Upload
masha-cilliers
View
345
Download
2
Embed Size (px)
Citation preview
Masha Cilliers,
Founder and Principal Consultant
Payment Options Ltd
Masha Cilliers, Principal Consultant since 2012
23 years in payments business: Visa, Microsoft, Cybersource, GlobalCollect and Datacash
Focus on international sales for corporates, start ups and payment companies
There are differences: some goods are received immediately, some delivered later, some ‘claimed’ months after the transaction
There are similarities: fraudster behaviour can be predicted but they get more technology savvy
Fraudsters don’t discriminate – they are happy to defraud all sectors! And they exchange information about their experiences across industries and are a lot more ‘professional’ about it than many retailers
There are fraud losses and there is loss of revenue from declining valid orders – both are very important to merchants◦ UK – 1.65% lost to online fraud◦ US – 0.9% lost to online fraud ◦ As much as 2.3% of orders are rejected ◦ Up to 10% false positives
*Cybersource fraud report
• Fraudsters focus on making ‘payment journey’ look
legitimate
• ‘Clean Fraud’ is when fraudsters have all the legitimate
data (from identity theft, phishing and other scams)
• They have a very good knowledge of the fraud engines
and frequently test merchant’s sites
• Fraudsters are working together and exchanging
information – it is truly a global issue
• New Fraud types: reshipping (changing
destination/ticket class), account take over, man in the
middle to name just a few
Established:
• CVV &AVS
• 3D Secure (UK)
• Customer order history
• Negative lists
• IP geolocation
• Manual Review
Emerging:
• Google maps for location and other location options
• Device fingerprint for PCs (not as much for mobile)
• Website behaviour analysis
• Pass on, buy or share customer data
• Social network and other external behaviour analysis
• Focus on specific important factors
Trends spotted:
Clean Fraud• Correct address, CVV and IP, no risky characteristics
Organised fraudsters and ‘Gaming’• Botnets, scrumping: using real customers’ PCs used as proxy and challenging
merchant’s system to find out the rules
Timing and assessing fraud strategy effectiveness• Real fraud information is received through chargebacks up to 3 months after the
transaction which is too long
Some of the solutions:
Device and cross merchant transaction comparison• Packet signature inspection – device fingerprint – combined with browser fingerprint• Interrogate the device to see if anything controls it
Layered set of detectors• Cornering – ask for information• Dimension – combine related data• Specific – safety net if some data is not available, look at others parameters
Decision Manager Replay• Testing new rules based on own transaction data for the past 6 months
Trends spotted:
Synthetic Identities developed by fraudsters
• Tools and rules no longer enough
• Need real-time systems and comprehensive list of attributes
Some of the solutions:
Order Linking
• Attribute linking
• Looks at entire online world
• Relating transactions
• Who are the fraudsters and where they are
Email verification
• Age, previous use and other factors
• Great way to add a new attribute
Trends spotted:
Real-time screening critical but not enough
• Predicting behaviour on what has previously happened and not taking into account new fraud threats doesn’t show full picture
Merchants need more information from other merchants across industries
Some of the solutions:
Re-screen live orders
• Use past data to rescreen recent (72 hours) transactions to detect fraud attacks. Merchant can reconsider the order (cancel ticket, stop delivery, call customer etc). Also helps with cutting down manual reviews
Share information
• Provide a ‘club’ (information exchange) for merchants to screen data against each others both real time and retrospective
Trends spotted:
Issuers and Merchants• Not enough information is being passed between the parties, but the
Issuers soon know about transactions being fraudulent from the cardholders
Post transactional screening is needed• This ensures that the verticals with long exposure can thoroughly screen
for fraud
Some of the solutions:
Merchant/Issuer collaboration• A network of issuers connected to the platform which enables the
merchants to receive the alerts as soon as the transactions are reported as fraudulent
Alerts• Advance notification of customer disputes before they turn into
chargebacks allowing the merchant to stop shipment of good and refund fraudulent transaction, thus optimising on customer satisfaction
Trends spotted:
Fraudsters are Sophisticated• They are getting very collaborative and organised Teams of people
‘working’ as fraudsters but the retailers are not sharing as well across the markets
