PREDVIĐANJE PRIJEVARA: OPIS PROBLEMA

Fakultet elektrotehnike i računarstva Poslijediplomski znanstveni studij - Računarstvo KVANTITATIVNE METODE UPRAVLJANJA RIZICIMA - 3. dio PREDVIĐANJE PRIJEVARA: OPIS PROBLEMA dr Zoran Bohaček

Fraud types in Europe as Issuer END 1998, volumes A/C Take Over 0,1% Multiple Imprint 2% MO/TO 22% Lost14% Other 1% Counterfeit 29% NRI 6% Fraud App.3% Stolen 28% Podaci: Europay

Fraud types in Europe as Acquirer END 1998, volumes A/C Take Over 0,3% Multiple Imprint 1% MO/TO 17% Lost 16% Other 3% Counterfeit 20% Fraud App. 3% NRI 6% Stolen 34% Podaci: Europay

Fraud trends in Europe % vs. turnover 111 US m$ Issuers 105,8 US m$ Acquirers 91% authorized 0.0064% Lost & Stolen 40% Counterfeit MO/TO 25% 20% 98

Fraud types Different fraud types: Lost Stolen Counterfeit (Account generated, Skimming) MO/TO... Each type of fraud can have several patterns Each fraud pattern will determine the most adequate fraud prediction tool configuration

Example: Lost & Stolen

Lost & Stolen fraud pattern Tx Amount High spending until credit limit reached Below FL until BL distributed Card is sold to another fraudster Spending: Risky MCCs High avg value Particular cities Floor limit Time C/h notification Black List distribution Liability switch +/- 24 hours

Lost & Stolen fraud prediction Tx Amount Detection Time Span (<24h) Authorized transactions Different c/h behaviour Short detection time, Different c/h patterns Neural net. on auth data RBS on auth data Credit limit reached Floor limit Time C/h notification Black List distribution

Prevention: Lost & Stolen fraud prediction Issuer: Call center, Account blocking, Black list reporting Acquirer: On-line authorization, Black list distribution Prediction (Issuer): a) Neural network based on authorization data b) RBS based on authorization data and past known patterns: Risky MCCs, different city than usual, amounts above average, high velocity, etc.

Lost & Stolen fraud detection Tx Amount High spending until credit limit reached C/h notification On-line transactions stopped Off-line transactions stopped Floor limit Time Detection, Call c/h Block card Black List Distribution

Example: Counterfeit

Counterfeit fraud pattern (Account generated cards) Tx Amount Card nr generated no CVC, wrong exp.date High spending until credit limit Below FL until BL distributed 1$ txs to test card nr; in sequence card nrs Spending: Risky MCCs High avg value Part. countries Floor limit Time +/- 4-5 business days Issuer detection + BL distribution

Counterfeit fraud pattern (Skimmed cards) Tx Amount Card compromised High spending until credit limit reached Spending: Risky MCCs High avg value Part. countries Floor limit Time C/h notification + BL after monthly statement +/- 30-60 business days

Counterfeit fraud prediction Prevention (Account generated): Issuer: Prediction: Authorization system to react to and report wrong CVC, wrong exp. Date Positive files Detection of 1$ txs a) Neural network based on auth or clearing data b) RBS based on: Auth. or clearing data Past known patterns (MCC, value, merchant country) Transaction velocity (BIN generated) Transactions in different cities/countries (skimming)

Counterfeit fraud detection (Skimmed cards) Tx Amount Card compromised High spending until credit limit reached C/h notification + BL after monthly statement On-line transactions stopped Off-line transactions stopped Floor limit Time Detection, Call c/h Block card Black List Distribution +/- 30-60 business days

Which tools to use? Conclusions: Need to use a combination of fraud prevention and prediction tools Fraud patterns are many and evolve Selection of tools will depend on your fraud patterns, your operational environment and your available resources

Two profiles: Pro-active: Fraud patterns and trends continued analysis Definition and configuration of fraud prevention and prediction tools On-going monitoring of fraud reports Re-active: Reports analysis Cardholder contact (call center) Investigation, liaison with other bodies Fraud report Which alternatives?

Prediction environment life cycle ANALYZE Operational environment Fraud patterns Fraud trends Resources OPERATE Analyze reports Investigate Contact c/h Case creation Report fraud BUILD TOOLS Select Configure Test

Operating a fraud prediction environment Systems Auth System Clearing System Customer Care Tx Data Black List Masterfile Fraud Prediction Systems Input Reports Fraud prevention Monitoring reports Lost Stolen NR Fraud prediction reports / alerts! NEWS Fraud Department

Operating a fraud prediction environment Systems Input Reports Fraud Department Daily Monitoring Configuration review Create case Contact cardholder Block card, BIN, merchant Investigate Output Fraud Reports Black List, Chargeback, SAFE, MATCH

Conclusions Fraud prediction is very linked to prevention Fraud prediction tools need to be adapted to the context (fraud, operations, resources) An effective fraud prediction environment, will require analysis, monitoring and investigation resources