identifying security issuesidentifying security issues in the
TRANSCRIPT
Identifying Security IssuesIdentifying Security Issues in the Retail Payments SystemEvolution of Payments System Fraud
David A Poe - DirectorDavid A. Poe - Director
June 5, 2008
Fraud has moved from amateurs operating locally to professionals operating globallyoperating locally to professionals operating globally
Fraudsters now work cooperatively across geographies, making local regulations and law enforcement initiatives less impactfullocal regulations and law enforcement initiatives less impactful
1980 1990 2000 Current
Cardholders Small Merchants Mega Stores
Targ
et
Members / Processors
+ + +Cardholders Small Merchants Mega Stores Members / Processors
dste
r
+ + +Individuals Team Organized InternationalFr
aud + + +
aud
Type
+ + +
1
Fra
SkimmingLost & Stolen Data Compromise X-Border DC
Fraud has moved from amateurs operating locally to professionals operating globallyoperating locally to professionals operating globally . . .
Fraudsters view fraud perpetration as a line of business
Perform competitive assessments to evaluate points of greatest opportunity VISA, MasterCard USA (with cvv2 code)VISA, MasterCard USA (with cvv2 code)
Select products, channels and geographies (and even FIs) based upon matrix evaluation
f lik lih d t it f d 5.0есть в продаже5-50
цена в $USD идентификацияколичество
, ( )
5.0есть в продаже5-50
цена в $USD идентификацияколичество
, ( )
of likelihood to commit fraud versus potential impactProvide product pricing to distribution channel based 3.0есть в продаже501-1000
4.0есть в продаже101-500
4.5есть в продаже51-100
р д
3.0есть в продаже501-1000
4.0есть в продаже101-500
4.5есть в продаже51-100
р д
distribution channel based upon expected likelihood versus impactHire specialists based upon Если Вам нужно более 10000 карт, свяжитесь с нами,
В б
пишитеесть в продажеболее 10000
2.0есть в продаже1001-5000
Если Вам нужно более 10000 карт, свяжитесь с нами, В б
пишитеесть в продажеболее 10000
2.0есть в продаже1001-5000
Hire specialists based upon technology expertiseInvest in R&D with working capital generated from
для Вас будет отдельная скидкадля Вас будет отдельная скидка
2
p gproceeds
Source: iDefense
Players often make suboptimal fraud risk management business decisions because the true cost of fraud is often misunderstoodthe true cost of fraud is often misunderstood
True Cost of Payments FraudTrue Cost of Payments Fraud
3
Technology is increasingly used to enable or ease the perpetration of payment fraudto enable or ease the perpetration of payment fraud
New technologies have enabled new means for fraudsters to gillegally source or use information to perpetrate payment fraud –doing so across products, channels and geographies
T h l i bli f d t t lTechnology is enabling fraudsters to leverage cross-portfolio opportunities, compromising the full customer relationship
Fraudsters’ use of technology is driving the 5 highest growth sources and uses of fraud account information
Phishing/Pharming
Mass Data Compromise
Identity Fraud
Counterfeit/Skimming
4
Card-Not-Present (especially Internet purchases)
Some FIs are moving from a product silo to a customer relationship management approachto a customer relationship management approach
This approach extends into the way FIs are managing fraud riskThis approach extends into the way FIs are managing fraud risk
EVOLVING MANAGEMENT APPROACHESPRODUCT
MANAGEMENT
EVOLVING MANAGEMENT APPROACHES
RELATIONSHIPRELATIONSHIPRELATIONSHIPRELATIONSHIPRELATIONSHIPRELATIONSHIP
SFER
DIN
G
AR
D
RD
MANAGEMENTMANAGEMENTMANAGEMENT
DDA Credit Card Debit CardPRODUCTSPRODUCTS
CheckACH Retail Lending HELOCWire Transfer
MANAGEMENTMANAGEMENTMANAGEMENT
DDA Credit Card Debit CardPRODUCTSPRODUCTS
CheckACH Retail Lending HELOCWire Transfer
AC
H
RE
TRA
NS
TAIL
LEN
DD
A
CH
ECK
RED
IT C
A
EBIT
CA
HEL
OC
Retail Bank Wholesale BankLINES OF BUSINESSLINES OF BUSINESS
ATM Phone POSCHANNELSCHANNELS
Internet Branch
Mortgage CompanyRetail Bank Wholesale BankLINES OF BUSINESSLINES OF BUSINESS
ATM Phone POSCHANNELSCHANNELS
Internet Branch
Mortgage Company
WIR
RETC
R D ATM Phone POSInternet Branch
Neural Networks Internet Two-Factor AuthenticationFRAUD SOLUTIONSFRAUD SOLUTIONS
Chip/PIN
GEOGRAPHY
ATM Phone POSInternet Branch
Neural Networks Internet Two-Factor AuthenticationFRAUD SOLUTIONSFRAUD SOLUTIONS
Chip/PIN
GEOGRAPHY
5