GSA Federal Supply Service

Citibank Presents:Preventing Fraud and Misuse

in Your Card Program

1

Citibank Presents:Preventing Fraud and Misuse in Your Card Program

Citibank® Commercial Cards, Government Services

The Eighth Annual GSA SmartPay ConferenceBrandie Ricketts, Pam Varner, August 3, 2006

Explore

2

Goal and Objectives

To provide a broad overview of Citibank’s fraud and early warning policies and security operations, including a synopsis of strategies to identify fraud

To provide a perspective on fraud and misuse management from a government agency

3

Agenda

Citigroup Fraud Early Warning

Fraud Types

Fraud Policy

Security Operations

Transaction Cycle

Skimming and Other Major Threats

Prevention Tips

Department of Defense Vision on Fraud

4

Citigroup Fraud Early Warning

Identify– Lost / stolen– Never received reissued or

new card– Altered

Monitor transactions

Reduce fraud losses

Detect unusual behavior in early stages of fraud while minimizing impact to our cardholders

Our mission

5

Misuse and Fraud Defined

Misuse– Cardholder uses their own card for transactions not permitted

by company policy

Fraud– Person or entity other than the cardholder makes transactions

using the cardholder’s account

6

Fraud Types

Definitions

Cardholder is in possession of card; a copy has been made and used by the criminal. Manual vs. Skimming

Altered/Counterfeit

NRI Never received reissued or new card

Lost Cardholder misplaces / loses card

Stolen Cardholder is victim of theft

AccountTakeover

Fraudster is able to assume / obtain personal information in order to request an additional card

7

37%

27%>1%

3%

33%

Altered

Stolen

Lost

Never Received New orReissued (CardActivation)MOTO

2005 losses by percentage

Fraud Types

8

Fraud Prevention

Interfaces

Fraud Policy / Fraud ManagementTactical / Strategic Solutions

Prioritization/ Operations

Fraud Early Warning

Formula Development

Risk Modeling

Chargeback / Recovery

Security Operations

ClientAccount

Managers

Commercial Cards

Visa / MasterCard

Associations

9

Fraud Prevention

Account closure

Verify transactions with cardholders

Identify and escalate trends for investigation

Fraud Early Warning

10

Fraud Prevention

Identify fraud usage patterns, MCC trends, suspicious merchants

Install “priorities” to flag accounts that meet the criteria

Determine “risk” to prioritize accounts for FEW analysts

Constant review of effectiveness

Risk modeling

11

Fraud Prevention

Work with clients– Identify client needs– Specific spend patterns

Escalate client concerns

Commercial Card Client Account Managers

12

Fraud Prevention

Account closure– Electronic negative file– Affidavit / dispute letter from cardholder

Fraud investigations– Restitution accounts– Field Investigators

Recovery– Chargeback rights

Security operations

13

Fraud Prevention

MasterCard / Visa– Identify industry trends– Provide tools to track / prevent / identify

Associations

14

Product development, card activation, verification, application process

Chargebacks, compliance

Formula development, FEW case review, loss defect analysis

Aggressive field investigation and prosecution effort

Prevention: Stop it before it even occurs

Detection: Find the fraudulent activity and reduce potential exposure

Recovery: Seize recovery opportunity through merchant liability

Deterrence:Prevent it from happeningagain

Fraud Prevention

Four strategic approaches to fighting fraud…

15

Transaction Cycle

Merchant initiates transaction

Transaction information is checked against credit and fraud criteria (priorities)

If transaction matches a fraud criteria, account may be blocked following the transaction

If accounts not blocked account is sent to a representative for further review

16

Skimming and Other Major Threats

Altered – Skimming– Counterfeit– Data stream compromise

17

Skimming and Other Major Threats

A credit or debit card is handed over to pay for a bill at a restaurant or retail shop.

18

The card is swiped through a legitimate credit machine...

Skimming and Other Major Threats

19

Skimming and Other Major Threats

The same card is then swiped through a small illegal electronic gadget known as a skimmer. The pager-

sized device can "read" and store data from the magnetic strips of up to 200 cards.

20

Skimming and Other Major Threats

The skimmer is given to a counterfeiter who downloads all the information onto a computer and either sends it abroad

or runs up a cloned copy of the card.

21

Skimming and Other Major Threats

Printing and embosser machines then put the card holder's credit card details onto blank plastic cards.

22

Skimming and Other Major Threats

Another machine is used to create and encode the magnetic strip on the reverse of the card.

Lastly an appropriate hologram is affixed to the card. A cloned card is then distributed and out

on the streets ready for use.

24

Skimming Device

25

Skimming Device

26

Skimming Device

27

Skimming Device

28

Skimming Device

29

Skimming Device

30

How to Avoid Getting ‘Cloned’

Never let your credit or debit card out of your sight

Rigorously check monthly statements

Contact your bank immediately if there are any transactions that are not recognized

Do not throw away card receipts– Keep them to check against your statement

31

ATM Skimming Device

An interesting story…..once upon a time Citigroup security was informed that a skimming device had been found in the door entry system in a 24-hour ATM vestibule

It had been attached just above Citibank entry device using double-sided sticky tape

32

ATM Skimming Device

33

ATM Skimming Device

34

ATM Skimming Device

35

This fraudster is rigging the card reader to capture the card of the next person to use the machine

ATM Skimming Device

36

ATM Skimming Device

Here the fraudster pretends to render assistance. What he is in fact trying to do is obtain the customer’s PIN now that

he has captured the card.

37

ATM Skimming Device

He convinces the customer that he would be able to retrieve his card if he entered his PIN while he holds down both the

“cancel” and “enter” buttons.

38

ATM Skimming Device

39

ATM Skimming Device

Card capturing device Lebanese loop

40

ATM Skimming Device

Key Pad Recovered from ATM Card Reader Recovered from ATM

41

ATM Skimming Device

42

ATM Skimming Device

43

ATM Skimming Device

Micro Switches Magnetic Read Head Transmitter Antenna & Circuit

Six small batteries connected to micro switches

44

ATM Skimming Device

45

Major Threats

Internet, mail / telephone order (MOTO) and true manual / altered counterfeit attacks have increased throughout the industry

Citibank does have chargeback protection on the majority of cases

The use of CVV2 / CVC2 (Card Verification Value) helps unless fraudsters become familiar with its use or Association rules change

Counterfeiting

46

Major Threats

Usually computer based compromises

Citigroup does have chargeback protection on the majority of cases

Higher volume of affected accounts

Generally perpetrated through the merchant acquirer process

Data stream compromises

47

Prevention Tips

Tips for you and your cardholdersNever leave your card in an unlocked desk or cabinetDo not leave receipts lying aroundBe careful when providing your card information to another personReview your statements / account activity regularlyContact Customer Service immediately if you do not recognize activity on your accountAvoid letting merchants take your card out of your sight if possibleUse your card only for authorized useKeep your account information current (e.g., relocations, agencytransfer)Do not keep your PIN in your walletPassword protection

48

Prevention Tips

Internal process to receive cards / distribute to cardholders

Use employee’s correct verification when submitting applications

Never leave new / reissued / canceled cards in an unlocked desk or cabinet

Do not leave reports / statements lying around

Report potential compromise immediately to Citibank

Assist in educating cardholders that the card is for authorized use only

Utilize card restrictions (MCC, Transaction Limits, etc)

Report cancelled cards for terminated employees immediately

Tips for program coordinators

49

Tips to Minimize Fraud and Misuse

Educate cardholders that the card is for authorized transactions only

Utilize merchant category code restrictions

Establish transaction limits

Eliminate or restrict cash limits

Use reporting tools to monitor card usage –CitiDirect® Card Management System

How to minimize / identify cardholder misuse

Preventing Fraud and Misuse In Your Card Program

Pamela S. VarnerDODIG Senior Auditor

51

Preventing Fraud and Misuse in Your Card Program

Questions?

Program Fraud

Combating the Inside Enemy

"The opinions or assertions contained herein are the private ones of the speaker and are not to be construed as official or reflecting the views of the Department of Defense or the Office of the Inspector General."

Internal Controls

Program Management

Fraud Prevention

Fraud Detection

53

The content of our stories are real:

We couldn’t write stuff this good!

54

What is Fraud?

• Fraud is defined to be:– "an intentional perversion of truth" or

– a "false misrepresentation of a matter of fact" which induces another person to "part with some valuable thing belonging to him or to surrender a legal right".-- Association of Certified Fraud Examiners

– Government is victim– Internal and External Perpetrators

55

“Systemic” Nature of Fraud

• Fraud happens within a system/ process/ context.

• Fraud happens over a period time.• Perpetrator knows the system.• The system is used to perpetrate and

hide the fraud.• Individual acts of fraud cannot be

understood or proven without an understanding of the system.

What does Fraud have to do with Terrorism?

USS COLE (DDG 67)

57

The Goals of Our Enemy

• To create a undercurrent of fear.• To undercut our power in the world.• To isolate our country from our allies.• To disturb/destroy our economy. • And ultimately to • destroy our culture!

58

What has happened to the US Economy ?

• Not cowardly sneak attacks by our enemies. – (We have won those contests before.)

• But a loss of trust in those in critical “positions of trust.”

• Resulting in: – A loss in trust in our economic systems, – A “crisis of confidence” in our economy.– A threat to undermine our culture.

59

Failure to control fraud and unethical behavior will achieve what our

enemies cannot.

• If our economy stays strong we need fear no enemy.

• If our economy dries up it will be because our inability to trust our own system.

• The loss of faith in our system and ourselves will result in achieving what our enemies cannot…

60

The Enemy Among Us

61

Systematic breakdowns:

• Our very foundation:– Security– Life Style

• Endangering our War Fighters

• Bottom up - Top down

62

Watch For Anomalies

• Missing Documents• Unreturned

Confirmations• Unsupported or

Unapproved Adjustments

• Missing approval signatures

• No property records• Photocopied invoices• Unusual Number of

Disputes• Unusual refund activity• When the Data is too

perfect

63

Watch for Anomalies

Everything isn’t always what it seems to be!

