CNP Payment Fraud and its Affect on Gift Cards


Published on

Published in: Economy & Finance, Business

CNP Payment Fraud and its Affect on Gift Cards

  1. 1. The Rise in Card-Not-Present Fraud and Its Affect on the Pre-Paid Market  The Problems, Tools, Techniques and Technologies Christopher Uriarte Chief Technology Officer & Head of International Development Retail Decisions Giftex Prepay Network Event: Canada Toronto, Ontario July 13, 2009
  2. 2. About Retail Decisions: A Market Leader <ul><li>One of the leading global providers of transactional card fraud prevention and payment services </li></ul><ul><ul><li>Touched approx.16 billion card transactions per year for blue chip clients around the globe; 160 billion card transactions per annum worldwide (2007) </li></ul></ul><ul><ul><li>20+ years experience in card fraud prevention </li></ul></ul><ul><li>Fully-managed Fraud Prevention and Payment Services focused only on large and blue-chip customers: Merchants, Issuers and Acquirers </li></ul><ul><li>Blue-chip client base of more than 300 companies </li></ul><ul><li>Largest pre-paid gift card issuer in Australia </li></ul><ul><li>Strong service offering throughout all pieces in the payment value chain: merchants, processors and banking institutions </li></ul>Retail Decisions (ReD) is a London-based specialty provider of transaction and card issuing service to banks, retailers, oil companies and telcos worldwide
  3. 3. Sample of ReD’s Clients and Focus Sectors Travel Telephony Retail Oil Banking Europe America Asia Pacific Other
  4. 4. Where We Sit & Where the Data Comes From Fraud Prevention & Gateway Services (CP&CNP) ReDShield TM ReD1Gateway TM CardExpress TM Fraud Prevention for Acquirers & Processors PRISM TM Fraud Prevention for Issuers PRISM TM Fraud Prevention for Merchants Fraud Prevention for Banking Institutions
  5. 5. Fraud Control Life Cycle Solutions implemented to reduce fraud Time lag for solutions to take affect New solution is implemented to reduce fraud Familiarity with weaknesses in cards and technology increases fraud Fraud begins to rise as new technologies are cracked and new weaknesses are found 2002 2009 ??? ??? Implies Innovation Time Value of fraud
  6. 6. Counterfeit fraud driven by growth of plastic <ul><li>Increasing examples of large, sophisticated counterfeit card manufacturing operations </li></ul>170,000 cards seized in Taipei, Taiwan
  7. 7. Regular Occurrences of Organized & Social Engineering Efforts Arrests in card scam Wednesday, February 28, 2007 By Paul Grimaldi Journal Staff Writer The men allegedly stole the information by switching out checkout lane keypads with one of their own machines and then retrieving the units a few days later so they could copy the account data. To achieve this, they took shelf stocking positions at the supermarket, which gave them legitimate access to the facility during late hours in the evening. They recorded the stolen information on blank bank cards that they used to get money from ATMs in the area, the police said.
  8. 8. Implanted chips Criminals implant a chip directly into Point of Sale equipment The chip holds up to 1,000 account numbers Major occurrences in Taiwan, Malaysia and Brazil
  9. 9. Purpose Built Skimmer – Old Technology, But Still Popular <ul><li>Small battery operated skimmers can hold up to 1 million account numbers at a time </li></ul><ul><li>Devices are mainly produced in Malaysia and China </li></ul><ul><li>Manually manufactured from standard POS equipment </li></ul><ul><li>The skimmers were introduced to US in 1998 </li></ul>
  10. 10. Personalizing the Card Low tech: Embossing only “ Higher tech”: Transplanting Skimmed Card Data 3712 345XX8 95004
  11. 11. The Trend: No Longer a Low-Tech Crime <ul><li>Large groups of individuals work together </li></ul><ul><li>A real example 128 flights were successfully purchased in the names of 92 passengers to 3 destinations over 12 weeks with 33 different cards </li></ul><ul><li>Over $300,000 in total </li></ul>
  12. 12. Organized Criminals: They Mean Business
  13. 13. What This Means In Regards to Credit Card Fraud <ul><li>Credit card fraud continues to become more of an organized, professional crime – the case studies prove it </li></ul><ul><li>CNP fraud continues to aggressively increase. As more countries adapt Chip and PIN solutions, fraud will continue to migrate from CP to CNP channels </li></ul><ul><ul><li>APACS 2007 Fraud Study: For the first time, more than 50% of fraud was CNP fraud. The trend has continued in 2008. </li></ul></ul><ul><li>As countries implement Chip and PIN solutions, CNP fraud will increases in Chip and PIN geographies and both CP and CNP fraud will increase in non-Chip and PIN geographies </li></ul><ul><li>ID Theft continues to increase, replacing counterfeit schemes, which are no longer valid in Chip and PIN geographies </li></ul><ul><li>Since fraud is aggressively expanding, legacy fraud prevention techniques are becoming less and less effective </li></ul>
