Visa Issuer Tools and Best Practices, 2.
Wanyama, T. S. (2012). Effectiveness of
Fraud Response Strategies Adopted by Cooperative Bank of Kenya Limited.
International Journal of Economics and Finance, 2(2).
Wilhelm, W. K. (2004). The Fraud
Management Lifecycle Theory: A Holistica Approach to Fraud Management. Journal
of Economic Crime Management.
Worthington, S. (2009), “Debit cards and fraud”, International Journal of Bank Marketing, Vol. 27 No. 5, pp. 400-2.
Appendices
Appendix 1: Questionnaire (staffs)
Research
purpose: The purpose of this research is to understand the
measures employed by universal banks in Ghana towards reduction of card
payment fraud. As such, we employ you to please attend to each question in
utmost honesty. Kindly revert back to the researcher in the eent of
confusion. Thanks for your time
Section
A Demographic
Data Gender:
Male Female Age:
below 20 21-30 31-40 41-50 above 50 Years
of experience: 1-10 11-20 21-30 above 30 How
many years have you been working for your bank?
1-5 6-10 above 10 |
|||||
Section
B: Please answer the questions by ticking
any of the boxes. 1 = totally agree, 2 = agree, 3 = neutral, 4 = disagree,
and 5 = totally disagree |
|||||
Question
|
1 |
2 |
3 |
4 |
5 |
Card payment fraud is now a common
facet of the corporate world. |
|
|
|
|
|
The rate of card payment fraud in my
bank is worrying |
|
|
|
|
|
I think that consumers can easily lose
trust with my bank if they ever become victim of card payment fraud. |
|
|
|
|
|
The top management knows and
understands that card payment fraud is a big issue for the banking sector. |
|
|
|
|
|
The management is committed towards
offering consumers necessary protection against fraud. |
|
|
|
|
|
Necessary security protocols and
measures are being put in place by the management to offer the consumers
financial protection. |
|
|
|
|
|
Our card processing measures are based
on PCI DSS and EMV standard. |
|
|
|
|
|
I think my bank complies with all the
PCI DSS and EMV standard |
|
|
|
|
|
I believe that full compliance with
the PCI DSS and EMV standard will help offer consumers better protection
against financial fraud. |
|
|
|
|
|
When compared with past measures, I
think that the PCI DSS and EMV standards have significantly reduced the level
of financial fraud in my bank |
|
|
|
|
|
Appendix 2: Questionnaire (consumers)
Research
purpose: The purpose of this research is to understand your
views on the issue of card payment fraud, as it relates to your firsthand
experience, what you think are the causes of such, and how best you think
they can be handled.
Section
A Demographic
Data Gender:
Male Female Age:
below 20 21-30 31-40 41-50 above 50 Years
of banking: 1-10 11-20 21-30 above 30 How
many years have you been banking with this bank?
1-5 6-10 above 10 |
|||||
Section
B: Please answer the questions by ticking
any of the boxes. 1 = totally agree, 2 = agree, 3 = neutral, 4 = disagree,
and 5 = totally disagree |
|||||
Question
|
1 |
2 |
3 |
4 |
5 |
When I make decision on banking
service providers, financial security is a key factor. |
|
|
|
|
|
I think the issue of financial fraud
is something that must be handled |
|
|
|
|
|
I am always worried about my financial
security |
|
|
|
|
|
I don’t really understand the security
of card payment process |
|
|
|
|
|
I am willing to pay more for added
security of my banking information |
|
|
|
|
|
I will switch from my present bank is
I see another bank that can offer me better security. |
|
|
|
|
|
I think the double-line authentication
for online transactions offer me better security. |
|
|
|
|
|
I don’t like buying thins online
because I am worried about the security of my account details. |
|
|
|
|
|
I think quality of service in the
banking industry is a matter of how secured my account and financial assets
are. |
|
|
|
|
|
