Clear and Present Payments Danger: Fraud Shifting To U.S., Getting More Complex



Similar documents
PRACTICAL MONEY GUIDES DEBIT CARD BASICS. What you need to know about using your debit card

Here a token, there a token...

The Comprehensive, Yet Concise Guide to Credit Card Processing

Fraud Alert Management The Power of an Integrated Approach. Eric Kraus, Sr. Director Fraud Product Management

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Let s cover a few general terms and calculations that I m going to reference throughout this discussion.

Prepaid Cards. An alternative to credit and debit cards. When choosing how to pay for their purchases, consumers have many options.

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Prospecting Scripts. 2 keys to success in Real Estate

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

Lesson Module 3: Defensive Spending Tackling Credit & Debit Cards

MasterCard Special Edition

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Arab Bank Cards User Guide

How to Overcome the Top Ten Objections in Credit Card Processing

How To Get A Credit Union Credit Card

Realistic Job Preview Family Services Specialist (FSS)

You re a Credit Card Owner. Now What?

Payments Transformation - EMV comes to the US

MasterCard Debit Card Disputes and Fraud Claims

Preparing for EMV chip card acceptance

Just Ask: Strategies for Engaging and Retaining Help Desk Professionals

Sending money abroad. Plain text guide

EMV EMV TABLE OF CONTENTS

CREDIT PROCESSING. First Data takes you beyond with Credit solutions designed to meet the ever-evolving needs of your customers.

7 Secrets To Websites That Sell. By Alex Nelson

MITI Coding: Transcript 5

Frequently Asked Questions

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Todd: Kim: Todd: Kim: Todd: Kim:

Thank you so much for having me. I m really excited to be here today.

Hospitality Cloud+Plus. How Technology Can Benefit Your Hotel LIMOTTA IT. LIMOTTAIT.com/hospitality

How the Past Changes the Future of Fraud

Card Not Present Fraud Webinar Transcript

EMV and Restaurants What you need to know! November 19, 2014

The Google Guide to Search Advertising. How to make search advertising work for your business

Five Steps Towards Effective Fraud Management

PCI Compliance for Healthcare

Take a closer look at your Prepayment Meter

How to Overcome the Top Ten Objections in Credit Card Processing

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb

Select Account. The essential guide to your new account

Introducing the Credit Card

CyberSource Merchant Account Guide. March 2008

Credit cards Personal loans Credit lines Leasing What you should know before entering into an agreement

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL

e Z Want it? To use ezapps you ll first need to register for ezbanking and you can find those steps in the previous ezbanking section.

CREDIT CARD LIQUIDATION STRATEGIES

Finding a Job. When You Have a Record

Mitigating Fraud Risk Through Card Data Verification

TALKING POINTS COLLEGE STUDENTS PRESENTED BY JEAN CHATZKY AND PASS FROM AMERICAN EXPRESS SM

Developed by. Emma Oettinger, Anti-Money Laundering Policy Officer Law Society of England & Wales

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

We designed UBank with one thing in mind; to help you make more of your money, the easy way. Alex Twigg. General Manager. UBank.

We designed UBank with one thing in mind; to help you make more of your money, the easy way. Alex Twigg. General Manager. UBank.

ANZ EFTPOS card and ANZ Visa Debit card

Merchant Account Glossary of Terms

Consumer FAQs. 1. Who is behind the BuySafe initiative? 2. Why should I use a PIN? 3. Do all transactions need a PIN?

Ad Sales Scripts. Would you be willing to meet with me in person to discuss this great opportunity?

Avoiding Fraud. Learn to recognize the warning signs for fraud and follow these card acceptance guidelines to reduce your risk.

A Learning Paths Whitepaper. Rapid Onboarding 3 Keys to Success

PRACTICAL MONEY GUIDES CREDIT CARD BASICS. What you need to know about managing your credit cards

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

EMV in Hotels Observations and Considerations

Contactless made easy: what every small business needs to know

Handling Debit Card, ATM, & Point-of-Sale Fraud

MasterCard Debit Card Disputes and Fraud Claims

Visa Debit ecommerce merchant acceptance. Frequently asked questions and flowchart

Advice for Recommenders: How to write an effective Letter of Recommendation for applicants to the Stanford MBA Program

Payment Card Industry Data Security Standard PCI DSS

What Lawyers Don t Tell You The Realities of Record Keeping

DEFINE YOUR SALES PROCESS

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

YOUR BENEFITS GUIDE. Welcome to your. CIBC Classic Visa. Card

Central England People First s friendly guide to downloading

Be*PINWISE Cardholder FAQs

FLEXONE. Terms and Conditions and How to use your account

FREQUENTLY ASKED QUESTIONS - CHARGEBACKS

STUDENT ACCOUNT KICKED GETTING SET FOR YOUR NEWEST ADVENTURE

increase your resistance How card not present gaming companies can minimise the risk of losing money through chargebacks

Please note: The following is a direct transcription and has not been edited.

