What's 3D costing your business?

3,031 views
2,912 views

Published on

Presentación de Amieto Montinari, de ChasePaymentech para el I Foro de Medios de Pago y Fraude Online organizado por adigital. (Madrid, 20 de diciembre de 2012).

Published in: Economy & Finance, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,031
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
49
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • So you deploy a Fraud Mngmt System and all your problems go awayBut do they? Your costs increase, and the nature of your changes. You need a higher ladderYou could add Session Behavior to this list, which is the 20 ft wall.....until fraudsters start to act more like normal customersAll in all, your costs are now significant in terms of people and technology solutions
  • Both Visa and MasterCard suggest that now over 60% of total transactions in the UK are fully authenticated3DSA key part of the answer is cardholder authentication as a standard practice for all Card Not Present transactions Thisthe first ever decrease since 1999. This decrease is due to the increasing use of sophisticated fraud screening detection tools as well as the continuing growth in the use of MasterCard SecureCode and Verified by Visa”.So if every Merchant deplyed 3DS, Merchant fraud would cease to exist. It would be like the Retail sector post Chip and PINIs it as simple as this?I will come back to this theory and how the law of unintended consequences is a factor
  • Search for 3DS s c c and you get the followingYou don’t get Visa website, you don’t get MCSo now we have seen the 2 schools of thought. Which is correct? Here comes the math
  • We presented this in Amsterdam 1 year ago and we got a lot of feedback and requests to repeat because it was the first time quanitiative analysis had been reportedThe data set for this analysis was based on Merchants offering 3DS, not on all e-commConsi – u in the room?Efficient markets – cardholders must enrol after X times, uusally 3 – ADS – where Merchant offers 3DSMerchant Positive – cardholders do not have to enrol, but many Issuers do not pariticpate or dont force c/h to enrol – can click on cancel button 10 times and nothing happens. Merchants can still decide on how to proceed, but bear in mind that Merchants get liabilkity shift if Issuer does not participateMerchant Negative – difference to UK and CA is cardholder behavior. Also, Issuers much less efficient. Spanish Issuers asking for 4 digit PIN (Chip and PIN pin)
  • Looks like a global trend mandated by a combination of Govts, Regulators and Card SchemesIn UK for example, we know the Home Office includes e-comm fraud in crime stats. Isnt this an easier crime to fix than murders? Mandate the authentication of all e-comm txns.Its becoming reminicent of Chip and PINThe realitySo what is happening where 3D Secure has been mandated?ITALY: Merchants don’t offer it in many casesSWEDEN: originally declined all transactions without 3D Secure and now consumers know what to do (hopefully)UK: In the UK can almost be considered as a standard practice for consumersINDIA: Card Schemes contacted by the Central Bank of India because some merchants did not offer it
  • Here are some fundamental points to agree on:Technical challenges: The technical Implementation across the chain is not homogenous and can create issues for consumersNo visibility on how good 3D is: everybody knows the bad things, but many unknowns existHow much of the drop at checkout is generated by fraudster that cannot simply complete the authentication steps – unknown!What is the real drop at checkout if we exclude the fraudsters? Unknown!How much money is a company effectively saving because of the implementation of 3D Secure? Can be known, but how many really do?Consumers like to go through some sort of authentication, simply what is in place might not be the appropriate way of doing it
  • Kevin Smith plug – he has one that worksCard Schemes and Issuers have recognised that static passcodes are weak because they rely on humansYou and I talking, what if card is stolen, still need PIN, but if you get it, can now do retail and e-comm fraud. PIN written on card, post-it note attached to card, ATM etched with PIN, AIB codecard
  • Can be a positive strategy to adopt to decrease fraudCan be a negative strategy outside of the UK if you focus on consumer experienceBut in some places and for some cards must be done! And like it or not it is here to stayImprovements are under way to deal with the issues, but it still must be mandated to increase its adoption because the advantages of doing it vs. not are not clear at allSo what is the position of a merchant that does not offer 3D Secure today?
  • What's 3D costing your business?

