What do you think of when you hear the term 'bustout'?. My first thought was Hollywood and that incredible 'bust out of prison' movie Escape from Alcatraz � however at the beginning of March, I was educated along with 300 or so of our collegues, at the MasterCard Global Risk Symposium in Las Vegas. The term 'bustout' actually applies to an increasingly growing crime that was once thought to be an Issuer's collection nightmare versus a growing Issuer card fraud problem. What was originally identified as an emerging problem in 1998, when law enforcement cracked down on the Pakistan Bustout ring operating in suburban Washington, to the more recently publicized Queens New York 2002 Operation titled 'Stars and Swipes' - the fact is, bustout card fraud is becoming a serious crime causing millions of dollars of losses to bankcard issuers annually.
   Bustout card fraud begins with collusive merchants, ISOs/Agents and cardholders who set out to ramp-up credit card charges with the specific purpose of never paying them back. In the simplest terms this is how it works; the collusive merchant is usually an existing business or store and works with an ISO and agent bank to obtain a POS terminal and merchant account for that particular business. The store truly exists � and so does the basement operation centre which becomes the nerve cell for the bustout operation. The merchant then establishes a number of other 'new' businesses in the basement of the store and works with the same ISO to obtain more POS terminals and merchant accounts for these fictitious basement businesses. Cardholders are then recruited to visit the basement where their (or other family members) credit cards are charged in various amounts taking the card over the established credit limit(s). The cardholder then issues a cheque � usually provided by the collusive merchant, to the issuer bank to pay down the overlimit amount and bring the account current. This of course is followed by another quick trip to the basement business to rack up more fictitious charges as the available credit has been adjusted by the amount of the cheque payment. Two days later the cheque bounces leaving the card issuer with a collection issue and an account that could be well over 150% of the authorized credit limit. The cardholder doesn't pay and never intended to pay the card debt, a chargeback is never initiated so the merchant acquirer doesn't see any patterns of fraud and the ISO is in on it, so site reviews and merchant audits get a clean report card. The collusive merchant, ISO and cardholder laugh all the way to the bank, splitting the proceeds of the bustout amongst themselves. The end result: bustout accounts end up in the sea of collections at the issuing bank increasing the portfolio losses due to charge-offs. The merchant acquirer ends up with a series of 'perfect' merchant accounts � regular deposits, no chargebacks, no credits, and zero fraud. That in itself is suspicious!
   According to MasterCard International, 96% of all collusive merchants are concentrated in 4 U.S. states; New York 57%, New Jersey 11%, California 20%, Texas 8%, yet this begs the question if this is simply all that has actually been identified and reported as bustout cardholder fraud. How many issuers out there really know for sure how many of their card accounts are truly collection issues, versus potentially deliberate bustout card fraud? According to MasterCard, in those 4 U.S. states bustout fraud has dropped from 158 identified cases in June 2002 to 27 reported in January 2003 due to ongoing efforts of Issuers and law enforcement operations.
   So what's being done to establish some form of pattern recognition of bustout fraud between Issuers and Acquirers? Analysis of transaction patterns is imperative in determining if you are being duped by a bustout fraud. From a merchant acquirer perspective, a careful review of merchant accounts is necessary as bustout fraud is not at all similar to any other as the account runs 'too perfectly' and the acquirer rarely suffers any losses, hence fraud reporting is non-existent. What to look for:

• Look at multiple merchant accounts that have been set up by the same ISO, review the applications for due diligence information about the merchants including: address matches, phone number information or even common info about the Principals or businesses;
• Review settlement batches for regular and same dollar amount deposits;
• Review settlement batches for variation in actual to projected sales volumes;
• Look for merchants who have little or no credits or chargeback disputes since the inception of the account;
• Locate those with recurring card number charges that don't seem to fit the pattern of cardholder purchasing at that particular merchant location (or category code). What I refer to here, is would you expect a cardholder to purchase $1200 per day or week at a pizza take-out?
• Report any suspicious patterns of merchant activity to MasterCard and VISA immediately. These need to be investigated.
• Establish a database of collusive merchants and verify all new applications against this information. Look for similar patterns in business names or physical addresses.

   From an Issuer perspective, you need to work with the Collections Dept to begin your analysis;

• Review patterns of credit card accounts that have NSF payments in one or more connected months;
• Review card charges for similar merchant sales or amounts within an account cycle;
• Block accounts that have high balances in any statement cycle where a payment has been made that bounces;
• Look for patterns of geographic sales � merchants located in and around the same address locations;
• Review the past 6 months' worth of charge-off accounts to determine if any similar or suspicious patterns emerge and report these immediately to VISA and MasterCard.

   Cardholder bustouts are an emerging crime in the United States, however, more analysis needs to be completed by both Issuers and Acquirers to determine the real scope of this trend and the actual losses which, sadly are reported in the industry as charge-offs and not fraud. Bustout fraud stems from well-organized collusion between ISOs, merchants and cardholders where careful review of card and/or merchant portfolios is the only real preventative medicine. Cooperation and communication between Issuers, Acquirers and the Card Associations is essential in deterring this type of fraud. The industry needs our help.