Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
How EMV & Mobile Payments are Shifting Fraud
Dee Millard
Anti-Fraud Solutions Consultant
info@easysol.net
Why EMV in the U.S.?
Source: https://www.firstdata.com/downloads/pdf/FirstData_EMV_TimelineAS.pdf
October 1st, 2015
Businesses still using magnetic stripe terminals after October 1, 2015, are on the hook for
the costs if...
Simply blocking off one of the
avenues of attacks by fraudsters
isn't enough to make fraud vanish.
Ross Anderson
Professor...
Current and Projected Shift of Card Fraud Trends
Shift to Card Not Present Fraud
What we can expect:
• Online and Phone channel
• Purchases of high value items
• Gift card...
• Credit Card Data
• PII Information – used to create fake identities to obtain credit cards
• Stolen goods from Online CN...
Shift to Non EMV Compliant Terminals
October 2016 EMV Deadline October 2016/2017 EMV Deadline
Card Skimming: Where a custo...
How chip cards can be
hacked...
• Second chip embedded in
card, glued on over original
chip
• Allowed transactions to go
t...
EMV Mobile Payments
• Older technology
• Can use tokenization,
but not standard
• Does not factor in
online
• Payment term...
http://www.tomsguide.com/us/mobile-wallet-guide,news-20666.html
Segmented Mobile Wallets – different acceptance and methods
Is Apple Pay Fraud Growing?
• In theory should cut down on fraud, by generating essentially new credit card
numbers for ea...
87% of Millennials say their phones
never leave their side
80% reach for their smartphone
first thing in the morning
78% s...
http://www.businessinsider.com/the-mobile-payments-report-2015-5
The bottom line: Each dollar
worth of fraud committed using
mobile devices costs the
scammed merchant $3.34.
http://www.bl...
How To Proactively
Protect Your Customers
and Your Organization
• Utilize the lessons learned from previous shifts
• Understand your Risk based on your customer base and product offering...
Take a proactive approach
to understanding the
threats
Rogue App Monitoring | Compromised Card Monitoring
Why is it Important?
Brand and Fraud Intelligence
• Proactively shut down threats
• Continually monitor for threats
• Soci...
Our Approach: Total Fraud Protection®
Learn More:
Blog Post:
The Fraud Outlook Post United States’ EMV Implementation
Video:
Rogue Mobile App Protection
Thank You! – Questions?
Dee Millard
Anti-Fraud Solutions Consultant
info@easysol.net
How EMV & Mobile Payments are Shifting Fraud
Upcoming SlideShare
Loading in …5
×

How EMV & Mobile Payments are Shifting Fraud

448 views

Published on

In 2016 the checkout line is going to look a lot different, as EMV and mobile payment adoption by merchants accelerates. Accepting these new payment methods is a substantial change to our payment system, and one that is set to shift fraud patterns. There is a lot of speculation about what will happen to fraud globally after the implementation is complete, and this webinar will sift the fact from fiction

In this webinar we will cover:
* How will EMV and mobile payment adoption impact global fraud trends?
* Is it possible for EMV cards to be hacked?
* Are Apple Pay and other mobile payments systems safer than EMV cards?

Watch the replay here: http://www.easysol.net/resources-how-emv-and-mobile-payments-are-shifting-fraud

