Controlling Fraud Risk Exposure and Loss

Sherri Goodman

Director of Fraud Operations

September 22, 2005

22

Agenda

• Overview of Fraud Types• Identity Fraud• Transactional Fraud

• Primary Fraud Loss Control Strategies• Prevention• Detection• Recovery• Partnerships

• Fraud Risk Management Mission

• Fraudster Trends and Emerging Threats

• Overall Financial Impact and Trend

• Q & A

33

Credit card fraud comes in two types based on how it is Credit card fraud comes in two types based on how it is perpetratedperpetrated

Identity Fraud

• Personal identification information is used to impersonate true person; for example:

• SSN

• Date of birth

• Mother’s maiden name

• New credit accounts can be established with this information without consumer knowledge

Transactional Fraud

• Account access devices are stolen and used for purchases

• Credit Cards

• Convenience Checks

• Or credit card information is stolen and used for purchases

• Counterfeit cards

• Internet purchases

• Only impacts existing accounts

44

Identity Fraud is perpetrated in three primary ways

Application Fraud

Account Takeover

Not Received Issuance

An application for the creation of a credit account using a false name or other false identification information

The use of an existing credit account by a person who gains access to the account through an unauthorized means

The interception and use of a credit card before receipt by the cardholder

•Consumer’s personal information is stolen and an unsolicited channel is used to apply

•Account address is changed and an access device is requested (i.e., card, convenience check)

•Card is stolen from customer’s mailbox or from within the postal system, and activated using stolen personal info

Definition Examples

55

Similarly, transactional fraud is grouped into types depending on how it is committed

Lost or Stolen

Counterfeit

Card Not Present

Purchase

The use of a lost or stolen card or convenience check

The use of altered or illegally produced credit cards or convenience checks

The use of credit card account information (e.g., account number, expiration date) without the physical card being involved

•Credit card is stolen from customer

•Magnetic stripe info is “skimmed” from true card and encoded onto different card

•Purchases are made via internet with account number and expiration date only

Definition Examples

66

• Data security

• Application screening and investigation for potential ID fraud

• Card activation

• PIN usage

• CVV2/CVC2 usage

• Customer authentication on phone/internet

• Customer education

• Law enforcement

To control fraud losses, we work across three To control fraud losses, we work across three dimensionsdimensions

Prevention Detection Recovery

• Transaction monitoring for suspicious activity

• Application screening and investigation for potential ID fraud

• Signature authentication on convenience checks

• Customer education

• Reversal of erroneous and/or false claims

• Chargeback merchants who are liable under Visa/Mastercard rules

• Letters of Responsibility from perpetrators

• Law enforcement restitution

77

And we do this work in close coordination with internal and external organizations

Capital One

Industry

Government

Government•Legislators (Federal and State)

•Regulators (Fed, OTS, FTC, Treasury)

•Law Enforcement (Secret Service, FBI, Postal Inspectors, local/state)

Industry•Financial Services Roundtable

•ID Theft Assistance Center

•Internet and ID Theft working groups

•MasterCard and Visa

•Credit Bureaus

•Other issuers

Capital One•Marketing

•Customer Service

•Mail Services

88

But fraud losses are but one element of our three-part But fraud losses are but one element of our three-part mission for managing fraud risk for Capital Onemission for managing fraud risk for Capital One

Minimize:Fraud Losses

Fraud Manageme

nt Expenses

Negative Customer

Impact+ +

•ID fraud losses

•Transactional fraud losses

•Call center operations

•Investigations of potential fraud

•IT systems and infrastructure

•Defense strategy and analysis

•Customer education

•Transaction declines at point of sale

•Card activation

•Authentication to call center

•Victim assistance

•Customer education

99

The technical advancement and globalization of fraudster The technical advancement and globalization of fraudster activity will provide increasing fraud management activity will provide increasing fraud management challenges challenges

More professionalization of fraud practices

More fraud done offshore

More “fraudster-to-fraudster” education

More technical fraud (hacking skillset coupled with straight fraud skillset)

More collusion – not just merchants and fraudsters, but company insiders

Key trends

1010

In spite of ongoing fraudster innovation, the credit card In spite of ongoing fraudster innovation, the credit card industry has cut its fraud loss rate by over half in the industry has cut its fraud loss rate by over half in the past five yearspast five years

Source: Risk Managers Roundtable Industry Report

6.3

8.3

13.2 13.1

9.3

7.0

0.0

2.0

4.0

6.0

8.0

10.0

12.0

14.0

1999 2000 2001 2002 2003 2004

BasisPoints

OfSales

U.S. Credit Card Fraud Losses as a percentage of sales(shown in basis points)

1111

Q & AQ & A