Tackling Card not present Fraud

2,762 views

Published on

Tackling Card not present Fraud

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,762
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
58
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Tackling Card not present Fraud

  1. 1. GRUPPO TELECOM ITALIATackling Card Not Present fraudin the mobile businessRome, 17.04.2012Stefano M. de’ Rossi
  2. 2. Agenda Telecom Italia facts & figure Non cash payment & credit card fraud Credit card fraud: the mobile experience 2
  3. 3. Agenda Telecom Italia facts & figure Non cash payment & credit card fraud Credit card fraud: the mobile experience 3
  4. 4. Company profileEmployees Telecom Italy is the Italian leading company in Telecommunications and84,154 ICT, and one of the most important in LatinCustomers America and among the top 10 global telecommunications operators since135,300,000 1999.Revenues (2011 €)29,958,000,000 4
  5. 5. Telecom Italia Group: …more than simply a phone company Office & System solutions Web Television ICT Services Telephony 5
  6. 6. Agenda Telecom Italia facts & figure Non cash payment & credit card fraud Credit card fraud: the mobile experience 6
  7. 7. Non cash payment evolution Overall non-cash payments volumes grew by 5% in 2009 to 260 billion, continuing the growth trend from 2008 of 9%, albeit at a slower pace. Globally, cards remain the preferred non-cash payment instrument, with global transaction volumes up almost 10% and a market share of more than 40% in most markets. 7 7
  8. 8. In the fight against card fraud• As the use of non-cash payments instruments grows, so does concern about the potential for fraud.• Global card fraud has increased consistently along with card usage in recent years (World payment report 2011) 8
  9. 9. The evolution of credit card fraud 1980 1990 2000 TodayFraudster Individuals Teams Local crime rings International crime ringsTarget Consumers Small retailers Larger retailers Banks ProcessorsLeading Lost/stolen Domestic Identity theft Cross-border datafraud types Intercepted counterfeiting/ Phishing compromise skimming Rudimentary data CNP fraud compromise ATM fraudType of Travel & Premium credit Mass market All types of credit cardscards Entertainment cards credit cards Debit cardstargeted cards Prepaid cardsNecessary Opportunism Rudimentary Technical Audacityresources knowledge knowhow Technical expertise Insider information Global connections (Source Visa Europe) 9
  10. 10. Credit Card Fraud – brief history on video 10
  11. 11. Non cash payment in ItalyWhile our country is still characterized by a low usage of non cashpayments, credit card usage showed up, in the last years, a steadyincrease in transaction volumes (both in number and value oftransactions) Credit card transaction 2006-2010 (volume) Source: Osservatorio Assofin - CRIF Decision Solutions - GfK Eurisko sulle carte di credito, vol.9, 2011 11
  12. 12. Credit card and e-commerce in ItalyCredit Card has become the mostly used payment method for any online transactions Credit PayPal Cash to Bank Other card delivery Transfer Source: Casaleggio Associati, 2011 12
  13. 13. Credit card fraud analysis in 2009 / 2010As well as in the rest of the world, what can be set in Italy in the last 2years, is a very close trend between the total number of credit cardtransactions and the number of fraudulent operations detected. # fraudulent operation (2009-1=100) Source: Rapporto statistico sulle frodi con le carte di credito 1/2011 - UCAMP 13
  14. 14. Agenda Telecom Italia facts & figure Non cash payment & credit card fraud Credit card fraud: the mobile experience Card not present fraud: our experience 14
  15. 15. 2011 CFCA Global Fraud Loss SurveyIn tandem with the growth in the use of credit cards fraud hasbecome a significant problem for GSM operators. • Compromised PBX/Voicemail systems • Subscription/Identity (ID) Theft • International Revenue Share Fraud (IRSF) • GSM-Box & Bypass Fraud • Credit Card FraudCommunications Fraud Control Association 15
  16. 16. 2011 CFCA Global Fraud Loss SurveyCommunications Fraud Control Association 16
  17. 17. Credit Card Fraud: a GSMA perspective Card Card Present Not Present POINT SUB Transactions Transactions Credit Card Fraud 17
  18. 18. Card present transactions  Card present transactions for services or products are payments and requests made directly by the cardholder at the point of sale.  Counterfeit card fraud  Skimming Card  Lost and stolen card fraud Present  Mail non-receipt card fraud Transactions  Identity theft on cards Credit Card Fraud 18
  19. 19. Card Not Present (CNP) transaction Card is not physically present as it would be in a retail store. First card data is stolen in the real world and then criminals use it for the purchases. Card There’s no face to face contact, no tangible card and no physical signature on the sales draft. Not Present Transactions Credit Card Fraud 19
  20. 20. Card fraud losses split by typeCard-not-present fraud accounts for 64 % of all card fraudin 2011 4% 7% 15% 23% 28% 3% 11% 2001 2011 7% 64% 38% Source: FRAUD THE FACTS 2012 – FFA Uk 20
  21. 21. Card fraud losses split by type in ItalyFigures are defintely different in Italy where counterfeitaccounts for the large majority of card fraud 7% 3% 4% 18% 11% 24% 2% 2009 2011 3% 70% 58% Source: Rapporto statistico sulle frodi con le carte di credito 1/2011 - UCAMP 21
  22. 22. Most card details used in CNP Fraud are compromised cards,not stolen. 22
  23. 23. Global payment breach – short video 23
  24. 24. CNP Fraud and GSM OperatorsMobile operators offer payment options for a variety of servicesthat are card-not-present transactions: HANDSET PAYMENT OF PURCHASE INVOICES ACCESS TO PREPAY PREMIUM RECHARGE CONTENT 24
  25. 25. What are the losses?• Loss of the value of the transaction (Chargebacks)• Costs of processing these transactions• Interconnection costs & Revenue share• Potential loss of Merchant status 25
  26. 26. Prevention & Detection measures for CNP transaction Service Product Payment Payment Pre-registration process Restriction Unique IMEI association Telephone authentication Strict delivery procedures 26
  27. 27. A layered security approach for CNP fraud prevention Telephone Mail Internet Order OrderAddress verification service(AVS) Card Verification Value 2 (CVV2) Verified by VISA (VbV) PCI - DSS 27
  28. 28. Payment Card Industry – Data Security Standard• The PCI DSS is intended to help protect Visa cardholder data— wherever it resides—ensuring that customers, merchants, and service providers maintain the highest information security standard.• It offers a single approach to safeguarding sensitive data for all card brands.• PCI DSS compliance is required of all entities that store, process, or transmit Visa cardholder data. 28
  29. 29. PCI-DSS main pillarsThe core of the PCI DSS is a group of principles and accompanyingrequirements, around which the specific elements of the DSS areorganized 1 Build and Maintain a Secure Network 2 Protect Cardholder Data 3 Maintain a Vulnerability Management Program PCI-DSS PILLARS 4 Implement Strong Access Control Measures 5 Regularly Monitor and Test Networks 6 Maintain an Information Security Policy 29
  30. 30. Things to take away• As the use of non-cash payments instruments grows, so does concern about the potential for fraud.• The payments industry is pursuing various innovations to tackle fraud and better secure non-cash transactions—and thereby bolster consumer confidence.• Attention is focused most, however, on e-commerce transactions, especially as electronic thefts increasingly hit the headlines.• Managing risk against the threat of credit card fraud is certainly not an easy task.• We remain committed to containing and reducing all areas of fraud and will continue to work with key partners to achieve this end.

×