Identifying Security Issues Identifying Security Issues in the Retail Payments System Evolution of Payments System Fraud David A Poe - Director David A. Poe - Director June 5, 2008
Fraud has moved from amateurs operating locally to professionals operating globally operating locally to professionals operating globally � Fraudsters now work cooperatively across geographies, making local regulations and law enforcement initiatives less impactful local regulations and law enforcement initiatives less impactful 1980 1990 2000 Current Target + + + Cardholders Cardholders Small Merchants Small Merchants Mega Stores Mega Stores Members / Processors Members / Processors dster + + + + + + Fraud Individuals Team Organized International aud Type + + + Fra Lost & Stolen Skimming Data Compromise X-Border DC 1
Fraud has moved from amateurs operating locally to professionals operating globally . . . operating locally to professionals operating globally Fraudsters view fraud perpetration as a line of business � Perform competitive assessments to evaluate points of greatest opportunity VISA, MasterCard USA (with cvv2 code) VISA, MasterCard USA (with cvv2 code) , , ( ( ) ) � Select products, channels and количество количество идентификация идентификация цена в $USD цена в $USD geographies (and even FIs) based upon matrix evaluation есть в продаже есть в продаже р д р д 5-50 5-50 5.0 5.0 of likelihood to commit fraud f lik lih d t it f d есть в продаже есть в продаже 51-100 51-100 4.5 4.5 versus potential impact есть в продаже есть в продаже 101-500 101-500 4.0 4.0 � Provide product pricing to есть в продаже есть в продаже 501-1000 501-1000 3.0 3.0 distribution channel based distribution channel based есть в продаже есть в продаже 1001-5000 1001-5000 2.0 2.0 upon expected likelihood более 10000 более 10000 есть в продаже есть в продаже пишите пишите versus impact Если Вам нужно более 10000 карт , свяжитесь с нами , Если Вам нужно более 10000 карт , свяжитесь с нами , � Hire specialists based upon � Hire specialists based upon для Вас будет отдельная скидка для Вас будет отдельная скидка В В б б technology expertise � Invest in R&D with working capital generated from p g proceeds Source: iDefense 2
Players often make suboptimal fraud risk management business decisions because the true cost of fraud is often misunderstood the true cost of fraud is often misunderstood True Cost of Payments Fraud True Cost of Payments Fraud 3
Technology is increasingly used to enable or ease the perpetration of payment fraud to enable or ease the perpetration of payment fraud � New technologies have enabled new means for fraudsters to g illegally source or use information to perpetrate payment fraud –doing so across products, channels and geographies � Technology is enabling fraudsters to leverage cross- T h l i bli f d t t l portfolio opportunities, compromising the full customer relationship � Fraudsters’ use of technology is driving the 5 highest growth sources and uses of fraud account information � Phishing/Pharming � Mass Data Compromise � Identity Fraud � Counterfeit/Skimming � � Card-Not-Present (especially Internet purchases) 4
Some FIs are moving from a product silo to a customer relationship management approach to a customer relationship management approach This approach extends into the way FIs are managing fraud risk This approach extends into the way FIs are managing fraud risk EVOLVING MANAGEMENT APPROACHES EVOLVING MANAGEMENT APPROACHES PRODUCT MANAGEMENT R R R R E E E E LA LA LA LA T T T T IO IO IO IO N N N N S S S S H H H H IP IP IP IP R R E E LA LA T T IO IO N N S S H H IP IP M M A A N N A A G G E E M M E E N N T T M M M M A A A A N N N N A A A A G G G G E E E E M M M M E E E E N N N N T T T T P P P P R R R R O O O O D D D D U U U U C C C C T T T T S S S S S F E R D I N G D D D D A A C C heck heck C C redit C redit C ard ard D D ebit C ebit C ard ard A R D R D A A C C H H W W ire T ire T ransfer ransfer R R etail Lending etail Lending H H E E LO LO C C R E T R A N S R E D I T C A C H E C K H E L O C E B I T C A T A I L L E N LIN LIN E E S S O O F B F B U U S S IN IN E E S S S S LIN LIN E E S S O O F B F B U U S S IN IN E E S S S S D D A A C H R R etail B etail B ank ank M M ortgage C ortgage C om om pany pany W W holesale B holesale B ank ank C C H H A A N N N N E E LS LS C C H H A A N N N N E E LS LS A A A A TM TM TM TM Internet Internet Internet Internet B B B B ranch ranch ranch ranch P P P P hone hone hone hone P P P P O O O O S S S S C R R E T W I R D FR FR A A U U D D S S O O LU LU T T IO IO N N S S FR FR A A U U D D S S O O LU LU T T IO IO N N S S Internet T Internet T w w o-Factor A o-Factor A uthentication uthentication N N eural N eural N etw etw orks orks C C hip/P hip/P IN IN G G E E O O G G R R A A P P H H Y Y 5
Recommend
More recommend