Optimize Your Fraud Prevention Engine CSCU 111710 Your Fraud... · Optimize Your Fraud Prevention...
Transcript of Optimize Your Fraud Prevention Engine CSCU 111710 Your Fraud... · Optimize Your Fraud Prevention...
Optimize Your Fraud Prevention Engine:Prevention Engine: Fraud Tune-up Tips
The webcast will begin shortly.
CSCU Annual Meeting
S th D t !Save the Date!
Disney’s Yacht and Beach Club, Orlando, FL,
April 27 – May 1, 2011
•Registration: $350/person or $600 for two or moretwo or more
•Room Rate: $189/night
•Questions? Contact: [email protected]
•To see last year’s presentations•To see last year s presentations and photos: www.cscu.net/annualmeeting
Upcoming Webcasts:December 15 2010 at 2pm ETDecember 15, 2010 at 2pm ETMasterCard Q1 2010 Marketing Calendar Michael Gomez, MasterCard
MasterCard offers a range of targeted and non-targeted marketing programs designed to help you drive profitable cardholder behavior.
January 11, 2011 at 2pm ETMaximizing Portfolio Growth in 2011Maximizing Portfolio Growth in 2011Cassie Melvin, CSCU and Bill Lehman, CSCU
Give your credit and debit card programs a boost with help from CSCU.
Register now at www.cscu.net/webcasts
Brian Mills, FIS,Risk Analyst, Fraud Prevention
Agendag
• Fraud Prevention– Fraud Landscape– Best Practices– System Parameters & Controls
Fra d b T pe Characteristics– Fraud by Type Characteristics– Responding to a Fraud Trend
The Fraud LandscapepATMs
MerchantsSkimmingPhishingCompromised ATM Check Fraud
ID TheftDeposit Fraud
Branches
pCounterfeit
Check FraudCard FraudLost/StolenMOTO
pCheck Fraud
Accounts
PhishingPharmingHacking
ID TheftDeposit FraudAcct Takeover Financial
InstitutionInternetBanking
Ch k
Accounts ac gID Theft
ID TheftCounterfeitChecks
st tut o
VishingTelephoneBanking
CheckProcessing
Checks VishingSmishing
Current Fraud Trends
• Counterfeit• Data Compromises• Phishing/Vishing/SmShishing Schemes• Identity Theft
Fraud Prevention Best Practices
Fraud Prevention Best Practice • Neural Network Monitoring
24 x 7
• Neural Network Real Time
• Procedures for verification of address changes and PIN and/or plastic requests
• Cardholder education to prevent PhishingNeural Network Real Time Decisioning
• CVV/CVC Matching
• Card Activation
• Promote cardholder enrollment in Verified by Visa or MasterCard SecureCode
• Report Monitoring• Card Activation
• Expiration Date Matching
• Address Verification Service
Report Monitoring– Daily Authorization Reports– Excessive Activity– Foreign Transaction Listing– Card Activation Activity
Maintenance Activity• Address change confirmation letters
– Maintenance Activity
• Authorization Name Matching
• Issuer’s Clearinghouse Service fraud alerts (ICS)g ( )
• Daily parameter controls (spend limits, velocity controls)
Authorization Name Mismatch
• Compares the name in the authorization record (track 1 data) to the name in the embossing record
– If the name on both records match, authorization process continues – If the name on both records do not match, authorization is declined
• ANM does not apply if:– The merchant provides track 2 data
The merchant manually entered the card’s data for the transaction in the system– The merchant manually entered the card s data for the transaction in the system (not swiped through the POS terminal)
Issuer’s Clearinghouse Service g(ICS)
• ICS is a national database developed by Visa and MasterCard at the issuer’s request to help identify fraudulent information on new applicationsfraudulent information on new applications
• ICS collects the following customer information from sources such as issuers, Social Security Administration, and the U.S. Postal Service:
Valid and deceased person’s Social Security Number (SSN)– Valid and deceased person s Social Security Number (SSN)– Addresses and telephone numbers for hotels, prisons, and resorts– Unauthorized use of reports– Filings of bankruptcy petitions
• The ICS can help reduce U.S. issuer losses caused by the following:– Fraudulent credit card applications– Falsified lost and stolen card claims– Cards not received– Excessive credit application activity
Issuer’s Clearinghouse Service g(ICS)
• ICS supports all U.S. issuers by performing the following tasks:ICS supports all U.S. issuers by performing the following tasks:– Provides information about application activity and fraudulent card use reported by other
