Fraud Prevention at Viseca Card Services · 2010. 3. 19. · How Does Credit Card Fraud Work?...
Transcript of Fraud Prevention at Viseca Card Services · 2010. 3. 19. · How Does Credit Card Fraud Work?...
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Fraud Prevention at VisecaCard ServicesMarcel BielerBusiness Analyst, Aduno Gruppe
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Table of Contents
Aduno-Group and Viseca
How Does The Credit Card Business Work?
How Does Credit Card Fraud Work?
Fraud Prevention at Viseca
What Did We Achieve?
Plans for the Future
Lesson Learnt
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Aduno-GroupVision We are the group for a future of cashless
payments…
… by providingSAFE andSIMPLEpayment services.
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Gift cardsLoyalty cards
Credit card AcquiringPayment terminals
Credit card IssuingConsumer creditsCar financing
Aduno Group – Who Are We?
Aduno Holding SA
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Viseca Card Services SA Switzerland’s leading credit card issuer
1,000,000 cards issued (population of Switzerland = 7,000,000)
Almost 25% of all issued cards
A wide variety of products and services
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
How Does The Credit Card Business Work?
Schemes
Customer
Issuer
Merchant
Acquirer
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
How Does The Issuer Earn Money? Annual fees
Transaction fees
Interest
How Does The Issuer Lose Money? Cardholder default
Fraud
Our gain is merely a percentage of a customer’s transactions!
A dollar saved is a dollar earned!
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
How To Influence These Components?Income
Fees and interest
More transactions
Loss
Cardholder default
Fraud
Marketing Risk and Fraud Analysis
SAS Enterprise Miner
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
How Does Credit Card Fraud Work?
Principal fraud methods
Two methods – two varying fraud patterns
“Skimming” Copying ofmagnetic stripe data
Data hackingStealing card datafrom the internet
Other methodsmarginal
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Skimming / Counterfeit Magnetic stripe data is copied
Data is transferred onto a manufactured card
Card is used at a store until detected ~30% of fraud loss at Viseca (lowest rate in
Switzerland)
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Skimming – Examples of Counterfeit Plastics
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Data Hacking / Internet Fraud
Data stolen from customers or databases
Card data is used on the internet until detected ~60% of fraud loss at Viseca (highest rate in
Switzerland)
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Data Hacking – Examples (1/2)
The weakest link is the human• Phishing• Pharming• Social Engineering
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Data Hacking – Examples (2/2) Still, if you are cautious…
www.privacyrights.org/ar/ChronDataBreaches.htm
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Proportion of Fraud TypesGross loss by type of fraud
28.43%
41.00%
60.50%42.00%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Q12007
Q22007
Q32007
Q42007
Q12008
Q22008
Q32008
Q42008
Q12009
Period
Perc
enta
ge
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Fraud Prevention at Viseca
Technical Solutions• Chip Card against counterfeit• Verified by Visa / 3-D Secure against internet fraud
Analytical Solutions• Online – at time of transaction• Offline – FRAUDO
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Online Fraud Prevention
Authorization Process• Does the card exist?• If Yes: Is the card balance sufficient?• If Yes: Rule based decision engine
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Rule Based Decision Engine Checks details of transaction
• Where?• Card history?• Blacklist?
Decision• No risk – proceed with transaction• Risky transaction – real time alert on screen
Rules are based on past fraud cases
Rules could be improved by using data mining methods (not yet implemented)
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Offline Fraud Analysis – Reporting
Goal: Report on transfer and loss
Reporting on key figures• Fraud Transfer = Sum of all fraudulent transactions
= The fraudsters’ gain• Fraud Loss = loss encountered due to fraud
= Transfer - Fraud transactions not paid by issuer
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Offline Fraud Analysis – Case Based Analysis
Goal: Prevent fraud before it occurs by finding patterns
Analyses of fraud cases
Find similarities between fraud cases
Disclose compromised spots
Recognize possibly exposed cards
Since 2005
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Offline Fraud Analysis – Data Mining (1/2)
Goal: Minimize fraud transfer when fraud has already occurred
Why use data mining? Limited resources
20,000 - 100,000 transactions daily that needed checking
With data mining methods, bring number down to 20 - 100
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Offline Fraud Analysis – Data Mining (2/2)
Project FRAUDO – Fraud Risk Analysis Using Data Offline• Internet Fraud: Decision tree (since 2007)• Counterfeit: Regression model (since 2008)• Internet Fraud: Regression model (since 2009)
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
What Did We Achieve?