Rules have limited use: • Rules are not always enough and don’t give information about who the
buyer really is nor do they give enough history on the customer• Especially challenging for the digital goods sector
Some of the solutions:
Fraud screening by email address• Email address is used universally across different sites and merchants
and is key to consumers online identity• Using extensive database and various other data sources to check if the
email address has been seen in a fraudulent transaction• Not exposing or sharing of data across the value chain
IP cross validation• Additional checks of IP to combine with email address to validate the
email check results
• 80% of Merchants are either selling via mobile or planning to
• But very few have fraud strategy relating to mobile devices
• Not many providers have specific offers
• Device fingerprint is important but is hard to implement due to mobile companies not sharing data
• Need specific mobile strategy and tools
• Look at other variables (voice recognition and mobile location)
• Use of new payment methods (bank based wallets etc)
Cybersource 2014
Data sharing between merchants
Mixing real time and post transaction screening
Device fingerprint technology for both packet signature and to interrogate to establish secure use
Order linking and behavioural rules
New attributes (mobile location, email verification and other)
Appropriate Manual Review and chargeback management
Mobile fraud management strategy
•Device interrogation
•Packet signature
•Identity morphing
•Order linking
•Email address check
•Using reporting data
•Sharing by merchants
•Buying validation data
•Chargeback re-presentment and forecasting
•Real-time
•Post transaction screening
•Reporting
•Chargeback
•Testing rules on past transactions
•Velocity
•Limits
•Product types
•Traditional attributes
•New attributes
•Social
Rules Time
BehaviourData
Many thanks for your time. Any
questions?
Masha Cilliers has 20+ years experience in
payments from traditional card business to online
and mobile commerce and new digital payment
products
The main area of focus is on Merchants, Payment
Companies and Investors and the area of
expertise are◦ Selecting suppliers and payment products
◦ Payment strategy and ecosystem
◦ Alliances and partnerships
◦ Launching products and markets
@Visa 1993-2003
◦ New Market development
◦ Product marketing, selling and enabling pan regional launch of new payment products (smart cards and VbV)
◦ Designing business models to support new products and building partnerships to support maketwide acceptance
@Microsoft 2003-2008
◦ Innovating with and implementing payment methods to support online products MSN, Xbox, Search etc in over 20 markets
◦ Identifying payment strategy to include alternative and mobile payment instruments, launching mobile operator billing
◦ Working closely with all key providers (Cybersource, First Data, GlobalCollect, BNPP, Citibank, Arvato and more)
@CyberSource 2008-2009
◦ Advising US management on European ecommerce and payment trends, evaluating new payment instruments
◦ Identifying strategic partnerships and key payment products to grow European business
@GlobalCollect 2009-2012
◦ Building and promoting payment portfolios required for international ecommerce business including mobile payments
◦ Part of management team involved in benchmarking and competitor evaluation, working closely with key merchants
◦ Creating partnerships and alliances and building relationships with key ecommerce platforms, mobile payments and banks
@Datacash/MasterCard 2012
◦ New online payment product innovation strategy with UK and European business exposure
◦ Pricing and competitor benchmarking and overall strategy direction for ecommerce growth as part of executive board
@ Payment Options 2012-present
◦ Advising and helping launch new payment products, schemes and start ups
◦ Identifying payment requirements and finding suitable providers for retailers, digital and other merchants
◦ Consulting large payment organisations such as Visa, Vocalink and Barclays on ecommerce and new payments technology
◦ Profiling PSPs and other payment providers for investors, other PSPs and financial institutions
CUSTOMERS
focus on understanding the latest consumer
payment products, their pros and
cons as well as current and future
uptake
MERCHANTS
Fully understanding the digital merchants needs and issues they need to solve
thus helping clients build
products to suit digital merchants
PAYMENT COMPANIES
extensive experience in working with
Payment Systems, Banks, PSPs and
other payment providers both as partners and as
suppliers
PARTNERSHIPS
Understanding the ecosystem and
building alliances with payment
industry intermediaries
PRODUCTS AND MARKETS
Good understanding of
new payment products and innovation,
advising clients how to interpret or
launch new payment products
or markets