Published in: Technology
  • Be the first to comment

How EMV & Mobile Payments are Shifting Fraud

  1. 1. How EMV & Mobile Payments are Shifting Fraud Dee Millard Anti-Fraud Solutions Consultant info@easysol.net
  2. 2. Why EMV in the U.S.? Source: https://www.firstdata.com/downloads/pdf/FirstData_EMV_TimelineAS.pdf
  3. 3. October 1st, 2015 Businesses still using magnetic stripe terminals after October 1, 2015, are on the hook for the costs if someone uses a lost or stolen credit card. Source: https://www.firstdata.com/downloads/pdf/FirstData_EMV_TimelineAS.pdf
  4. 4. Simply blocking off one of the avenues of attacks by fraudsters isn't enough to make fraud vanish. Ross Anderson Professor of Security Engineering at University of Cambridge http://www.npr.org/sections/alltechconsidered/2013/12/19/255558139/outdated-magnetic-strips-how- u-s-credit-card-security-lags
  5. 5. Current and Projected Shift of Card Fraud Trends
  6. 6. Shift to Card Not Present Fraud What we can expect: • Online and Phone channel • Purchases of high value items • Gift cards, electronics, jewelry, etc. What others have done to prepare: • Improve controls – add additional authentication methods passwords, security questions, etc. • Train call center staff
  7. 7. • Credit Card Data • PII Information – used to create fake identities to obtain credit cards • Stolen goods from Online CNP present fraud Shift to Black Market Data for Sale
  8. 8. Shift to Non EMV Compliant Terminals October 2016 EMV Deadline October 2016/2017 EMV Deadline Card Skimming: Where a customer's card information and PIN are captured Card Trapping: When a customer’s card is physically captured Cash Trapping: A device that will trap any cash that the ATM tries to dispense ATMs Gas Stations
  9. 9. How chip cards can be hacked... • Second chip embedded in card, glued on over original chip • Allowed transactions to go through when the terminal tried to verify if the PIN was correct • Classified as Man-in-the- Middle as the attackers were able to change communication between parties who think they are talking with each other directly http://www.networkworld.com/article/2997794/security/how-hackers-compromised-chipped-credit- cards-and-how-the-authorities-discovered-it.html
  10. 10. EMV Mobile Payments • Older technology • Can use tokenization, but not standard • Does not factor in online • Payment terminals are required to accept • Newer technology • Most use tokenization as standard • Same security for online payments • Segmented mobile wallets mean different acceptance
  11. 11. http://www.tomsguide.com/us/mobile-wallet-guide,news-20666.html Segmented Mobile Wallets – different acceptance and methods
  12. 12. Is Apple Pay Fraud Growing? • In theory should cut down on fraud, by generating essentially new credit card numbers for each transaction • Vulnerability in “onboarding” new credit cards – just need basic information • Banks desperately wanted to be the default card for Apple Pay, so did not question information Apple gave them (fear of missing out on initial sign ups) • Affected users often directed to call centers, who often fall prey to social engineering “Leads to a thriving black market where thieves enter stolen credit card numbers into iPhones, essentially turning the device into a credit card, and walk out with merchandise.” – Andrew Sorkin, New York Times
  13. 13. 87% of Millennials say their phones never leave their side 80% reach for their smartphone first thing in the morning 78% spend more than two hours a day texting, surfing, talking, tweeting and — more importantly for businesses — shopping, banking and more Source: http://www.usatoday.com/story/money/personalfinance/2014/09/27/millennials-love-smartphones-mobile-study/16192777/
  14. 14. http://www.businessinsider.com/the-mobile-payments-report-2015-5
  15. 15. The bottom line: Each dollar worth of fraud committed using mobile devices costs the scammed merchant $3.34. http://www.bloomberg.com/news/articles/2015-02-13/mobile-payment-fraud-is-becoming-a-pricey-problem “We certainly see a surge in mobile payment attacks,” says Tomer Barel, chief risk officer at PayPal, who says his company deals with more cases of fraud on mobile devices than on PCs.
  16. 16. How To Proactively Protect Your Customers and Your Organization
  17. 17. • Utilize the lessons learned from previous shifts • Understand your Risk based on your customer base and product offerings • Strengthen the security of Card-Not-Present channels • Deploy solutions that can easily use a mix of techniques and attributes - Suspicious events and not just for transaction behavior - Geolocation, Device IDs - Multiple card used with same IP or single card with multiple emails • Continually provide training • Evaluate existing fraud strategies – identify gaps, bridge the gaps • Retest existing channels • Implement and document an action plan Are you prepared?
  18. 18. Take a proactive approach to understanding the threats Rogue App Monitoring | Compromised Card Monitoring
  19. 19. Why is it Important? Brand and Fraud Intelligence • Proactively shut down threats • Continually monitor for threats • Social Media • Card Monitoring • Similar Domain • Email Spoofing • Website Defacements • Rogue Mobile Applications
  20. 20. Our Approach: Total Fraud Protection®
  21. 21. Learn More: Blog Post: The Fraud Outlook Post United States’ EMV Implementation Video: Rogue Mobile App Protection
  22. 22. Thank You! – Questions? Dee Millard Anti-Fraud Solutions Consultant info@easysol.net

×