Visa IntelliLink Compliance Management

advertisement
GENERAL SESSION:
Credit Card Fraud Prevention
Tactics, Data Mining for
Compliance and Surcharges
MODERATOR:
Valerie Mawdsley, Relationship Manager,
Federal Government, Visa
OVERVIEW
•
•
•
•
•
•
Payment Industry Fraud Trends
Fraud Trends in Commercial Programs
Commercial Strategies to Prevent, Protect
and Respond to Fraud
Data Mining Tools to Protect Your
Organization’s Commercial Travel Card
Program
Tips
Surcharging as a Result of MDL suit
The Landscape
The View to Now
The View Ahead
• Efforts are working
• Execute
– Fraud rates are down
• But the threat continues
to grow
– The fraudsters respond
• The need for engagement
is greater than ever
– Governments are looking
to be more involved
– Do more of what we
know works
• Future proof
– Get ahead of
emerging threats
• Collaborate
– With industry, government
and cardholders
Exploits and Fraud Trends
Exploits Used by Hackers:
•
Remote access
•
Default credentials used by 3rd parties (and merchants)
•
No firewall to protect POS systems from inbound and outbound traffic
•
Malicious software used to steal data in real-time
•
PIN Entry Device (PED) tampering involving Bluetooth technology
New and Ongoing Fraud Trends:
•
Fraudulent authorizations – testing and probing
•
Prepaid fraud – government programs (e.g., tax, EDD), incentive programs
•
ATM fraud due to phished PIN and failure to validate CVV
•
ATM cash out involving issuers/processors
•
Credit master attacks exploiting sequential issuance
Fraud Trends by Payment Method
Although fraud rates for wire and ACH are lower than commercial cards,
organizations using travel and purchasing cards still experience much
lower fraud rates than with traditional paper check payments.
Fraud & Misuse Trends in Commercial
Programs
•
•
Fraud occurs when an unauthorized user charges goods/services to a travel
card
Misuse occurs when an authorized user makes a personal transaction on the
travel card and misrepresents the purchase
Source: Travel Card Benchmark Survey Results: 2011, RPMG
Fraud & Misuse Trends in Commercial
Programs
Overall, travel card use in organizations can be attributed to similar or
significantly lower likelihood of fraud, misuse and policy violations
Source: Travel Card Benchmark Survey Results: 2011, RPMG
Fraud & Misuse Trends in Commercial
Programs
Overall, travel card misuse in Government and Not-for-Profit organizations
is lower than corporate misuse
Source: Travel Card Benchmark Survey Results: 2011, RPMG
One World, Two Strategies
To stop fraud before it happens
Dynamic Authentication
EMV chip is reaching critical mass
Leading to dramatic reductions in
counterfeit fraud
Chip Deployment Reduces
Counterfeit Fraud
Intelligent Authorization
Real-time risk scores move prevention
from the card to the network level
Visa Advanced Authorization is now
available across the world
Effective Scoring Stops Fraud Faster
Europe
~90%
U.S.
65%
2.9
U.S.
AP
CEMEA
~36%
Chip-on-chip
transactions
Outside
U.S.
Outside
U.S.
3.4
48%
Reduction in domestic
counterfeit
-23%
-17%
Fraud Transactions
Over US$400
Transactions Per
Fraud Account
Payment Systems Risk Strategy
A multi-layered approach
Maintaining and enhancing stakeholder trust as the most
secure way to pay and be paid
PREVENT
Minimize fraud
in the payment
system
PROTECT
Protect
Trust vulnerable
account
data
and
Partnership
!
RESPOND
Monitor and
manage events
that occur
ADVANCE
Lead and execute risk strategies for emerging products and entities
Prevent
Global Authentication Vision
Maintain Trust in the card payments system by deploying
Dynamic Data Solutions across all markets and channels
Elimination &
Encryption
Elimination &
Encryption
Authentication
Authentication
Today
Tomorrow
Smart Network
Dynamic
Static
PCI DSS
Compliance
PCI DSS
Compliance
1
Eliminate vulnerable data
where possible
2
Maintain effective security
where vulnerable data remains
3
Devalue transaction data by
moving to dynamic data
Prevent
U.S.
