2014 Card and Payments Fraud Forecast

1 © Copyright 2014 EMC Corporation. All rights reserved.

Julie Conroy Research Director Aite Group Rueben Rodriguez Principal Product Marketing Manager RSA

2014 Card and Payments Fraud Forecast


Agenda

• EMV: Coming soon to a card near you

• E-commerce fraud trends

• Best practices for securing payment cards

• Case studies in financial and retail


EMV: Coming Soon to a Card Near You

©2014 Aite Group LLC.

The last G-20 country to embrace the EMV standard


EMV: Why now?

• Interoperability

• Mobile payments

• Increasing fraud

• Decreasing costs


Important milestones

PCI annual assessment forgiveness October 2012

Acquirer processing updates in place April 2013

Maestro liability shift April 2013

POS liability shift October 2015

ATM liability shift (MC) October 2016

ATM liability shift (Visa) October 2017

Fuel dispenser liability shift October 2017


EMV: Coming Soon

Source: Aite Group interviews with payment networks and 18 large U.S. issuers,

April to May 2014

0.4%4%

25%

70%

91%

98%

2012 2013 e2014 e2015 e2016 e2017

Percentage of U.S. Credit Cards with EMV Capability


EMV’s impact in other countries

$245.4

$199.6

$171.5$152.6 $145.3

$111.5

$128.4$140.4

$176.1

$259.5 $268.6

$299.4

2008 2009 2010 2011 2012 2013

Changes in Canadian Credit Card Fraud Losses, 2008 to 2013 (In millions of CAD)

Source: Canadian Bankers Association


The U.S. will not be an exception

$2.1

$2.6$2.8 $2.9 $3.1

$3.8

$5.2

$6.4

2011 2012 2013 e2014 e2015 e2016 e2017 e2018

U.S. CNP Credit Card Fraud Losses, 2011 to e2018 (In US$ Billions)

Source: Aite Group interviews with payment networks and 18 large U.S. issuers,

April to May 2014


E-Commerce Fraud Trends


Mobile Is The New “Web”

• Sky rocketing usage of mobile devices creates a new opportunity for fraudsters

• Mobile OS malware and phishing scams on the rise

• Criminal underground is all pointing to mobile with web variants – CitMo, ZitMo, Perkele

Banking

App


Bank Mobile Traffic is on the Rise

~25% of confirmed fraud is from the mobile channel


Citadel – RSA Underground Analysis Mobile Malware & HTML Injection


Citadel


ZitMO


CNP Is Getting The “Squeeze”

• Customers don’t just want but demand ability to shop on-line at anytime

• Fraud liability and customer convenience are at odds

• Fraud is being pushed to the path of least resistance

• Ecommerce sites are being manipulated – Stolen card testing – validate card before selling – Buy physical/digital goods with stolen cards

• EMV is now in full effect or at least underway


• Attacks on ecommerce sites is becoming the norm

• Threats come in various forms – Botnet – DDOS – Business logic abuse – Competitive intel & scraping – eCoupons abuse

• Very hard to detect or prevent

• Impacts to sales and brand are significant

Ecommerce Website Attacks On The Rise


RSA Survey: Financial & Brand Revenue Impact

Average of 5% of total on-line revenues impacted by fraud


3DS Is Evolving…. For both Issuers & Merchants

• RSA 3DS card transaction volume has grown 19% YoY • Fraudsters targeting username/password deployments • RSA analysis shows top 3DS fraud focus:

– Travel in Europe – “Mail Order” in US

• Merchants have significant flexibility – Implications vary based upon which side of the coin you represent

• Risk-based authentication is now preferred method • RSA risk-based issuers prevent fraud on average ~$3M+/month


Best Practices for Securing Payment Cards


Technology to the rescue

• Application layer

• Behavioral analytics

• 3-D Secure

• Behind the scenes

• Tokenization o Issuer

oMerchant


Merchants are embracing these solutions

3%

13%

6%

13%

13%

19%

13%

9%

31%

31%

19%

19%

31%

25%

9%

47%

Tokenization

Behavioral analytics

3-D Secure

Q: Please indicate the effectiveness of each of these technologies at reducing card fraud and data security issues. (n=32)

Very low impact Low impact Moderate impact

High impact Very high impact No opinion/Don't know

Source: Aite Group survey of fraud executives at 36 large merchants, March to May

2014


Many merchants and FIs are actively deploying technology to mitigate CNP fraud

44%

22%

22%

16%

3%

3%

13%

22%

Tokenization (n=26)

3-D Secure (n=20)

Q: What is your plan to deploy the following technologies?

Using today

On the 1- to 2-year roadmap

Plan to use, but not in the next 2

years

No plans to use

Source: Aite Group survey of fraud executives at 36 large merchants, March to May

2014


Case Studies


3DS is REAL!! - Case Study For A Card Issuer Protecting Transactions Without The Cardholder Hassle


~400,000


Questions and Additional Resources

Join the fraud conversation in the RSA Fraud & Risk Intelligence Community!

– https://community.emc.com/community/connect/rsaxchange/fraud

Follow the RSA Fraud Research team on Twitter

– @RSAFraudAction

Visit the RSA Online Fraud Resource Center

– www.emc.com/onlinefraud

2014 Card and Payments Fraud Forecast

Technology

Transcript of 2014 Card and Payments Fraud Forecast