The contents of this presentation are proprietary and confidential 1 ARC – FIGHTING FRAUD TO...

The contents of this presentation are proprietary and confidential

1

ARC – FIGHTING FRAUD TO MITIGATE LOSSES

Dottie Hogan

Director, Risk Management+1.703.816.8008

[email protected]

arc4100 N. Fairfax Drive, Suite 600

Arlington, VA 22203 USA http://www.arccorp.com

November 6, 2009


Topics

• ARC today

• Risk Management – core & fraud analysis

• Yesterday/Today

• CNP fraud schemes

• Best practices


33

ARC – Today

• 40-year history of growing and automating reporting and

settlement systems and services

• Serving the U.S., Puerto Rico, the U.S. Virgin Islands and

American Samoa

• Headquartered in Arlington, VA Offices in Louisville, Tampa and San Juan

Field staff throughout the U.S.

Over 440 employees

Data center owned and operated by ARC


ARC – Data Technology Focus

• State-of-the-art technology• 24x7 data center operations

• 2x25 TB Teradata data warehouse

• Advanced web reporting, analysis and business intelligence

• Advanced Security and Information Privacy

• PCI Compliant since 2005

• EU Safe Harbor Compliant

• Advanced encryption technology


5

Data Governance

Operational BI

World ClassData Warehouse

Technology

PredictiveAnalytics

ARC’s Award-winning Technology


2008 Statistics

• $79.5 billion in sales• 87% Credit Cards Sales • 53% Domestic Sales

• 144 million transactions processed• 99.1% of transactions are e-tickets • 1.6 billion ticket segments stored in ARC

COMPASS®• 39 months of stored ticketing data available on-line• 302,808 average monthly ARC system users

• 17,000 accredited points of sale• 175 participating carriers


7

ARC – Solution Focused

• Provide the settlement system of choice Global solutions – multi-currency

• Lead a data revolution in the industry ARC COMPASS® is the foundation for market-leading business

intelligence Lower costs Drive e-ticketing:

50% in 2000 to 99.1% in 2008 Reduce industry fraud Respond to industry needs

o IAR electronic reportingo Travel Agent Service Fee (TASF)o Document Retrieval System (DRS) o ARC’s Memo Managero ARC’s MarketPlace


Who Works with ARC?

• Agencies & CTDs

• Air Carriers

• Railroads

• Travel Suppliers

• Airports

• Destination Marketing Organizations

• Credit Card Companies

• Government Agencies

• Aircraft Manufacturers

• Financial Markets

• Media


9

Risk Management

ARC’s Risk Management Department

Strategic Vision: Become the preferred provider of fraud prevention solutions to reduce losses and increase revenues

• Compliance of the ARA

• Stolen and counterfeit tickets

• Fraud investigation

• Law enforcement liaison

• Accreditation inspections/audits

Team of analysts and auditors working in partnership with travel agents and airlines

Core responsibilities:


Risk Management

Innovative fraud prevention solutions:

• Query data stored in ARC COMPASS® to perform various analytical research to mitigate losses, such as –

Credit card use across entities

High risk city pair analysis


ARC’s Unique Ability to Mitigate Losses

• Enterprise data warehouse

• Privacy and security controls in place• PCI• EU Safe Harbor compliant

• Analyze data across carriers for similarities

• Highly experienced fraud analysts


Proprietary & Confidential InformationARC PROPRIETARY AND CONFIDENTIAL. This document includes confidential information that is proprietary to Airlines Reporting Corporation (ARC). Disclosure of this document or any information contained herein to third parties is prohibited without the prior written consent of an authorized ARC officer. Obsolete versions of this document should be destroyed in a manner to prevent compromise of the information, e.g., shredding.

www.tdwi.org

Airlines Reporting Corporation 2009 CATEGORY WINNER

Using Predictive Analytics to Fight Fraud


Details about you …

Average number of “details” harvested about an individual each month by Google, Yahoo!, and other companies?

