SlideShare a Scribd company logo

Throttling Fraud

Mike Batton
Mike Batton

Overview of payments industry fraud and available approaches to reducing.

1 of 12
Throttling Payment Fraud Next steps in prevention
Card fraud Property of Batton Consulting Inc. 2011. Released under 2
Fraud penetration points Device Transaction Data Identity Industry protection level Property of Batton Consulting Inc. 2011. Released under 3
Fraud sources Card forgery Phishing Merchant scams Transaction spoofing Card theft Auth data skimming Application fraud First party Account takeover Site hacking Property of Batton Consulting Inc. 2011. Released under 4
Fraud’s open windows  Device impersonating  Device active until account disabled  Exposed validation keys  Transaction impersonating  Usage verification is heuristic not positive  Identity verification is heuristic not positive  Lack of trend controls for “bust out” Property of Batton Consulting Inc. 2011. Released under 5
Stopping fraud - tools  Electronic device fingerprint  Device registered & controlled for usage  Tokenization of account validation keys on device and key resolution “behind the wall”  Account-user positive confirmation of transaction  Biometric verification of account applicant  Biometric capture of account users  “bust out” pattern detection/prediction Property of Batton Consulting Inc. 2011. Released under 6
Fraud tool impact Transaction Application First party Auth data Merchant skimming Phishing takeover Account hacking forgery Device Device spoofing theft scams Site fraud Device fingerprint   Device registration &      controlled Tokenization &“behind the     wall” res. Transaction positive      confirmation Biometric applicant      verification Biometric user capture   “bust out” detection/prediction  Property of Batton Consulting Inc. 2011. Released under 7
Mitigating fraud impact  Velocity-based exposure controls  1st party fraud clearinghouse  Neural net transaction fraud detection  Fraud detection clearinghouse notification to merchant to stop delivery  Fraudster attribute database matching (ie. Name, address, phone, etc.) Property of Batton Consulting Inc. 2011. Released under 8
Fraud tool accommodation MagCard Mobile NFC EMV Device fingerprint     Device registration & controlled     Tokenization &“behind the wall” res.     Transaction positive confirmation     Biometric applicant verification     Biometric user capture     “bust out” detection/prediction     Property of Batton Consulting Inc. 2011. Released under 9
Fraud improvement w/mobile Device Transaction Data Identity Industry protection level Property of Batton Consulting Inc. 2011. Released under 10
Conclusion  Fraud incidence is rising and costs are increasing again despite industry action  Fraud avenues of attack are many & varied  Current approaches still leave several windows open for fraud attack  The “card based” device is inherently susceptible to many of these attacks  EMV & NFC are still largely open to attack  Approaches/tools are in reach to close/significantly reduce those windows  The mobile payment platform presents the best way to provide these tools and reduce fraud Property of Batton Consulting Inc. 2011. Released under 11
Further information on this Contact me BCI provides focused consultation and assistance in the payment systems area  Payments solution evaluation  Project advisory or management  Strategy and issue consultation  Architecture direction & rollout • Quicker and more accurate problem identification and solution • More dependable delivery of key payment initiatives/projects • Creative and tested solutions to payment systems improvements • An objective viewpoint that sees the whole picture • Deep experience delivering business value through technology Executive IT help & leadership on payments when you need it Contact: Mike Batton, President, Batton Consulting Inc. | mike@battonconsult.com | 630-443-7735 (O) 630-862-6799 (M)

Recommended

Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
Hamid Ghorbani
 
Protection on cyber fraud
Protection on cyber fraudProtection on cyber fraud
Protection on cyber fraud
BUSINESS SOFTWARES & SOLUTIONS
 
C6 intelligence Fraud Glossary Whitepaper
C6 intelligence Fraud Glossary WhitepaperC6 intelligence Fraud Glossary Whitepaper
C6 intelligence Fraud Glossary Whitepaper
C6 Intelligence Information Systems Ltd
 
Document Authentication for Properties
Document Authentication for PropertiesDocument Authentication for Properties
Document Authentication for Properties
Bilcareltd
 
