The Bulgarian Banking Industry’s Response to Cards Fraud and the Role of the Association in Combating Fraud Nikolay Nedkov Chairman, BASCP

The Bulgarian Banking Industry’s Response to Cards Fraud and the Role of the Association in Combating Fraud INTRODUCTION - BASCP foundation, development and main task - Types of fraud - The current situation - What measures are taken - Conclusions

The Bulgarian Banking Industry’s Response to Cards Fraud and the Role of the Association in Combating Fraud - The Association BASCP was established in December 2005 as a successor of the BFF established in November Joint initiative of all twenty Bulgarian Banks - VISA, MasterCard & American Express plus BORICA, the National Card Operator

The Bulgarian Banking Industry’s Response to Cards Fraud and the Role of the Association in Combating Fraud Main tasks -Combating fraud – forum for experts from Bulgarian Banks and card schemes to discuss fraud prevention related issues -Cooperation and communication with country’s Law Enforcement Authorities, different Police services, Ministry of Interior (MoI), Prosecution, etc to develop tactical initiatives to fight against card fraud across the country -Raising the awareness of payment card fraud within the society and the different levels of the Government and to promote the card fraud prevention tools -Improving and developing contacts and cooperation between the Banks.

Types of fraud -Merchant fraud - goods and services were bought by fake/counterfeited or stolen cards -ATM fraud – skimming, Lebanese Loop, Physical ATM attacks, etc -OnLine fraud/E-commerce fraud: -Phishing – gaining sensitive information for cards and cardholders -Pharming – redirection the traffic in the internet web sites

Types of Fraud - Definition -Merchant fraud – the level of that type of fraud decreased during the BFF/BASCP establishment. During this period an Acquirer Agreement was made, where mutual merchant antifraud activities were implemented and a data is maintained of terminated merchants – Black List for merchants with fraudulent activity. -ATM fraud – this type of fraud escalated last few years, where different types of techniques had been used. In BASCP was created an ATM Working Group where information is exchanged among Member Banks for any type of ATM fraud.

Types of Fraud - Definition Physical Attacks on ATMs is new for Bulgaria and Banks immediately took measures, such as ATM Monitoring Systems, Alarms, Money Maculation Systems, etc. The Skimming Fraud is the newest item among fraudsters – interesting fact is that not only foreign cards are skimmed, but also cards issued by Bulgarian Banks. There is a strong cooperation between the BASCP Banks and information is immediately distributed, so measures can be taken (card blocking, SMS alerting, ATM investigation, etc.)

Types of Fraud - Definition OnLine fraud -Phishing is a form of criminal activity using social engineering techniques, characterized by attempts to fraudulently acquire sensitive information, such as passwords and payment card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords.

Types of Fraud - Definition -Pharming is the exploitation of a vulnerability in the PNS Server Software that allows a hacker to acquire the domain Name for a site, and to redirect, for instance, that website's traffic to another web site. PNS servers are the machines responsible for resolving internet names into their real (IP) addresses. The term pharming is derived from the term phishing.

Types of Fraud - Definition E-Commerce Fraud - The majority of this type of fraud is concentrated in: -Direct marketing – the payment of adult content sites -Travel Agencies – services bought via fraudulent applications such as airplane tickets as favorite -Online gambling – betting on the internet is becoming more and more profitable both for cardholders and Banks -Electronic equipment – purchasing the necessary software or hardware through internet -MOTO – transactions

The Movement of Crime -Chip vs. MagStripe Environment -Intra Regional  Inter Regional -ATM/POS Integrity -Obtaining Personal Information (misusing open networks) -Data Storage Integrity Breaches -Increased Fraud Applications / Account Takeover / CNP fraud

Crime Prevention in Bulgaria is Team Work between  Government  Investigators  Technology  Industry  Individual users Which combines a mutual efforts aiming towards more effective struggle against cards crime.

The current situation -The development and success of the Cards Business has attracted criminals - The manipulation of ATMs is driven by organized crime -There are on-line criminal groups groups exchange cards data

What measures are taken? -The development and the use of different monitoring programs for preventing fraud - A strong relation between the Issuing bank and the cardholders in terms of education and warning of risk at online use of their cards -Joint forces with law enforcement -International cooperation -Improving technology

The Bulgarian Banking Industry’s Response to Cards Fraud and the Role of the Association in Combating Fraud Conclusions: -Improving the strategy - Keeping the technology up to date developed -Strengthen International contacts -Public and private partnership -Inform cardholders/merchants for their obligations

Conclusions: Fraud Today Needs To Be Viewed Through a New Prism -Today’s corrupt criminals of organized crimes have no national boundaries, have gone hi-tech, and conventional methods of investigation are not good enough to tackle organized crimes -Strong partnership with costumers, merchants, local and overseas Law Enforcement/Regulatory Agencies is essential. International cooperation is vital.

Thank You Nikolay Nedkov Phone: Fax: