The contents of this presentation are proprietary and confidential 1 ARC – FIGHTING FRAUD TO...
-
Upload
norman-richards -
Category
Documents
-
view
216 -
download
0
Transcript of The contents of this presentation are proprietary and confidential 1 ARC – FIGHTING FRAUD TO...
The contents of this presentation are proprietary and confidential
1
ARC – FIGHTING FRAUD TO MITIGATE LOSSES
Dottie Hogan
Director, Risk Management+1.703.816.8008
arc4100 N. Fairfax Drive, Suite 600
Arlington, VA 22203 USA http://www.arccorp.com
November 6, 2009
The contents of this presentation are proprietary and confidential
Topics
• ARC today
• Risk Management – core & fraud analysis
• Yesterday/Today
• CNP fraud schemes
• Best practices
The contents of this presentation are proprietary and confidential
33
ARC – Today
• 40-year history of growing and automating reporting and
settlement systems and services
• Serving the U.S., Puerto Rico, the U.S. Virgin Islands and
American Samoa
• Headquartered in Arlington, VA Offices in Louisville, Tampa and San Juan
Field staff throughout the U.S.
Over 440 employees
Data center owned and operated by ARC
The contents of this presentation are proprietary and confidential
ARC – Data Technology Focus
• State-of-the-art technology• 24x7 data center operations
• 2x25 TB Teradata data warehouse
• Advanced web reporting, analysis and business intelligence
• Advanced Security and Information Privacy
• PCI Compliant since 2005
• EU Safe Harbor Compliant
• Advanced encryption technology
The contents of this presentation are proprietary and confidential
5
Data Governance
Operational BI
World ClassData Warehouse
Technology
PredictiveAnalytics
ARC’s Award-winning Technology
The contents of this presentation are proprietary and confidential
2008 Statistics
• $79.5 billion in sales• 87% Credit Cards Sales • 53% Domestic Sales
• 144 million transactions processed• 99.1% of transactions are e-tickets • 1.6 billion ticket segments stored in ARC
COMPASS®• 39 months of stored ticketing data available on-line• 302,808 average monthly ARC system users
• 17,000 accredited points of sale• 175 participating carriers
The contents of this presentation are proprietary and confidential
7
ARC – Solution Focused
• Provide the settlement system of choice Global solutions – multi-currency
• Lead a data revolution in the industry ARC COMPASS® is the foundation for market-leading business
intelligence Lower costs Drive e-ticketing:
50% in 2000 to 99.1% in 2008 Reduce industry fraud Respond to industry needs
o IAR electronic reportingo Travel Agent Service Fee (TASF)o Document Retrieval System (DRS) o ARC’s Memo Managero ARC’s MarketPlace
The contents of this presentation are proprietary and confidential
Who Works with ARC?
• Agencies & CTDs
• Air Carriers
• Railroads
• Travel Suppliers
• Airports
• Destination Marketing Organizations
• Credit Card Companies
• Government Agencies
• Aircraft Manufacturers
• Financial Markets
• Media
The contents of this presentation are proprietary and confidential
9
Risk Management
ARC’s Risk Management Department
Strategic Vision: Become the preferred provider of fraud prevention solutions to reduce losses and increase revenues
• Compliance of the ARA
• Stolen and counterfeit tickets
• Fraud investigation
• Law enforcement liaison
• Accreditation inspections/audits
Team of analysts and auditors working in partnership with travel agents and airlines
Core responsibilities:
The contents of this presentation are proprietary and confidential
Risk Management
Innovative fraud prevention solutions:
• Query data stored in ARC COMPASS® to perform various analytical research to mitigate losses, such as –
Credit card use across entities
High risk city pair analysis
The contents of this presentation are proprietary and confidential
ARC’s Unique Ability to Mitigate Losses
• Enterprise data warehouse
• Privacy and security controls in place• PCI• EU Safe Harbor compliant
• Analyze data across carriers for similarities
• Highly experienced fraud analysts
The contents of this presentation are proprietary and confidential
Proprietary & Confidential InformationARC PROPRIETARY AND CONFIDENTIAL. This document includes confidential information that is proprietary to Airlines Reporting Corporation (ARC). Disclosure of this document or any information contained herein to third parties is prohibited without the prior written consent of an authorized ARC officer. Obsolete versions of this document should be destroyed in a manner to prevent compromise of the information, e.g., shredding.
www.tdwi.org
Airlines Reporting Corporation 2009 CATEGORY WINNER
Using Predictive Analytics to Fight Fraud
The contents of this presentation are proprietary and confidential
Details about you …
Average number of “details” harvested about an individual each month by Google, Yahoo!, and other companies?
