Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1
Size: px
Start display at page:

Download "Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1"

Transcription

1 Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

2 The most significant trend is decreasing paper payments and increasing electronic payments. Many organizations are also seeing activities affected by more cross-border payments. Increasing mobile and alternative/ emerging payment types. sl6-15 2

3 Credit card $4.1T Debit card $3.1T Electronic $ 2.2 T PayPal and mobile payments many of which are ultimately backed by card transactions Cash $ 1.0 T Checks $ 0.6 T * Source: The Nilson Report, 2014 sl6-15 3

4 COMPARISON OF ACH, CHECK & CARD FRAUD: Federal Reserve Payment Report 2013 sl6-15 4

5 With new payment systems comes more risk to consumer data About 68% of payment-systems professionals say pressure to migrate to new payment systems puts customer data at greater risk instead of making it safer according to a new survey by Experian and the Ponemon Institute. sl6-15 5

6 *MasterCard sl6-15 6

7 Each time a transaction takes place, Apple generates the equivalent of a new credit card number so the merchant never actually sees a customer s information BUT OF Course FRAUD! It s not the technology! Criminals are setting up new iphones with stolen credit card information, then impersonating the victim using other information easily found online sl6-15 7

8 Do You Know Where Your Data Is???? sl6-15 8

9 There are a number of trends that are common across multiple UK: Faster geographies Payments US: Retail Wires EMEA: SEPA Fraud is becoming cross-channel Move to real time Card fraud is changing rapidly New technology-based attacksreal Time Transactions Brazil: TED Payments (our ACH) Payment systems are increasingly real time and this presents new risks sl6-15 9

10 There are a number of trends that are common across multiple geographies UK Attacks Fraud is becoming cross-channel US Attacks Move to real time Card fraud is changing rapidly New technology-based attacks Cross-Channel Fraud Fraud increasingly is perpetrated across many channels and more and more attacks involve more than one channel. Online fraud attacks Phone channel attacks ATM attacks APAC Attacks sl

11 There are a number of trends that are common across multiple geographies Fraud US: Commercial is becoming Trojans cross-channel Move to real time Card fraud is changing rapidly New technology-based attacks Brazil: Emerging Trojan-based Attacks Germany: Major Man-in-Browser Attacks Technology-based Attacks Criminals are deploying more sophisticated technologies to perpetrate fraud GLOBALLY Man-in-the-middle, Man-the-browser Targeted Trojans sl

12 The term international organized crime has been commonly used in the past, transnational organized crime more accurately describes the converging threats we face today. Virtually every transnational criminal organization and its enterprises are connected and enabled by information systems technologies, making cybercrime a substantially more important concern to perpetrate sophisticated frauds; sl

13 They know banking systems better than we do They know more about your bank other than a R &T and BIN They have done their homework and assume mid size & smaller FIs don t have the sophisticated detection technologies sl

14 sl

15 sl

16 The public hears about the technical aspect Hacker access Not PCI compliant How are suspects initially identified? How many FI s? The first clues are in transaction activity Fraud activity reported by card holders Patterns? sl

17 Internet Web Applications MERCHANT or SERVICE PROVIDIER SITE Hackers exploit vulnerabilities where card data needs to be stored or processed: Shopping carts, payment gateways, hosting providers, payment processors, etc sl

18 Was is the merchant? The card processor? What part of the card processing system was attacked? Can take weeks or even months to investigate Understand transaction detail What system?? Cyber forensic investigation sl

19 All data about the transaction is analyzed: Location of last LEGITIMATE card transaction Merchant name, city, street, country) Normal activity of transactions before the fraud was reported Type of fraud reported by the cardholder: Lost or stolen? Counterfeit? CNP? Amount of fraud transaction sl

20 A CPP is identified based on the analysis of reported fraud transactions where the legitimate use of the card was at a common location Merchant Point of Compromise (POC) is a variation of CPP and is sometimes used to describe potential system breach rather than a specific merchant location sl

21 sl

22 Sort of. sl

23 Europay/MasterCard/Visa (EMV) is the standard smartcard payment system The terms Smartcard & chip card are used interchangeably Replaces the almost 40 year old magnetic stripe card transaction processing method Smartcard: a plastic card with a built-in microprocessor, used typically for electronic processes such as financial transactions and personal identification. sl

24 EMV cards use dynamic security codes, a practice meant to thwart counterfeiting efforts. A dynamically generated code, if stolen, cannot be reused to authorize a later payment. Electrical contacts located on the outside of the card connect to a card reader when the card is inserted. sl

25 The major card brands have set a timetable for most U.S. merchants to accept EMV cards by October 2015 (fuel merchants have an extra two years). However, many countries that have shifted to EMV still allow magnetic-stripe card payments, and the EMV cards are still made with magnetic stripes on the back. sl

26 WHY??? Too costly for most banks and credit unions to upgrade their systems to accept PINs for credit transactions before the October 2015 liability shift date. Retailers in general have been critical of the U.S. banking industry's decision to avoid PINs on credit cards, calling it a halfstep in the right direction. Some card networks want another authentication method other than PIN sl

27 CURRENT: Counterfeit card fraud that occurs at retailers in-store locations, liability is with the card issuers. FUTURE Beginning in October 2015, that liability will shift to the merchants in certain cases unless they have replaced or upgraded their card acceptance and processing systems to use chip-enabled devices and applications to process payment transactions. The party supporting the most secure technology for each fraud type will prevail in a chargeback; and in case of a technology tie, the fraud liability as of October 2015 generally is expected to remain as it is today with the issuer. sl

28 Suzanne Lynch MS Director, Economic Crime Management Program School of Business & Justice Studies Utica College sl

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information