Example Interview Transcript

Transcription:

Clear and Present Payments Danger: Fraud Shifting To U.S., Getting More Complex Q: Good morning, this is Alex Walsh at PYMNTS.com. I m joined by David Mattei, the vice president and product manager for financial institutions at Vantiv. David, how are you? A: I m doing well, thank you. Q: We re so glad to have you. We had a chance to look at your paper, Fraud Management: Are You Really Protected? And this is about security for financial institutions in the United States. So why don t you start us off by talking about maybe some of the statistics on attacks on FIs, and tell us about the trends that have been taking shape over the past few years regarding financial institutions. A: Sure. One of the trends that we see going on right now with the United States is unfortunately, a shifting of fraud to this particular country. If you take a look at what s happened over the past say five, ten years, England has now switched to chip cards, EMV technology. And then most recently, just a few years ago, Canada made the switch as well. What we know about fraudsters is one, they are very smart. There s certainly no doubt about that. But the second item is that you know they are looking for the path of least resistance, relative to committing fraud. And so because of the fact that we here in the United States are still a mag-stripe based payment technology industry, then what we re finding is that the mag-stripe is certainly much easier to compromise than the EMV chip cards. And so if you take a look at the most recent statistics that we have seen out there of all fraud worldwide, almost 80% of that fraud is conducted on a card from a US-based institution. So, the statistics are quite staggering 1

in that regards. The other thing that we re seeing is the nature of card compromises. Unfortunately again, the United States is leading in that particular respect as well. The most number of compromises do occur here in this country, but if you take a look about two or three years ago, the popular trend back then were large breaches, maybe not -- the numbers of them were not very large, these are probably just a handful of the breaches, but when a system was breached, you d usually get hundreds of millions of cards being compromised. And through PCI, the security standards that were put in place, a lot of that has been mitigated. So what we re seeing right now is more fraud occurring with what we call level four merchants. Those are the small mom and pop, they re the feature joints, the drive through liquor place, the -- things along those lines, where the point of sale devices can then more easily be compromised. And so the number of places, the number of breaches are certainly much higher. The number of cards that are compromised when these are breached is much lower. And what s happening, the fraudsters, once they do get those card numbers, they are beginning to commit the fraud immediately. They are not waiting like they did in the past, trying to lull you into a false sense of security that your card hasn t been stolen. But they are actually hitting that card right away to commit that fraud. Q: So it s clear. On the one hand, there are some really hard numbers that say there s a shift in fraud to the United States. But I m also wondering, from having read this paper, that beyond the data that we do have, is there some information that s hard to glean even after the fraud has taken place, and specifically what I m talking about is do you think that every financial institution has a really specific picture of how much money they lose to card fraud? Or is it maybe not so clear every time? A: A couple different aspects of that. One is we do see quite a bit of variability from one financial institution to the other, in terms of the level of which they actually track their fraud losses. Some institutions will get very granular, they will have a GL account 2

specifically for just their debit card fraud losses to be put against. So they have a good way of being able to track them over time. While in other institutions, what we re seeing is that they will have a very general purpose GL account, and they put everything there, whether it be check fraud, ACH fraud, wire fraud, debit card, credit card fraud, it all can be lumped together. And those institutions may have a little more difficult time in terms of trying to pull what are their losses specifically, just for their debit card of credit card fraud numbers. The other thing that we re seeing as well is Visa, MasterCard, Discover, they have requirements whereby institutions are required to report their confirmed fraudulent transactions. And that s really for the purpose of us trying to get an understanding of what does the fraud landscape look like? And it s a lot of the basis for which we generate statistics, and have an understanding of what fraud is here in the United States. That is usually done from the perspective of signature fraud losses. If you take a look at the very EFC networks out there, they don t have that similar kind of requirement that Visa, MasterCard, and Discover do. And so as a result of the knowledge that we have in terms of PIN fraud losses that occurred on debit credit transactions, that s probably less understood than what we know for signature. So the FIs typically will have those numbers, again sitting inside their own GL account, but those numbers do not necessarily have to be reported anywhere, so we have some picture, and probably a pretty good picture, but we would always like to know as much of that data as possible, just so that we can tune our fraud defenses in order to mitigate those types of attacks. Q: Speaking of getting the full picture, and speaking of things we may not have a full handle on, there s an easily trackable investment in detection, you can track what you re spending on prevention, and you can get an idea of what you re losing at the moment, but are there -- after the fact, are there resolution costs in terms of reporting the fraud, like you said, to these networks like MasterCard and Visa? Can you give us the full 3