I feel secured with the services of my
current bank. |
|
|
|
|
|
Appendix 3: Exact frequency of staffs’ responses
Card payment fraud is
now a common facet of the corporate world. |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
29 |
58.0 |
58.0 |
58.0 |
Agree |
9 |
18.0 |
18.0 |
76.0 |
|
Neutral |
3 |
6.0 |
6.0 |
82.0 |
|
disagree |
6 |
12.0 |
12.0 |
94.0 |
|
totally disagree |
3 |
6.0 |
6.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
The rate of card
payment fraud in my bank worrying |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
6 |
12.0 |
12.0 |
12.0 |
Agree |
9 |
18.0 |
18.0 |
30.0 |
|
Neutral |
3 |
6.0 |
6.0 |
36.0 |
|
disagree |
16 |
32.0 |
32.0 |
68.0 |
|
totally disagree |
16 |
32.0 |
32.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
I think that consumers
can easily lose trust with my bank if they ever become victim of card payment
fraud. |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
20 |
40.0 |
40.0 |
40.0 |
agree |
16 |
32.0 |
32.0 |
72.0 |
|
neutral |
8 |
16.0 |
16.0 |
88.0 |
|
disagree |
4 |
8.0 |
8.0 |
96.0 |
|
totally disagree |
2 |
4.0 |
4.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
The top management
knows and understands that card payment fraud is a big issue for the banking
sector. |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
20 |
40.0 |
40.0 |
40.0 |
agree |
17 |
34.0 |
34.0 |
74.0 |
|
neutral |
4 |
8.0 |
8.0 |
82.0 |
|
disagree |
4 |
8.0 |
8.0 |
90.0 |
|
totally disagree |
5 |
10.0 |
10.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
The management is
committed towards offering consumers necessary protection against fraud. |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
22 |
44.0 |
44.0 |
44.0 |
agree |
14 |
28.0 |
28.0 |
72.0 |
|
neutral |
7 |
14.0 |
14.0 |
86.0 |
|
disagree |
5 |
10.0 |
10.0 |
96.0 |
|
totally disagree |
2 |
4.0 |
4.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
Necessary security
protocols and measures are being put in place by the management to offer the
consumers financial protection. |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
23 |
46.0 |
46.0 |
46.0 |
agree |
16 |
32.0 |
32.0 |
78.0 |
|
neutral |
3 |
6.0 |
6.0 |
84.0 |
|
disagree |
4 |
8.0 |
8.0 |
92.0 |
|
totally disagree |
4 |
8.0 |
8.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
Our card processing
measures are based on PCI DSS and EMV standard. |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
24 |
48.0 |
48.0 |
48.0 |
agree |
15 |
30.0 |
30.0 |
78.0 |
|
neutral |
3 |
6.0 |
6.0 |
84.0 |
|
disagree |
3 |
6.0 |
6.0 |
90.0 |
|
totally disagree |
5 |
10.0 |
10.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
I think my bank
complies with all the PCI DSS and EMV standard |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
16 |
32.0 |
32.0 |
32.0 |
agree |
14 |
28.0 |
28.0 |
60.0 |
|
neutral |
6 |
12.0 |
12.0 |
72.0 |
|
disagree |
10 |
20.0 |
20.0 |
92.0 |
|
totally disagree |
4 |
8.0 |
8.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
I believe that full
compliance with the PCI DSS and EMV standard will help offer consumers better
protection against financial fraud. |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
21 |
42.0 |
42.0 |
42.0 |
agree |
18 |
36.0 |
36.0 |
78.0 |
|
neutral |
1 |
2.0 |
2.0 |
80.0 |
|
disagree |
5 |
10.0 |
10.0 |
90.0 |
|
totally disagree |
5 |
10.0 |
10.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|
When compared with
past measures, I think that the PCI DSS and EMV standards have significantly
reduced the level of financial fraud in my bank |
|||||
|
Frequency |
Percent |
Valid
Percent |
Cumulative
Percent |
|
Valid |
totally agree |
21 |
42.0 |
42.0 |
42.0 |
agree |
17 |
34.0 |
34.0 |
76.0 |
|
neutral |
2 |
4.0 |
4.0 |
80.0 |
|
disagree |
3 |
6.0 |
6.0 |
86.0 |
|
totally disagree |
7 |
14.0 |
14.0 |
100.0 |
|
Total |
50 |
100.0 |
100.0 |
|