• Like
Master card 1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
667
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. MasterCard Outlook is a tri-annual newsletter published by the MasterCard Product Services team and edited by Allyson Fraser and Chris Rieck. This is a publication for public sector program coordinators and senior executives. Reproduction without permission is prohibited. Resource Corner continued from page 7 MasterCard Outlook A publication for public sector Recommended Reading The Innovator’s Solution: Creating and program coordinators and senior executives Winter 2004 Our list of books that are winning the attention of Sustaining Successful Growth business executives nationwide: by Clayton M. Christensen, Michael E. Raynor A persuasive look at how innovation and the The 8th Habit: From Effectiveness to Greatness creation of disruption can help companies grow, by Stephen R. Covey and specific suggestions for how to create Groundbreaking author of Seven Habits of Highly innovative processes in the workplace. MasterCard When it comes to managing card programs, an ongoing Effective People introduces a new definition of Turn-Key challenge for agency program coordinators and other public modern leadership and explains how four leadership Confronting Reality: Doing What Matters to Get Things Right sector officials is how to identify and minimize card abuse characteristics can transform an organization. by Larry Bossidy and Ram Charan Solutions Help The Five Dysfunctions of a Team: Business titans and bestselling authors of Execution and misuse. A big part of the challenge is that, traditionally, A Leadership Fable offer a new approach to strategic business planning Minimize Fraud government agencies have not had direct access to the by Patrick M. Lencioni in a rapidly changing business environment. Easy-to-read fable on why teams often fail to function QBQ! The Question Behind the Question and Card Misuse transaction data of their employee cardholders. as a unit and how to make them more effective. by John G. Miller Crucial Confrontations How to encourage personal accountability and Fraud-detection technology by itself does not address how by Kerry Patterson, Joseph Grenny, Ron McMillan, eliminate blame in the workplace. to help government agencies identify employees who may Al Switzler not be using their cards in accordance with agency card Suggestions for how to identify problems at the usage policies. office that need your intervention and strategies for Recognizing the powerful role technology can play to minimize how to intervene for a positive outcome. card abuse and misuse, MasterCard has developed two important technology-based solutions. MasterCard RiskFinder® is a neural network solution that gives government agencies direct access to authorization transaction data. Thus, it helps them identify fraudulent card use early on, enabling them to minimize losses. Aristion® is a rule-based software solution that allows agencies to define a set of rules related to unacceptable For questions, comments or additional information, card use. Agencies are then able to identify incidents of please call us at 1-800-704-2390, or visit us on the Web at www.mastercard.com/gov possible fraud and when payment cards are not being used in accordance with agency policies. Both solutions offer public sector program managers an affordable way to harness the power of technology to combat fraud or card misuse. MasterCard RiskFinder: A turn-key solution to identify potentially T h i s i s s u e fraudulent behavior. MasterCard RiskFinder uses advanced statistical neural network models and behavior profiles based on cardholder, merchant and fraud MasterCard Turn-Key data. These models incorporate years of historical transaction information from Solutions Help 1 the MasterCard Global Data Repository. If the characteristics of a transaction are 2000 Purchase Street Purchase, NY 10577 at odds with one or more of these detailed profiles, the transaction is flagged as Perspectives 2 possibly fraudulent, typically resulting in the need for the cardholder to provide verification of the legitimacy of the transaction being made. Ask the Expert 5 RiskFinder, which MasterCard developed in conjunction with Fair Isaac, leverages Fair Isaac’s revolutionary neural network-based profiling technology. This powerful tool gives government agencies unprecedented capabilities to monitor and track Resource Corner 7 employee transactions for potential fraud. continued on page 3
  • 2. Perspectives MasterCard Turn-Key Solutions Help continued from page 1 Welcome to the Fall/Winter issue of MasterCard Outlook. Here’s how it works: An individual uses his activity routed through Banknet. “We own it, we or her MasterCard® card to conduct a transaction. operate it, we maintain it, and we have the software In this issue, we take an in-depth look at how to protect against fraud and card misuse. These The transaction is authorized via the secure in place to replicate authorization data in Banknet troubling problems are not going away — indeed new fraud schemes are breaking every day. MasterCard Banknet global processing network. and feed it through RiskFinder,” says Jim Mandella, As the authorization data passes through Banknet, Director, Risk Management, MasterCard International. Fortunately, there are a number of simple steps and process improvements you can take to it also passes through RiskFinder, which compares “It is entirely a turn-key solution—agencies subscribe prevent, deter, and/or identify fraud early, enabling you to minimize loss within your organization. the transaction to the models and profiles and to it and we deliver the results,” he adds. assigns a score. The higher the score assigned, One of the most powerful tools that you can have at your disposal in the fight against fraud