Online Fraud

Prepare For The Rising Tide

FIS/Digital Transactions WebinarRené M Pelegero

President, RPGC Group, LLCOctober 4th, 2016

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Total Cost Of Fraud

• Reported gross card fraud losses globally $16.31B in 2014*– Of that US accounts for 48% with Issuers absorbed 62% and merchants 38%

resulting on fraud losses reported of approximately 0.05%• However, this number woefully understates fraud for CNP US merchants

– Global card fraud report also includes the volume of cash withdrawal at ATMs– Includes physical transactions where liability resides with issuers– Does not include additional costs associated with other fees associated with

chargebacks

For  the  purposes   of  this  presentation  overall  fraud  losses  as  reported  from  chargebacks  shall  be  assumed  to  be  0.30%

*  Source:  The  Nilson Report   ,  July  2015,   “Card  Fraud  Worldwide”

Running  Total  0.30%

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Total Cost of Fraud

• The value of each fraudulent transaction is increasing – Q: In a typical month, approximately…

[w]hat is the average value of successful fraud transactions?

• Therefore, the cost of fraud as a % of revenue is also increasing– Q: What is the approximate dollar

value of your company’s total fraud losses over the past 12 months? Fraud losses as a percent of total annual revenue

*  Source:  LexisNexis   2016  True  Cost  of  Fraud  Study

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Further…

• Fraud reported as chargeback is only a portion of the total fraud experienced by online merchants*– “Did not receive”, “Came damaged”, “I did not sign up”– Carrier fraud

• These losses are usually refunded to the cardand, many times, are not included in overall fraud results– These losses account

between 65% and 75% of all losses depending on merchant size adding an estimated77bps to the runningtotal

*  Source:  Cybersource 2016  Annual  Fraud  Benchmark   Report

Running  Total  1.07%

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

In Addition

• Overall manual review rate is 29% in 2015 across all merchants – (up from 27% in 2013)

*  Source:  Cybersource 2016  Annual  Fraud  Benchmark   Report

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Cost of Manual Review

• The cost of manual review adds from 0.53% to nearly 2% to the cost of payments– For the purposes of this analysis, we’ll add 93 bps to the running total

$5-­‐$25  Million >  $100  MillionOrders  per  month 10,000   1,000,000  Average  sales  transactions $                              50.00   $                                50.00  Average  monthly   sales $                      500,000   $              50,000,000  

Average  manual  review  rate 29% 8%Number  of  orders  manually   reviewed/mo 2,900   80,000  Orders  reviewed  by  an  investigator  per  day 125 125Orders  reviewed  by  an  investigator  per  20  day  month 2,500   2,500  Number  of  investigators  required 1.16 32Annual  fully   burdened   investigator  cost  (e.g.  salary,  benefits) $                      100,000   $                        100,000  Monthly   fully  burdened   investigator  cost $                                8,333   $                                  8,333  Monthly   fully  burdened   investigator  staff $                                9,667   $                        266,667  Monthly   cost  of  investigator  staff  as  %  of  sales 1.93% 0.53%

Running  Total  2.00%

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Cost of Technology and Tools

• Tools and technology costs account for about 60% of total fraud management budgets

• If the cost of manual reviews was estimatedat 93bps, we estimatethat tools and technology costs to be another 50bpsRunning  Total  2.50%

*  Source:  LexisNexis   2016  True  Cost  of  Fraud  Study  and  Vesta Javelin    “The  Impact  of  Fraud  and  Chargeback  Management  on  Operations”,   2015

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Cost of PCI DSS Compliance

• PCI DSS Compliance Requirements– Level 1 – Onsite audit by a QSA– Others – Self Assessment Questionnaire

• May also require vulnerability scanning, penetration testing, and security training– Cost a factor of company size, locations, IP addresses

• Cost of preparation• Cost of audit and repairing of vulnerabilities• Cost of supporting new requirements (e.g. PCI DSS 3.2)• PCI Compliance fees from Acquirers

– Maintaining PCI Compliance can range from a few thousands to hundreds of thousands of dollars per year

• Cost of Non-Compliance– Non-Compliance fines from $5,000 to $100,00 per month– $3-$10 card replacement fine plus forensic audit costs, fraud on compromised

cards, lawsuits, loss of business, etc.

Retailers  have  collectively  spent  more  than  $1  billion   so  far  on  PCI  DSS  complianceSource:  National   Retailer  Federation

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Fraud Fighting Impacting Customer Experience

• Two categories– Issuer declines– False positives

• Opportunity Cost– Issuer Declines 0.80%– False Positives 0.15%)

10,000  Orders10,000  

Orders

BankCard  

authorization  process  

(90%  approval)

10,000  Orders9,000  

Approved  Orders

1,000  Declined  Orders

6,390Approved  Orders

“Good”  declines  (60%)

Do  Not  Honor  (40%)

Retried  SavedDeclines  (80)

$4,000  

Retried  Unsaved

Declines  (320)

FraudScreen  &

29%  review  rate

2,610To  Be  

Reviewed  Orders

Manual  Review2.8%  Reject

2,537Screened  &  Approved  Orders

Retry  20%  Save

15  (20%)Rejected  “Good”

Orders  $731

58  (80%)Rejected  “Bad”Orders

(0.80%)

(0.15%)

Running  Total  3.45%

*  Source:  LexisNexis   2016  True  Cost  of  Fraud  Study  and  Cybersource 2016  Annual  Fraud  Benchmark  Report

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

Total Cost of Fraud

• Chargeback reported fraud– 0.30%

• Losses from fraudulent claims– 0.77%

• Cost from staff for manual reviews– 0.93%

• Cost from technology and tools to identify and minimize fraud– 0.50%

• Opportunity cost from issuer declines and false positives– 0.95%

The  cost  of  actual  fraud  losses  plus  the  cost  of  identifying   and  minimizing   fraud  adds  between  3%  to  3.45%  in  addition to  the  actual  cost  of  payments  estimated  at  

about  2%  for  online  merchants

Copyright  ©  2010-­‐2016  RPGC  Group  LLC    All  rights  reserved

New Thinking Is Needed

• Current methods of payment (i.e. bankcards)– Improved tools and algorithms

• Increased needs for data will conflict with data privacy issues– Enhanced data flowing between merchants and issuers

• Significant structural changes required• Merchants want to work closer with issuers

• Develop/Implement new methods of payment– Turn the flow from pull to push

• Use OBeP solutions like it is done in some countries in Europe and Asia• Leverage new payment instruments like Same Day ACH and Faster Payment solutions• Merchants concerned about re-directing customers away from their check out flows and of

“buyer’s remorse”– Omni-channel and mobile to get consumers to “opt-in”

• Consumers are vetted up front and they give permission for use of their data• This up-front validation will allow the use of other payment methods (e.g. PLCC, ACH)

which will also lower overall costs

Retail Payments Global Consulting Group, LLC109 2nd St. S., Suite #437

Kirkland, WA 98033-9002 U.S.A.+1-425-522-4110info@rpgc.com

RPGC  Group  Proprietary  &  Confidential