Embed Size (px)
Citation preview
WELCOME TO THE 10th ANNUAL FRAUD SUMMIT
John CannonCommercial Director - Fraud & ID
#FraudSummit10
Chief Commercial OfficerCallcredit Information Group
“Opening Remarks”
CHRIS GREEN
“The scale of the data theft problem”
56% of UK organisations have been affected by fraud
“The problem requires different thinking”
“Effective security and fraud prevention
can’t get in the way of doing business”
74% find managing the conflict between identity verification & customer experience challenging
“Making a difference”
75% of UK organisations think organised cybercrime is the biggest security threat
Assistant Director, Insight Cifas UK
“Biometrics & the future of Identity Verification ”
SANDRA PEASTON
Biometrics and the future of identity verification
Sandra PeastonAssistant Director, Insight
22 September 2016
What is Cifas?Not-for-profit membership organisation
Members share information on confirmed fraudsTo prevent the same identities & details from being re-used for fraud.
Fraud data is non-competitive Co-operation and communication in the interests of crime prevention.
Operates two databases National Fraud DatabaseInternal Fraud Database
Recorded fraud
2008 2009 2010 2011 2012 2013 2014 2015 20160
50,000100,000150,000200,000250,000300,000350,000400,000
Identity fraud by numbers
1st half 2nd half 1st half 2nd half 1st half 2nd half 1st half2013 2014 2015 2016
010,00020,00030,00040,00050,00060,00070,00080,00090,000
100,000
Targeted products
1st half 2nd half 1st half 2nd half 1st half 2nd half 1st half2013 2014 2015 2016
010,00020,00030,00040,00050,00060,00070,00080,00090,000
Bank Account Communications Plastic cardLoan Online retail
More than 4 out of 5 Identity Frauds perpetrated over the internet in 2015
Anonymity, volume, speedElectronic identity verification
Identity fraud and the Internet
Biometrics – the basics
Biometrics refers to metrics related to human characteristicsBiometric identifiers are the distinctive, measurable characteristics used to label and describe individualsPhysiological
fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent
BehaviouralTyping rhythm, gait, voice
• Wikipedia
Biometrics – the basics
Biometrics – key questions
What is it for?What biometrics do you want to capture and for which channel?Have you covered all channels?When and how do you capture it?Does this cover your entire customer base?Where does this information get stored?
Making biometrics workGreat strength in improving customer convenience and preventing facility takeover fraudFraudsters adapt – when they learn they can only target an organisation once, they will move on to the nextWhat can be shared?
Is it the same biometric?Is it in the same format?
Cross organisational sharing will work most effectively if there are standards and best practice
But administered by whom?
Consultant Hogan Lovells International LLP
“PSD2: What the new European payment services directive means to you”
CONOR WARD
Hogan Lovells
The Clock is Ticking
Came into force 12 January 2016
Member States have until 13 January 2018 to implement
Chief aims are:• level playing field• improve competition• fill gaps in consumer protection• improve security• ensure greater consistency of approach across EU
Hogan Lovells
• On 23 June 2016 we held "an advisory referendum"
• Triggering event: Notice under Article 50 of Treaty on European Union– Remain a member for 2 years from date of notice
• CMA's "Retail banking market investigation: Final Report" August 2016– HMG still plans to implement by 2018
What is the impact of Brexit?
Hogan Lovells
• Accesses payment account online;
• Initiates an electronic payment transaction;
• Carries out any action through a remote payment channel which may imply a risk of payment fraud/abuse.
Member States to ensure SCA applied where Payer:Strong Customer Authentication
Hogan Lovells
• Knowledge: i.e. something only the user knows (e.g. static password, code, personal identification number);
• Possession: i.e. something only the user possesses (e.g. token, smart card, mobile);
• Inherence: i.e. something the user is (e.g. biometric characteristic, such as a fingerprint)
Security: Customer Authentication
Requires two or more of the following:
Hogan Lovells
• “something you know” and “something you have”
• “something you know” and another “something else you know, if only for a brief period of time”
Knowledge v possession
Hogan Lovells
Inherence – something you are
Hogan Lovells
• Selected elements must be mutually independent– Breach of one does not compromise the other
• Must be designed to protect confidentiality of the authentication data
• Must dynamically link e-payment transaction to specific amount and specific payee
Strong Customer Authentication
Hogan Lovells
• Authentication requirements apply in the same way to PISPs and AISPs
• Bank must allow them to rely on authentication procedures provided to PSU
• EBA to develop draft regulatory technical standards (6 technical & 5 guidance):– Requirements for strong customer authentication
– Requirements for protecting personalised security credentials
– Requirements for communication between PSPs, AISP, PISPs and PSUs
PISPs & AISPs
Hogan Lovells
• On major operational or security incident– PSP must notify competent authority "without undue delay"
• Security incidents that have an/may impact "financial interests" of customers PSP must– Notify customers directly "without undue delay"– Inform them of measures they can adopt to mitigate adverse effects
• EBA to publish guidelines on when reporting is required
Reporting requirements
Hogan Lovells
• General Data Protection Regulation
• NIS Directive
• Open Banking Working Group Report /miData
• CMA Retail banking market investigation: Final Report
Other relevant initiatives
"Hogan Lovells" or the "firm" is an international legal practice that includes Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses.
The word “partner” is used to describe a partner or member of Hogan Lovells International LLP, Hogan Lovells US LLP or any of their affiliated entities or any employee or consultant with equivalent standing.. Certain individuals, who are
designated as partners, but who are not members of Hogan Lovells International LLP, do not hold qualifications equivalent to members.
For more information about Hogan Lovells, the partners and their qualifications, see www.hoganlovells.com.
Where case studies are included, results achieved do not guarantee similar outcomes for other clients. Attorney advertising. Images of people may feature current or former lawyers and employees at Hogan Lovells or models not
connected with the firm.
© Hogan Lovells 2016. All rights reserved
www.hoganlovells.com
