MasterCard Outlook is a tri-annual newsletter published by the MasterCard
Product Services team and edited by Allyson Fraser and Chris Rieck. This is
a publication for public sector program coordinators and senior executives.
Reproduction without permission is prohibited.
Resource Corner continued from page 7
A publication for public sector
Recommended Reading The Innovator’s Solution: Creating and program coordinators and senior executives Winter 2004
Our list of books that are winning the attention of Sustaining Successful Growth
business executives nationwide: by Clayton M. Christensen, Michael E. Raynor
A persuasive look at how innovation and the
The 8th Habit: From Effectiveness to Greatness creation of disruption can help companies grow,
by Stephen R. Covey and specific suggestions for how to create
Groundbreaking author of Seven Habits of Highly innovative processes in the workplace. MasterCard When it comes to managing card programs, an ongoing
Effective People introduces a new definition of
Turn-Key challenge for agency program coordinators and other public
modern leadership and explains how four leadership Confronting Reality: Doing What Matters to
Get Things Right sector officials is how to identify and minimize card abuse
characteristics can transform an organization.
by Larry Bossidy and Ram Charan
The Five Dysfunctions of a Team: Business titans and bestselling authors of Execution
and misuse. A big part of the challenge is that, traditionally,
A Leadership Fable offer a new approach to strategic business planning Minimize Fraud government agencies have not had direct access to the
by Patrick M. Lencioni in a rapidly changing business environment.
Easy-to-read fable on why teams often fail to function
QBQ! The Question Behind the Question
and Card Misuse transaction data of their employee cardholders.
as a unit and how to make them more effective.
by John G. Miller
Crucial Confrontations How to encourage personal accountability and Fraud-detection technology by itself does not address how
by Kerry Patterson, Joseph Grenny, Ron McMillan, eliminate blame in the workplace. to help government agencies identify employees who may
Al Switzler not be using their cards in accordance with agency card
Suggestions for how to identify problems at the usage policies.
office that need your intervention and strategies for
Recognizing the powerful role technology can play to minimize
how to intervene for a positive outcome.
card abuse and misuse, MasterCard has developed two
important technology-based solutions. MasterCard RiskFinder®
is a neural network solution that gives government agencies
direct access to authorization transaction data. Thus, it helps
them identify fraudulent card use early on, enabling them to
minimize losses. Aristion® is a rule-based software solution that
allows agencies to define a set of rules related to unacceptable
For questions, comments or additional information, card use. Agencies are then able to identify incidents of
please call us at 1-800-704-2390, or visit us on the Web at www.mastercard.com/gov possible fraud and when payment cards are not being used
in accordance with agency policies. Both solutions offer public
sector program managers an affordable way to harness the
power of technology to combat fraud or card misuse.
MasterCard RiskFinder: A turn-key solution to identify potentially
T h i s i s s u e fraudulent behavior. MasterCard RiskFinder uses advanced statistical neural
network models and behavior profiles based on cardholder, merchant and fraud
MasterCard Turn-Key data. These models incorporate years of historical transaction information from
Solutions Help 1 the MasterCard Global Data Repository. If the characteristics of a transaction are
2000 Purchase Street
Purchase, NY 10577 at odds with one or more of these detailed profiles, the transaction is flagged as
possibly fraudulent, typically resulting in the need for the cardholder to provide
verification of the legitimacy of the transaction being made.
Ask the Expert 5 RiskFinder, which MasterCard developed in conjunction with Fair Isaac, leverages
Fair Isaac’s revolutionary neural network-based profiling technology. This powerful
tool gives government agencies unprecedented capabilities to monitor and track
Resource Corner 7 employee transactions for potential fraud. continued on page 3
Perspectives MasterCard Turn-Key Solutions Help continued from page 1
Welcome to the Fall/Winter issue of MasterCard Outlook. Here’s how it works: An individual uses his activity routed through Banknet. “We own it, we
or her MasterCard® card to conduct a transaction. operate it, we maintain it, and we have the software
In this issue, we take an in-depth look at how to protect against fraud and card misuse. These The transaction is authorized via the secure in place to replicate authorization data in Banknet
troubling problems are not going away — indeed new fraud schemes are breaking every day. MasterCard Banknet global processing network. and feed it through RiskFinder,” says Jim Mandella,
As the authorization data passes through Banknet, Director, Risk Management, MasterCard International.