is the greater the likelihood of the transaction being MasterCard RiskFinder is a near real-time solution. fraudulent. ‘Scored’ transactions can be delivered Although it cannot prevent the first fraudulent technology. In this issue, we profile two software-based solutions, MasterCard RiskFinder and Aristion, transaction from taking place on a card, it can to the agency so that the agency can review the which can dramatically improve your detection rates of fraudulent transactions, as well as transactions transactions and follow up with the cardholder. flag it and promptly notify the agency program that violate internal policy. These cost-effective solutions represent the ongoing commitment of coordinator of the suspicious activity. For agencies MasterCard RiskFinder combines cardholder, merchant that want such near real-time notification, MasterCard MasterCard to use its internal resources (in this case, MIS models based on years of MasterCard and fraud data to give government entities a offers an additional component called RiskFinder transaction data) for the benefit of your organizational efficiency. comprehensive fraud prediction model comprised of Alerts. It’s an online, browser-based, “thin client” three components: case management tool that’s accessible through We also present some common-sense steps you can take in terms of employee education and MasterCard OnLine, a secure site. With any PC and • Neural Network Model — The neural network an internet connection, users have 24/7 desktop crafting a fraud-prevention strategy. To this end, MasterCard Advisors, LLC, a global professional is an advanced form of intelligent software that access to the RiskFinder output. Government entities services organization, has a wealth of world-class payments expertise across consulting, information is used to create a statistical model. This predictive that do not require immediate access to potentially products and services, research, and outsourcing for you to leverage. model is built by evaluating historical data for both suspicious transactions can receive RiskFinder results fraudulent and non-fraudulent authorizations. in a batch file format—at a frequency that meets their In May 2005, MasterCard will host its third Global Risk Management Symposium in Washington D.C. Through the evaluation of the historical data, needs, also delivered through MasterCard OnLine. the model discovers not only simple relationships, This important event will explore the depths of industry fraud knowledge and experience, through but also interactive, non-linear relationships. continued on page 4 a series of presentations, discussions, workshops and training sessions. Leading industry experts • The Cardholder Profile — For each cardholder will cover a wide range of topics, including: identity theft; debit/prepaid fraud; e-commerce fraud; account, RiskFinder creates a detailed profile of information security; crisis management and more. You can find more details about this symposium the cardholder’s spending and behavior patterns. in the Resource Corner — where you will also find our updated list of business best-sellers. The neural network is trained to recognize differences in cardholder use patterns, changes It may be true that the problems of fraud and card misuse can never entirely be eradicated. But over in cardholder spending patterns and likely fraudulent behavior. the past several years, we at MasterCard have demonstrated that, with effective procedures and MIS, they can be managed and minimized. We invite you to learn more about the fraud prevention products • The Merchant Profile — RiskFinder creates highly detailed merchant profiles on a global basis. The and services MasterCard has available — and we look forward to seeing you at the Risk Management neural network evaluates merchant risk factors Symposium next spring! based on historical fraud authorizations. These merchant risk factors not only include previously Best wishes for 2005. reported fraud transactions at a merchant location, but also legitimate authorizations that occurred Sincerely, shortly before the account incurred fraud, or “Common Points of Purchase” intelligence. This component distinguishes RiskFinder from other models, due to its access to merchant data from almost all MasterCard issuers worldwide. Eva M. Robinson RiskFinder operates entirely out of the MasterCard Vice President Technology Headquarters in St. Louis, and government Public Sector Payment Solutions entities can use it to monitor MasterCard authorization eva_robinson@mastercard.com 2 3
  • 3. MasterCard Turn-Key Solutions Help continued from page 3 Ask the Expert “With MasterCard RiskFinder, government entities extremely useful capability for spotting cases The ABC’s of Fraud Prevention can, for the first time, monitor suspicious employee of potential account takeover or identity theft. with Christine Brundage, Senior Consultant, cardholder transactions — and do so in a cost Agencies could, for instance, feed a data file MasterCard Global Portfolio Risk Management effective way. Based on results from the RiskFinder of known bad addresses into Aristion and then production model, customer feedback indicates compare those addresses against their employee Q. What types of payment card fraud are this tool can reduce fraud losses by up to 50%,” address file to determine if there were any matches, government agencies experiencing today? says Mandella. and therefore, potential problems with the account. A. Broadly speaking, agencies face three different Aristion®: A Powerful software to “Aristion enables government agencies to turn problems with respect to payment cards. The first let you see who’s breaking the rules. their card usage policies and guidelines into rules is when an employee violates card usage policy — For some government entities, card misuse is a