Upload
emc-academic-alliance
View
796
Download
0
Embed Size (px)
DESCRIPTION
View this webcast to learn the latest in EMV adoption and effects of card not present (CNP) fraud and how cybercriminals are reacting to emerging market trends.
Citation preview
1 © Copyright 2014 EMC Corporation. All rights reserved.
Julie Conroy Research Director Aite Group Rueben Rodriguez Principal Product Marketing Manager RSA
2014 Card and Payments Fraud Forecast
2 © Copyright 2014 EMC Corporation. All rights reserved.
Agenda
• EMV: Coming soon to a card near you
• E-commerce fraud trends
• Best practices for securing payment cards
• Case studies in financial and retail
3 © Copyright 2013 EMC Corporation. All rights reserved.
EMV: Coming Soon to a Card Near You
©2014 Aite Group LLC. Page 4
The last G-20 country to embrace the EMV standard
©2014 Aite Group LLC. Page 5
EMV: Why now?
• Interoperability
• Mobile payments
• Increasing fraud
• Decreasing costs
©2014 Aite Group LLC. Page 6
Important milestones
PCI annual assessment forgiveness October 2012
Acquirer processing updates in place April 2013
Maestro liability shift April 2013
POS liability shift October 2015
ATM liability shift (MC) October 2016
ATM liability shift (Visa) October 2017
Fuel dispenser liability shift October 2017
©2014 Aite Group LLC. Page 7
EMV: Coming Soon
Source: Aite Group interviews with payment networks and 18 large U.S. issuers,
April to May 2014
0.4%4%
25%
70%
91%
98%
2012 2013 e2014 e2015 e2016 e2017
Percentage of U.S. Credit Cards with EMV Capability
©2014 Aite Group LLC. Page 8
EMV’s impact in other countries
$245.4
$199.6
$171.5$152.6 $145.3
$111.5
$128.4$140.4
$176.1
$259.5 $268.6
$299.4
2008 2009 2010 2011 2012 2013
Changes in Canadian Credit Card Fraud Losses, 2008 to 2013 (In millions of CAD)
Source: Canadian Bankers Association
©2014 Aite Group LLC. Page 9
The U.S. will not be an exception
$2.1
$2.6$2.8 $2.9 $3.1
$3.8
$5.2
$6.4
2011 2012 2013 e2014 e2015 e2016 e2017 e2018
U.S. CNP Credit Card Fraud Losses, 2011 to e2018 (In US$ Billions)
Source: Aite Group interviews with payment networks and 18 large U.S. issuers,
April to May 2014
10 © Copyright 2013 EMC Corporation. All rights reserved.
E-Commerce Fraud Trends
11 © Copyright 2014 EMC Corporation. All rights reserved.
Mobile Is The New “Web”
• Sky rocketing usage of mobile devices creates a new opportunity for fraudsters
• Mobile OS malware and phishing scams on the rise
• Criminal underground is all pointing to mobile with web variants – CitMo, ZitMo, Perkele
Banking
App
12 © Copyright 2014 EMC Corporation. All rights reserved.
Bank Mobile Traffic is on the Rise
~25% of confirmed fraud is from the mobile channel
13 © Copyright 2014 EMC Corporation. All rights reserved.
Citadel – RSA Underground Analysis Mobile Malware & HTML Injection
14 © Copyright 2014 EMC Corporation. All rights reserved.
Citadel
15 © Copyright 2014 EMC Corporation. All rights reserved.
Citadel
16 © Copyright 2014 EMC Corporation. All rights reserved.
Citadel
17 © Copyright 2014 EMC Corporation. All rights reserved.
ZitMO
18 © Copyright 2014 EMC Corporation. All rights reserved.
CNP Is Getting The “Squeeze”
• Customers don’t just want but demand ability to shop on-line at anytime
• Fraud liability and customer convenience are at odds
• Fraud is being pushed to the path of least resistance
• Ecommerce sites are being manipulated – Stolen card testing – validate card before selling – Buy physical/digital goods with stolen cards
• EMV is now in full effect or at least underway
19 © Copyright 2014 EMC Corporation. All rights reserved.
• Attacks on ecommerce sites is becoming the norm
• Threats come in various forms – Botnet – DDOS – Business logic abuse – Competitive intel & scraping – eCoupons abuse
• Very hard to detect or prevent
• Impacts to sales and brand are significant
Ecommerce Website Attacks On The Rise
20 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Survey: Financial & Brand Revenue Impact
Average of 5% of total on-line revenues impacted by fraud
21 © Copyright 2014 EMC Corporation. All rights reserved.
3DS Is Evolving…. For both Issuers & Merchants
• RSA 3DS card transaction volume has grown 19% YoY • Fraudsters targeting username/password deployments • RSA analysis shows top 3DS fraud focus:
– Travel in Europe – “Mail Order” in US
• Merchants have significant flexibility – Implications vary based upon which side of the coin you represent
• Risk-based authentication is now preferred method • RSA risk-based issuers prevent fraud on average ~$3M+/month
22 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Securing Payment Cards
©2014 Aite Group LLC. Page 23
Technology to the rescue
• Application layer
• Behavioral analytics
• 3-D Secure
• Behind the scenes
• Tokenization o Issuer
oMerchant
©2014 Aite Group LLC. Page 24
Merchants are embracing these solutions
3%
13%
6%
13%
13%
19%
13%
9%
31%
31%
19%
19%
31%
25%
9%
47%
Tokenization
Behavioral analytics
3-D Secure
Q: Please indicate the effectiveness of each of these technologies at reducing card fraud and data security issues. (n=32)
Very low impact Low impact Moderate impact
High impact Very high impact No opinion/Don't know
Source: Aite Group survey of fraud executives at 36 large merchants, March to May
2014
©2014 Aite Group LLC. Page 25
Many merchants and FIs are actively deploying technology to mitigate CNP fraud
44%
22%
22%
16%
3%
3%
13%
22%
Tokenization (n=26)
3-D Secure (n=20)
Q: What is your plan to deploy the following technologies?
Using today
On the 1- to 2-year roadmap
Plan to use, but not in the next 2
years
No plans to use
Source: Aite Group survey of fraud executives at 36 large merchants, March to May
2014
26 © Copyright 2014 EMC Corporation. All rights reserved.
Case Studies
27 © Copyright 2014 EMC Corporation. All rights reserved.
3DS is REAL!! - Case Study For A Card Issuer Protecting Transactions Without The Cardholder Hassle
28 © Copyright 2013 EMC Corporation. All rights reserved.
29 © Copyright 2011 EMC Corporation. All rights reserved.
~400,000
30 © Copyright 2014 EMC Corporation. All rights reserved.
Questions and Additional Resources
Join the fraud conversation in the RSA Fraud & Risk Intelligence Community!
– https://community.emc.com/community/connect/rsaxchange/fraud
Follow the RSA Fraud Research team on Twitter
– @RSAFraudAction
Visit the RSA Online Fraud Resource Center
– www.emc.com/onlinefraud