issuers– Alerts issuers about potential losses by identifying invalid or questionable application
information– Informs issuers of bankruptcy filings– Tracks home addresses, telephone numbers, and SSNs in new credit card accounts,
declined applications, and reports of fraudulent activity.• ICS requires the issuer to send SSNs, home addresses, and home telephone numbers to them for q p
the following types of transactions:– Approved accounts– Declined accounts– Fraudulent applicationspp– Account with fraudulent activity
System Parameters and Controls
Authorization Parameters
• Authorization parameters determine if a transaction should be accepted th h th tthrough the system
• Predetermined system rules govern the response code given on a transactiontransaction
• Authorizations that come into the system must generate a response code:– Approved– Declined– Refer to card issuer– Capture card or pick-up card– Code 10
Authorization Parameters
• Daily Parameter Controls:– Daily Limits – Velocity & Dollar Amount– Country Code Blocks– Foreign Authorizations
ATM A thori ations– ATM Authorizations– Over limit Levels– PIN Validation
• First Time at ATMFirst Time at ATM– Credit Line Management Controls
Parameter and System ControlsParameter and System Controls
• Parameter and system controls run automatically on the feature specification that have been predetermined by the control
– Issuers should change parameter settings as the fraudulent activity changes– Some changes may impact regular customer activityg y p g y
Parameter Settingsg
• Authorization parameter settings may control:– Number of transactions per day– Certain transactions may be restricted based on set criteria:
• Type of merchantMerchant co ntr• Merchant country
– Dollar limit within country
Parameter Settingsg
• Look for common threads in the fraud pattern then set parameter restrictions
• The most common parameters for fraud control are:– Cash Advance – Lost / Stolen, Counterfeit
P t All f d t– Payments – All fraud types• Booster Checks• Card Kiting
Characteristics By Fraud Type
Characteristics of Counterfeit Plastic • Fraud activity shows that card was present (POS 90)
– Indication that track data was captured (Track one or Track two, or full track data) and duplicated
– Result of either a skimming operation or database breach of a merchant or processor
• Excessive transaction activity within a short time frameExcessive transaction activity within a short time frame– Fraud transactions occur within minutes and in close proximity of each other.– In some cases, fraud can occur both in and out of the United States at the same
time depending on fraud ring• Times and geographical locations of transactions are outside of customers
normal spending pattern• Similar merchant patterns are noticeable
V i b f d t– Varies by fraudster• If applicable, Neural Net case created
Counterfeit Plastic
Counterfeit Plastic
Quiz! - True or False
• Track data can be compromised by the following methods:
– Compromised ATM– Skimming Device – Database Breach
Counterfeit Plastic True!• ATM skimmer over the card slot• Handheld skimmer or altered POS device designed to capture mag-stripe informationg p g p• Database base breach
Best Practices: Counterfeit Plastic
• CVC/CVV Matching• Neural Network monitoring 24x7x365• Neural Network Real-Time Decisioning• Report Monitoring• Authorization Name Match• Daily Parameter Controls (Spend Limits, Velocity Limits)
Characteristics of Card Not Present
• Fraud Activity shows as POS 01– Indication that account number, expiration date, and CVV/CVC2 were captured– Result of database breach, Social engineering attack such as Phishing, collusive
employee• Excessive activity from various ecommerce or Mail Order/Telephone Order• Excessive activity from various ecommerce or Mail Order/Telephone Order
merchants– Fraud transactions occur within a short amount of time between each other
• Similar merchant patterns are noticeableSimilar merchant patterns are noticeable– Varies by fraudster
• If applicable, Neural Net case created
Card Not Present
• Quiz! - Yes or No
• Can a criminals collect data through the following methods?– Phishing– Pharming– Database Breach– Vishing
SmShing– SmShing
Card Not Present Yes!
• Data is collected, harvested and sold on underground carding websites.
