Upload
dohuong
View
224
Download
3
Embed Size (px)
Citation preview
1
Citibank Presents:Preventing Fraud and Misuse in Your Card Program
Citibank® Commercial Cards, Government Services
The Eighth Annual GSA SmartPay ConferenceBrandie Ricketts, Pam Varner, August 3, 2006
Explore
2
Goal and Objectives
To provide a broad overview of Citibank’s fraud and early warning policies and security operations, including a synopsis of strategies to identify fraud
To provide a perspective on fraud and misuse management from a government agency
3
Agenda
Citigroup Fraud Early Warning
Fraud Types
Fraud Policy
Security Operations
Transaction Cycle
Skimming and Other Major Threats
Prevention Tips
Department of Defense Vision on Fraud
4
Citigroup Fraud Early Warning
Identify– Lost / stolen– Never received reissued or
new card– Altered
Monitor transactions
Reduce fraud losses
Detect unusual behavior in early stages of fraud while minimizing impact to our cardholders
Our mission
5
Misuse and Fraud Defined
Misuse– Cardholder uses their own card for transactions not permitted
by company policy
Fraud– Person or entity other than the cardholder makes transactions
using the cardholder’s account
6
Fraud Types
Definitions
Cardholder is in possession of card; a copy has been made and used by the criminal. Manual vs. Skimming
Altered/Counterfeit
NRI Never received reissued or new card
Lost Cardholder misplaces / loses card
Stolen Cardholder is victim of theft
AccountTakeover
Fraudster is able to assume / obtain personal information in order to request an additional card
7
37%
27%>1%
3%
33%
Altered
Stolen
Lost
Never Received New orReissued (CardActivation)MOTO
2005 losses by percentage
Fraud Types
8
Fraud Prevention
Interfaces
Fraud Policy / Fraud ManagementTactical / Strategic Solutions
Prioritization/ Operations
Fraud Early Warning
Formula Development
Risk Modeling
Chargeback / Recovery
Security Operations
ClientAccount
Managers
Commercial Cards
Visa / MasterCard
Associations
9
Fraud Prevention
Account closure
Verify transactions with cardholders
Identify and escalate trends for investigation
Fraud Early Warning
10
Fraud Prevention
Identify fraud usage patterns, MCC trends, suspicious merchants
Install “priorities” to flag accounts that meet the criteria
Determine “risk” to prioritize accounts for FEW analysts
Constant review of effectiveness
Risk modeling
11
Fraud Prevention
Work with clients– Identify client needs– Specific spend patterns
Escalate client concerns
Commercial Card Client Account Managers
12
Fraud Prevention
Account closure– Electronic negative file– Affidavit / dispute letter from cardholder
Fraud investigations– Restitution accounts– Field Investigators
Recovery– Chargeback rights
Security operations
13
Fraud Prevention
MasterCard / Visa– Identify industry trends– Provide tools to track / prevent / identify
Associations
14
Product development, card activation, verification, application process
Chargebacks, compliance
Formula development, FEW case review, loss defect analysis
Aggressive field investigation and prosecution effort
Prevention: Stop it before it even occurs
Detection: Find the fraudulent activity and reduce potential exposure
Recovery: Seize recovery opportunity through merchant liability
Deterrence:Prevent it from happeningagain
Fraud Prevention
Four strategic approaches to fighting fraud…
15
Transaction Cycle
Merchant initiates transaction
Transaction information is checked against credit and fraud criteria (priorities)
If transaction matches a fraud criteria, account may be blocked following the transaction
If accounts not blocked account is sent to a representative for further review
17
Skimming and Other Major Threats
A credit or debit card is handed over to pay for a bill at a restaurant or retail shop.
19
Skimming and Other Major Threats
The same card is then swiped through a small illegal electronic gadget known as a skimmer. The pager-
sized device can "read" and store data from the magnetic strips of up to 200 cards.
20
Skimming and Other Major Threats
The skimmer is given to a counterfeiter who downloads all the information onto a computer and either sends it abroad
or runs up a cloned copy of the card.
21
Skimming and Other Major Threats
Printing and embosser machines then put the card holder's credit card details onto blank plastic cards.
22
Skimming and Other Major Threats
Another machine is used to create and encode the magnetic strip on the reverse of the card.
Lastly an appropriate hologram is affixed to the card. A cloned card is then distributed and out
on the streets ready for use.