and then to monitor the spending habits of for instance, by using a T&E card for personal use. more troublesome problem than fraud. When employees to make sure they follow those rules,” The second is when the employee has actual intent to government employees use payment cards for says Mandella. He adds that for agencies that defraud his or her employer. For instance, an employee, purposes other than those for which they were use only MasterCard payment cards, Aristion, in knowing that his position is about to be terminated, intended, the organizational efficiencies card conjunction with RiskFinder, provides an extremely might run up charges on his business card with no programs can bring are compromised. Until recently, cost effective solution to minimize fraud and card- intention of paying the bill. Or, an employee might tracking down incidents of card misuse was, at best, misuse. “Since MasterCard spending goes through be involved in collusion, allowing a friend to use the an arduous process. But thanks to MasterCard Banknet, we can use RiskFinder as an authorization card to charge merchandise, splitting the proceeds, Aristion, a software solution that incorporates data feed with a fraud score into Aristion, in most and then reporting those charges as fraudulent to rules-based technology, monitoring employee cases cheaper than what it would cost agencies the employer. The third problem agencies face is, of It’s also important to remind employees to be careful card misuse can be a fairly straightforward task. to get a data feed anywhere else without the fraud course, true fraud, which arises when an employee’s about where they keep their cards. For example, Aristion allows users to define a set of rules or score. The result is what we commonly refer to as card or account information is stolen and used to business travelers often keep business credit cards criteria related to unacceptable card use. If a ‘the combined solution’ or ‘the best of both worlds.’ make unauthorized transactions. in their laptop cases. But we know that there is a transaction or series of transactions meet these Agencies would have all of their authorization common scam that occurs during airport security criteria, Aristion highlights transactions for further transactions ‘scored’ for possible fraud and then Q. Is it important for employers to distinguish screening procedures in which, just as an individual review. Subscribers to Aristion can feed any be able to compliment the fraud score with custom among these types of fraud? places his laptop on the conveyor belt for security MasterCard transaction data into the system rule capability to further target fraud and monitor A. It is important because the way agencies define screening, a fraudster creates a hold up in the line to determine whether cards are being used in employee card misuse, all in one, easy-to-use tool,” fraud will affect how they communicate policy to thereby attracting attention. While attention is accordance with agency guidelines. Importantly, he observes. their employees as well as what types of fraud they diverted to one fraudster, another walks off with Aristion can also accept non-monetary data, an will end up reporting. For instance, employee misuse the individual’s laptop. If employees keep their is generally considered to be an internal problem. business credit cards with their laptop case, the If an agency, through detection programs or some fraudster would also get access to the employee’s other method, identifies instances in which cards business credit card. The point is, you want to make are not being used in accordance with policy, it can sure employees protect their business credit cards “Aristion enables take disciplinary action against the employee — as carefully as their personal credit cards. government agencies including termination. But issuers do not typically You also need to give employees incentives to read to turn their card usage get involved from an investigatory perspective. The their monthly credit card statements and to ensure policies and guidelines other two types of fraud, where there is employee all charges are legitimate. A major contributor to into rules and then to intent to defraud or where an account has been credit card fraud is a process called skimming. This stolen, need to be handled differently. occurs when fraudsters get unauthorized access to monitor the spending habits of employees Q. How so? What steps can an agency take to all information on a card’s magnetic stripe by swiping to make sure they protect itself from these other types of fraud? it through a card reading device constructed with follow those rules.” parts purchased in an electronics store. When an A. The first step is employee education. Since it is employee presents his or her card for payment, the Jim Mandella often difficult for honest employees to believe that fraudster swipes the card a second time through a Director, Risk Management fraud really does happen, it’s important to remind skimming device and then places the information MasterCard International them to protect their cards, to make sure that they on the back of a counterfeit card. There is not don’t leave their receipts behind, for instance, and much an employee can do to prevent skimming, that they always get their cards back from the cashier. but they can shorten the length of the fraud continued on page 6 4 5