100
250
1000
2500The Numerati, Steven Baker
The contents of this presentation are proprietary and confidential
Details about you …
Number of cameras in the UK planned for use in facial recognition security?
4,000
40,000
400,000
4,000,000
Surveillance Studies Network
United Kingdom has more surveillance cameras than any other in the world; at least 4.2 million of them on the country's public streets, one camera for every 14 people.
The contents of this presentation are proprietary and confidential
15
Yesterday
• Primarily brick & mortar locations
• Walk-in passengers, no email, no web sites
• Paper-oriented ticketing / reporting / settlement
• Check or cash preferred FOP
• Credit cards were not the norm • Required credit card, validator, and signatures Little in the way of fraud Lots of protection
The contents of this presentation are proprietary and confidential
16
Today - Card Not Present – “CNP”
Travel agents face a balancing act
Between increasing sales and reducing chargebacks
Between making the customer happy and secure, and reducing manual risk assessment
Variety of business models
• OTA – internet only agents
Host agents – external affiliates
Brick/mortar – calls/faxes/e-mail
Hybrid – Brick/mortar & web sales
The contents of this presentation are proprietary and confidential
Host Agencies - Affiliates
• Verify identification
• Recommend credit checks
• Suggest face-to-face meeting
Trust, but verify!!!
• ARC’s VTC (Verified Travel Consultant) program• Accredited through ARC
• Not authorized to ticket
• Receive ACN number to use with cruises..etc.
The contents of this presentation are proprietary and confidential
18
Granting Access to Premises
• New employees Key to the agency?
Access to corporate account profiles?
• Outside sales reps/affiliates Uninhibited access to ticketing systems?
Key to the agency?
The contents of this presentation are proprietary and confidential
External Problems
Various causes:• Ex-employees:
Access to your pin and passwords Taking corporate credit card #’s
• Be very wary of someone calling from GDS or airline seeking your pin and password
• Fake “consolidators”
• Outside agents using stolen or compromised credit cards
• Individual/agency identity theft
The contents of this presentation are proprietary and confidential
Fake Consolidators
• Red flags when dealing with “consolidators”:
“Consolidator” cannot issue tickets
No street address on website
“Consolidator” provides tickets issued from another country:
o Foreign “bust-out” tickets
o Foreign counterfeit tickets
o Foreign stolen tickets
“Consolidator” provides tickets that are on ticket stock from a small, domestic carrier
• If provided ACN number:
Verify if accredited agent via “ARC Check” on our website
http://www.arccorp.com/support/arc-check.jsp
The contents of this presentation are proprietary and confidential
Florida
109 Tickets
$361,320
Trvl Agency Identity Theft
Fraud Schemes- International Travel >$1.8MM
Florida
81 Tickets
$412,291
Trvl Agency Identity Theft
California
48 Tickets
$224,259
Trvl Agency Identity Theft
Arizona
30 Tickets
$147,384
Outside Sls Agt –False Identity
Minnesota
56 Tickets
$220,000
Outside Sls Agt-False Identity
Texas
125 Tickets
$230,700
1. Outside Sls Agt-False Identity
2. Phishing scam for Pin and PW
to GDS
Wisconsin
63 Tickets
$149,515
1. Outside Sls Agt –False Identity
2. Compromised GDS Pin & PW
Texas
30 Tickets
$76,274
Outside Sls Agt-False Identity
Illinois
6 Tickets
$21,619
Outside Sls Agt –False Identity
10 Same Names
1 Same Name
19 Same Nam
es 2 Same N
ames
4 Same Names
1 Same CC
1 Same Nam
e
3 Same Names
1 Same CC
The contents of this presentation are proprietary and confidential
Summary of Known Fraudulent Acts
• Usually weekend ticketing
• Travel in/out of Africa
• Generally itinerary does not touch the U.S.