30
How to Avoid Getting ‘Cloned’
Never let your credit or debit card out of your sight
Rigorously check monthly statements
Contact your bank immediately if there are any transactions that are not recognized
Do not throw away card receipts– Keep them to check against your statement
31
ATM Skimming Device
An interesting story…..once upon a time Citigroup security was informed that a skimming device had been found in the door entry system in a 24-hour ATM vestibule
It had been attached just above Citibank entry device using double-sided sticky tape
35
This fraudster is rigging the card reader to capture the card of the next person to use the machine
ATM Skimming Device
36
ATM Skimming Device
Here the fraudster pretends to render assistance. What he is in fact trying to do is obtain the customer’s PIN now that
he has captured the card.
37
ATM Skimming Device
He convinces the customer that he would be able to retrieve his card if he entered his PIN while he holds down both the
“cancel” and “enter” buttons.
43
ATM Skimming Device
Micro Switches Magnetic Read Head Transmitter Antenna & Circuit
Six small batteries connected to micro switches
45
Major Threats
Internet, mail / telephone order (MOTO) and true manual / altered counterfeit attacks have increased throughout the industry
Citibank does have chargeback protection on the majority of cases
The use of CVV2 / CVC2 (Card Verification Value) helps unless fraudsters become familiar with its use or Association rules change
Counterfeiting
46
Major Threats
Usually computer based compromises
Citigroup does have chargeback protection on the majority of cases
Higher volume of affected accounts
Generally perpetrated through the merchant acquirer process
Data stream compromises
47
Prevention Tips
Tips for you and your cardholdersNever leave your card in an unlocked desk or cabinetDo not leave receipts lying aroundBe careful when providing your card information to another personReview your statements / account activity regularlyContact Customer Service immediately if you do not recognize activity on your accountAvoid letting merchants take your card out of your sight if possibleUse your card only for authorized useKeep your account information current (e.g., relocations, agencytransfer)Do not keep your PIN in your walletPassword protection
48
Prevention Tips
Internal process to receive cards / distribute to cardholders
Use employee’s correct verification when submitting applications
Never leave new / reissued / canceled cards in an unlocked desk or cabinet
Do not leave reports / statements lying around
Report potential compromise immediately to Citibank
Assist in educating cardholders that the card is for authorized use only
Utilize card restrictions (MCC, Transaction Limits, etc)
Report cancelled cards for terminated employees immediately
Tips for program coordinators
49
Tips to Minimize Fraud and Misuse
Educate cardholders that the card is for authorized transactions only
Utilize merchant category code restrictions
Establish transaction limits
Eliminate or restrict cash limits
Use reporting tools to monitor card usage –CitiDirect® Card Management System
How to minimize / identify cardholder misuse
Program Fraud
Combating the Inside Enemy
"The opinions or assertions contained herein are the private ones of the speaker and are not to be construed as official or reflecting the views of the Department of Defense or the Office of the Inspector General."
Internal Controls
Program Management
Fraud Prevention
Fraud Detection
54
What is Fraud?
• Fraud is defined to be:– "an intentional perversion of truth" or
– a "false misrepresentation of a matter of fact" which induces another person to "part with some valuable thing belonging to him or to surrender a legal right".-- Association of Certified Fraud Examiners
– Government is victim– Internal and External Perpetrators
55
“Systemic” Nature of Fraud
• Fraud happens within a system/ process/ context.
• Fraud happens over a period time.• Perpetrator knows the system.• The system is used to perpetrate and
hide the fraud.• Individual acts of fraud cannot be
understood or proven without an understanding of the system.
57
The Goals of Our Enemy
• To create a undercurrent of fear.• To undercut our power in the world.• To isolate our country from our allies.• To disturb/destroy our economy. • And ultimately to • destroy our culture!
58
What has happened to the US Economy ?
• Not cowardly sneak attacks by our enemies. – (We have won those contests before.)
• But a loss of trust in those in critical “positions of trust.”
• Resulting in: – A loss in trust in our economic systems, – A “crisis of confidence” in our economy.– A threat to undermine our culture.
59
Failure to control fraud and unethical behavior will achieve what our
enemies cannot.
• If our economy stays strong we need fear no enemy.
• If our economy dries up it will be because our inability to trust our own system.
• The loss of faith in our system and ourselves will result in achieving what our enemies cannot…
61
Systematic breakdowns:
• Our very foundation:– Security– Life Style
• Endangering our War Fighters
• Bottom up - Top down
62
Watch For Anomalies
• Missing Documents• Unreturned
Confirmations• Unsupported or
Unapproved Adjustments
• Missing approval signatures
• No property records• Photocopied invoices• Unusual Number of
Disputes• Unusual refund activity• When the Data is too
perfect
64
What is Data Mining?