100

250

1000

2500The Numerati, Steven Baker


Details about you …

Number of cameras in the UK planned for use in facial recognition security?

4,000

40,000

400,000

4,000,000

Surveillance Studies Network

United Kingdom has more surveillance cameras than any other in the world; at least 4.2 million of them on the country's public streets, one camera for every 14 people.


15

Yesterday

• Primarily brick & mortar locations

• Walk-in passengers, no email, no web sites

• Paper-oriented ticketing / reporting / settlement

• Check or cash preferred FOP

• Credit cards were not the norm • Required credit card, validator, and signatures Little in the way of fraud Lots of protection


16

Today - Card Not Present – “CNP”

Travel agents face a balancing act

Between increasing sales and reducing chargebacks

Between making the customer happy and secure, and reducing manual risk assessment

Variety of business models

• OTA – internet only agents

Host agents – external affiliates

Brick/mortar – calls/faxes/e-mail

Hybrid – Brick/mortar & web sales


Host Agencies - Affiliates

• Verify identification

• Recommend credit checks

• Suggest face-to-face meeting

Trust, but verify!!!

• ARC’s VTC (Verified Travel Consultant) program• Accredited through ARC

• Not authorized to ticket

• Receive ACN number to use with cruises..etc.


18

Granting Access to Premises

• New employees Key to the agency?

Access to corporate account profiles?

• Outside sales reps/affiliates Uninhibited access to ticketing systems?

Key to the agency?


External Problems

Various causes:• Ex-employees:

Access to your pin and passwords Taking corporate credit card #’s

• Be very wary of someone calling from GDS or airline seeking your pin and password

• Fake “consolidators”

• Outside agents using stolen or compromised credit cards

• Individual/agency identity theft


Fake Consolidators

• Red flags when dealing with “consolidators”:

“Consolidator” cannot issue tickets

No street address on website

“Consolidator” provides tickets issued from another country:

o Foreign “bust-out” tickets

o Foreign counterfeit tickets

o Foreign stolen tickets

“Consolidator” provides tickets that are on ticket stock from a small, domestic carrier

• If provided ACN number:

Verify if accredited agent via “ARC Check” on our website

http://www.arccorp.com/support/arc-check.jsp


Florida

109 Tickets

$361,320

Trvl Agency Identity Theft

Fraud Schemes- International Travel >$1.8MM

Florida

81 Tickets

$412,291


California

48 Tickets

$224,259


Arizona

30 Tickets

$147,384

Outside Sls Agt –False Identity

Minnesota

56 Tickets

$220,000

Outside Sls Agt-False Identity

Texas

125 Tickets

$230,700

1. Outside Sls Agt-False Identity

2. Phishing scam for Pin and PW

to GDS

Wisconsin

63 Tickets

$149,515

1. Outside Sls Agt –False Identity

2. Compromised GDS Pin & PW

Texas

30 Tickets

$76,274

Outside Sls Agt-False Identity

Illinois

6 Tickets

$21,619

Outside Sls Agt –False Identity

10 Same Names

1 Same Name

19 Same Nam

es 2 Same N

ames

4 Same Names

1 Same CC

1 Same Nam

e

3 Same Names

1 Same CC


Summary of Known Fraudulent Acts

• Usually weekend ticketing

• Travel in/out of Africa

• Generally itinerary does not touch the U.S.

