Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation
Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2
Types of Fraud Lost and Stolen Cards Fraudulent Applications Account Takeover Unauthorized Use of Card Numbers Counterfeit Cards and Skimming Account Testing PIN Authentication Attacks Merchant System PIN Theft Not-Received-Items Cardholder Bust-Outs Balance Transfer Fraud Identity Theft 11/8/2013 3
Types of Fraud Which types of fraud has your organization experienced in the past year? Debit/credit card fraud: 84% How is a fraud incident involving your organization typically detected? Cardholder notification: 82% Which non-financial losses did your organization suffer from fraud incidents? Loss of productivity: 59% 2012 Information Security Media Group Survey 11/8/2013 4
FRAUD IDENTIFICATION How is fraud identified? Cardholder Notification Fraud Alert Detection System Daily Reports Compromised Card Alerts 11/8/2013 5
FRAUD IDENTIFICATION-Cardholder Notification If a Member alerts the Credit Union of fraudulent transactions, block and reissue the card. Determine if: Cardholder was involved in phishing, phone, smishing or any other form of fraud. Was the PIN used. Was the card number on any Compromised Alert. Can a Common Point of Purchase ( a common merchant where all the cards were used legitimately) be determined. Begin the Chargeback process/report fraud Notify ICUL Service Corp. 11/8/2013 6
FRAUD IDENTIFICATION-Fraud Detection System Each transaction processed through the MasterCard, Visa and Discover authorization systems is scored by the associations as well as the card processor s neural network and generates a Risk Score. This score represents the probability that the credit card transaction, signature debit transaction, ATM, or pinned POS transaction could be fraudulent. The higher the score, the greater the possibility of fraudulent activity. Alerts will be generated by your processor for investigation once they exceed the designated score threshold level. These alerts for at risk transactions can be found on the fraud application of your processor s desktop system, if applicable, or on your daily fraud reports. 11/8/2013 7
FRAUD IDENTIFICATION-Fraud Detection System When a Fraud Alert/phone message is received by the Cardholder from the Fraud Department of the card processor, the following steps should be taken: Cardholders should call the Credit Union to verify transactions. If the Credit Union is called, the card processor should also be notified to confirm the transactions. If you have a fraud application on your desktop system that allows you to tag the cardholder s transactions and notify the fraud department with a message, no phone call is necessary. 11/8/2013 8
FRAUD IDENTIFICATION-Fraud Detection System When a Fraud Alert is received by the Credit Union the following steps should be taken: Monitor fraud systems on desktop applications, if available. Review faxes, emails, or reports received from the card processor and notify the cardholder immediately via phone, email or mail to verify transactions. If the transactions are determined to be fraud, block and reissue the card and alert the card processor Fraud Dept. or report on the processors desktop system. The Credit Union should begin the chargeback process. The card number should be checked against prior Compromised Card Alerts received by the Credit Union. Monitor fraud alerts for similar patterns of fraudulent transactions on other cards. Attempt to determine a Common Point of Purchase (CPP is a common merchant where all the cards were used legitimately) Notify ICUL Service 11/8/2013 9
FRAUD IDENTIFICATION-Daily Reports Daily Authorization Reports should be monitored for: Unusual Activity Multiple declines or authorizations from the same merchant. Invalid Card Numbers Attempts to get an authorization for card numbers not issued by the credit union. Daily Fraud Reports should be monitored for: Unconfirmed Fraud These cardholders should be addressed right away Confirmed Fraud Follow up calls to the cardholder should be made 11/8/2013 10
FRAUD IDENTIFICATION-Compromised Card Alerts The card associations (MasterCard, VISA and Discover) or LSC Card Services sends an email notification to your credit union alerting you that some of your accounts are at risk due to hacking of a merchant s database, investigation by law enforcement, or review of accounts that have been forwarded by another card association member. This is equivalent to an RA (Review and Analysis) CAMs alert that VISA sends. The email notification will give details of the alert and will help to decision through how the alert should be managed. 11/8/2013 11
FRAUD IDENTIFICATION-Compromised Card Alerts VISA Alert ***This is a PROACTIVE ALERT provided prior to confirmation of a compromise incident or substantiated forensic evidence of a breach.*** Case Number: US-2013-0413a-PA Date: May 1, 2013 Entity Type: Brick & Mortar Suspected Data Elements at Risk: - Track 1: Yes - Track 2: Yes Fraud Reported: Yes Estimated Exposure Window: September 1, 2012 to December 31, 2012 11/8/2013 12
