The document discusses the forecast for card and payments fraud, focusing on the adoption of EMV technology in the U.S. and emerging e-commerce fraud trends. It highlights the increasing use of mobile devices for transactions and various methods employed by fraudsters, alongside best practices for securing payment systems. Additionally, it emphasizes the importance of technological solutions, such as tokenization and behavioral analytics, for mitigating card fraud.

1. 1© Copyright 2014 EMC Corporation. All rights reserved.
Julie Conroy
Research Director
Aite Group
Rueben Rodriguez
Principal Product Marketing Manager
RSA
2014 Card and
Payments Fraud
Forecast

2. 2© Copyright 2014 EMC Corporation. All rights reserved.
Agenda
• EMV: Coming soon to a card near you
• E-commerce fraud trends
• Best practices for securing payment cards
• Case studies in financial and retail

3. 3© Copyright 2013 EMC Corporation. All rights reserved.
EMV: Coming Soon to a
Card Near You

4. ©2014 Aite Group LLC.
Page 4
The last G-20 country to embrace the EMV standard

5. ©2014 Aite Group LLC.
Page 5
EMV: Why now?
• Interoperability
• Mobile payments
• Increasing fraud
• Decreasing costs

6. ©2014 Aite Group LLC.
Page 6
Important milestones
PCI annual assessment forgivenessOctober 2012
Acquirer processing updates in placeApril 2013
Maestro liability shiftApril 2013
POS liability shiftOctober 2015
ATM liability shift (MC)October 2016
ATM liability shift (Visa)October 2017
Fuel dispenser liability shiftOctober 2017

7. ©2014 Aite Group LLC.
Page 7
EMV: Coming Soon
Source: Aite Group interviews with payment networks and 18 large U.S. issuers,
April to May 2014
0.4%
4%
25%
70%
91%
98%
2012 2013 e2014 e2015 e2016 e2017
Percentage of U.S. Credit Cards with EMVCapability

8. ©2014 Aite Group LLC.
Page 8
EMV’s impact in other countries
$245.4
$199.6
$171.5
$152.6 $145.3
$111.5
$128.4
$140.4
$176.1
$259.5 $268.6
$299.4
2008 2009 2010 2011 2012 2013
Changes in Canadian Credit Card Fraud Losses, 2008 to 2013 (In millions
of CAD)
Source: Canadian Bankers Association

9. ©2014 Aite Group LLC.
Page 9
The U.S. will not be an exception
$2.1
$2.6
$2.8 $2.9 $3.1
$3.8
$5.2
$6.4
2011 2012 2013 e2014 e2015 e2016 e2017 e2018
U.S. CNP Credit Card Fraud Losses,
2011 to e2018 (In US$ Billions)
Source: Aite Group interviews with payment networks and 18 large U.S. issuers,
April to May 2014

10. 10© Copyright 2013 EMC Corporation. All rights reserved.
E-Commerce Fraud
Trends

11. 11© Copyright 2014 EMC Corporation. All rights reserved.
Mobile Is The New “Web”
• Sky rocketing usage of mobile devices creates a new
opportunity for fraudsters
• Mobile OS malware and phishing scams on the rise
• Criminal underground is all pointing to mobile with
web variants
– CitMo, ZitMo, Perkele
Banking
App

12. 12© Copyright 2014 EMC Corporation. All rights reserved.
Bank Mobile Traffic is on the Rise
~25% of confirmed fraud is from the mobile channel

13. 13© Copyright 2014 EMC Corporation. All rights reserved.
Citadel – RSA Underground Analysis
Mobile Malware & HTML Injection

14. 14© Copyright 2014 EMC Corporation. All rights reserved.
Citadel

15. 15© Copyright 2014 EMC Corporation. All rights reserved.
Citadel

16. 16© Copyright 2014 EMC Corporation. All rights reserved.
Citadel

17. 17© Copyright 2014 EMC Corporation. All rights reserved.
ZitMO

18. 18© Copyright 2014 EMC Corporation. All rights reserved.
CNP Is Getting The “Squeeze”
• Customers don’t just want but demand ability to shop
on-line at anytime
• Fraud liability and customer convenience are at odds
• Fraud is being pushed to the path of least resistance
• Ecommerce sites are being manipulated
– Stolen card testing – validate card before selling
– Buy physical/digital goods with stolen cards
• EMV is now in full effect or at least underway

19. 19© Copyright 2014 EMC Corporation. All rights reserved.
• Attacks on ecommerce sites is becoming the norm
• Threats come in various forms
– Botnet – DDOS
– Business logic abuse
– Competitive intel & scraping
– eCoupons abuse
• Very hard to detect or prevent
• Impacts to sales and brand are significant
Ecommerce Website Attacks
On The Rise

20. 20© Copyright 2014 EMC Corporation. All rights reserved.
RSA Survey: Financial & Brand Revenue
Impact
Average of 5% of total on-line revenues impacted by fraud

21. 21© Copyright 2014 EMC Corporation. All rights reserved.
3DS Is Evolving….
For both Issuers & Merchants
• RSA 3DS card transaction volume has grown 19% YoY
• Fraudsters targeting username/password deployments
• RSA analysis shows top 3DS fraud focus:
– Travel in Europe
– “Mail Order” in US
• Merchants have significant flexibility
– Implications vary based upon which side of the coin you represent
• Risk-based authentication is now preferred method
• RSA risk-based issuers prevent fraud on average ~$3M+/month

22. 22© Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for
Securing Payment Cards

23. ©2014 Aite Group LLC.
Page 23
Technology to the rescue
• Application layer
• Behavioral analytics
• 3-D Secure
• Behind the scenes
• Tokenization
o Issuer
o Merchant

24. ©2014 Aite Group LLC.
Page 24
Merchants are embracing these solutions
3%
13%
6%
13%
13%
19%
13%
9%
31%
31%
19%
19%
31%
25%
9%
47%
Tokenization
Behavioral
analytics
3-D Secure
Q: Please indicate the effectiveness of each of these technologies at
reducing card fraud and data security issues. (n=32)
Very low impact Low impact Moderate impact
High impact Very high impact No opinion/Don't know
Source: Aite Group survey of fraud executives at 36 large merchants, March to May
2014

25. ©2014 Aite Group LLC.
Page 25
Many merchants and FIs are actively
deploying technology to mitigate CNP fraud
44%
22%
22%
16%
3%
3%
13%
22%
Tokenization
(n=26)
3-D Secure (n=20)
Q: What is your plan to deploy the following technologies?
Using today
On the 1- to 2-
year roadmap
Plan to use, but
not in the next 2
years
No plansto use
Source: Aite Group survey of fraud executives at 36 large merchants, March to May
2014

26. 26© Copyright 2014 EMC Corporation. All rights reserved.
Case Studies

27. 27© Copyright 2014 EMC Corporation. All rights reserved.
3DS is REAL!! - Case Study For A Card Issuer
Protecting Transactions Without The Cardholder Hassle

28. 28© Copyright 2013 EMC Corporation. All rights reserved.

29. 29© Copyright 2011 EMC Corporation. All rights reserved.
~400,000

30. 30© Copyright 2014 EMC Corporation. All rights reserved.
Questions and Additional Resources
 Join the fraud conversation in the
RSA Fraud & Risk Intelligence
Community!
– https://community.emc.com/co
mmunity/connect/rsaxchange/fr
aud
 Follow the RSA Fraud Research
team on Twitter
– @RSAFraudAction
 Visit the RSA Online Fraud
Resource Center
– www.emc.com/onlinefraud