    1. 1. What’s 3D Securecosting your business?Amleto MontinariDirector of StrategyChase Paymentech Europe Limited Chase Paymentech Europe Limited, trading as Chase Paymentech, is a subsidiary of JPMorgan Chase Bank, N.A. (JPMC) and is regulated by the Central Bank of Ireland.
    2. 2. Background to Chase Paymentech 200+ Years 15 Years 50% of global ecommerce transactions* 222 500 Merchants*approximately based upon 2009 figures
    3. 3. AgendaBenefits and Challenges of 3D SecureDiscovering if there is a trend involving 3DSecureReviewing present challenges and futuredevelopments
    4. 4. Let’s look at the costs of fraud..... Man Potential for hours ChargebacksRFI associated costsChargeback costs False Lost Man Potential fines Potential inability to Positives revenue hours process cards
    5. 5. Fraud Management Systems are the answerto fraud management…or are they? £ € $ £ € £ $ Requests for Lost Product Information Chargebacks
    6. 6. But Some Say… “CNP fraud Cardholder dropped in theAuthentication is UK by 19% to the answer £266.4m in 2009”
    7. 7. And Others Say…
    8. 8. While The Data Say… Relation between 3D Secure Enrollment and Lost checkouts 25% Spain 20% Dropped checkout rate because of Australia France Germany Secure Enrollment 15% United States Canada 10% Italy 5% United Kingdom 0% 10% 20% 30% 40% 50% 60% 70% Cancel Button Hit Rate for 3D Secure Enrollment – Liability Shift Still Applies Merchant Positive – 3D Secure enrolment is notThe Efficient Markets – 3D Secure enrolment is mandated and customer awareness does not matter asmandated and customers enrol customers do not have to enrolMerchant Negative – 3D Secure enrolment ismandated and customers do not enrol
    9. 9. AgendaBenefits and Challenges of 3D SecureDiscovering if there is a trend involving 3DSecureReviewing present challenges and futuredevelopments
    10. 10. Is There a Trend?Maestro India Italy Singapore Sweden Amex FranceUK & EU • 2009 • 2009 • 2010 • 2010 • 2011 • Next• 2008 one?
    11. 11. Learn tolive with 3D Secure
    12. 12. AgendaBenefits and Challenges of 3D SecureDiscovering if there is a trend involving 3DSecureReviewing present challenges and futuredevelopments
    13. 13. “Technical” challengesConsumers like No visibility onauthentication results
    14. 14. 1. Technical Challenges Cardholder Merchant Card# PAReq to ACS PARes with AAVAuthentication SecureCode AAV AAV ACS 3D Secure DirectoryAuthorization AAV in UCAF field 0100 EPS-Net 0110 Issuer Acquirer
    15. 15. 1. 3DS chargeback liability matrix  Visa o Reason Code 75 – Cardholder Does Not Recognize Transaction o Reason Code 83 – Fraudulent Transaction, Card Not Present  MasterCard & Maestro o Reason Code 37 – No Cardholder Authorisation o Reason Code 63 - Cardholder Does Not Recognize TransactionConsumer Cards: Applies when: 1. Authorization Request is Approved 2. ECI 5 (Fully Authenticated) or ECI 6 (Authentication Attempted) is performed and, 3. CAVV, (Visa “Card Authentication Verification Value”), AAV, (MasterCard “Accountholder Authentication Value”) is obtained with an ECI of 5. Not required for ECI of 6. 4. √ = Chargeback Liability Shift for Visa, MasterCard and Maestro. Card Issuance United States Canada European Central Europe, Latin America. So. Asia Location Union Middle East & America and Pacific Africa Caribbean Merchant Location United States √* √ √ √ √ √ Canada √ √ √ √ √ √ European Union √ √ √ √ √ √ Central Europe, Middle East & √ √ √ √ √ √ Africa Latin America. So. America and √ √ √ √ √ √ Caribbean Asia Pacific √ √ √ √ √ √* As of 14 October 2011 for MasterCard and Maestro
    16. 16. 1. 3DS chargeback liability matrix contd.Commercial Cards: Applies when: 1. Authorization Request is Approved 2. ECI 5 (Fully Authenticated) is performed. (ECI 6 DOES NOT provide liability shift except as noted) and, 3. CAVV, (Visa “Card Authentication Verification Value”), AAV, (MasterCard “Accountholder Authentication Value”) is obtained with an ECI of 5. Not required for ECI of 6. 4. √ = Chargeback Liability Shift for Visa, MasterCard and Maestro. Card Issuance United Canada European Central Europe, Latin America. So. Asia Pacific Location States Union Middle East & America and Africa Caribbean Merchant Location United States √ √ √ √ √ √ Canada √ √ √ √ √ √ European Union √ √ ECI 5 or 6 – √ √ √ MC and Visa Central Europe, Middle East √ √ √ ECI 5 or 6 – MC √ √ & Africa Only Latin America. So. America √ √ √ √ ECI 5 or 6 – MC √ and Caribbean Only Asia Pacific √ √ √ √ √ ECI 5 or 6 – MC and Visa
    17. 17. 2. Fraud Alert Reports
    18. 18. 3. Cardholders are looking for signs of security N =546 N =548 N =536 N = 576Specialsecurity 88% 84% 77% 82% code Securitysymbol in 83% 87% 84% 83% browser Q20: To what extent do you agree with each of the following statements? • When making an online purchase I prefer entering a special security code to ensure safety of my payment details. • When making an online purchase I expect to see a security symbol in my browser.
    19. 19. Something Is Moving Static Dynamic password Password OTP device Dynamic password is generated by Password is provided to you by entering your credit or debit card in your bank and is linked to your a card device (OTP), or use a credit or debit card security or access code device After entering user ID and a password, a transaction can only be Dynamic Password Dynamic Password completed with built-in OTP device another password... via SMS Dynamic password is Dynamic password (TAN-code) generated by your card which is generated via SMS sent to has a keypad and LCD screen your mobile phone. embedded into it
    20. 20. Summary
    21. 21. Questions? April

    ×