• E-mails with misspelled words; incorrect grammar; requests travel using airport code rather than name of city
• Usually business or first class
• Primarily credit card but some cash sales
• Cardholder is not the passenger
The contents of this presentation are proprietary and confidential
Fraud Schemes– Domestic Travel >$1.2MM
• Been under the ‘radar’ for years – ARC alerted Dec. 2008
• 845 travel agencies – at least one in every state
• All credit card brands compromised
• YTD value of transactions >$1.2MM
• U.S. carriers only – domestic travel
The contents of this presentation are proprietary and confidential
Summary of Known Fraudulent Acts
• Travel is less than 3 days from DOI
• First leg usually travel between –
LAX, SMF, ONT, SNA to/from MSY, ATL
• Second leg usually near location of agent, but never used
• Booked via phone• Caller is male, always with an
emergency situation – birth, death or serious accident
• Usually passenger and cardholder with common surnames
• Normally 2-3 people traveling - average $400 per ticket
• Agents do not try to verify caller.i.e. fax ID documents (the rare times they have, caller hangs up)
ARC working with law enforcement on both scams
The contents of this presentation are proprietary and confidential
25
Be on Guard
• Travel Agency Attacks Gentle takeover – phishing, fake outside sales agent Not-so-gentle takeover –compromise GDS pin/password Doctor, lawyer, Indian chief, and more
• Consolidators Too good to be true It is still your customer!
• Check your IAR report every day
• Protect your Pin and Passwords
If any suspicious activity, please contact ARC (703-816-8137 or [email protected])
Also, notify law enforcement, airlines and GDS
The contents of this presentation are proprietary and confidential
26
Red Flags Checklist
http://www.arccorp.com/support/fraud-credit-card-red-flags.jsp
MEDIUM RISK•Caller ID identifies caller as local •Originating airport is in the same region as the travel agency •Destination is in the same region as the travel agency •Passenger may or may not be cardholder •Customer is new •Domestic or international travel •Date of departure is less than one month from date of issue
LOW RISK•Caller ID identifies caller as local •Passenger is also cardholder •Agent obtains manual imprint of unexpired and unaltered
credit card in the travel agency •Agent obtains valid signature and approval code •Signature is an approximate match to that on back of the
credit card •Originating airport is in the same region as the travel
agency •Destination is in the same region as the travel agency •Established customer •Domestic travel •Date of departure is more than one month from date of
issue
HIGH RISK•Caller ID identifies caller as out of area or with no information at all •Agents are usually contacted for the first time via, Web site, e-mail or the TTY service (for the hearing impaired) •Cardholder is not the passenger •Credit card, driver's license, passport faxed/e-mailed because cardholder
is never present in the agency •Several tickets are purchased with different routings, travel dates and
passenger last names using a single credit card •"Customer" may use a religious title (e.g., Pastor Robert) or a religious
premise (Missionaries to Africa) or other socially respected profession, e.g., doctors, to establish credibility •E-mail requests contain obvious spelling errors (e.g. cities and states) •"Customer" uses airport codes in their e-mails, i.e., asking for tickets from
ACC to LHR rather than Accra to London •"Customer" provides fictitious address and phone number in the US •E-mail address is from a free service (Yahoo, Hotmail, Gmail, etc) •Customer/passenger name is new to agency •Domestic or international travel •Customer not concerned with ticket price or service fee amount •Last minute travel •Highly flexible travel schedule •Customer offers multiple credit cards as payment if first credit card is
rejected •Customer can be contacted only via a cell phone with an area code not in
the same region
The contents of this presentation are proprietary and confidential
Fake or Real?
Which driver’s license cost one agency over $40,000?
The contents of this presentation are proprietary and confidential
Preventing “It”
I.D. Checking Guide – http://www.idcheckingguide.com/arc/
• Helps agencies verify a variety of forms of identification Driver’s licenses from every U.S. state and Canada Passports Military ID cards Immigration documents Bank cards including American Express, Diners Club,
and Visa
The contents of this presentation are proprietary and confidential
Fraud scoring
• What is your agency using today to detect credit card fraud at booking/ticketing?
• Is it an external vendor or an in-house process? (maybe both)
• How long has this process been in place?• What are your metrics to determine the
success of your process? • Do you plan to enhance your fraud scoring
process? How?
The contents of this presentation are proprietary and confidential
30
How well is ARC communicating to Agents?
• Special fraud alerts – have they been effective?
• TAC messages
• Fraud prevention section - www.arccorp.com
Communicating “It”
The contents of this presentation are proprietary and confidential
Biggest Benefit Of Your Due Diligence
FRAUDSTERS WILL TARGET SOMEONE ELSE