2005:
No models
Rules based on surface analysis
Insufficient protection
Dramatic rise in fraud transfer
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
What Did We Achieve? (1/3)
2005/06:
Introduction of smart rules for the rule-based decision engine
Allocation of staff for analysis
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
What Did We Achieve? (2/3)2006/07
Introduction of internet fraud decision tree
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
What Did We Achieve? (3/3)2008/09
Introduction of counterfeit models
Extreme increase in fraud activities
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Number of fraud cases and loss per case
80
90
100
110
120
130
140
150
160
170
180
Q12007
Q22007
Q32007
Q42007
Q12008
Q22008
Q32008
Q42008
Q12009
Period
Arbi
trary
sca
le
Number of fraud cases Loss per fraud case
Fraud Development at Viseca
- 40%
+ 50%
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Success rate
5.5%
Percentage of cards found by FRAUDO
21.34%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Project FRAUDO – Results
21% of all fraud cases found
Reduced fraud loss estimated to be 15%
Success rate of 5.5%
Potential and actual fraud loss
0%
20%
40%
60%
80%
100%
120%
140%
-15%
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
What Makes It Easier?
Low domestic fraud
Shopping patterns of fraudsters are different
Well-behaved cardholders
Vast amount of data
Why Is Fraud Modeling Difficult?
Fraud is a rare event
Fraudsters are shopping moderately
Vast amount of data
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Preconditions For Successful Modeling
Know your data
Know your customers
Know your fraudsters
Train often – FRAUDO can never sleep
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
A Quick Look At The Model
~150 variables
Regression and trees
Winning model: Tree with entropy criterion
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
How We Create/Validate Our Models
1. Create several models with up-to-date data
2. Use the models with past data
Today-3 Months
Instant feedback Selection of best modeling method
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Plans for the Future
Select hitherto unused variables to achieve better accuracy
Model rules of online fraud prevention tool
Hot-spot analysis with micro models
Much to be done
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Lesson Learnt There is a business case for fraud prevention
Potential and actual fraud loss
0%
20%
40%
60%
80%
100%
120%
140%
-15%
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Questions?
Thank you very much!
-
Copyright © 2009, SAS Institute Inc. All rights reserved.
Fraud Prevention at Viseca Card ServicesTable of ContentsSlide Number 3Slide Number 4Slide Number 5How Does The Credit Card Business Work?How Does The Issuer Earn Money?How To Influence These Components?How Does Credit Card Fraud Work?Skimming / CounterfeitSkimming – Examples of Counterfeit PlasticsData Hacking / Internet FraudData Hacking – Examples (1/2)Data Hacking – Examples (2/2)Proportion of Fraud TypesFraud Prevention at VisecaOnline Fraud PreventionRule Based Decision EngineOffline Fraud Analysis – ReportingOffline Fraud Analysis – Case Based AnalysisOffline Fraud Analysis – Data Mining (1/2)Offline Fraud Analysis – Data Mining (2/2)What Did We Achieve?What Did We Achieve? (1/3)What Did We Achieve? (2/3)What Did We Achieve? (3/3)Fraud Development at VisecaProject FRAUDO – ResultsWhat Makes It Easier?�Preconditions For Successful ModelingA Quick Look At The ModelHow We Create/Validate Our ModelsPlans for the FutureLesson LearntQuestions?Slide Number 36