It act
It actIt act
It act
Yogesh Thawait
 
ACH Payments - Banking Fraud
ACH Payments - Banking FraudACH Payments - Banking Fraud
ACH Payments - Banking Fraud
Guardian Analytics
 
The Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital IdentityThe Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital Identity
Manah Khalil
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
OKsystem
 

Recommended

Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
Hamid Ghorbani
 
Protection on cyber fraud
Protection on cyber fraudProtection on cyber fraud
Protection on cyber fraud
BUSINESS SOFTWARES & SOLUTIONS
 
C6 intelligence Fraud Glossary Whitepaper
C6 intelligence Fraud Glossary WhitepaperC6 intelligence Fraud Glossary Whitepaper
C6 intelligence Fraud Glossary Whitepaper
C6 Intelligence Information Systems Ltd
 
Document Authentication for Properties
Document Authentication for PropertiesDocument Authentication for Properties
Document Authentication for Properties
Bilcareltd
 
It act
It actIt act
It act
Yogesh Thawait
 
ACH Payments - Banking Fraud
ACH Payments - Banking FraudACH Payments - Banking Fraud
ACH Payments - Banking Fraud
Guardian Analytics
 
The Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital IdentityThe Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital Identity
Manah Khalil
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
OKsystem
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services
USAID CEED II Project Moldova
 
Midata Thoughts No. 1
Midata Thoughts No. 1Midata Thoughts No. 1
Midata Thoughts No. 1
Simon Deane-Johns
 
H029044050
H029044050H029044050
H029044050
researchinventy
 
Jips v07 no1_paper17
Jips v07 no1_paper17Jips v07 no1_paper17
Jips v07 no1_paper17
Hai Nguyen
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
JayHicks
 
International Webinar - Global ID Through Blockchain
International Webinar - Global ID Through BlockchainInternational Webinar - Global ID Through Blockchain
International Webinar - Global ID Through Blockchain
Rishabh Garg
 
Multi purpose ID : A Digital Identity to 134 Crore Indians
Multi purpose ID : A Digital Identity to 134 Crore IndiansMulti purpose ID : A Digital Identity to 134 Crore Indians
Multi purpose ID : A Digital Identity to 134 Crore Indians
Rishabh Garg
 
Techno Smart Card : Digital ID for Every Indian
Techno Smart Card : Digital ID for Every IndianTechno Smart Card : Digital ID for Every Indian
Techno Smart Card : Digital ID for Every Indian
Rishabh Garg
 
v 1.0
v 1.0v 1.0
v 1.0
Vinod Amarathunga
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
Avirot Mitamura
 
Asto card into
Asto card intoAsto card into
Asto card into
IB Kang
 
Digital signature
Digital signatureDigital signature
Digital signature
Renu Verma
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
IDES Editor
 
Deep Dive into Dependency injection
Deep Dive into Dependency injectionDeep Dive into Dependency injection
Deep Dive into Dependency injection
Julien Plée
 
Detecting fraud with Python and machine learning
Detecting fraud with Python and machine learningDetecting fraud with Python and machine learning
Detecting fraud with Python and machine learning
wgyn
 
Fraud Detection Architecture
Fraud Detection ArchitectureFraud Detection Architecture
Fraud Detection Architecture
Gwen (Chen) Shapira
 
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
Amazon Web Services
 
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache ApexApache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Apex
 
Real-Time Fraud Detection in Payment Transactions
Real-Time Fraud Detection in Payment TransactionsReal-Time Fraud Detection in Payment Transactions
Real-Time Fraud Detection in Payment Transactions
Christian Gügi
 
PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014
Sri Ambati
 
Deep Learning for Fraud Detection
Deep Learning for Fraud DetectionDeep Learning for Fraud Detection
Deep Learning for Fraud Detection
DataWorks Summit/Hadoop Summit
 
Fraud in Telecoms
Fraud in TelecomsFraud in Telecoms
Fraud in Telecoms
Erick O'Connor
 

More Related Content

What's hot

Jips v07 no1_paper17
Jips v07 no1_paper17Jips v07 no1_paper17
Jips v07 no1_paper17
Hai Nguyen
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
JayHicks
 
