Post on 27-Jan-2015
description
Tackling Card Not Present fraud
in the mobile business
Rome, 17.04.2012
Stefano M. de’ Rossi
GRUPPO TELECOM ITALIA
Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
2
Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
3
Company profile
Employees
84,154
Customers
135,300,000
Revenues (2011 €)
29,958,000,000
Telecom Italy is the Italian leading
company in Telecommunications and
ICT, and
one of the most important in Latin
America and among the top 10 global
telecommunications operators since
1999.
4
Television
Office &
System solutions
ICT Services Telephony
Telecom Italia Group: …more than simply a phone company
Web
5
Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
6
Non cash payment evolution
7
Overall non-cash payments volumes
grew by 5% in 2009 to 260 billion,
continuing the growth trend from 2008
of 9%, albeit at a slower pace.
Globally, cards remain the preferred
non-cash payment instrument, with
global transaction volumes up almost
10% and a market share of more than
40% in most markets.
7
In the fight against card fraud
• As the use of non-cash payments instruments grows, so does concern about the potential for fraud.
• Global card fraud has increased consistently along with card usage in recent years
(World payment report 2011)
8
Necessary
resources
Type of
cards
targeted
Leading
fraud types
Target
Fraudster
Audacity
Technical expertise
Insider information
Global connections
All types of credit cards
Debit cards
Prepaid cards
Cross-border data
compromise
CNP fraud
ATM fraud
Banks
Processors
International
crime rings
Today
Technical
knowhow
Mass market
credit cards
Identity theft
Phishing
Rudimentary data
compromise
Larger retailers
Local crime rings
2000
Opportunism
Travel &
Entertainment
cards
Lost/stolen
Intercepted
Consumers
Individuals
1980
Rudimentary
knowledge
Premium credit
cards
Domestic
counterfeiting/
skimming
Small retailers
Teams
1990
The evolution of credit card fraud
(Source Visa Europe)
9
Credit Card Fraud – brief history on video
10
Source: Osservatorio Assofin - CRIF Decision Solutions - GfK Eurisko sulle carte di credito, vol.9, 2011
Credit card transaction 2006-2010 (volume)
Non cash payment in Italy
While our country is still characterized by a low usage of non cash payments, credit card usage showed up, in the last years, a steady increase in transaction volumes (both in number and value of transactions)
11
Credit card and e-commerce in Italy
Credit Card has become the mostly used payment method for any on line transactions
Source: Casaleggio Associati, 2011
Credit card
PayPal Cash to delivery
Other Bank Transfer
12
Credit card fraud analysis in 2009 / 2010
13
Source: Rapporto statistico sulle frodi con le carte di credito 1/2011 - UCAMP
As well as in the rest of the world, what can be set in Italy in the last 2 years, is a very close trend between the total number of credit card transactions and the number of fraudulent operations detected.
# fraudulent operation (2009-1=100)
Agenda
Telecom Italia facts & figure
Non cash payment & credit card fraud
Credit card fraud: the mobile experience
Card not present fraud: our experience
14
2011 CFCA Global Fraud Loss Survey
In tandem with the growth in the use of credit cards fraud has become a significant problem for GSM operators.
• Compromised PBX/Voicemail systems
• Subscription/Identity (ID) Theft
• International Revenue Share Fraud (IRSF)
• GSM-Box & Bypass Fraud
• Credit Card Fraud
Communications Fraud Control Association
15
2011 CFCA Global Fraud Loss Survey
Communications Fraud Control Association
16
Credit Card Fraud: a GSMA perspective
SUB POINT
Card Not Present Transactions
Credit Card Fraud
Card Present
Transactions
17
Credit Card Fraud
Card Present
Transactions
Card present transactions for services or products are payments and requests made directly by the cardholder at the point of sale.
Counterfeit card fraud
Skimming
Lost and stolen card fraud
Mail non-receipt card fraud
Identity theft on cards
Card present transactions
18
Card Not Present Transactions
Credit Card Fraud
Card is not physically present as it would be in a retail store.
First card data is stolen in the real world and then criminals use it for the purchases.
There’s no face to face contact, no tangible card and no physical signature on the sales draft.
Card Not Present (CNP) transaction
19
15%
3%
11%
64%
7%
2011
28%
7%
38%
23%
4%
2001
Card fraud losses split by type
Source: FRAUD THE FACTS 2012 – FFA Uk
20
Card-not-present fraud accounts for 64 % of all card fraud in 2011
Card fraud losses split by type in Italy
18%
2%
70%
7% 3%
2009
24%
3%
58%
11% 4%
2011
21
Figures are defintely different in Italy where counterfeit accounts for the large majority of card fraud
Source: Rapporto statistico sulle frodi con le carte di credito 1/2011 - UCAMP
Most card details used in CNP Fraud are compromised cards,
not stolen.
22
Global payment breach – short video
23
CNP Fraud and GSM Operators
Mobile operators offer payment options for a variety of services that are card-not-present transactions:
PREPAY RECHARGE
HANDSET PURCHASE
PAYMENT OF INVOICES
ACCESS TO PREMIUM CONTENT
24
What are the losses?
• Loss of the value of the transaction (Chargeback's)
• Costs of processing these transactions
• Interconnection costs & Revenue share
• Potential loss of Merchant status
25
Service
Payment
Pre-registration process
Restriction
Unique IMEI association
Telephone authentication
Prevention & Detection measures for CNP transaction
Product
Payment
Strict delivery procedures
26
Order
A layered security approach for CNP fraud prevention
Internet
Address verification service (AVS)
Card Verification Value 2 (CVV2)
Verified by VISA (VbV)
PCI - DSS
Telephone
Order
27
Payment Card Industry – Data Security Standard
• The PCI DSS is intended to help protect Visa cardholder data— wherever it resides—ensuring that customers, merchants, and service providers maintain the highest information security standard.
• It offers a single approach to safeguarding sensitive data for all card brands.
• PCI DSS compliance is required of all entities that store, process, or transmit Visa cardholder data.
28
Implement Strong Access Control Measures
Maintain an Information Security Policy
PCI-DSS PILLARS
Build and Maintain a Secure Network 1
Maintain a Vulnerability Management Program
3
4
Regularly Monitor and Test Networks 5
6
Protect Cardholder Data 2
PCI-DSS main pillars
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized
29
Things to take away
• As the use of non-cash payments instruments grows, so does
concern about the potential for fraud.
• The payments industry is pursuing various innovations to tackle
fraud and better secure non-cash transactions—and thereby
bolster consumer confidence.
• Attention is focused most, however, on e-commerce transactions,
especially as electronic thefts increasingly hit the headlines.
• Managing risk against the threat of credit card fraud is certainly
not an easy task.
• We remain committed to containing and reducing all areas of fraud
and will continue to work with key partners to achieve this end.