Fortunately, there are a number of simple steps and process improvements you can take to it also passes through RiskFinder, which compares “It is entirely a turn-key solution—agencies subscribe
prevent, deter, and/or identify fraud early, enabling you to minimize loss within your organization. the transaction to the models and profiles and to it and we deliver the results,” he adds.
assigns a score. The higher the score assigned,
One of the most powerful tools that you can have at your disposal in the fight against fraud is the greater the likelihood of the transaction being MasterCard RiskFinder is a near real-time solution.
fraudulent. ‘Scored’ transactions can be delivered Although it cannot prevent the first fraudulent
technology. In this issue, we profile two software-based solutions, MasterCard RiskFinder and Aristion, transaction from taking place on a card, it can
to the agency so that the agency can review the
which can dramatically improve your detection rates of fraudulent transactions, as well as transactions transactions and follow up with the cardholder. flag it and promptly notify the agency program
that violate internal policy. These cost-effective solutions represent the ongoing commitment of coordinator of the suspicious activity. For agencies
MasterCard RiskFinder combines cardholder, merchant that want such near real-time notification, MasterCard
MasterCard to use its internal resources (in this case, MIS models based on years of MasterCard and fraud data to give government entities a offers an additional component called RiskFinder
transaction data) for the benefit of your organizational efficiency. comprehensive fraud prediction model comprised of Alerts. It’s an online, browser-based, “thin client”
three components: case management tool that’s accessible through
We also present some common-sense steps you can take in terms of employee education and MasterCard OnLine, a secure site. With any PC and
• Neural Network Model — The neural network an internet connection, users have 24/7 desktop
crafting a fraud-prevention strategy. To this end, MasterCard Advisors, LLC, a global professional is an advanced form of intelligent software that access to the RiskFinder output. Government entities
services organization, has a wealth of world-class payments expertise across consulting, information is used to create a statistical model. This predictive that do not require immediate access to potentially
products and services, research, and outsourcing for you to leverage. model is built by evaluating historical data for both suspicious transactions can receive RiskFinder results
fraudulent and non-fraudulent authorizations. in a batch file format—at a frequency that meets their
In May 2005, MasterCard will host its third Global Risk Management Symposium in Washington D.C. Through the evaluation of the historical data, needs, also delivered through MasterCard OnLine.
the model discovers not only simple relationships,
This important event will explore the depths of industry fraud knowledge and experience, through but also interactive, non-linear relationships. continued on page 4
a series of presentations, discussions, workshops and training sessions. Leading industry experts
• The Cardholder Profile — For each cardholder
will cover a wide range of topics, including: identity theft; debit/prepaid fraud; e-commerce fraud; account, RiskFinder creates a detailed profile of
information security; crisis management and more. You can find more details about this symposium the cardholder’s spending and behavior patterns.
in the Resource Corner — where you will also find our updated list of business best-sellers. The neural network is trained to recognize
differences in cardholder use patterns, changes
It may be true that the problems of fraud and card misuse can never entirely be eradicated. But over in cardholder spending patterns and likely
the past several years, we at MasterCard have demonstrated that, with effective procedures and MIS,
they can be managed and minimized. We invite you to learn more about the fraud prevention products • The Merchant Profile — RiskFinder creates highly
detailed merchant profiles on a global basis. The
and services MasterCard has available — and we look forward to seeing you at the Risk Management neural network evaluates merchant risk factors
Symposium next spring! based on historical fraud authorizations. These
merchant risk factors not only include previously
Best wishes for 2005. reported fraud transactions at a merchant location,
but also legitimate authorizations that occurred
Sincerely, shortly before the account incurred fraud, or
“Common Points of Purchase” intelligence.
This component distinguishes RiskFinder from
other models, due to its access to merchant data
from almost all MasterCard issuers worldwide.
Eva M. Robinson
RiskFinder operates entirely out of the MasterCard
Vice President Technology Headquarters in St. Louis, and government
Public Sector Payment Solutions entities can use it to monitor MasterCard authorization
MasterCard Turn-Key Solutions Help continued from page 3 Ask the Expert
“With MasterCard RiskFinder, government entities extremely useful capability for spotting cases The ABC’s of Fraud Prevention
can, for the first time, monitor suspicious employee of potential account takeover or identity theft. with Christine Brundage, Senior Consultant,
cardholder transactions — and do so in a cost Agencies could, for instance, feed a data file MasterCard Global Portfolio Risk Management
effective way. Based on results from the RiskFinder of known bad addresses into Aristion and then
production model, customer feedback indicates compare those addresses against their employee Q. What types of payment card fraud are
this tool can reduce fraud losses by up to 50%,” address file to determine if there were any matches, government agencies experiencing today?
says Mandella. and therefore, potential problems with the account.
