The State of Play in Cyber Payments Fraud Improving Security for Online & Card Not Present Transactions



Similar documents
Fraud Alert Management The Power of an Integrated Approach. Eric Kraus, Sr. Director Fraud Product Management

Card Acceptance Best Practices Playing it Safe at the Point of Sale

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

Mitigating Fraud Risk Through Card Data Verification

Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies

Innovations in Debit Card Fraud Analytics Stop Unchecked Fraud Growth by Expanding Visibility into Fraudulent Activity

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc.

RETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015

Identifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Prevention Is Better Than Cure EMV and PCI

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

What Merchants Need to Know About EMV

Mitigating Fraudulent CNP Transactions

TARGET BREACH SCAM ALERT

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

The need for a secure & trusted payment instrument in e-commerce. Ali AlMeshal

Erie County has been notified of an active phishing e mail threat targeting government agencies and have received reports of a wellcrafted phishing

Acceptance to Minimize Fraud

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

PREVENTING PAYMENT CARD DATA BREACHES

Clear and Present Payments Danger: Fraud Shifting To U.S., Getting More Complex

TSYS Managed Services. Reduce your fraud exposure and losses by utilizing Fraud Mitigation Services from

EMV and Small Merchants:

A RE T HE U.S. CHIP RULES ENOUGH?

VOICE AUTHORIZATION QUICK REFERENCE GUIDE. Get credit card authorizations. using any touch-tone telephone. enter the authorization codes

Other Retail Payments Developments

Fraud Prevention and Program Security Gord Jamieson Director Risk Management & Security Visa Canada Association

Deception scams drive increase in financial fraud

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE

Risk Mitigation in Travel. New Trends to Reduce Fraud and Increase Revenue

RSA Adaptive Authentication For ecommerce

How the Past Changes the Future of Fraud

EMV EMV TABLE OF CONTENTS

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

The Home Depot Provides Update on Breach Investigation

Frequently asked questions - Visa paywave

Catching Fraudsters In Real Time

F I C O. February 22, 2011

Guideline on Debit or Credit Cards Usage

TSYS FRAUD MANAGEMENT SOLUTIONS

Langara College PCI Awareness Training

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

VISA International Security Summit. Dr. Colonel Tran Van Hoa Deputy Director Viet Nam Hightech Crime Police Department

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL

Arab Bank Cards User Guide

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

Fraud Prevention Issuer s Best Practice Guide

1 Billion Individual records that were hacked in

How To Spot & Prevent Fraudulent Credit Card Activity

Solution Brief Efficient ecommerce Fraud Management for Acquirers

Be Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money

card not present fraud solutions

Franchise Data Compromise Trends and Cardholder. December, 2010

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

PAYMENT SECURITY. Best Practices

Summary. Scott Zoldi January white paper

Newtek, The Small Business Authority 855-2thesba thesba.com 855-2thesba

Effectively Managing Data Breaches

STATEMENT OF DELARA DERAKHSHANI CONSUMERS UNION BEFORE THE UNITED STATES SENATE COMMITTEE ON THE JUDICIARY

Understanding and Combating Online Fraud in 2014

Preparing for EMV chip card acceptance

Drive your fraud rates down

HOME DEPOT DATA BREACH

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Protecting Yourself When You're a Victim of Identity Theft, Forgery or Fraud

Statement of. Mark Nelsen. Senior Vice President, Risk Products and Business Intelligence. Visa Inc. House Ways & Means Subcommittee.

Target Data Breach Survey of Illinois Banks. Executive Summary

Establishing a State Cyber Crimes Unit White Paper

Credit Card Issuer Fraud Management

What is EMV? What is different?

Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security

A multi-layered approach to payment card security.

Statement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the

MISSISSIPPI IDENTITY THEFT RANKING BY STATE: Rank 32, 57.3 Complaints Per 100,000 Population, 1673 Complaints (2007) Updated December 21, 2008

Introduction to Bankcard Basics

Protecting the POS Answers to Your Frequently Asked Questions

Commercial Fraud: Managing the risk. White Paper. January Samuel Smiles

2012 IACA MERIT AWARD APPLICATION

IT Security Risks & Trends

USDA: Handling Fraud and Disputes. Deanna Hanson CPS Fraud Support Analyst

How To Control Credit Card And Debit Card Payments In Wisconsin

To all GRSB debit and credit card customers:

DHS. CMSI Webinar Series

Merchant Guide to the Visa Address Verification Service

IDENTITY THEFT- FRAUD FINANCIAL CRIME(S) INCIDENT DETAIL FORM

Fraud Awareness Session -WestJet Presented by Alexis Gunderson Team Leader WestJet Fraud Investigation

