Telecom Italia is Italy's leading telecommunications company with over 84,000 employees and 135 million customers. As non-cash payments have increased, so too has credit card fraud. Specifically, card not present (CNP) fraud, where the physical card is not used, accounts for over 60% of fraud and is challenging for mobile operators due to purchases of devices, content, and services. Operators work to prevent CNP fraud through measures like registration requirements, authentication, and compliance with the Payment Card Industry Data Security Standard.

1. GRUPPO TELECOM ITALIA
Tackling Card Not Present fraud
in the mobile business
Rome, 17.04.2012
Stefano M. de’ Rossi

2. Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
2

3. Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
3

4. Company profile
Employees Telecom Italy is the Italian leading
company in Telecommunications and
84,154 ICT, and
one of the most important in Latin
Customers America and among the top 10 global
telecommunications operators since
135,300,000 1999.
Revenues (2011 €)
29,958,000,000
4

5. Telecom Italia Group: …more than simply a phone company
Office &
System solutions
Web Television ICT Services
Telephony
5

6. Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
6

7. Non cash payment evolution
 Overall non-cash payments volumes
grew by 5% in 2009 to 260 billion,
continuing the growth trend from 2008
of 9%, albeit at a slower pace.
 Globally, cards remain the preferred
non-cash payment instrument, with
global transaction volumes up almost
10% and a market share of more than
40% in most markets.
7
7

8. In the fight against card fraud
• As the use of non-cash payments instruments grows, so does
concern about the potential for fraud.
• Global card fraud has increased consistently along with card usage
in recent years
(World payment report 2011)
8

9. The evolution of credit card fraud
1980 1990 2000 Today
Fraudster Individuals Teams Local crime rings International
crime rings
Target Consumers Small retailers Larger retailers Banks
Processors
Leading Lost/stolen Domestic Identity theft Cross-border data
fraud types Intercepted counterfeiting/ Phishing compromise
skimming Rudimentary data CNP fraud
compromise ATM fraud
Type of Travel & Premium credit Mass market All types of credit cards
cards Entertainment cards credit cards Debit cards
targeted cards Prepaid cards
Necessary Opportunism Rudimentary Technical Audacity
resources knowledge knowhow Technical expertise
Insider information
Global connections
(Source Visa Europe)
9

10. Credit Card Fraud – brief history on video
10

11. Non cash payment in Italy
While our country is still characterized by a low usage of non cash
payments, credit card usage showed up, in the last years, a steady
increase in transaction volumes (both in number and value of
transactions)
Credit card transaction 2006-2010 (volume)
Source: Osservatorio Assofin - CRIF Decision Solutions - GfK Eurisko sulle carte di credito, vol.9, 2011
11

12. Credit card and e-commerce in Italy
Credit Card has become the mostly used payment method for any on
line transactions
Credit PayPal Cash to Bank Other
card delivery Transfer
Source: Casaleggio Associati, 2011
12

13. Credit card fraud analysis in 2009 / 2010
As well as in the rest of the world, what can be set in Italy in the last 2
years, is a very close trend between the total number of credit card
transactions and the number of fraudulent operations detected.
# fraudulent operation (2009-1=100)
Source: Rapporto statistico sulle frodi con le
carte di credito 1/2011 - UCAMP
13

14. Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
Card not present fraud: our experience
14

15. 2011 CFCA Global Fraud Loss Survey
In tandem with the growth in the use of credit cards fraud has
become a significant problem for GSM operators.
• Compromised PBX/Voicemail systems
• Subscription/Identity (ID) Theft
• International Revenue Share Fraud (IRSF)
• GSM-Box & Bypass Fraud
• Credit Card Fraud
Communications Fraud Control Association
15

16. 2011 CFCA Global Fraud Loss Survey
Communications Fraud Control Association
16

17. Credit Card Fraud: a GSMA perspective
Card Card
Present Not Present POINT
SUB
Transactions Transactions
Credit Card Fraud
17

18. Card present transactions
 Card present transactions for services or products
are payments and requests made directly by the
cardholder at the point of sale.
 Counterfeit card fraud
 Skimming
Card
 Lost and stolen card fraud
Present
 Mail non-receipt card fraud
Transactions
 Identity theft on cards
Credit Card Fraud
18

19. Card Not Present (CNP) transaction
 Card is not physically present as it would be in a
retail store.
 First card data is stolen in the real world and then
criminals use it for the purchases.
Card
 There’s no face to face contact, no tangible card
and no physical signature on the sales draft.
Not Present
Transactions
Credit Card Fraud
19

20. Card fraud losses split by type
Card-not-present fraud accounts for 64 % of all card fraud
in 2011
4% 7% 15%
23% 28% 3%
11%
2001 2011
7%
64%
38%
Source: FRAUD THE FACTS 2012 – FFA Uk
20

21. Card fraud losses split by type in Italy
Figures are defintely different in Italy where counterfeit
accounts for the large majority of card fraud
7% 3% 4%
18% 11%
24%
2%
2009 2011 3%
70% 58%
Source: Rapporto statistico sulle frodi con le
carte di credito 1/2011 - UCAMP 21

22. Most card details used in CNP Fraud are compromised cards,
not stolen.
22

23. Global payment breach – short video
23

24. CNP Fraud and GSM Operators
Mobile operators offer payment options for a variety of services
that are card-not-present transactions:
HANDSET PAYMENT OF
PURCHASE INVOICES
ACCESS TO PREPAY
PREMIUM RECHARGE
CONTENT
24

25. What are the losses?
• Loss of the value of the transaction (Chargeback's)
• Costs of processing these transactions
• Interconnection costs & Revenue share
• Potential loss of Merchant status
25

26. Prevention & Detection measures for CNP transaction
Service Product
Payment Payment
Pre-registration process
Restriction
Unique IMEI association
Telephone authentication
Strict delivery procedures
26

27. A layered security approach for CNP fraud prevention
Telephone Mail
Internet
Order Order
Address verification service
(AVS)
Card Verification Value 2
(CVV2)
Verified by VISA (VbV)
PCI - DSS
27

28. Payment Card Industry – Data Security Standard
• The PCI DSS is intended to help protect Visa cardholder data— wherever
it resides—ensuring that customers, merchants, and service providers
maintain the highest information security standard.
• It offers a single approach to safeguarding sensitive data for all card
brands.
• PCI DSS compliance is required of all entities that store, process, or
transmit Visa cardholder data.
28

29. PCI-DSS main pillars
The core of the PCI DSS is a group of principles and accompanying
requirements, around which the specific elements of the DSS are
organized
1 Build and Maintain a Secure Network
2 Protect Cardholder Data
3 Maintain a Vulnerability Management
Program
PCI-DSS
PILLARS 4 Implement Strong Access Control Measures
5 Regularly Monitor and Test Networks
6 Maintain an Information Security Policy
29

30. Things to take away
• As the use of non-cash payments instruments grows, so does
concern about the potential for fraud.
• The payments industry is pursuing various innovations to tackle
fraud and better secure non-cash transactions—and thereby
bolster consumer confidence.
• Attention is focused most, however, on e-commerce transactions,
especially as electronic thefts increasingly hit the headlines.
• Managing risk against the threat of credit card fraud is certainly
not an easy task.
• We remain committed to containing and reducing all areas of fraud
and will continue to work with key partners to achieve this end.