A. Broadly speaking, agencies face three different
Aristion®: A Powerful software to “Aristion enables government agencies to turn problems with respect to payment cards. The first
let you see who’s breaking the rules. their card usage policies and guidelines into rules is when an employee violates card usage policy —
For some government entities, card misuse is a and then to monitor the spending habits of for instance, by using a T&E card for personal use.
more troublesome problem than fraud. When employees to make sure they follow those rules,” The second is when the employee has actual intent to
government employees use payment cards for says Mandella. He adds that for agencies that defraud his or her employer. For instance, an employee,
purposes other than those for which they were use only MasterCard payment cards, Aristion, in knowing that his position is about to be terminated,
intended, the organizational efficiencies card conjunction with RiskFinder, provides an extremely might run up charges on his business card with no
programs can bring are compromised. Until recently, cost effective solution to minimize fraud and card- intention of paying the bill. Or, an employee might
tracking down incidents of card misuse was, at best, misuse. “Since MasterCard spending goes through be involved in collusion, allowing a friend to use the
an arduous process. But thanks to MasterCard Banknet, we can use RiskFinder as an authorization card to charge merchandise, splitting the proceeds,
Aristion, a software solution that incorporates data feed with a fraud score into Aristion, in most and then reporting those charges as fraudulent to
rules-based technology, monitoring employee cases cheaper than what it would cost agencies the employer. The third problem agencies face is, of It’s also important to remind employees to be careful
card misuse can be a fairly straightforward task. to get a data feed anywhere else without the fraud course, true fraud, which arises when an employee’s about where they keep their cards. For example,
Aristion allows users to define a set of rules or score. The result is what we commonly refer to as card or account information is stolen and used to business travelers often keep business credit cards
criteria related to unacceptable card use. If a ‘the combined solution’ or ‘the best of both worlds.’ make unauthorized transactions. in their laptop cases. But we know that there is a
transaction or series of transactions meet these Agencies would have all of their authorization common scam that occurs during airport security
criteria, Aristion highlights transactions for further transactions ‘scored’ for possible fraud and then Q. Is it important for employers to distinguish screening procedures in which, just as an individual
review. Subscribers to Aristion can feed any be able to compliment the fraud score with custom among these types of fraud? places his laptop on the conveyor belt for security
MasterCard transaction data into the system rule capability to further target fraud and monitor A. It is important because the way agencies define screening, a fraudster creates a hold up in the line
to determine whether cards are being used in employee card misuse, all in one, easy-to-use tool,” fraud will affect how they communicate policy to thereby attracting attention. While attention is
accordance with agency guidelines. Importantly, he observes. their employees as well as what types of fraud they diverted to one fraudster, another walks off with
Aristion can also accept non-monetary data, an will end up reporting. For instance, employee misuse the individual’s laptop. If employees keep their
is generally considered to be an internal problem. business credit cards with their laptop case, the
If an agency, through detection programs or some fraudster would also get access to the employee’s
other method, identifies instances in which cards business credit card. The point is, you want to make
are not being used in accordance with policy, it can sure employees protect their business credit cards
“Aristion enables take disciplinary action against the employee — as carefully as their personal credit cards.
government agencies including termination. But issuers do not typically You also need to give employees incentives to read
to turn their card usage get involved from an investigatory perspective. The their monthly credit card statements and to ensure
policies and guidelines other two types of fraud, where there is employee all charges are legitimate. A major contributor to
into rules and then to intent to defraud or where an account has been credit card fraud is a process called skimming. This
stolen, need to be handled differently. occurs when fraudsters get unauthorized access to
monitor the spending
habits of employees Q. How so? What steps can an agency take to all information on a card’s magnetic stripe by swiping
to make sure they protect itself from these other types of fraud? it through a card reading device constructed with
follow those rules.” parts purchased in an electronics store. When an
A. The first step is employee education. Since it is employee presents his or her card for payment, the
Jim Mandella often difficult for honest employees to believe that fraudster swipes the card a second time through a
Director, Risk Management fraud really does happen, it’s important to remind skimming device and then places the information
them to protect their cards, to make sure that they on the back of a counterfeit card. There is not
don’t leave their receipts behind, for instance, and much an employee can do to prevent skimming,
that they always get their cards back from the cashier. but they can shorten the length of the fraud
continued on page 6
Ask the Expert continued from page 5 Resource Corner
Just one or a few dishonest employees can adversely Useful Web Sites: • Department of Defense Purchase Card
affect everyone. If one significant incident of fraud Below is a list of Web sites that can provide useful Management Office:
occurs and the issuer finds a need to install additional resources to Managers throughout the public sector: http://purchasecard.saalt.army.mil is the
fraud precautions, all employees may be subjected to official DoD Web site for all Purchase Card
a slower approval process or more time consuming • MasterCard: www.mastercard.com/gov (IMPAC) policy, news, and guidance.