picture of the resolution costs associated with fraud? Because it seems like there s more to it than meets the eye at first glance. A: The costs are spread out in many different areas, and so to get a complete picture of what is the total cost, you need to kind of take a look at multiple different areas, or whatever. And one of the initial things that we see, especially when the associations issue any type of card compromise alert, and they will do that, so they will do their own analytical research to identify a particular common point of compromise, they will identify all cards that have been in use within some period of time at that particular location, whether it be at a merchant location, or possibly even a processor. But what they will do then is issue these alerts out to the institutions giving them a heads up, letting them know that their cards -- their card holders may potentially have had their card numbers compromised. So what we see some institutions doing is just kind of initially a blanket reissue of all those cards. No institution really wants to do that, some institutions just are more conservative, and so they kind of play it more prudently and say OK, you know, if it s -- if I m being told that I may potentially have a compromised card, I m just going to reissue them all. Other institutions we see are taking a little bit more of a different approach, and from this perspective of they will monitor those cardholder transactions more closely for some period of time. And identify what are the fraud trends, fraud losses associated with those cards. And then using some industry averages, if fraud ever gets to a particular threshold, then they will make the decision of going off and doing a reissue. So you certainly have the cost of getting that card reissued out into the hands of customers. So you have the plastic cost, you have the time that is required by the institution to go off and close the old cards, to generate a new card number, open up a new card, and then getting it mailed out. You know the postage and handling in order to get it there. So those are some of the cost associated with what happens after the breach has already happened. 4

Q: Perhaps the most costly event of fraud though is when a bank loses a consumer. And I think that the percentage statistic that you give in the paper is that 18% of consumers leave their card issuers after fraud takes place. So I think the important question for issuers is how can they avoid being part of that 18%? A: That s pretty tough. And what we find out there is that the statistics are not completely clear in terms of what happens. We do know that there is some impact. And the impact is probably more prevalent on the debit side than it is on the credit side. And there s a good reason for this. In the credit world, if you have fraud that occurs on your credit card, of course there s certainly ways to address it with the institution, but what then this home even closer in the debit world is the fact that the debit card is tied to your checking account, to your savings account, shared house accounts, things along those lines. And that really does hit home for a cardholder. And so they are much more sensitive when fraud hits in the debit card, than on their credit card. And so institutions want to be very careful in making sure that they have good protection, good defenses in place, and one of the great ways of being able to make sure that the card holder does not be -- is not impacted in the front is by putting in place what we call fraud prevention tools and fraud prevention strategies. These are the set of tools that will look at an incoming authorization, and analyze it for the probability of it being fraudulent. And this is really the first line of defense where you can stop fraud from even happening. So you are actually in line with the authorization, and you re able to conduct a fraud analysis before you even respond back to the merchant either approving or denying that particular authorization request. And by being able to put those fraud tools up front like that, you re able to actually mitigate those fraud losses, and minimize the impact to cardholders, and any type of potential fraud that they may have occurring on them. This is something that we re seeing kind of adopting over time, and the adoption rate has been growing, but one of the other things that we see is -- one of the major 5

enhancements over the past couple of years is what we call neural scores. So it will actually create a [newal?], or a fraud probability score, at the individual cardholder. It will learn the cardholders buying behavior, and patterns, and we re all creatures of habit. And so that technology will look at this authorization, compare it to your past spending patterns, and it will make a determination in terms of whether it s fraud or not. And so those tools are really the best things that an institution can do to make sure that you re not part of the 18% statistic. Q: So with all of this going on, gosh it s -- we ve been speaking for quite a while, and there are so many layers to this. It sounds like perhaps there s an opportunity -- maybe the FIs are doing all of this in-house, but maybe there s an opportunity to outsource some of this as well, and your paper talks about outsourcing opportunities in terms of fraud and security for FIs. So maybe let s talk about that for a quick minute. A: One of the things that we re finding is that the nature of fraud is changing quite rapidly. It used to be pretty simple, and manageable to be able to track and manage yourself. But what we re finding with a lot of our banks and credit unions is that the person who s managing fraud, it s just one of multiple job responsibilities that they have. And so as a result of that, they really aren t able to spend the amount of time necessary to stay current with the latest fraud trends that are occurring out there. And as a result, what s happening is fraud is becoming more complex than what they have the ability and the skill set to handle there internally. So we re seeing institutions looking outside their own organization, in order to be able to find help. And as I mentioned before, these fraudsters are smart people, and yes, institutions typically will have somebody in the office from 8:00 AM to 5:00 PM, but the fraudsters know that. And so from 5:00 PM to 8:00 AM are right times for fraudsters to go off and commit fraud. The other big period is, you know especially 5:00 PM on a Friday afternoon, until 8:00 AM on a Monday morning, and those times are again when fraudsters will typically hit. And so some of their outsourced 6