Multi purpose ID : A Digital Identity to 134 Crore Indians
Multi purpose ID : A Digital Identity to 134 Crore IndiansMulti purpose ID : A Digital Identity to 134 Crore Indians
Multi purpose ID : A Digital Identity to 134 Crore Indians
Rishabh Garg
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
Avirot Mitamura
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
IDES Editor
 

What's hot (13)

Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services
 
Midata Thoughts No. 1
Midata Thoughts No. 1Midata Thoughts No. 1
Midata Thoughts No. 1
 
H029044050
H029044050H029044050
H029044050
 
Jips v07 no1_paper17
Jips v07 no1_paper17Jips v07 no1_paper17
Jips v07 no1_paper17
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
 
International Webinar - Global ID Through Blockchain
International Webinar - Global ID Through BlockchainInternational Webinar - Global ID Through Blockchain
International Webinar - Global ID Through Blockchain
 
Multi purpose ID : A Digital Identity to 134 Crore Indians
Multi purpose ID : A Digital Identity to 134 Crore IndiansMulti purpose ID : A Digital Identity to 134 Crore Indians
Multi purpose ID : A Digital Identity to 134 Crore Indians
 
Techno Smart Card : Digital ID for Every Indian
Techno Smart Card : Digital ID for Every IndianTechno Smart Card : Digital ID for Every Indian
Techno Smart Card : Digital ID for Every Indian
 
v 1.0
v 1.0v 1.0
v 1.0
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
 
Asto card into
Asto card intoAsto card into
Asto card into
 
Digital signature
Digital signatureDigital signature
Digital signature
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
 

Viewers also liked

AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
Amazon Web Services
 
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache ApexApache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Apex
 

Viewers also liked (8)

Deep Dive into Dependency injection
Deep Dive into Dependency injectionDeep Dive into Dependency injection
Deep Dive into Dependency injection
 
Detecting fraud with Python and machine learning
Detecting fraud with Python and machine learningDetecting fraud with Python and machine learning
Detecting fraud with Python and machine learning
 
Fraud Detection Architecture
Fraud Detection ArchitectureFraud Detection Architecture
Fraud Detection Architecture
 
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
 
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache ApexApache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data EU 2016: Next Gen Big Data Analytics with Apache Apex
 
Real-Time Fraud Detection in Payment Transactions
Real-Time Fraud Detection in Payment TransactionsReal-Time Fraud Detection in Payment Transactions
Real-Time Fraud Detection in Payment Transactions
 
PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014
 
Deep Learning for Fraud Detection
Deep Learning for Fraud DetectionDeep Learning for Fraud Detection
Deep Learning for Fraud Detection
 

Similar to Throttling Fraud

SRM Investigations Brochure
SRM Investigations BrochureSRM Investigations Brochure
SRM Investigations Brochure
anchil
 
Fraud and security concern, how it applies in e-Commerce and banking financial
Fraud and security concern, how it applies in e-Commerce and banking financialFraud and security concern, how it applies in e-Commerce and banking financial
Fraud and security concern, how it applies in e-Commerce and banking financial
Technopreneurs Association of Malaysia
 
Hickman threat modeling
Hickman threat modelingHickman threat modeling
Hickman threat modeling
jonecx
 
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...
spirecorporate
 

Similar to Throttling Fraud (13)

Fraud in Telecoms
Fraud in TelecomsFraud in Telecoms
Fraud in Telecoms
 
SRM Investigations Brochure
SRM Investigations BrochureSRM Investigations Brochure
SRM Investigations Brochure
 
Banking as a Service (download)
Banking as a Service (download)Banking as a Service (download)
Banking as a Service (download)
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment Systems
 
Taveau cartes2012 speaker
Taveau cartes2012 speakerTaveau cartes2012 speaker
Taveau cartes2012 speaker
 
Financial Risks to Internet Security
Financial Risks to Internet SecurityFinancial Risks to Internet Security
Financial Risks to Internet Security
 
