Presentation is loading. Please wait.

Presentation is loading. Please wait.

What happens here: Affects us here and here Have you ever come to work: Cams Alerts – Visa Alerts MasterCard Alerts Fraud Notices and it’s only 8:10.

Published byKaylie Wilbanks Modified over 9 years ago

Similar presentations

Presentation on theme: "What happens here: Affects us here and here Have you ever come to work: Cams Alerts – Visa Alerts MasterCard Alerts Fraud Notices and it’s only 8:10."— Presentation transcript:

1

2 What happens here: Affects us here and here

3 Have you ever come to work: Cams Alerts – Visa Alerts MasterCard Alerts Fraud Notices and it’s only 8:10 in the morning

4 March 2012 – April 2012 There have been some bumps in road! There have been some bumps in road! Major Compromise

5 Atlanta-based processor Global Payments just confirmed that they discovered a breach. March 23 rd Visa and MasterCard told the banks & credit unions that the cards were exposed between Jan. 21 and Feb. 25 April 4 th new exposure dates of December 12, 2011 through January 15, 2012

6 What are you going to do? A Compromise takes on its own Life

7 Distribute CAMS & MasterCard Alerts March 23 rd Known Fraud Unlikely Fraud Possible Fraud Imminent Danger of Fraud Your work began

8 When a bank is notified of a large compromise; do they look at all cards for the associated risk or is the decision made to reissue all cards? Ultimately you make the decisions

9 Decisions based on Priorities of risk to your Financial Institution. From: Highest Risk to the Least Risk

10

11 The criminal’s goal is to leverage and exploit human and technology weaknesses that exist in everyday life. Social engineering

12 Social engineering and Fraud Today Two composite case studies 1. Team Manipulation that’s us 2. Phishing you and yours

13 Case Study: Financial Institution here in the Northwest

14 The financial institution’s call center gets a call asking to have a card activated. The caller cannot provide the mother’s maiden name or date of birth. ACCESS: Team manipulation: DENIED

15 A second call is received by the same team member from the “same cardholder” sounding agitated requesting assistance with activating the card. The mother’s maiden name and date of birth are not correct. ACCESS: Team manipulation: DENIED

16 The “cardholder” calls in again, gets a different team member and aggressively requests assistance in getting their card activated. Because the first team member had shared their experience with the others. The required information could not be provided. ACCESS: Team manipulation:

17 The “cardholder” now calls the main number to the institution and presses random numbers. They are connected with the loan department. The “cardholder” nicely explains the system must have his wife’s last name and date of birth instead of his mother’s, and he would like to confirm the information. Team manipulation: This team member provides the information from the system to the caller.

18 Approved The “cardholder” activates the card, ACCESS: Card is used by the crook until it is blocked. The following day the “cardholder” again calls the institution, this time to inquire why the card is no longer working! Team manipulation:

19 Our willingness to serve Customer is #1 Whatever we can do Tools of the Criminal: “That which hath made us (financial institutions) strong; can be our greatest weakness” Aggression from the “cardholder” Persistence from the “cardholder” Kindness from the “cardholder”

20 Best Practices: Train your entire staff about the social engineering tricks used by crooks. Teach your team to trust their gut, block the card, then ensure “they” speak to the true cardholder or an authorized user to verify the contact. Limit who on your team can provide information to “callers.”

21 Protect Share information with co-workers and write relevant notes for others to view Have a solid list of follow up questions Develop and use a robust activation criteria Best Practices:

22 Is fraud continuing to grow at a steady rate, or has it plateaued? We continue to see fraud on the rise; however some of it can be driven by the increase in card use. Look at your card portfolio’s and card usage. It has probably increased right along side the fraud. Our new motto but old saying: “It’s not a matter of IF; it’s a matter of WHEN ”

23 Are anti-skimming devices advanced enough to keep up with the current types of fraud occurring at the ATM? Today – Maybe Tomorrow – No Guarantee Day after Tomorrow – No

24 Does Visa/MC ever hold merchants responsible for compromises and penalize them? Two part Question: 1.Hold Merchants Responsible: 2.Penalize Them: YES NO THEY TRY NOT VERY OFTEN NO YES Focus on Prevention!

25 How can we make merchants accept liability for their practices to help deter risk? MasterCard and Visa are continually working with merchants to be PCI compliant. They started with the largest merchants and are now working with the smaller merchants

26 EMV = Europay, MasterCard &Visa which is the global standard for inter-operation of integrated circuit cards or chip cards. What the heck is EMV?

27 smart card, chip card, integrated circuit card (ICC)?

28 EMV history 2. The first version of EMV standard was published in 1995. 1. The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for smart cards 3. EMVco, the company responsible for the long- term maintenance of the system a. Upgrades: 2000 & 2004

29 What is Liability Shift? With Visa’s liability shift, the party that is the cause of a chip-on-chip transaction not occurring (i.e., either the issuer or the merchant's acquirer) will be financially liable for any resulting card-present counterfeit fraud losses. If the issuer is EMV compliant and acquirer is non- EMV compliant, cardholder will not be liable for any chargeback, if he claims that he did not participated in the transaction. Visa October 1, 2015 MasterCard October 2015 Liability Hierarchy?

30 What is Liability Shift? Fuel-selling merchants will have an additional two years, until October 1, 2017 before a liability shift takes effect for transactions generated from automated fuel dispensers. Exception

31 EMV - What Now? Don’t Panic it’s time to make a plan

32 Today’s Challenge

33

34 You can join our monthly WebEx Fraud Discussion John Larsen, CFCI jlarsen@jackhenry.com 206-352-3419

Download ppt "What happens here: Affects us here and here Have you ever come to work: Cams Alerts – Visa Alerts MasterCard Alerts Fraud Notices and it’s only 8:10."

Similar presentations

October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, 2014 4/29/2014.

Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, /29/2014.
WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,

WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,
[FI Name]s Merchant Services Program Employee Training Presentation.

[FI Name]s Merchant Services Program Employee Training Presentation.
ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.

ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.
1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.

1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.
Understanding Commercial Card and the use of Controls Louisiana GFOA Fall Conference October 9, 2014 Rhonda C. Engel, SVP Commercial Card Sales Manager.

Understanding Commercial Card and the use of Controls Louisiana GFOA Fall Conference October 9, 2014 Rhonda C. Engel, SVP Commercial Card Sales Manager.
Northwest Card Association Acquirer Update January 2012.

Northwest Card Association Acquirer Update January 2012.
Payment Systems The Credit Card System. Basic Concepts.

Payment Systems The Credit Card System. Basic Concepts.
© 2015 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.

© 2015 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.

© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Around the World, Around the Corner WorldPay for Small Business.

Around the World, Around the Corner WorldPay for Small Business.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
EMV’s Impact on U.S. Retailers – It’s Coming! Presented by: Chris Francis VP, Market Development February 21, 2014.

EMV’s Impact on U.S. Retailers – It’s Coming! Presented by: Chris Francis VP, Market Development February 21, 2014.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Credit card and Debit card Working and Management.

Credit card and Debit card Working and Management.
Emerging Technologies

Emerging Technologies
PCI PIN Entry Device Security Requirements PCI PIN Security Standards

PCI PIN Entry Device Security Requirements PCI PIN Security Standards

Similar presentations

Ads by Google