a practical guide to post-emv card not present fraud
TRANSCRIPT
A PRACTICAL GUIDE to post-EMV card-not-present fraud
Noam Inbar, VP Business Development, Forter
$3 BILLION 2014 U.S. CNP Credit Card Fraud Losses (Aite Group)
EMV will make your fraud disappear
HRS.
0 9 MIN.
3 0 DAYS
9 9
REALLY?
NOT REALLY.
1 Being a fraudster is profession. EMV won’t make them disappear 2
Fraudsters look for the weakest link; EMV doesn’t protect Card Not Present Transactions
4 E-commerce will continue to grow 3
EMV migration will cause organizations to be slower and less efficient than before
5 Crime as a service: even fraudsters with low technical abilities can commit fraud online, lower barriers to entry
FRAUD TO SPIKE 40-50% In the 2 years following EMV migration
Research
WELCOME TO THE POST EMV FRAUD TSUNAMI
DOMINANT MARKET APPROACH to fraud prevention
Rule Engine Risk Score Fraud Policies
Manual Reviews
APPROVE
DECLINE
DOMINANT MARKET APPROACH to fraud prevention
Rule Engine Risk Score Fraud Policies
Manual Reviews
APPROVE
DECLINE
FRAUD PREVENTION
1.0
2.0 FRAUDSTERS Require 2.0 Fraud Protection
MACHINE LEARNING – BIG DATA – CLOUD REALTIME ALGORITHIMS – SCORES – RULE ENGINES – FINGERPRINTING – MACHINE LEARNING GEOLOCATION – CLOUD – REALTIME – BLACKLISTS – BEHAVIORAL – ALGORITHIMS – MACHINE LEARNING – CLOUD – SCORES –FINGERPRINTING – BLACKLISTS – BIG DATA – SCORES – REALTIME ALGORITHIMS – BLACKL
A PRACTICAL GUIDE
to post-EMV card-not-present fraud
1 KYF: KNOW YOUR FRAUDSTER
FRAUD IS CHANGING So should your fraud prevention
3 Fraudsters are quick and agile, methods that used to be the holy grail of fraud prevention can no longer get the job done
Traditional Practices are no longer enough
1 Dark-net Marketplaces enable a sophisticated fraud ecosystem
Crime as a Service
5 Wherever there’s internet, there’s the opportunity for CNP fraud
Fraud is Global
4 After Silk Road’s demise, fraudsters have become vigilant about operation security
Fraudsters Are Paranoid
2 2014’s massive data breaches flooded the market with high quality cards
Abundance of Stolen Data
6 Hardware is cheaper than ever, so fraudsters can burn through it & never look back
Hardware is Commoditized
2 AUTOMATE
81% of merchants
review orders manually
52% of fraud budget is used for
manual reviews
MANUAL REVIEWS
20+ MIN Per a manual review, for over
20% of merchants
Source: Cybersource Online Fraud Report
Nuances and patterns extracted from a user’s online behavior enables comparing and benchmarking against expected behaviors,
adding a whole new dimension of knowledge.
BEHAVIORAL ANALYSIS Automating manual reviews
Predicting people is not like predicting the weather
3 DON’T PANIC
FALSE POSITIVES
| Definition | False Positives
A "false positive,"... arises when fraud detection software
blocks your card because the card has been identified as
the vehicle of potentially fraudulent activity when it isn’t
~ Tech Republic
FALSE POSITIVES
$40 BILLION
lost every year due to unnecessary red flags and transaction blocks
Source: Trust Insight, Measuring Consumer Attitude on CNP Credit Card Declines Report
FALSE POSITIVES
Source: Cybersource Online Fraud Management Benchmark Study (N. American edition, published 2015), Ethoca research 2015
OVER 70% of merchants believe that
UP TO 10% of rejected orders are actually valid
BUT THE ACTUAL RATE IS ESTIMATED AT ABOVE 40%!
FALSE POSITIVES
NEARLY 20%
of consumers who experienced a fraud-related decline had no future spend 6 months after the decline event
Source: Trust Insight, Measuring Consumer Attitude on CNP Credit Card Declines Report
FALSE POSITIVES - CAUSES
§ Processor rules and red flags § Tools that require hard coding § Outdated rules § Manual reviews: bias
EXAMPLE: AIRLINE
3DSECURE DECLINED
MANUAL REVIEW EMAIL
APPROVED BY PHONE WITH SAME CARD
4 HUMAN-BASED MACHINE LEARNING
MAN VS. THE MACHINE
EXPERT KNOWLEDGE Interdependencies: What do the data points tell us?
Platinum+ Credit Card Type
San Jose, US Billing Neighborhood
Mexico (very low income) Shipping Neighborhood
$200, $90, $80 Past Purchase Amounts
$10,000 Current Purchase Amount
Spanish Browsing Language
Wireless Network IP Type
Platinum+ Credit Card Type
San Jose, US Billing Neighborhood
Mexico (very low income) Shipping Neighborhood
$200, $90, $80 Past Purchase Amounts
$10,000 Current Purchase Amount
Spanish Browsing Language
Wireless Network IP Type
EXPERT KNOWLEDGE Stories Model: Mexican National Holiday Sale
Immigrant shipping to family
5 SMART LINKING
UNCOVER THE FRAUDSTER SOCIAL GRAPH
Verification and authentication of a single transaction and blacklists that are based on IP match and email match provide a very narrow view
Similarities and proximities reveal beyond the transaction
1. KNOW YOUR FRAUDSTER 2. AUTOMATE 3. DON’T PANIC 4. HUMAN BASED MACHINE LEARNING 5. SMART LINKING
RECAP: WHAT TO DO
GOOD LUCK! www.forter.com [email protected] @InbarNoam