Contenu connexe Similaire à ATM Fraud Prevention Management White Paper from ESQ (20) ATM Fraud Prevention Management White Paper from ESQ1. WHITE PAPER
Bank Fraud Protection:
Staying One Step Ahead
of the Fraudsters
SPONSORED BY:
As fraud becomes a more complex and widespread problem, banks must
find more proactive means to defeat criminals and protect customers.
By Fritz Esker
ATMmarketplace.com
American banks are realizing that fraud is becoming increasingly pervasive
and complex. A late 2011 study issued by The Nilson Report stated that the
United States accounted for a whopping 47% of credit and debit card fraud
despite generating only 27% of the total volume of purchases. But legacy
fraud management systems have not kept up with the growing sophistication of fraud across channels. Banks need to consider channel-specific
fraud management systems that can also share info with other channels
for true multi-channel fraud management.
From the 2013 Association for Financial
Professionals Payments Fraud Survey
• 61% of organizations experienced attempted or actual payments
fraud in 2012
• 27% of respondents reported fraud incidents increased in 2012
• On net, affected organizations were hit more often
• 64% of respondents discussed fraud prevention or security with their
bank in 2012
Type of Fraud #1: Skimming
Skimming is attaching a device to the mouth of an ATM that secretly swipes
credit and debit card information when customers slide their cards into the
machines. This information is then used by fraudsters to produce counterfeit cards.
While skimming is a popular form of fraud, the upcoming rollout of EMV
in many countries will eliminate the issue of counterfeit cards due to the
dynamic encrypted data that chip cards produce. But expect fraudsters to
take advantage of the confusion just prior to the rollout of EMV cards.
© 2013 Networld Media Group | Sponsored by ESQ
1
2. Bank Fraud Protection: Staying One Step Ahead of the Fraudsters
“Banks need a flexible
and agile system to
ensure that they can stay
ahead of the fraudsters”
—Harish Bhat, President of Cupertino, CA-based ESQ
Business Services.
Banks are also deploying anti-skimming devices and analytics to detect
skimming patterns and isolate merchants whose terminals may have
been compromised.
“Sophistication of fraud and the speed at which it is propagating has
increased to alarming levels. Banks need a flexible and agile system to
ensure that they can stay ahead of the fraudsters,” said Harish Bhat, resident of Cupertino, CA-based ESQ Business Services.
Type of Fraud #2: Card-Not-Present (CNP)
Because of the rapid proliferation of online and mobile commerce, card-notpresent (CNP) fraud is a growing concern to banks. People aren’t just using
websites like Amazon.com to shop from their home computers, they are now
using apps from various stores and businesses on their smart phones to
make purchases. The growing popularity of mobile transactions has opened
up a whole new avenue for criminals to defraud people. CNP fraud is more
prevalent with general retailers, the telecom industry and service providers.
As industries migrate from magnetic strips on cards to the increased security of EMV chips, more criminals will likely shift their focus to CNP fraud.
Address verification, card security verification, and security programs from
Visa and MasterCard are some of the ways to combat CNP fraud.
Fighting Fraud: Staying Ahead of the Game with Transaction
Surveillance & Analytics
Fraudsters will never stop working hard to come up with new ways to beat
security systems with banks, ATMs, and other financial enterprises. This
is why banks need to be proactive. Reacting to what thieves are already
doing is important, but thinking creatively to stop future fraud issues before
they start is even more critical.
“Real-time transaction surveillance can help banks proactively monitor
emerging fraud threats, identify fraud patterns including organized attacks
across multiple channels and facilitate effective enterprise fraud management,” said Bhat.
It’s crucial that banks use real-time transaction surveillance. Brenda LeavittParadis, senior information security advisor for Sage Data Security of
Portland, Maine, said banks need to monitor the information real-time and
make decisions. Once the transaction is over, the perpetrator has the cash
and video and police reports are the only ways to track down the criminal.
Real-time monitoring can prevent the cash from ever being stolen in the
first place.
© 2013 Networld Media Group | Sponsored by ESQ
2
3. Bank Fraud Protection: Staying One Step Ahead of the Fraudsters
There are a number of fraud checks a bank should implement to protect its
customers. Some examples including the following:
• If there are multiple transactions originating from two different IP
addresses within a specified time window
• Three or more gas pump transactions within a 6-hour interval
• Multiple PIN attempts on ATMs occurring on consecutive days
• Multiple ATM transactions occurring from the same cardholder in
quick succession in different countries
Given the changing nature of fraud, banks need to have the ability to define
new fraud rules and deploy them into production rapidly. To address this
problem, ESQ provides an intuitive rules editor as part of its FraudD
transaction surveillance solution. Business users can quickly define new
fraud rules to respond to emerging fraud trends. These rules can be quickly
tested in various scenarios and deployed in the production environment.
Fraud rules can be set up to enable high-risk transactions to be blocked
or declined and to send real-time alerts cardholders to mitigate risks and
protect customers.
Fraud management systems should also prioritize cases to ensure that critical events are not ignored. In a typical bank’s fraud operations division, there
are tiered agents who evaluate cases. If an agent can’t resolve a case, he
escalates it to the next level; this is a time consuming process. With transaction surveillance, business rules automate the decision making process and
trigger automatic alerts and notifications. This way, the agents only need to
focus on exceptional cases. As a result, a company only needs a small fraud
operations team and their overall productivity is enhanced.
Happier Customers, Happier Banks
About the sponsor:
ESQ Business Services Inc. of Cupertino, CA
is a leading provider of integrated ATM and
POS life cycle management and analytics solutions for the payment industry worldwide.
© 2013 Networld Media Group | Sponsored by ESQ
Banks who fight fraud proactively will see an increase in customer satisfaction. When customers around the country learn that one bank is taking
bolder steps to combat fraud than others, these customers will want to do
business with the bank that makes them feel safer. It can give a bank a leg
up on its competitors.
“There is no single silver bullet for effective fraud management. Banks have
to stay one step ahead of the fraudsters. PCI compliance, EMV migration
and transaction surveillance can provide a tiered security layer to minimize
risk and protect customers,” said Bhat.
3