Authentication Policy Roadmap
2011
2012
2013
2015
2017
Guide & Enforce
Security Standards
Tech Innovation
Program (TIP)
Acquirer
Chip Processing
Liability Shift
Liability Shift
– PCI validation relief
for merchants that
adopt dual-interface
terminals
– Require acquirer
processor support
for chip processing
– Debit and credit
domestic and crossborder counterfeit
liability shifts at all
POS excluding
AFDs
– Expanded Liability
Shifts to include
Automated Fuel
Dispensers (AFDs)
– Guide PCI encryption
& token standards
Global
– Continue to enforce
PCI & PIN compliance
2011
2012
TIP*
Cross-Border
Liability Shift
– PCI validation relief for
merchants that adopt
contact chip terminals
– Global cross-border
counterfeit liability
shift (ex-U.S.) at POS
* Visa Europe announced a corresponding program
Promote early
adoption of
dual-interface
chip terminals
Further incent deployment of chip
cards and chip terminals via a
liability shift policy
Respond
Industry leading capability
Law enforcement cooperation
in key markets globally
• Shrinking the “zone of impunity”
Rapid information sharing reduces fraud
and enhances detection
• Faster notice with Visa
“Proactive Alerts” via CAMS
• Cyber-intelligence and
threat monitoring
Cardholders are the frontline
• Transaction alerts
• Education and awareness
20-Year Sentence in Theft of Card
Numbers — Albert Gonzalez of Miami,
pleaded guilty last year to breaking into
computer systems of major retailers.
March 25,2010
Protect
Protecting vulnerable
account data is still essential
!
Data Elimination
• Don’t need it, don’t store it
• 99% of global Level 1 and 2 merchants have confirmed they
are not storing sensitive card data
PCI DSS Compliance
• Remains the best protection against data compromises
• More than 75% of global Level 1 merchants have validated compliance
Tokenization and Encryption
• Eliminates vulnerable cardholder data from the merchant environment
• Visa led the industry by issuing best practices
Keeping Employee Misuse/Abuse in Check
The Business Need
The Landscape Today: Employee Fraud/Misuse Is a Problem
$994B is lost every year to
employee fraud/misuse* – a
loss of $2.7B every day
Institutions need to keep
fraud/misuse/abuse in check
Risk of financial damage to the
organization, loss of reputation,
loss of employee trust, etc.
*Association of Certified Fraud Examiners (ACFE), 2008
Keeping Employee Misuse/Abuse in Check
Compliance Monitoring Tools
Travel Card Usage Can Provide Benefits and Potential
Savings, but Effective Controls Must Be Implemented
Compliance Monitoring Is Critical
• Organizations need to monitor account transactions to
identify unusual spending patterns or frequency
of transactions
• Traditional fraud-detection monitoring and management
approaches can be costly, time-consuming and ineffective
• In 2007, the U.S. Government Accountability Office
conducted a study that highlighted the difficulty in using
both paper-based oversight processes and maintaining the
resulting audit trails for extended periods*
*4GAO-08-333 Governmentwide Purchase Cards, March 2008
Visa IntelliLink Compliance Management
Overview
Visa IntelliLink
Compliance
Management
A web-based
monitoring solution
providing critical
intelligence
assistance for
optimal card program
management
Manages vast amounts of data
• Transaction data, organization data,
enhanced merchant data, hierarchy
details
Offers compelling benefits for companies
interested in:
• Misuse and abuse detection
• Program and regulatory compliance
• Analytics and investigative reporting
• Reducing risk and questionable spend
• Program performance reporting
• Self-service administration
Visa IntelliLink Compliance Management
Features
Visa IntelliLink
Compliance
Management
Can enable
organizations to
detect card
misuse/abuse and
act quickly on
out-of-policy
behavior
• Dashboards – data consolidation, thresholds,
Program Performance and drill-down capability
Analysis
• Standard and custom rules and reports
Continuous
Monitoring
• Continuous monitoring via scheduling and alerts
• Predictive detection of unusual transactions via
neural network-based scoring
Actions/Auditing
• Statistical sampling
• Compliance workflow for auditing transactions
• Audit feedback and continuous learning
Global Offering
• Available in three languages; framework to
support additional languages*
• Localization and multibyte support
User Interface
• 24x7 web-based access
• Certified as ADA 508 and PCI compliant**
• Single profile, multiple roles
Customization
• Issuer branding, white labeling
• Custom rules, reports, questionnaires
Data Source
• Source-agnostic
• Multiple data feeds
• Historical data
Note: Service capabilities, features, availability, and schedules are subject to change at Visa’s discretion.
*Currently Available in English (U.S.), English (International) and Canadian French. ** Certified in December 2010
10 Tips for Travel Program Oversight
• Managers and approvers are a key control; get them to pay
attention
• Look for spend on weekends and around holidays
• Track and graph the biggest spenders
• Review merchant name, including your card issuer
• Sort by MCC category
• Require flight receipts
• Keep an eye on your cash
• Look for oddities and duplicate payments using the "same, same,
same” test
• Watch for a heavy hand with cash tipping
• Look for padding in automobile mileage expense reports
Source: NAPCP Newsletter TransAct! 2/21/2013
Merchant Surcharging Considerations
www.visa.com/merchantsurcharging
Thank you!
Download