Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Similar presentations


Presentation on theme: "CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)"— Presentation transcript:

1 CNP Fraud

2 Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept) Mail redirect request Replacement/Lost Card claim Hacking, data breach Identity theft affected more than 9.93 million people during 2008. Average costs per victim was $1,200, 175 hours needed to rectify the problem. ID Theft, Application Fraud & Account Takeover

3 Typical Online Identity Theft Fraud Cycle

4 Phishing Method used to acquire sensitive data (usernames, passwords and credit card details) by masquerading as a trustworthy entity in an electronic communication. Communications which purport to be from popular social web sites, auction sites, banks, online payment processors Person thinks the email is genuine and clicks on link provided Normally message requests the user to authenticate or validate their banking data Redirected to website which mirrors authentication site Online

5 Site Cloning/Phishing Example of a Phishing Site Posing as the Official HSBC Website

6 Pharming Method used to redirect a website's traffic to another, fake website. Conducted by : Changing the “hosts file” on victim computer Exploitation of vulnerable DNS server software (Poisoned Server) Circumvents name lookup with its own local name to IP address mapping. A legitimate request for a sensitive website can direct the user to a fraudulent copy Eg Bank Name Online

7 Pharming Online

8 Spy-phishing combines phishing and spyware Vishing combines social engineering and telephone, mostly using Voice over IP (VoIP) to gain access to private personal and financial information Online Scams

9 Compromising systems and networks where CHD is stored, processed and/or transmitted Not necessarily difficult High rewards – low risk Hacking & Data Compromise

10 Collaborative networks of individuals with specific skills and/or access to information. They interact on Forums & Blogs where they trade: Track Data, Authentication Data, CV2, exp.date, etc… Account Numbers Personal Information Counterfeited Notes Credit Card Number Generators Software & Hardware (readers/writers, skimming equipment…) Underground Market

11 Identity Theft (Third Party): Large purchases; bust-0ut activity (maxing out of cards in short time periods) Social Engineering (Third Party): Attempting to find information by asking questions, or to change information through social interaction. Hijack orders by changing shipping information or changing billing data on an existing credit card account. Convenience (Third Party): Testing cards to see if they work by making small purchases at safe locations like gas stations, electronic download services, or fee-for-service locations. Identifying Fraudulent Activities

12 Internal Fraud: Organized fraudulent activity by person or persons working in a company, sharing information on how to perpetrate fraud on conducting actual theft. Affiliate Fraud: The creation or facilitation of bad transaction in or to receive commission payments. Friendly Fraud (First Party): Transactions where fraud is claimed but the consumer is actually the legitimate account holder. Identifying Fraudulent Activities

13 Merchant Collusion Merchant Collusion particularly when there is a recession, times are hard etc. can be a problem. Very much seen in the past in the physical world But now happening in the internet world, where it can be carried out be triangulation where a real site links back to a fraudster site as the transaction occurs, allowing card data to be trapped and then cloned. July 16Caribbean Electronic Payments LLC13

14 High Risk Merchants High Risk merchants like gambling sites, pornography providers etc. have always been a target for fraudsters. If a persons card is compromised on this type of site there is reluctance to complain. This is now moving into other types of high risk areas, like prescription drugs, gaming sites and even sites like low cost airlines. July 16Caribbean Electronic Payments LLC14


Download ppt "CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)"

Similar presentations


Ads by Google