Upload
enggtext2006
View
220
Download
0
Embed Size (px)
Citation preview
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
1/20
1
Credit Card Fraud & Ways to Mitigate Risk
Shaun East, CTE,CCTE,CPCPShaun East, CTE,CCTE,CPCP
Sr. Manager Commercial CardSr. Manager Commercial Card
February 27, 2012.
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
2/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 2
Overview / Agenda
The Credit Card Transaction Process & its Participants
The Canadian Fraud Experience Security Measures in Place
Protecting yourself against leading fraud methods
How have criminals developed?
Significant moments in history
Circumstances around a compromise
USA to join Canada and move to CHIP & PIN technology
Hows the Phishing or Smishing?
A quick self assessment / travel tips
Questions / Discussions / Confessions
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
3/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 3
The Credit Card Transaction Process
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
4/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 4
The Transaction Process
A credit card is a convenient method of payment providing many
benefits to merchants and consumers alike
Merchants pay a fee to access the system and to offer theircustomers the convenience of paying by card
Cards are widely accepted around the world in both C2B, B2B Card use may be as easy as swiping mag stripe, or entering a
PIN after your CHIP has been read
There are a number of different cards available in the world, with
various features, programs, and insurance coverage
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
5/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 5
Who are the stakeholders?
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
6/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 6
Canadian Fraud Losses by Method
The launch of CHIP & PIN technology has had the desired efThe launch of CHIP & PIN technology has had the desired effect infect inCanada. Liability shift was delayed until March 2011 so abCanada. Liability shift was delayed until March 2011 so above isove is
understated. There is approx 55% of CAD POS systems CHIPunderstated. There is approx 55% of CAD POS systems CHIP
enabled. The USA is slated to follow in 2015. Counterfeit Cards,enabled. The USA is slated to follow in 2015. Counterfeit Cards,
and Cardand Card--notnot--Present fraud remain areas worthy of our attention.Present fraud remain areas worthy of our attention.
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
7/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 7
Several Layers of Fraud Protection
1. Zero Liability1. Zero Liability2. Verified by Visa (Retail)2. Verified by Visa (Retail)
3. Neural Networks3. Neural Networks
4. CHIP & PIN4. CHIP & PIN5. Address Verification5. Address Verification
6. CVV Value6. CVV Value
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
8/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 8
Card-Not-Present Fraud
This fraud is committed by criminals online, by phone, or by mail
using information obtained fraudulently. How to protect yourself:
register for Verified by Visa (Retail Only)
protect passwords / usernames and use encrypted browser
only give card details when you initiate a purchase
keep transaction records & review all statements
note merchants web site for returns / exchange policies
never send payment information via email as is insecure report lost or stolen cards immediately to your Bank (ProgramAdministrator)
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
9/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 9
Counterfeit Fraud
Despite a number of security measures used in the production of Visa
Cards, criminals have developed sophisticated ways to make copies ofcards that they can then use for fraudulent activity. The counterfeits cancontain actual information on real account holder.
promptly check your statement every month. Transactions may bedisputed within allowable parameters
treat your card like it is cash, and always keep it in sight
ask questions why did the clerk swipe your card more than once?
get card back immediately after use
check your card when it is returned to you
sign new cards immediately upon receipt
8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
10/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 10
CBC Marketplace Report
http://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.hhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmltml
http://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.html8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
11/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 11
Some Events of Significant Scope & Scale
http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn
http://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
12/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 12
The Compromise Environment
http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
13/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 13
Regulations Help to Ensure Compliance
http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
14/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 14
USA to implement CHIP Technology
http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
15/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 15
No License Required for phishing (or smishing)
http://money.cnn.com/video/technology/2011/07/25/thttp://money.cnn.com/video/technology/2011/07/25/t--tttt--hackinghacking--phishing.cnnmoneyphishing.cnnmoney//
http://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxphttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp--westhovenwesthoven--smishing.hlnsmishing.hln
http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
16/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 16
What is Scotiabank doing?
First Financial Institution in Canada to deploy CHIP & PIN Technology
for Commercial Card & Small Business Programs Leveraging Visa Advanced Authorization Technology
In House Fraud Detection Systems containing neural networks
Devised special process for mass compromise events wherein actual
fraud has not yet occurred Notification to clients re compromised cards
24/7/365 Call Centre availability to report lost & stolen cards
Developed strong working relationship with other FIs to share market
observations Continually revisiting existing processes
http://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnmailto:[email protected]:[email protected]8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
17/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 17
A Self Assessment
Do you keep an eye on your credit cards at all times to protect
them from skimming?
Do you respond to Internet scams such as Phishing, and hangup on telephone solicitors?
Do you ever ask how your information is going to besafeguarded when an unknown party is asking for it?
Do you use firewall and/or anti-virus software to protect yourPC?
Do you shred unused charge cheques mailed to you by creditcard companies?
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
18/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 18
Travel Tips Whether You are On Business or Not
Leave cheques & chequebooks at home in secure location
ATM Debit Cards restrict use to secure machine locations andrecognize credit cards as a better form of payment
Leave bills at home (security of hotel room)
Use hotel safes when available a suitcase is not a secure site
Use inside pockets to protect against pickpockets and alwayssecure electronic devices
Thin your wallet/purse contents & carry only what you need
Protect against shoulder surfers in public places Back up material carry copies of travel documents in separatelocation
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
19/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 19
Travel Security Tips Continued
Did you put a vacation hold on your mail, or arrange for pick up?
Did you stop/suspend newspaper delivery while away?
Does someone know you are away and the details of youritinerary?
Do not hang purses on hooks at back of washroom doors Ladies carry a flashlight and a rubber doorstop
-- ask to be escorted to your vehicle by hotel staff
Be aware of your surroundings at all times
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]8/2/2019 Credit Card Fraud & Ways to Mitigate Risk
20/20
Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 20
Questions / Discussion
Now that we have examined this topic more closely,do you have any personal experiences to share?
Thank you for this opportunity to speak with you today
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]