Fraud Prevention at Viseca Card Services · 2010. 3. 19. · How Does Credit Card Fraud Work?...

Copyright © 2009, SAS Institute Inc. All rights reserved.

Fraud Prevention at VisecaCard ServicesMarcel BielerBusiness Analyst, Aduno Gruppe


Table of Contents

Aduno-Group and Viseca

How Does The Credit Card Business Work?

How Does Credit Card Fraud Work?

Fraud Prevention at Viseca

What Did We Achieve?

Plans for the Future

Lesson Learnt


Aduno-GroupVision We are the group for a future of cashless

payments…

… by providingSAFE andSIMPLEpayment services.


Gift cardsLoyalty cards

Credit card AcquiringPayment terminals

Credit card IssuingConsumer creditsCar financing

Aduno Group – Who Are We?

Aduno Holding SA


Viseca Card Services SA Switzerland’s leading credit card issuer

1,000,000 cards issued (population of Switzerland = 7,000,000)

Almost 25% of all issued cards

A wide variety of products and services


How Does The Credit Card Business Work?

Schemes

Customer

Issuer

Merchant

Acquirer


How Does The Issuer Earn Money? Annual fees

Transaction fees

Interest

How Does The Issuer Lose Money? Cardholder default

Fraud

Our gain is merely a percentage of a customer’s transactions!

A dollar saved is a dollar earned!


How To Influence These Components?Income

Fees and interest

More transactions

Loss

Cardholder default

Fraud

Marketing Risk and Fraud Analysis

SAS Enterprise Miner


How Does Credit Card Fraud Work?

Principal fraud methods

Two methods – two varying fraud patterns

“Skimming” Copying ofmagnetic stripe data

Data hackingStealing card datafrom the internet

Other methodsmarginal


Skimming / Counterfeit Magnetic stripe data is copied

Data is transferred onto a manufactured card

Card is used at a store until detected ~30% of fraud loss at Viseca (lowest rate in

Switzerland)


Skimming – Examples of Counterfeit Plastics


Data Hacking / Internet Fraud

Data stolen from customers or databases

Card data is used on the internet until detected ~60% of fraud loss at Viseca (highest rate in

Switzerland)


Data Hacking – Examples (1/2)

The weakest link is the human• Phishing• Pharming• Social Engineering


Data Hacking – Examples (2/2) Still, if you are cautious…

www.privacyrights.org/ar/ChronDataBreaches.htm


Proportion of Fraud TypesGross loss by type of fraud

28.43%

41.00%

60.50%42.00%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Q12007

Q22007

Q32007

Q42007

Q12008

Q22008

Q32008

Q42008

Q12009

Period

Perc

enta

ge


Fraud Prevention at Viseca

Technical Solutions• Chip Card against counterfeit• Verified by Visa / 3-D Secure against internet fraud

Analytical Solutions• Online – at time of transaction• Offline – FRAUDO


Online Fraud Prevention

Authorization Process• Does the card exist?• If Yes: Is the card balance sufficient?• If Yes: Rule based decision engine


Rule Based Decision Engine Checks details of transaction

• Where?• Card history?• Blacklist?

Decision• No risk – proceed with transaction• Risky transaction – real time alert on screen

Rules are based on past fraud cases

Rules could be improved by using data mining methods (not yet implemented)


Offline Fraud Analysis – Reporting

Goal: Report on transfer and loss

Reporting on key figures• Fraud Transfer = Sum of all fraudulent transactions

= The fraudsters’ gain• Fraud Loss = loss encountered due to fraud

= Transfer - Fraud transactions not paid by issuer


Offline Fraud Analysis – Case Based Analysis

Goal: Prevent fraud before it occurs by finding patterns

Analyses of fraud cases

Find similarities between fraud cases

Disclose compromised spots

Recognize possibly exposed cards

Since 2005


Offline Fraud Analysis – Data Mining (1/2)

Goal: Minimize fraud transfer when fraud has already occurred

Why use data mining? Limited resources

20,000 - 100,000 transactions daily that needed checking

With data mining methods, bring number down to 20 - 100


Offline Fraud Analysis – Data Mining (2/2)

Project FRAUDO – Fraud Risk Analysis Using Data Offline• Internet Fraud: Decision tree (since 2007)• Counterfeit: Regression model (since 2008)• Internet Fraud: Regression model (since 2009)


What Did We Achieve?