• The process of discovering meaningful new correlations, patterns, and trends by sifting through large amounts of data stored in repositories, using pattern recognition technologies as well as statistical and pattern recognition techniques [Gartner Group Interactive: http://gartner6.gartnerweb.com]
• Most often used (up until recently) in marketing and customer analysis
65
Identify all available data bases
Data Analysis – A Generic Approach
External to the organization
Internal to the organization
66
List record fields in all available data bases
Formulate hypotheses about record field relationships
67
Program analytical tests for each hypothesis
Run tests (output is your “hit list”)
Test 1
Test 2
Test 3
Test 1 2 3
68
Evaluate initial hit list and refine the tests
Re-run refined test to produce shorter, more meaningful hit list (repeat steps 5-7, as needed)
Analysis
69
Evaluate (via record analysis, interview, or other technique) every item on the refined hit list.
Record Analysis Interview Other technique
70
Dispose of every hit:
Valid Explanation found or misuse not fraud
Probable improper transaction – full investigation needed
71
Identify control problems and corrective actions needed
Control Problems
Corrective Actions Needed
73
1. Employee is very reluctant to take vacations or even days off.
2. Employee works long hours of overtime, often without seeking compensation (extra pay or time off in lieu of overtime).
3. Long-time employee has strong knowledge of organization’s internal control systems and is able, due to position or relationships, to override or circumvent internal controls.
4. Employee is very friendly with other employees, offering gifts or bonuses or travel to encourage cooperation with or "blind eye" to questionable acts.
Potential Fraud Indicators –Employee
74
5. Employee berates or uses fear or intimidation to force junior employees to do his or her bidding.
6. Employee becomes excessively angry, defensive or forgetful when questioned about business process, procedures and decisions.
7. Life-style of employee exceeds apparent family resources; living standard more lavish than lifestyles of employee’s parents or siblings.
8. Employee or spouse shows signs of being addicted to drugs, gambling, speculative stock market investments, sex.
Potential Fraud Indicators - Employee
75
9. Employee caught in a lie about business matters, raising questions about truthfulness of other assertions.
10. Employee, for certain supplier(s) or client(s) is rumored to be on close personal terms or to be recipient of lavish hospitality or in an intimate relationship.
11. Employee with past record of conflicts of interest, illegal or questionable acts.
12. Employee expense account is heavily used and higher than for employees with similar responsibilities (local and TDY reimbursements).
Potential Fraud Indicators - Employee
79
Contact Information:
Pamela S. Varner, CISM,CGFM
Program Manager
(703) 604-9153
80
Reminders
Thank you for attending this session!
Visit the Citigroup Welcome Center– Majestic Ballroom C, Level Two– National Industries for the Blind will have a display of products
Visit the Citigroup Technical Demonstration Center– Landmark 5, Level One
Please take a moment to complete your GSA survey for this session
Citigroup's Corporate and Investment Bank ("CIB") maintains a policy of strict compliance to the anti-tying provisions of the Bank Holding Company Act of 1956, as amended, and the regulations issued by the Federal Reserve Board implementing the anti-tying rules (collectively, the "Anti-tying Rules"). Moreover, our credit policies provide that credit must be underwritten in a safe and sound manner and be consistent with Section 23B of the Federal Reserve Act and the requirements of federal law. Consistent with these requirements, and the CIB's Anti-tying Policy:
• You will not be required to accept any particular product or service offered by Citibank or any Citigroup affiliate as a condition to the extension of commercial loans or other products or services to you by Citibank or any of its subsidiaries, unless such a condition is permitted under an exception to the Anti-tying Rules.
• CIB will not vary the price or other terms of any Citibank product or service based on the condition that you purchase any particular product or service from Citibank or any Citigroup affiliate, unless we are authorized to do so under an exception to the Anti-tying Rules.
• CIB will not require you to provide property or services to Citibank or any affiliate of Citibank as a condition to the extension of a commercial loan to you by Citibank or any Citibank subsidiary, unless such a requirement is reasonably required to protect the safety and soundness of the loan.
• CIB will not require you to refrain from doing business with a competitor of Citigroup or any of its affiliates as a condition to receiving a commercial loan from Citibank or any of its subsidiaries, unless the requirement is reasonably designed to ensure the soundness of the loan.
This presentation is for informational purposes only. Citibank USA, N.A. and its affiliates does not warrant the accuracy or completeness of any information or materials set forth herein. This material does not constitute a recommendation to take any action, and Citibank USA, N.A and its affiliates are not providing investment, tax or legal advice. Citibank USA, N.A. and its affiliates accept no liability whatsoever for any use of this presentation or any action taken based on or arising from the material contained herein.