Fraud and security concern, how it applies in e-Commerce and banking financial
Fraud and security concern, how it applies in e-Commerce and banking financialFraud and security concern, how it applies in e-Commerce and banking financial
Fraud and security concern, how it applies in e-Commerce and banking financial
 
Ipay88 - Malaysia Payment Gateway 2012
Ipay88 - Malaysia Payment Gateway 2012Ipay88 - Malaysia Payment Gateway 2012
Ipay88 - Malaysia Payment Gateway 2012
 
Privacy Armor
Privacy ArmorPrivacy Armor
Privacy Armor
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
Hickman threat modeling
Hickman threat modelingHickman threat modeling
Hickman threat modeling
 
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Acceptance & A...
 

Throttling Fraud

  • 1. Throttling Payment Fraud Next steps in prevention
  • 2. Card fraud Property of Batton Consulting Inc. 2011. Released under 2
  • 3. Fraud penetration points Device Transaction Data Identity Industry protection level Property of Batton Consulting Inc. 2011. Released under 3
  • 4. Fraud sources Card forgery Phishing Merchant scams Transaction spoofing Card theft Auth data skimming Application fraud First party Account takeover Site hacking Property of Batton Consulting Inc. 2011. Released under 4
  • 5. Fraud’s open windows  Device impersonating  Device active until account disabled  Exposed validation keys  Transaction impersonating  Usage verification is heuristic not positive  Identity verification is heuristic not positive  Lack of trend controls for “bust out” Property of Batton Consulting Inc. 2011. Released under 5
  • 6. Stopping fraud - tools  Electronic device fingerprint  Device registered & controlled for usage  Tokenization of account validation keys on device and key resolution “behind the wall”  Account-user positive confirmation of transaction  Biometric verification of account applicant  Biometric capture of account users  “bust out” pattern detection/prediction Property of Batton Consulting Inc. 2011. Released under 6
  • 7. Fraud tool impact Transaction Application First party Auth data Merchant skimming Phishing takeover Account hacking forgery Device Device spoofing theft scams Site fraud Device fingerprint   Device registration &      controlled Tokenization &“behind the     wall” res. Transaction positive      confirmation Biometric applicant      verification Biometric user capture   “bust out” detection/prediction  Property of Batton Consulting Inc. 2011. Released under 7
  • 8. Mitigating fraud impact  Velocity-based exposure controls  1st party fraud clearinghouse  Neural net transaction fraud detection  Fraud detection clearinghouse notification to merchant to stop delivery  Fraudster attribute database matching (ie. Name, address, phone, etc.) Property of Batton Consulting Inc. 2011. Released under 8
  • 9. Fraud tool accommodation MagCard Mobile NFC EMV Device fingerprint     Device registration & controlled     Tokenization &“behind the wall” res.     Transaction positive confirmation     Biometric applicant verification     Biometric user capture     “bust out” detection/prediction     Property of Batton Consulting Inc. 2011. Released under 9
  • 10. Fraud improvement w/mobile Device Transaction Data Identity Industry protection level Property of Batton Consulting Inc. 2011. Released under 10
  • 11. Conclusion  Fraud incidence is rising and costs are increasing again despite industry action  Fraud avenues of attack are many & varied  Current approaches still leave several windows open for fraud attack  The “card based” device is inherently susceptible to many of these attacks  EMV & NFC are still largely open to attack  Approaches/tools are in reach to close/significantly reduce those windows  The mobile payment platform presents the best way to provide these tools and reduce fraud Property of Batton Consulting Inc. 2011. Released under 11
  • 12. Further information on this Contact me BCI provides focused consultation and assistance in the payment systems area  Payments solution evaluation  Project advisory or management  Strategy and issue consultation  Architecture direction & rollout • Quicker and more accurate problem identification and solution • More dependable delivery of key payment initiatives/projects • Creative and tested solutions to payment systems improvements • An objective viewpoint that sees the whole picture • Deep experience delivering business value through technology Executive IT help & leadership on payments when you need it Contact: Mike Batton, President, Batton Consulting Inc. | mike@battonconsult.com | 630-443-7735 (O) 630-862-6799 (M)