2005:

No models

Rules based on surface analysis

Insufficient protection

Dramatic rise in fraud transfer


What Did We Achieve? (1/3)

2005/06:

Introduction of smart rules for the rule-based decision engine

Allocation of staff for analysis


What Did We Achieve? (2/3)2006/07

Introduction of internet fraud decision tree


What Did We Achieve? (3/3)2008/09

Introduction of counterfeit models

Extreme increase in fraud activities


Number of fraud cases and loss per case

80

90

100

110

120

130

140

150

160

170

180

Q12007

Q22007

Q32007

Q42007

Q12008

Q22008

Q32008

Q42008

Q12009

Period

Arbi

trary

sca

le

Number of fraud cases Loss per fraud case

Fraud Development at Viseca

- 40%

+ 50%


Success rate

5.5%

Percentage of cards found by FRAUDO

21.34%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Project FRAUDO – Results

21% of all fraud cases found

Reduced fraud loss estimated to be 15%

Success rate of 5.5%

Potential and actual fraud loss

0%

20%

40%

60%

80%

100%

120%

140%

-15%


What Makes It Easier?

Low domestic fraud

Shopping patterns of fraudsters are different

Well-behaved cardholders

Vast amount of data

Why Is Fraud Modeling Difficult?

Fraud is a rare event

Fraudsters are shopping moderately

Vast amount of data


Preconditions For Successful Modeling

Know your data

Know your customers

Know your fraudsters

Train often – FRAUDO can never sleep


A Quick Look At The Model

~150 variables

Regression and trees

Winning model: Tree with entropy criterion


How We Create/Validate Our Models

1. Create several models with up-to-date data

2. Use the models with past data

Today-3 Months

Instant feedback Selection of best modeling method


Plans for the Future

Select hitherto unused variables to achieve better accuracy

Model rules of online fraud prevention tool

Hot-spot analysis with micro models

Much to be done


Lesson Learnt There is a business case for fraud prevention

Potential and actual fraud loss

0%

20%

40%

60%

80%

100%

120%

140%

-15%


Questions?

Thank you very much!


Fraud Prevention at Viseca Card ServicesTable of ContentsSlide Number 3Slide Number 4Slide Number 5How Does The Credit Card Business Work?How Does The Issuer Earn Money?How To Influence These Components?How Does Credit Card Fraud Work?Skimming / CounterfeitSkimming – Examples of Counterfeit PlasticsData Hacking / Internet FraudData Hacking – Examples (1/2)Data Hacking – Examples (2/2)Proportion of Fraud TypesFraud Prevention at VisecaOnline Fraud PreventionRule Based Decision EngineOffline Fraud Analysis – ReportingOffline Fraud Analysis – Case Based AnalysisOffline Fraud Analysis – Data Mining (1/2)Offline Fraud Analysis – Data Mining (2/2)What Did We Achieve?What Did We Achieve? (1/3)What Did We Achieve? (2/3)What Did We Achieve? (3/3)Fraud Development at VisecaProject FRAUDO – ResultsWhat Makes It Easier?�Preconditions For Successful ModelingA Quick Look At The ModelHow We Create/Validate Our ModelsPlans for the FutureLesson LearntQuestions?Slide Number 36

Fraud Prevention at Viseca Card Services · 2010. 3. 19. · How Does Credit Card Fraud Work?...

Documents

Transcript of Fraud Prevention at Viseca Card Services · 2010. 3. 19. · How Does Credit Card Fraud Work?...