  14. 14. How Does this Affect the Pre-Paid Market? <ul><li>The sale of pre-paid gift cards (virtual and plastic) is increasing significantly via major merchant websites: Top 5 item purchased at top major retailer websites </li></ul><ul><li>Credit and debit cards are the primary funding and purchase source for gift cards </li></ul><ul><li>Result: Fraud related to gift card purchases has jumped significantly in the last 18 months, to the point where gift cards are the #1 most fraudulently purchased item for many major retailers </li></ul>
  15. 15. Gift Card Fraud Rates: Three Top 10 Retailers <ul><li>Gift Card Fraud: Defined as the fraudulent purchase of a virtual or plastic gift card </li></ul><ul><li>Retailers displayed above have significant, established gift card programs </li></ul><ul><li>Retailers profiled represent major North American retailers with total combined annual revenues exceeding USD $476 billion (2008) </li></ul>Key: June – December 2008 [January-February 2009] Virtual Gift Cards Plastic Gift Cards Overall Bankcard Fraud Rates Fraud Rate: % of Transactions % of Overall $ Value % of Transactions % of Overall $ Value % of Transactions % of Overall $ Value Large Retailer “A” (Apparel, Home Goods) 0.80% [1.50%] 1.00% [1.70%] 0.03% [0.60%] 0.03% [0.90%] 0.16% 0.34% Large Retailer “B” (Mixed Retail) 4.10% 10.6% 2.10% 3.05% 0.41% 1.30% Large Retailer “C” (Mixed Retail) 1.70% [6.70%] 2.60% [5.5%] 0.70% [2.7%] 2.80% [2.6%] 1.5% 3.2%
  16. 16. The Lifecycle of Gift Card Fraud Purchase of Gift Card (Plastic of Virtual) via merchant website using a fraudulent payment card Sale of Gift Card via legitimate channels to legitimate consumers Monetization of fenced goods or gift card sale Use of gift cards to purchase fencible goods Use of Gift Card at merchant website or in-store by legitimate consumer
  17. 17. Why Gift Card Fraud Is Attractive via the CNP Channel <ul><li>Gift Card = Cash </li></ul><ul><li>Legitimate resale markets exists that allow the fraudster to easily unload stolen gift cards </li></ul><ul><li>Chargeback delays (1-3 months) on fraudulent purchase activity make it nearly impossible to turn off cards before they are used </li></ul><ul><li>Fraudsters know that, even if gift cards are linked to stolen credit cards, retailers can be hesitant to turn off gift cards at the fear of insulting legitimate consumers </li></ul><ul><li>Cross-channel buy/spend makes plastic gift cards easy to obtain and merchandise quick and easy to acquire </li></ul><ul><li>Fraud prevention systems operate in silos – merchant web fraud prevention systems/processes typically do not tie into private label or gift card systems </li></ul>
  18. 18. In The News…
  19. 19. So What Does This Mean? <ul><li>The Good </li></ul><ul><li>Existing fraud prevention systems and techniques can be used to help prevent the purchase of gift cards using fraudulent credit cards </li></ul><ul><li>Specialized programs and strategies have been developed by fraud prevention analysts to minimize fraudulent gift card purchases </li></ul><ul><li>Merchants have successfully worked with fraud prevention vendors, gift card program providers and merchant acquiring banks to reduce losses </li></ul><ul><li>The Bad & The Ugly </li></ul><ul><li>Many merchants do not have robust, dynamic website fraud prevention systems in place today or don’t understand how to address the problem </li></ul><ul><li>These strategies must be extremely dynamic and require a lot of “care and feeding”. Fraudsters are actively targeting anti-gift card fraud prevention strategies </li></ul><ul><li>There are no comprehensive end-to-end gift card purchase fraud prevention systems in place today, which track card acquisition and use through all phases of the lifecycle </li></ul>
  20. 20. Stories From The Field… <ul><li>Increased evidence of targeted gift card fraud acquisition rings using compromised cards resulting from recent, massive data breaches (TJX, Heartland Systems breach) </li></ul><ul><ul><li>Specific compromises using entire BINs from Citibank and Chase </li></ul></ul><ul><li>Funneling of gift card purchases through traditionally “safe” APO/FPO addresses and other addresses where Address Verification Services (AVS) are not supported </li></ul><ul><li>Automated “bot” or mass-purchase attacks, as evidenced by strange gift messages during checkout process </li></ul><ul><ul><li>E.g. “Good Day” or “Happy Day” , etc. </li></ul></ul><ul><li>Use of “disposable” email domains during gift card purchase </li></ul><ul><ul><ul><li>EASYLIVEMAIL.NET         </li></ul></ul></ul><ul><ul><ul><li>ZUNMAIL.COM </li></ul></ul></ul><ul><ul><ul><li>BIGMAILONLINE.COM </li></ul></ul></ul><ul><ul><ul><li>COLDMAILONLINE.COM </li></ul></ul></ul><ul><ul><ul><li>MEGAPED.COM </li></ul></ul></ul>
  21. 21. Christopher Uriarte [email_address] US: +1 (732) 452 2440 UK: +44 (0) 1483 728700 Thank You! Please feel free to contact me with any questions!