Best Practices: Card Not Present
• Neural Network Monitoring 24x7x365• Neural Network Real-Time Decisioning• CVV/CVC2 Matching• Address Verification Service• Report Monitoring• Expiration Date Match• Daily Parameter Controls (Spend Limit, Velocity Limit)
Characteristics of Lost/Stolen
• Fraud activity predominantly shows as POS 90 but could also include POS 01
• Fraud activity within 50 to 75 miles of customer• Customer is NOT in possession of plastic• Times and geographical locations of transactions are outside of customers
normal spending pattern• Similar merchant patterns are noticeable
V i b f d t– Varies by fraudster• If applicable, Neural Net case created
Best Practices: Lost/Stolen
• Neural Network Monitoring 24x7x365• Neural Network Real-Time Decisioning• Report Monitoring• Daily Parameter Controls (Spend Limits, Velocity Limits)
Characteristics of NRI (Mail Theft)( )
• Fraud activity predominantly shows as POS 90 but could include POS 01• Fraud activity could occur within distance of the mail stream
– Card present fraud
• Customer is NOT in possession of plastic• Customer is NOT in possession of plastic• Times and geographical locations of transactions are outside of customers
normal spending pattern– Only on re-issue plasticsOnly on re issue plastics
• Similar merchant patterns are noticeable– Varies by fraudster
• If applicable, Neural Net case createdpp ,
Best Practices for NRI (Mail Theft)( )
• Card Activation• Neural Network 24x7x365• Neural Network Real-Time Decisioning• Report Monitoring• Daily Parameter Controls (Spend Limits, Velocity Limits)
Characteristics of Account Takeover
• Address is changed from “true cardholder” to the address of the perpetrator– Initially done via phone or mail through customer service
• A new card and/or pin has been requested– Occurs after address change has taken place
• Fraud activity shows as POS 90• Times and geographical locations of transactions are outside of customers
normal spending patternSi il h t tt ti bl• Similar merchant patterns are noticeable
– Varies by fraudster• If applicable, Neural Net case created
Best Practices for Account Takeover
• Address Change confirmation letters to “old” address• Procedures for verification of address changes and plastics and/or PIN
requests• Neural Network monitoring 24x7x365• Neural Network Real-Time Decisioning• Report Monitoring• Daily Parameter Controls (Spend Limits, Velocity Limits)
Characteristics of Fraud Application
• Original plastic in use– Result of Identity theft or identity fraud (Example: family or friendly fraud)– Personal identifiable information was either lost or stolen– Results of a social engineering attack such as phishing, vishing, & smishing
Res lt of data breach either at cardholder or merchant le el– Result of data breach either at cardholder or merchant level• Fraud activity shows as POS 90
– Original plastic in use– Full track data involved as well as PINFull track data involved as well as PIN
• If applicable, Neural Net case created
Countermeasures: Fraud Application
• Quiz! - True or False
• You should cross check all information on new applications with the Issuer’s
Clearinghouse Service (ICS) alerts before making a decisionClearinghouse Service (ICS) alerts before making a decision.
Fraud Application • True!• ICS alerts provides information p
about application activity and fraudulent card use reported by other issuers
• Alerts issuers about potentialAlerts issuers about potential losses by identifying invalid or questionable application information
• Informs issuers of bankruptcy• Informs issuers of bankruptcy filings
• Tracks home addresses, telephone numbers, and SSNs in
dit d t d li dnew credit card accounts, declined applications, and reports of fraudulent activity.
Best Practices for Fraud Application
• Issuer’s Clearing House (ICS) fraud alerts• Report Monitoring• Daily Parameter Controls (Spend Limits, Velocity Limits)• Neural Network 24x7x365• Neural Network Real-Time Decisioning
Plan of ActionSteps to respond to a fraud trend:
• Evaluate the situation:• Evaluate the situation:– Identify the fraud type– Identify the number of accounts involved– Review the fraud pattern
• Review and adjust your current parameters and controls settings– Daily limits – Velocity & Dollar Amount, etc.
• Notification of recent eventsLaw Enforcement– Law Enforcement
– Fraud Management Group– Staff members
• Network within surrounding community
Additional Fraud Prevention Best P tiPractices
• Phishing – Obtain entire email (link included) to help get the site shut down– Web site protectionWeb site protection
• Check your site often• Look for unauthorized links
– Implement good quality anti-virus, content filtering, and anti-spam solutions– Monitoring Services
• Vishing/SMiShing – Obtain the phone number used in attack– Collect all details of the phone conversation or recorded message
N tif b th t ff d t tt k h b id tifi d– Notify both staff and customers as soon as an attack has been identified• Consumer Education
– Newsletters– Warnings on your website– Warnings on your website– Educational material in your lobbies
Additional Fraud Prevention Best Practices
• Report Phishing/Vishing • Contact Law Enforcement in all cases• Internet Crime Complaint Center
– http://www.ic3.gov• Federal Trade Commission
– http://www.ftc.org• Anti-phishing Working Group (Phishing Attacks Only)
– http://www.antiphishing.org
Questions? C t ?Comments?
Thank you!