services that can be leveraged today, that offer 24/7 coverage, in order to be able to manage fraud on the institution s behalf. So whether it be through a real-time scenario in managing those systems, to actually prevent fraud up front. Of course, you re not going to be able to stop all fraud, all the time, so there s ongoing need to do monitoring of approved authorizations for the probability of fraud, and contacting card holders to get confirmation, and the outsourced services will perform all those functions for you. And the nice thing about that is that there s a certain peace of mind associated with it. You know that it doesn t really matter what happens, is that you ve got somebody who s looking out after this. And these are companies, institutions that actually have experience, usually very deep experience in the area of fraud, because that is what they do day in and day out. Q: So there s an opportunity to benefit from someone having -- you know focused on this all the time, becoming an expert in this, let s talk about Vantiv specifically. And what it offers in the way of security services, and outsourcing services. What s unique about what Vantiv s doing in the space? A: We ve been hearing a lot from our customers in terms of their need, their interest in tapping into the fraud knowledge that we have here. Again, we have over 80 people, they are only dedicated to dealing with fraud. As a result of it, they know it very deep, and because that s all they do day in and day out. And based on the feedback and requirements that we re hearing from our customers, we ve actually launched two levels of service. One with whereby we will actually manage fraud. And by that, what I mean is we ll do everything from basically, from the beginning to the end. The preauthorization, the real-time fraud prevention type of services, in order to stop fraud from even happening. The monitoring services after the fact. We will look at the compromised card alerts coming in from Visa, Master, Discover, we will provide recommendations out to the institution on whether they do or do not need to reissue. 7

And so it s really kind of a full service solution, in order to be able to help drive down your fraud write-offs. But we also have developed another level of service, which is what we call our total program, our Omni-Shield 360. And in that program, we do everything. And what I mean by everything is that a lot of institutions today focus just on write-offs, but with the Omni-Shield 360 product, we are actually managing your fraud, we re also processing your charge backs. And the reason why the charge back piece as a component is important there, is because you find many situations where there are opportunities to mitigate fraud in the charge back process, by going through the right set of questions and the set of interviews that we go off and do with cardholders when they call to report disputes. Sometimes we re finding it s not a fraud at all. Maybe it s just a customer that is dissatisfied with a particular service. Sometimes, we find it s first party fraud. First party, we mean that the cardholder, usually the parent, was not aware that the son or daughter borrowed the card on a Friday night in order to get 40 bucks out for the weekend. So we re able to head off and actually prevent fraud by just being able to do the proper research, analysis, and questioning up front. The other aspect of us doing the charge back processing is that again, we have a staff of people who are dedicated to only doing that particular function. So they know the rules and constraints around the dispute system from Visa, MasterCard, and Discover. And with that, we are able to make sure that we are filing those charge backs, in order to recover those funds when it s appropriate. And we know typically what rights you do and don t have. And the other thing is, we re making sure to file those in the right time frame. We find a lot of institutions lose their charge back rights, because they didn t realize they had an opportunity to recover, or they missed the deadline, the filing window in which to do it. And so with the Omni-Shield 360 program, with us managing your fraud, your processing, your charge backs, it s a total solution, and coupled with that, we are then able to actually offer financial protection. So if there were to be a fraud loss, there would be 8

reimbursement from Vantiv back to the institution, in order to make sure that they were made total. Q: Wow. So more than a few things it sounds like in terms of services offered. And that makes sense, because as we ve talked about for the past little while, this is a complicated part of payments, and as the shift -- as the focus shifts over to the United States, and things get more complicated, it seems to be making more and more sense to partner with someone who has so much capability. So I appreciate the clarification and all that, and thank you for taking time to speak with us today. A: Not a problem at all. Very happy to do it. Thank you. Q: David Mattei, vice president, Vantiv. Thanks a lot. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information