• E-mails with misspelled words; incorrect grammar; requests travel using airport code rather than name of city

• Usually business or first class

• Primarily credit card but some cash sales

• Cardholder is not the passenger


Fraud Schemes– Domestic Travel >$1.2MM

• Been under the ‘radar’ for years – ARC alerted Dec. 2008

• 845 travel agencies – at least one in every state

• All credit card brands compromised

• YTD value of transactions >$1.2MM

• U.S. carriers only – domestic travel


Summary of Known Fraudulent Acts

• Travel is less than 3 days from DOI

• First leg usually travel between –

LAX, SMF, ONT, SNA to/from MSY, ATL

• Second leg usually near location of agent, but never used

• Booked via phone• Caller is male, always with an

emergency situation – birth, death or serious accident

• Usually passenger and cardholder with common surnames

• Normally 2-3 people traveling - average $400 per ticket

• Agents do not try to verify caller.i.e. fax ID documents (the rare times they have, caller hangs up)

ARC working with law enforcement on both scams


25

Be on Guard

• Travel Agency Attacks Gentle takeover – phishing, fake outside sales agent Not-so-gentle takeover –compromise GDS pin/password Doctor, lawyer, Indian chief, and more

• Consolidators Too good to be true It is still your customer!

• Check your IAR report every day

• Protect your Pin and Passwords

If any suspicious activity, please contact ARC (703-816-8137 or [email protected])

Also, notify law enforcement, airlines and GDS


26

Red Flags Checklist

http://www.arccorp.com/support/fraud-credit-card-red-flags.jsp

MEDIUM RISK•Caller ID identifies caller as local •Originating airport is in the same region as the travel agency •Destination is in the same region as the travel agency •Passenger may or may not be cardholder •Customer is new •Domestic or international travel •Date of departure is less than one month from date of issue

LOW RISK•Caller ID identifies caller as local •Passenger is also cardholder •Agent obtains manual imprint of unexpired and unaltered

credit card in the travel agency •Agent obtains valid signature and approval code •Signature is an approximate match to that on back of the

credit card •Originating airport is in the same region as the travel

agency •Destination is in the same region as the travel agency •Established customer •Domestic travel •Date of departure is more than one month from date of

issue

HIGH RISK•Caller ID identifies caller as out of area or with no information at all •Agents are usually contacted for the first time via, Web site, e-mail or the TTY service (for the hearing impaired) •Cardholder is not the passenger •Credit card, driver's license, passport faxed/e-mailed because cardholder

is never present in the agency •Several tickets are purchased with different routings, travel dates and

passenger last names using a single credit card •"Customer" may use a religious title (e.g., Pastor Robert) or a religious

premise (Missionaries to Africa) or other socially respected profession, e.g., doctors, to establish credibility •E-mail requests contain obvious spelling errors (e.g. cities and states) •"Customer" uses airport codes in their e-mails, i.e., asking for tickets from

ACC to LHR rather than Accra to London •"Customer" provides fictitious address and phone number in the US •E-mail address is from a free service (Yahoo, Hotmail, Gmail, etc) •Customer/passenger name is new to agency •Domestic or international travel •Customer not concerned with ticket price or service fee amount •Last minute travel •Highly flexible travel schedule •Customer offers multiple credit cards as payment if first credit card is

rejected •Customer can be contacted only via a cell phone with an area code not in

the same region


Fake or Real?

Which driver’s license cost one agency over $40,000?


Preventing “It”

I.D. Checking Guide – http://www.idcheckingguide.com/arc/

• Helps agencies verify a variety of forms of identification Driver’s licenses from every U.S. state and Canada Passports Military ID cards Immigration documents Bank cards including American Express, Diners Club,

and Visa


Fraud scoring

• What is your agency using today to detect credit card fraud at booking/ticketing?

• Is it an external vendor or an in-house process? (maybe both)

• How long has this process been in place?• What are your metrics to determine the

success of your process? • Do you plan to enhance your fraud scoring

process? How?


30

How well is ARC communicating to Agents?

• Special fraud alerts – have they been effective?

• TAC messages

• Fraud prevention section - www.arccorp.com

Communicating “It”


Biggest Benefit Of Your Due Diligence

FRAUDSTERS WILL TARGET SOMEONE ELSE

The contents of this presentation are proprietary and confidential 1 ARC – FIGHTING FRAUD TO...

Documents

Transcript of The contents of this presentation are proprietary and confidential 1 ARC – FIGHTING FRAUD TO...