Credit Card Fraud & Ways to Mitigate Risk

8/2/2019 Credit Card Fraud & Ways to Mitigate Risk

1/20

1

Credit Card Fraud & Ways to Mitigate Risk

Shaun East, CTE,CCTE,CPCPShaun East, CTE,CCTE,CPCP

Sr. Manager Commercial CardSr. Manager Commercial Card

February 27, 2012.


2/20

Credit Card Fraud & Ways to Mitigate Risk February 27, 2012. 2

Overview / Agenda

The Credit Card Transaction Process & its Participants

The Canadian Fraud Experience Security Measures in Place

Protecting yourself against leading fraud methods

How have criminals developed?

Significant moments in history

Circumstances around a compromise

USA to join Canada and move to CHIP & PIN technology

Hows the Phishing or Smishing?

A quick self assessment / travel tips

Questions / Discussions / Confessions


3/20


The Credit Card Transaction Process


4/20


The Transaction Process

A credit card is a convenient method of payment providing many

benefits to merchants and consumers alike

Merchants pay a fee to access the system and to offer theircustomers the convenience of paying by card

Cards are widely accepted around the world in both C2B, B2B Card use may be as easy as swiping mag stripe, or entering a

PIN after your CHIP has been read

There are a number of different cards available in the world, with

various features, programs, and insurance coverage


5/20


Who are the stakeholders?


6/20


Canadian Fraud Losses by Method

The launch of CHIP & PIN technology has had the desired efThe launch of CHIP & PIN technology has had the desired effect infect inCanada. Liability shift was delayed until March 2011 so abCanada. Liability shift was delayed until March 2011 so above isove is

understated. There is approx 55% of CAD POS systems CHIPunderstated. There is approx 55% of CAD POS systems CHIP

enabled. The USA is slated to follow in 2015. Counterfeit Cards,enabled. The USA is slated to follow in 2015. Counterfeit Cards,

and Cardand Card--notnot--Present fraud remain areas worthy of our attention.Present fraud remain areas worthy of our attention.


7/20


Several Layers of Fraud Protection

1. Zero Liability1. Zero Liability2. Verified by Visa (Retail)2. Verified by Visa (Retail)

3. Neural Networks3. Neural Networks

4. CHIP & PIN4. CHIP & PIN5. Address Verification5. Address Verification

6. CVV Value6. CVV Value


8/20


Card-Not-Present Fraud

This fraud is committed by criminals online, by phone, or by mail

using information obtained fraudulently. How to protect yourself:

register for Verified by Visa (Retail Only)

protect passwords / usernames and use encrypted browser

only give card details when you initiate a purchase

keep transaction records & review all statements

note merchants web site for returns / exchange policies

never send payment information via email as is insecure report lost or stolen cards immediately to your Bank (ProgramAdministrator)


9/20


Counterfeit Fraud

Despite a number of security measures used in the production of Visa

Cards, criminals have developed sophisticated ways to make copies ofcards that they can then use for fraudulent activity. The counterfeits cancontain actual information on real account holder.

promptly check your statement every month. Transactions may bedisputed within allowable parameters

treat your card like it is cash, and always keep it in sight

ask questions why did the clerk swipe your card more than once?

get card back immediately after use

check your card when it is returned to you

sign new cards immediately upon receipt


10/20


CBC Marketplace Report

http://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.hhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmltml
http://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.html


11/20


Some Events of Significant Scope & Scale

http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn
http://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cbc.ca/marketplace/2010/whos_minding_the_store/main.htmlhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn


12/20


The Compromise Environment
http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnn


13/20


Regulations Help to Ensure Compliance


14/20


USA to implement CHIP Technology


15/20


No License Required for phishing (or smishing)

http://money.cnn.com/video/technology/2011/07/25/thttp://money.cnn.com/video/technology/2011/07/25/t--tttt--hackinghacking--phishing.cnnmoneyphishing.cnnmoney//

http://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxphttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp--westhovenwesthoven--smishing.hlnsmishing.hln
http://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://www.cnn.com/video/#/video/crime/2009/10/08/rowlands.fbi.phishing.bust.cnnhttp://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/


16/20


What is Scotiabank doing?

First Financial Institution in Canada to deploy CHIP & PIN Technology

for Commercial Card & Small Business Programs Leveraging Visa Advanced Authorization Technology

In House Fraud Detection Systems containing neural networks

Devised special process for mass compromise events wherein actual

fraud has not yet occurred Notification to clients re compromised cards

24/7/365 Call Centre availability to report lost & stolen cards

Developed strong working relationship with other FIs to share market

observations Continually revisiting existing processes

[email protected]
http://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnhttp://www.cnn.com/video/#/video/bestoftv/2011/10/19/mxp-westhoven-smishing.hlnmailto:[email protected]:[email protected]


17/20


A Self Assessment

Do you keep an eye on your credit cards at all times to protect

them from skimming?

Do you respond to Internet scams such as Phishing, and hangup on telephone solicitors?

Do you ever ask how your information is going to besafeguarded when an unknown party is asking for it?

Do you use firewall and/or anti-virus software to protect yourPC?

Do you shred unused charge cheques mailed to you by creditcard companies?
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


18/20


Travel Tips Whether You are On Business or Not

Leave cheques & chequebooks at home in secure location

ATM Debit Cards restrict use to secure machine locations andrecognize credit cards as a better form of payment

Leave bills at home (security of hotel room)

Use hotel safes when available a suitcase is not a secure site

Use inside pockets to protect against pickpockets and alwayssecure electronic devices

Thin your wallet/purse contents & carry only what you need

Protect against shoulder surfers in public places Back up material carry copies of travel documents in separatelocation
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


19/20


Travel Security Tips Continued

Did you put a vacation hold on your mail, or arrange for pick up?

Did you stop/suspend newspaper delivery while away?

Does someone know you are away and the details of youritinerary?

Do not hang purses on hooks at back of washroom doors Ladies carry a flashlight and a rubber doorstop

-- ask to be escorted to your vehicle by hotel staff

Be aware of your surroundings at all times
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


20/20


Questions / Discussion

Now that we have examined this topic more closely,do you have any personal experiences to share?

Thank you for this opportunity to speak with you today
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]

Documents

Credit Card Fraud & Ways to Mitigate Risk