verification processes. Serves as an online resource for public sector
organizations by providing detailed information • The National Association of State Auditors,
Q. What about fraud such as collusion? Can for an array of business-to-government payment Comptrollers, and Treasurers (NASACT):
that be prevented? solutions, enhancements, and MIS reporting tools. http://www.nasact.org/ has a useful
Washington Connection feature that summarizes
There is no one sure way to prevent collusion, but • Egov Links: www.Egovlinks.com billed as emerging regulatory and legislative Federal issues.
creating an environment in which such behavior is the “egovernment starting point,” features an
extremely comprehensive array of useful resources, • Senior Executives Association:
addressed swiftly and decisively, creating a reputation
publications and links to other Web sites. http://www.seniorexecs.com/ Web site
for zero tolerance toward fraudulent behavior is a
provides a host of information about issues
large step in the right direction. Fraudsters always • National Association of State Procurement related to effective, efficient, and productive
look for the path of least resistance, so you want to Officials: www.naspo.org includes information leadership in government.
establish a reputation for being tough on perpetrators on identifying ways to improve and refine
when they are caught. purchasing techniques in the public sector. Upcoming Conferences:
Collusion is usually only detected through an • General Service Administration: Several previously listed Web sites (notably that
investigation. If you fire an employee without www.gsa.gov (also visit the Federal Supply of the Government Executive) feature calendars
allowing for an investigation to take place, you Service’s Web site: www.fss.gsa.gov) includes a of upcoming conferences of potential interest
exposure by checking their statements and making may not even be aware that a collusive process variety of resources, including “products, services, to agency program coordinators. Here are some
sure all charges are legitimate. Unfortunately, there was at work—and, if the process involved another and technology to help federal agencies accomplish additional conferences for which you might want
is a lot of fraud that is never even identified employee whom you did not catch, the collusion their mission.” to mark the date. Check the appropriate Web site
because employees don’t check their statements or may continue. The point is whenever you identify for more information.
• Government Finance Officers Association:
notify the program administrator about an incident of fraud, you want to make an effort
www.gfoa.org features an extensive list of
unauthorized charges. to work with issuers to help them, and conduct GSA
publications on government finance topics.
a thorough internal investigation into how the GSA Expo 2005 May 3–5, 2005
A final deterrent to fraud is the system of checks fraud took place. It’s a matter of finding gaps and • Association of Government Accountants:
San Diego Convention Center, San Diego, California
and balances you establish in the administration of closing them as soon as possible. We all suffer the www.agacgfm.org hosts the online version of
the card program. Specifically, you need to carefully Journal of Government Financial Management and http://www.expo.gsa.gov/
consequences of fraud through higher interest rates
consider how employees can interact with the issuer and fees on our payment cards. By practicing due other resources.
to obtain cards, change account information (such diligence in the way card programs are administered • National Conference of State Fleet
as addresses) and reopen accounts. Not only do you and monitored, we can minimize those consequences. U.S. and International Government Card Forum
Administrators: http://ncsfa.state.ut.us/ March 7–9, 2005
need to establish the proper controls, but you need includes an online version of Fleet Administration
to ensure that the processes through which cards News and fleet-related data. Ronald Reagan Trade Center, Washington, D.C.
are obtained, or account information is changed, (details to follow)
is secure. It is not at all uncommon for criminal • The Government Executive: www.govexec.com,
rings to attempt to access information about how the online daily, hosts a unique calendar of events Global Risk Management Symposium
to interact with the issuer to obtain new or for public sector officials. May 9–12, 2005
duplicate cards — it happens all the time. • E-gov: www.E-gov.com features information Renaissance Hotel, Washington, D.C.
on Web-enabled government, e-procurement and Early bird registration:
Another component of these checks and balances
other issues. November 15, 2004–February 15, 2005
is to establish controls (typically MIS-based) over the
activities of the card program administrator. Obviously, • National Partnership for Reinventing Government: Call 1-800-807-4693 / 1-914-249-6808
you have to be reasonable in your approach—on the http://govinfo.library.unt.edu/npr/index.htm or email GlobalRiskSymposium@mastercard.com
one hand, you don’t want employees to feel like they Former Vice President Gore’s Web site appears as
continued on page 8
are being “big brothered,” on the other, having it did when it was officially closed on January 19,
one person controlling the entire process can create 2001, with a variety of practical information on
unnecessary risk. If this trusted person becomes a how to run a more efficient agency.
fraud perpetrator and nobody else is watching the
activity, a large fraud incident could ensue.