IIA Fraud Seminar, Thursday 22nd January 2009

Card Fraud Update

Presented by:Úna Dillon, Head of Card Services, Irish Payment Services Organisation

Agenda

• Introduction to IPSO

• Overview of Irish Payment Card Market

• CNP Card Fraud Overview

• Fraud Prevention Initiatives+ Chargeback Handling

IIA Fraud Seminar, Thursday 22nd January 2009

Introduction to IPSO

Introduction to IPSO

• The Irish Payment Services Organisation Limited (IPSO) is the representative body of the payments industry, the voice and guardian of the payments industry and the strategic interface with all payments stakeholders

• The IPSO umbrella body is made up of the following:– IRECC

– IRIS (to Feb 2009)

– IPCC

– Direct Debit Scheme

– Laser Card Services Ltd

– IPSO Card Services

IPSO Card Services

Members:

_____________________________________Contributors:

IIA Fraud Seminar, Thursday 22nd January 2009

Current Card Market

Overview of Irish Card Market

Card Base• Debit (Laser) cards 2.9m• Maestro + Visa Debit (non-disclosable)• Credit cards 2.4m

Issuers• Credit Card Issuers 12 • Debit card Issuers 9

Acquirers• Acquirers 4+

Transactions • Laser Card: €9.1bn (’08)• Credit Card: €12.6bn (to Nov’08)

IIA Fraud Seminar, Thursday 22nd January 2009

Card Fraud Overview and

Trends

Card Fraud

0

5

10

15

20

25

30

35

40

€Millions

'96 '97 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07

Projected

Actual

CNP Fraud Overview

CNP or Card Not Present Fraud includes:- – fraud conducted over the internet, – by telephone or; – via mail order

Criminals obtain card details by stealing data, using discarded receipts or copying details during a transaction

Biggest fraud problem in Europe

(up to 50% increase ‘06 to ‘07)

Card Fraud Types

Breakdown of Fraud Types

1% 8%2%

3%

22%64%

Lost

Stolen

MNR

Fraud Applic

C'Feit

CNP

E-commerce

There are over 10,000 ecommerce stores in Ireland (source Realex)

E-commerce has enabled businesses to become more efficient and reliable

It is essential for businesses - to be able to markettheir products and services on a global market

Unfortunately – they are the latest crime target– Data hacking– Phishing– Staff abuse (collecting details during transactions)

IIA Fraud Seminar, Thursday 22nd January 2009

Fraud Prevention

Card Fraud Prevention - Banks

Industry Solutions:

• Industry specialist groups (IPSO CFF, IBF HTCF)• Market Intelligence (MI)• Training – SafeCard Task Force (IPSO)

– Conferences, seminars, localised training (industry representative bodies)• Card Security Code (CSC) • Proactive awareness campaigns (e.g. PIN usage)• Intelligent computer systems (e.g. Hunter, Falcon)• International Representation (IPSO)• Counterfeit card fraud prevention • Liaison with Gardaí (GBFI)• Lower floor limits• Hot Card Files• PCI DSS• 3D Secure

www.SafeCard.ie

Card Fraud Prevention - You

No one solution – need to combine many

1. Ensure all of the cardholder’s details are captured

2. Ensure contact phone numbers are landline rather than mobile (can be untraceable)

3. Obtain fixed email addresses (no free ones)

4. Use Card Security Code (no retention)

5. Use 3D Secure solutions (fraud liability shift)

6. Comply with PCI DSS (encryption)

7. Be aware of card scheme dispute

resolution rules (Chargebacks)

IIA Fraud Seminar, Thursday 22nd January 2009

Chargebacks

Chargebacks

In a CNP environment, the onus is on you to provide proof that the bona fide cardholder performed a given transaction– The cardholder could have made a mistake, or– they may be a criminal

Chargeback Cycle:Customer Dispute → Issuer investigation → Chargeback → Representment →2nd Chargeback →Arbitration

Chargebacks

Chargeback Reasons:

• Retrieval Request• Processing error• Cardholder dispute• Authorisation• Fraud

CNP - Where there are suspicions of fraud

• Merchant fraud or collusion• Implication circumstances

surrounding the transaction were improper or possibly fraudulent

• Not authorised (approved) • Not sent to cardholder address • Expired/not yet valid card • Split sale (floor limit) • Not cardholder name

Chargebacks

Specific Time limits provided for the process and resolution (card scheme rules)

For example:– Retrieval Request acquirer to respond within 45 days– First Chargeback acquirer to respond within 60 days– Second Presentment Issuer to respond within 45 days

When you receive a chargeback notification from your bank or acquiring processor:

– You have an opportunity to dispute the chargeback– Be mindful of the time limits which are imposed on your acquirer– Gather information on the transaction and cardholder and send a copy in

response to the notice.

Finally……

Keep informed of industry fraud trends:

• Liaise regularly with your acquirer

• Refer to reputable websites for new information:

– www.safecard.ie– www.makeitsecure.ie– http://www.shopsafeonline.org.uk/retailers/

Contact Details

Úna Dillon

IPSO

14 Cumberland St

Dun Laoghaire

Co. Dublin

Email: una.dillon@ipso.ie

Website: www.ipso.ie

Website: www.safecard.ie