64

What is Data Mining?

• The process of discovering meaningful new correlations, patterns, and trends by sifting through large amounts of data stored in repositories, using pattern recognition technologies as well as statistical and pattern recognition techniques [Gartner Group Interactive: http://gartner6.gartnerweb.com]

• Most often used (up until recently) in marketing and customer analysis

65

Identify all available data bases

Data Analysis – A Generic Approach

External to the organization

Internal to the organization

66

List record fields in all available data bases

Formulate hypotheses about record field relationships

67

Program analytical tests for each hypothesis

Run tests (output is your “hit list”)

Test 1

Test 2

Test 3

Test 1 2 3

68

Evaluate initial hit list and refine the tests

Re-run refined test to produce shorter, more meaningful hit list (repeat steps 5-7, as needed)

Analysis

69

Evaluate (via record analysis, interview, or other technique) every item on the refined hit list.

Record Analysis Interview Other technique

70

Dispose of every hit:

Valid Explanation found or misuse not fraud

Probable improper transaction – full investigation needed

71

Identify control problems and corrective actions needed

Control Problems

Corrective Actions Needed

72

Avoid Bad Habits!

73

1. Employee is very reluctant to take vacations or even days off.

2. Employee works long hours of overtime, often without seeking compensation (extra pay or time off in lieu of overtime).

3. Long-time employee has strong knowledge of organization’s internal control systems and is able, due to position or relationships, to override or circumvent internal controls.

4. Employee is very friendly with other employees, offering gifts or bonuses or travel to encourage cooperation with or "blind eye" to questionable acts.

Potential Fraud Indicators –Employee

74

5. Employee berates or uses fear or intimidation to force junior employees to do his or her bidding.

6. Employee becomes excessively angry, defensive or forgetful when questioned about business process, procedures and decisions.

7. Life-style of employee exceeds apparent family resources; living standard more lavish than lifestyles of employee’s parents or siblings.

8. Employee or spouse shows signs of being addicted to drugs, gambling, speculative stock market investments, sex.

Potential Fraud Indicators - Employee

75

9. Employee caught in a lie about business matters, raising questions about truthfulness of other assertions.

10. Employee, for certain supplier(s) or client(s) is rumored to be on close personal terms or to be recipient of lavish hospitality or in an intimate relationship.

11. Employee with past record of conflicts of interest, illegal or questionable acts.

12. Employee expense account is heavily used and higher than for employees with similar responsibilities (local and TDY reimbursements).

Potential Fraud Indicators - Employee

76

Threats

• We have met the enemy and they are us!

77

78

Questions?

Go ahead – Ask - you know you

want to!

79

Contact Information:

Pamela S. Varner, CISM,CGFM

Program Manager

(703) 604-9153

Pamela.Varner@dodig.mil

80

Reminders

Thank you for attending this session!

Visit the Citigroup Welcome Center– Majestic Ballroom C, Level Two– National Industries for the Blind will have a display of products

Visit the Citigroup Technical Demonstration Center– Landmark 5, Level One

Please take a moment to complete your GSA survey for this session

Citigroup's Corporate and Investment Bank ("CIB") maintains a policy of strict compliance to the anti-tying provisions of the Bank Holding Company Act of 1956, as amended, and the regulations issued by the Federal Reserve Board implementing the anti-tying rules (collectively, the "Anti-tying Rules"). Moreover, our credit policies provide that credit must be underwritten in a safe and sound manner and be consistent with Section 23B of the Federal Reserve Act and the requirements of federal law. Consistent with these requirements, and the CIB's Anti-tying Policy:

• You will not be required to accept any particular product or service offered by Citibank or any Citigroup affiliate as a condition to the extension of commercial loans or other products or services to you by Citibank or any of its subsidiaries, unless such a condition is permitted under an exception to the Anti-tying Rules.

• CIB will not vary the price or other terms of any Citibank product or service based on the condition that you purchase any particular product or service from Citibank or any Citigroup affiliate, unless we are authorized to do so under an exception to the Anti-tying Rules.

• CIB will not require you to provide property or services to Citibank or any affiliate of Citibank as a condition to the extension of a commercial loan to you by Citibank or any Citibank subsidiary, unless such a requirement is reasonably required to protect the safety and soundness of the loan.

• CIB will not require you to refrain from doing business with a competitor of Citigroup or any of its affiliates as a condition to receiving a commercial loan from Citibank or any of its subsidiaries, unless the requirement is reasonably designed to ensure the soundness of the loan.

This presentation is for informational purposes only. Citibank USA, N.A. and its affiliates does not warrant the accuracy or completeness of any information or materials set forth herein. This material does not constitute a recommendation to take any action, and Citibank USA, N.A and its affiliates are not providing investment, tax or legal advice. Citibank USA, N.A. and its affiliates accept no liability whatsoever for any use of this presentation or any action taken based on or arising from the material contained herein.

© 2006 Citigroup Inc. All rights reserved.

CITIGROUP and the Umbrella Device are trademarks and service marks of Citigroup Inc. or its affiliates and are used and registered throughout the world.