IIA Fraud Seminar, Thursday 22 nd January 2009 Card Fraud Update Presented by: Úna Dillon, Head of...
-
Upload
neal-green -
Category
Documents
-
view
220 -
download
0
Transcript of IIA Fraud Seminar, Thursday 22 nd January 2009 Card Fraud Update Presented by: Úna Dillon, Head of...
IIA Fraud Seminar, Thursday 22nd January 2009
Card Fraud Update
Presented by:Úna Dillon, Head of Card Services, Irish Payment Services Organisation
Agenda
• Introduction to IPSO
• Overview of Irish Payment Card Market
• CNP Card Fraud Overview
• Fraud Prevention Initiatives+ Chargeback Handling
IIA Fraud Seminar, Thursday 22nd January 2009
Introduction to IPSO
Introduction to IPSO
• The Irish Payment Services Organisation Limited (IPSO) is the representative body of the payments industry, the voice and guardian of the payments industry and the strategic interface with all payments stakeholders
• The IPSO umbrella body is made up of the following:– IRECC
– IRIS (to Feb 2009)
– IPCC
– Direct Debit Scheme
– Laser Card Services Ltd
– IPSO Card Services
IPSO Card Services
Members:
_____________________________________Contributors:
IIA Fraud Seminar, Thursday 22nd January 2009
Current Card Market
Overview of Irish Card Market
Card Base• Debit (Laser) cards 2.9m• Maestro + Visa Debit (non-disclosable)• Credit cards 2.4m
Issuers• Credit Card Issuers 12 • Debit card Issuers 9
Acquirers• Acquirers 4+
Transactions • Laser Card: €9.1bn (’08)• Credit Card: €12.6bn (to Nov’08)
IIA Fraud Seminar, Thursday 22nd January 2009
Card Fraud Overview and
Trends
Card Fraud
0
5
10
15
20
25
30
35
40
€Millions
'96 '97 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07
Projected
Actual
CNP Fraud Overview
CNP or Card Not Present Fraud includes:- – fraud conducted over the internet, – by telephone or; – via mail order
Criminals obtain card details by stealing data, using discarded receipts or copying details during a transaction
Biggest fraud problem in Europe
(up to 50% increase ‘06 to ‘07)
Card Fraud Types
Breakdown of Fraud Types
1% 8%2%
3%
22%64%
Lost
Stolen
MNR
Fraud Applic
C'Feit
CNP
E-commerce
There are over 10,000 ecommerce stores in Ireland (source Realex)
E-commerce has enabled businesses to become more efficient and reliable
It is essential for businesses - to be able to markettheir products and services on a global market
Unfortunately – they are the latest crime target– Data hacking– Phishing– Staff abuse (collecting details during transactions)
IIA Fraud Seminar, Thursday 22nd January 2009
Fraud Prevention
Card Fraud Prevention - Banks
Industry Solutions:
• Industry specialist groups (IPSO CFF, IBF HTCF)• Market Intelligence (MI)• Training – SafeCard Task Force (IPSO)
– Conferences, seminars, localised training (industry representative bodies)• Card Security Code (CSC) • Proactive awareness campaigns (e.g. PIN usage)• Intelligent computer systems (e.g. Hunter, Falcon)• International Representation (IPSO)• Counterfeit card fraud prevention • Liaison with Gardaí (GBFI)• Lower floor limits• Hot Card Files• PCI DSS• 3D Secure
www.SafeCard.ie
Card Fraud Prevention - You
No one solution – need to combine many
1. Ensure all of the cardholder’s details are captured
2. Ensure contact phone numbers are landline rather than mobile (can be untraceable)
3. Obtain fixed email addresses (no free ones)
4. Use Card Security Code (no retention)
5. Use 3D Secure solutions (fraud liability shift)
6. Comply with PCI DSS (encryption)
7. Be aware of card scheme dispute
resolution rules (Chargebacks)
IIA Fraud Seminar, Thursday 22nd January 2009
Chargebacks
Chargebacks
In a CNP environment, the onus is on you to provide proof that the bona fide cardholder performed a given transaction– The cardholder could have made a mistake, or– they may be a criminal
Chargeback Cycle:Customer Dispute → Issuer investigation → Chargeback → Representment →2nd Chargeback →Arbitration
Chargebacks
Chargeback Reasons:
• Retrieval Request• Processing error• Cardholder dispute• Authorisation• Fraud
CNP - Where there are suspicions of fraud
• Merchant fraud or collusion• Implication circumstances
surrounding the transaction were improper or possibly fraudulent
• Not authorised (approved) • Not sent to cardholder address • Expired/not yet valid card • Split sale (floor limit) • Not cardholder name
Chargebacks
Specific Time limits provided for the process and resolution (card scheme rules)
For example:– Retrieval Request acquirer to respond within 45 days– First Chargeback acquirer to respond within 60 days– Second Presentment Issuer to respond within 45 days
When you receive a chargeback notification from your bank or acquiring processor:
– You have an opportunity to dispute the chargeback– Be mindful of the time limits which are imposed on your acquirer– Gather information on the transaction and cardholder and send a copy in
response to the notice.
Finally……
Keep informed of industry fraud trends:
• Liaise regularly with your acquirer
• Refer to reputable websites for new information:
– www.safecard.ie– www.makeitsecure.ie– http://www.shopsafeonline.org.uk/retailers/
Contact Details
Úna Dillon
IPSO
14 Cumberland St
Dun Laoghaire
Co. Dublin
Email: [email protected]
Website: www.ipso.ie
Website: www.safecard.ie