Credit Card PIN & PAY Frequently Asked Questions (FAQ)

AN INDUSTRY APPROACH TO FRAUD PREVENTION The Current State of Play

Introduction to Cyber Security

Payment Security Account Data Compromise (ADC)

Fraud detection in newly opened accounts. Connecting data helps predict identity theft

Transcription:

The State of Play in Cyber Payments Fraud Improving Security for Online & Card Not Present Transactions Mark Greene, Ph.D CEO, FICO Federal Reserve Bank of Chicago 26 September 2011

Cybercrime Costs 431 M adult victims globally in the past year Annual price is $388 B globally (financial losses + lost time) Cybercrime costs the world more than the combined global black market for marijuana, cocaine, and heroin ($288 B) 69% of online adults have been a victim of cybercrime during their lifetimes 10% of adults have experienced cybercrime on mobile phones Only 16% of adults who access the internet from mobile devices have up to date mobile security Source: The Norton Cyber Crime Report 2011 2

Merchant CNP Fraud Detection: Online Fraud Management Trends and Issues Incidence of card-not-present (CNP) fraud is much higher than in-person / POS shopping fraud Why? CNP transactions are lower risk / lower effort for fraudsters Issuers generally don t carry the loss risk Merchants are (understandably) focused on sales Online/CNP fraud is expensive Higher order volumes mean higher losses Blocked orders decrease revenue Retailers lose payments, cost of goods, shipping charges and eventually credit card privileges Fraud must be detected in relevant time Stop fraudulent transaction before delivering goods or service Real time fraud management systems are a must 3

Merchant CNP fraud detection: Use merchant profiles + traditional cardholder monitoring P R O F I L E Standard neural network approaches only leverage cardholder profiles Merchant profiles give neural networks the power to compare historical merchant activity with recent order patterns Merchant profiles close the feedback loop If fraud occurs at a merchant, the merchant s account (usually) stays open Fraud information is added to merchant s profile Fraud on one card informs future fraud risk on another card Significant improvement over standard cardholder profiling Note: not fraud committed by merchant; fraud committed at merchant Merchant profiles are dynamic Industry view: Updated weekly based on latest activity, including confirmed frauds FI view: Global intelligent profiles (patented) 4

Merchant CNP fraud detection: FICO Falcon Fraud Predictor with Merchant Profiles FICO Falcon Fraud Predictor profiles monitor all aspects of merchant behavior including: Card Present and Not Present Domestic and Cross-border POS Entry Keyed, Swiped, Chip Provides improved card-present / card-not-present distinction and variables ~33% relative lift in incidence detection at a 0.5% review rate 5

Mass Compromise: Fraudulent Card Life Cycle Timeline Normal use Cards compromised Cards in play Cards not in play Card Open Point Of Compromise/ First Fraud Fraud Mitigation Mass Compromise Compromised cards are gradually released to black market Make better decisions by knowing a card is compromised 6

Mass Compromise: Detection Identify mass compromise at merchants Where: Which merchant sites are compromised When: When the compromised occurred and the extent Who: Which cards are compromised Identify suspicious test sites & tested cards Create Compromise Clusters Monitor o What clusters are hot and active? o Where is CNP and testing behavior occurring Rank: Order cards in the compromise by a compromise card score 7

Working with Law Enforcement Success Story Leveraging our Card Alert PIN-debit fraud system, FICO recently aided law enforcement crack a coordinated ATM compromise of cards & PINs (aka the Big NY Case ) FICO alerted US Secret Service to compromises and resulting fraud Having an industry view of the problem, FICO provided impacted financial institution contacts to law enforcement to work losses more efficiently and build case FICO provided link analysis of fraudulent activity across banks, and fraud reports predicting where the criminals might hit next FICO was subpoenaed for evidence used in convictions of suspects FICO also worked with ATM networks to establish rooster alerts When criminals use cards identified as at risk, pager alerts USSS to physical address of ATM in real time Several arrests made 8

Lessons Learned Working with Law Enforcement Previously established relationships with organizations and sharing of critical information lead to successful outcomes (i.e. don t wait for a problem to initiate the relationship) If the law enforcement agency does not view organization as the entity experiencing losses, often they do not want to share or request assistance Loss amount thresholds will come into play, particularly in large cities, which require industry shared fraud information to meet thresholds can t do it alone Leverage experience with one agency to get make contact with another agency in different region, etc Provide subpoena information as quickly as possible, discuss format and information with the agency ahead of subpoena Collaborate; but be certain to protect your proprietary secrets in subpoena responses Agencies have multiple duties and other cases may take precedence (e.g. election duties come first for USSS in election years) 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information