  • 4. Ask the Expert continued from page 5 Resource Corner Just one or a few dishonest employees can adversely Useful Web Sites: • Department of Defense Purchase Card affect everyone. If one significant incident of fraud Below is a list of Web sites that can provide useful Management Office: occurs and the issuer finds a need to install additional resources to Managers throughout the public sector: http://purchasecard.saalt.army.mil is the fraud precautions, all employees may be subjected to official DoD Web site for all Purchase Card a slower approval process or more time consuming • MasterCard: www.mastercard.com/gov (IMPAC) policy, news, and guidance. verification processes. Serves as an online resource for public sector organizations by providing detailed information • The National Association of State Auditors, Q. What about fraud such as collusion? Can for an array of business-to-government payment Comptrollers, and Treasurers (NASACT): that be prevented? solutions, enhancements, and MIS reporting tools. http://www.nasact.org/ has a useful Washington Connection feature that summarizes There is no one sure way to prevent collusion, but • Egov Links: www.Egovlinks.com billed as emerging regulatory and legislative Federal issues. creating an environment in which such behavior is the “egovernment starting point,” features an extremely comprehensive array of useful resources, • Senior Executives Association: addressed swiftly and decisively, creating a reputation publications and links to other Web sites. http://www.seniorexecs.com/ Web site for zero tolerance toward fraudulent behavior is a provides a host of information about issues large step in the right direction. Fraudsters always • National Association of State Procurement related to effective, efficient, and productive look for the path of least resistance, so you want to Officials: www.naspo.org includes information leadership in government. establish a reputation for being tough on perpetrators on identifying ways to improve and refine when they are caught. purchasing techniques in the public sector. Upcoming Conferences: Collusion is usually only detected through an • General Service Administration: Several previously listed Web sites (notably that investigation. If you fire an employee without www.gsa.gov (also visit the Federal Supply of the Government Executive) feature calendars allowing for an investigation to take place, you Service’s Web site: www.fss.gsa.gov) includes a of upcoming conferences of potential interest exposure by checking their statements and making may not even be aware that a collusive process variety of resources, including “products, services, to agency program coordinators. Here are some sure all charges are legitimate. Unfortunately, there was at work—and, if the process involved another and technology to help federal agencies accomplish additional conferences for which you might want is a lot of fraud that is never even identified employee whom you did not catch, the collusion their mission.” to mark the date. Check the appropriate Web site because employees don’t check their statements or may continue. The point is whenever you identify for more information. • Government Finance Officers Association: notify the program administrator about an incident of fraud, you want to make an effort www.gfoa.org features an extensive list of unauthorized charges. to work with issuers to help them, and conduct GSA publications on government finance topics. a thorough internal investigation into how the GSA Expo 2005 May 3–5, 2005 A final deterrent to fraud is the system of checks fraud took place. It’s a matter of finding gaps and • Association of Government Accountants: San Diego Convention Center, San Diego, California and balances you establish in the administration of closing them as soon as possible. We all suffer the www.agacgfm.org hosts the online version of the card program. Specifically, you need to carefully Journal of Government Financial Management and http://www.expo.gsa.gov/ consequences of fraud through higher interest rates consider how employees can interact with the issuer and fees on our payment cards. By practicing due other resources. MASTERCARD INTERNATIONAL to obtain cards, change account information (such diligence in the way card programs are administered • National Conference of State Fleet as addresses) and reopen accounts. Not only do you and monitored, we can minimize those consequences. U.S. and International Government Card Forum Administrators: http://ncsfa.state.ut.us/ March 7–9, 2005 need to establish the proper controls, but you need includes an online version of Fleet Administration to ensure that the processes through which cards News and fleet-related data. Ronald Reagan Trade Center, Washington, D.C. are obtained, or account information is changed, (details to follow) is secure. It is not at all uncommon for criminal • The Government Executive: www.govexec.com, rings to attempt to access information about how the online daily, hosts a unique calendar of events Global Risk Management Symposium to interact with the issuer to obtain new or for public sector officials. May 9–12, 2005 duplicate cards — it happens all the time. • E-gov: www.E-gov.com features information Renaissance Hotel, Washington, D.C. on Web-enabled government, e-procurement and Early bird registration: Another component of these checks and balances other issues. November 15, 2004–February 15, 2005 is to establish controls (typically MIS-based) over the activities of the card program administrator. Obviously, • National Partnership for Reinventing Government: Call 1-800-807-4693 / 1-914-249-6808 you have to be reasonable in your approach—on the http://govinfo.library.unt.edu/npr/index.htm or email GlobalRiskSymposium@mastercard.com one hand, you don’t want employees to feel like they Former Vice President Gore’s Web site appears as continued on page 8 are being “big brothered,” on the other, having it did when it was officially closed on January 19, one person controlling the entire process can create 2001, with a variety of practical information on unnecessary risk. If this trusted person becomes a how to run a more efficient agency. fraud perpetrator and nobody else is watching the activity, a large fraud incident could ensue. 6 7