FRAUD IDENTIFICATION-Compromised Card Alerts IC Internet Compromise Accounts that were compromised by means of a network intrusion or vulnerabilities discovered in point-of-sale applications. An example would be a hacker gaining access to a merchant's database Unauthorized use of internal network Entities that are identified as a CPP but do not have a forensic investigation; out of business or outright refuse to have one. The type of entity can be Brick and Mortar or ecommerce LE Law Enforcement Accounts sent to Visa Fraud Control & Investigations by law enforcement; typically as a result of the execution of a search warrant or an arrest of a suspect Accounts recovered in an investigation by law enforcement from another region RE Recovered Accounts Accounts being posted on the Internet or other miscellaneous recovered accounts not elsewhere classified RA Review and Analysis The accounts may or may not be at risk however based on the circumstances, they require a closer look by Issuers. Testing of accounts that are provided by Decision Sciences. Lost /stolen equipment, PCs, servers and data tapes track and non-track Device Tampering or Skimming PA Proactive Alert Early alert of a potential compromised event and possible at-risk accounts by means of a network intrusion or vulnerabilities discovered in point-of-sale applications A PA event is unconfirmed and the forensic investigation has not been completed 11/8/2013 13
FRAUD IDENTIFICATION-Compromised Card Alerts MasterCard Alerts - Account Data Compromise Notification The MasterCard Fraud Management department has been notified of a situation in which MasterCard payment accounts have been exposed to possible compromise. Case Number MCA0320-US-13 ICA xxxx 2 accounts Event Description Security breach of a US merchant s ecommerce network A data security firm has been engaged to conduct an onsite forensic investigation This Alert discloses the payment account numbers of MasterCard accounts that were exposed to compromise. Nature of Account Data Potentially At Risk Payment account number, expiration date and CVC2 At-Risk Time Period March 1, 2012 through January 14, 2013 11/8/2013 14
FRAUD IDENTIFICATION-Compromised Card Alerts Credit Union Actions: When notification of a Compromised Card Alert is received, the following actions should take place: Evaluate the information and card numbers received in the alert. Determine how many of the compromised card numbers are still active. If you have closed card numbers that were involved in fraud, look to see if the fraud pattern that warranted the closing of the card record matches or is similar with the circumstances or fraud pattern described in the Compromised Card Alert message. 11/8/2013 15
FRAUD IDENTIFICATION-Compromised Card Alerts After your evaluation of the card numbers on the Compromised Card Alerts, you determine that some of the numbers have been closed because fraud has been reported, you can minimize your risk by: Consider these card records at high risk for fraud and close and reissue with a new card number. Contact your member and advise to continue monitoring card activity and to report any unauthorized transactions that post to their account. 11/8/2013 16
FRAUD IDENTIFICATION-Compromised Card Alerts If you haven t seen any signs of fraud that you believe could be linked to the reported account compromise card alert, and choose to monitor the active card numbers on the alert, you can minimize your risk for incidents involving the compromise of full track data by: Determining if any of the accounts were reissued after the compromise date. If so, you may not need to consider these accounts as high- risk, since they would have been reissued with a different Card Verification Value (CVV) and expiration date. 11/8/2013 17
FRAUD IDENTIFICATION-Compromised Card Alerts Check for upcoming expirations. Of the affected accounts, determine how many of them will be expiring in the next 30 to 180 days. Consider moving up the reissue on those accounts. Utilize Processors Neural Network fraud tools. Some of the processors are offering fraud applications that monitor transaction activity on card numbers that have been listed on a compromised account alert. Card numbers from Compromised Alerts should be saved for use in the future when cardholders report fraud. If a cardholder reports fraud, that card number should be checked against past Alerts to determine if it had been reported as compromised. If so, all cards on that list, not previously re-issued, should be blocked and reissued. 11/8/2013 18
Notifications If your Credit Union is seeing a pattern of fraud, the following steps should be taken: Notify the local authorities Complete a Suspicious Activity Report (SAR) Notify LSC Card Services LSC Card Services will: Notify FICO for PIN Fraud Notify VISA, MasterCard or Discover for signature Fraud Please notify LSC Card Services at 800-304-2273 with any fraud questions or assistance that your Credit Union may need. 11/8/2013 19
Summary Monitor, investigate, detect, analyze, and report fraudulent activity. Focus should be on these three primary functions: Prevent by following best practice recommendations and using all the fraud-prevention systems available. Detect by using the available fraud tools the card processors offer for fraud mitigation. Report by notifying processors through chargebacks and desktop system, if available and LSC Card Services 11/8/2013 20
What else.. Introducing the LSC Card Services Risk Management Mailbox lscriskmgmt@ilcusys.org Internal Risk Management Team that will answer your questions regarding: Fraud Trends Fraud Mitigation Best Practices Tools 11/8/2013 21
What else.. LSC Website Fraud-Important Information http://www.iculsc.com/ 11/8/2013 22
What s Next Coming Soon Open forum to promote information sharing and increase awareness of fraud activities Webinars Roundtable discussions throughout the year 11/8/2013 23
Questions????? 11/8/2013 24
Thank You Contact LSC Card Services at 1-800-304-2273 11/8/2013 25