How EMV & Mobile Payments are Shifting Fraud
•
2 recomendaciones•512 vistas
In 2016 the checkout line is going to look a lot different, as EMV and mobile payment adoption by merchants accelerates. Accepting these new payment methods is a substantial change to our payment system, and one that is set to shift fraud patterns. There is a lot of speculation about what will happen to fraud globally after the implementation is complete, and this webinar will sift the fact from fiction In this webinar we will cover: * How will EMV and mobile payment adoption impact global fraud trends? * Is it possible for EMV cards to be hacked? * Are Apple Pay and other mobile payments systems safer than EMV cards? Watch the replay here: http://www.easysol.net/resources-how-emv-and-mobile-payments-are-shifting-fraud
Recomendados
Recomendados
Más contenido relacionado
Último
Último (20)
Destacado
Destacado (20)
How EMV & Mobile Payments are Shifting Fraud
- 1. How EMV & Mobile Payments are Shifting Fraud Dee Millard Anti-Fraud Solutions Consultant info@easysol.net
- 3. Why EMV in the U.S.? Source: https://www.firstdata.com/downloads/pdf/FirstData_EMV_TimelineAS.pdf
- 4. October 1st, 2015 Businesses still using magnetic stripe terminals after October 1, 2015, are on the hook for the costs if someone uses a lost or stolen credit card. Source: https://www.firstdata.com/downloads/pdf/FirstData_EMV_TimelineAS.pdf
- 5. Simply blocking off one of the avenues of attacks by fraudsters isn't enough to make fraud vanish. Ross Anderson Professor of Security Engineering at University of Cambridge http://www.npr.org/sections/alltechconsidered/2013/12/19/255558139/outdated-magnetic-strips-how- u-s-credit-card-security-lags
- 6. Current and Projected Shift of Card Fraud Trends
- 7. Shift to Card Not Present Fraud What we can expect: • Online and Phone channel • Purchases of high value items • Gift cards, electronics, jewelry, etc. What others have done to prepare: • Improve controls – add additional authentication methods passwords, security questions, etc. • Train call center staff
- 8. • Credit Card Data • PII Information – used to create fake identities to obtain credit cards • Stolen goods from Online CNP present fraud Shift to Black Market Data for Sale
- 9. Shift to Non EMV Compliant Terminals October 2016 EMV Deadline October 2016/2017 EMV Deadline Card Skimming: Where a customer's card information and PIN are captured Card Trapping: When a customer’s card is physically captured Cash Trapping: A device that will trap any cash that the ATM tries to dispense ATMs Gas Stations
- 10. How chip cards can be hacked... • Second chip embedded in card, glued on over original chip • Allowed transactions to go through when the terminal tried to verify if the PIN was correct • Classified as Man-in-the- Middle as the attackers were able to change communication between parties who think they are talking with each other directly http://www.networkworld.com/article/2997794/security/how-hackers-compromised-chipped-credit- cards-and-how-the-authorities-discovered-it.html
- 11. EMV Mobile Payments • Older technology • Can use tokenization, but not standard • Does not factor in online • Payment terminals are required to accept • Newer technology • Most use tokenization as standard • Same security for online payments • Segmented mobile wallets mean different acceptance
- 12. http://www.tomsguide.com/us/mobile-wallet-guide,news-20666.html Segmented Mobile Wallets – different acceptance and methods
- 13. Is Apple Pay Fraud Growing? • In theory should cut down on fraud, by generating essentially new credit card numbers for each transaction • Vulnerability in “onboarding” new credit cards – just need basic information • Banks desperately wanted to be the default card for Apple Pay, so did not question information Apple gave them (fear of missing out on initial sign ups) • Affected users often directed to call centers, who often fall prey to social engineering “Leads to a thriving black market where thieves enter stolen credit card numbers into iPhones, essentially turning the device into a credit card, and walk out with merchandise.” – Andrew Sorkin, New York Times
- 14. 87% of Millennials say their phones never leave their side 80% reach for their smartphone first thing in the morning 78% spend more than two hours a day texting, surfing, talking, tweeting and — more importantly for businesses — shopping, banking and more Source: http://www.usatoday.com/story/money/personalfinance/2014/09/27/millennials-love-smartphones-mobile-study/16192777/
- 16. The bottom line: Each dollar worth of fraud committed using mobile devices costs the scammed merchant $3.34. http://www.bloomberg.com/news/articles/2015-02-13/mobile-payment-fraud-is-becoming-a-pricey-problem “We certainly see a surge in mobile payment attacks,” says Tomer Barel, chief risk officer at PayPal, who says his company deals with more cases of fraud on mobile devices than on PCs.
- 17. How To Proactively Protect Your Customers and Your Organization
- 18. • Utilize the lessons learned from previous shifts • Understand your Risk based on your customer base and product offerings • Strengthen the security of Card-Not-Present channels • Deploy solutions that can easily use a mix of techniques and attributes - Suspicious events and not just for transaction behavior - Geolocation, Device IDs - Multiple card used with same IP or single card with multiple emails • Continually provide training • Evaluate existing fraud strategies – identify gaps, bridge the gaps • Retest existing channels • Implement and document an action plan Are you prepared?
- 19. Take a proactive approach to understanding the threats Rogue App Monitoring | Compromised Card Monitoring
- 20. Why is it Important? Brand and Fraud Intelligence • Proactively shut down threats • Continually monitor for threats • Social Media • Card Monitoring • Similar Domain • Email Spoofing • Website Defacements • Rogue Mobile Applications
- 21. Our Approach: Total Fraud Protection®
- 22. Learn More: Blog Post: The Fraud Outlook Post United States’ EMV Implementation Video: Rogue Mobile App Protection
- 23. Thank You! – Questions? Dee Millard Anti-Fraud Solutions Consultant info@easysol.net
Notas del editor
- The U.S. is the last member of the top 20 world economies to commit to a liability shift associated with chip payments.
- Card losses are getting out of control.
- Businesses still using magnetic stripe terminals after October 1, 2015, are on the hook for the costs if someone uses a lost or stolen credit card. https://www.firstdata.com/downloads/pdf/FirstData_EMV_TimelineAS.pdf
- Through the EMV technology adoption Card fraud will not significantly reduce but will more or less just shift the fraud to other channels Talk about US Chip and Signature vs Chip and Pin (nationally) adopted, Online and eCommerce will increase, The countries before us reported the shift of card fraud from the POS to other channels like Card Not Present.
- Black Market traffic has also increased and is a big business for Fraudsters. The Black Market is a thriving business for criminals. They can buy stolen Credit card data which they use to buy online merchandise and can sell on this market as well. There is also a lot of PII they can buy which they c an use to create synthetic fraud identifies to apply for bank accounts and credit card. I recently sat on a fraud summit panel both in Toronto and NY and some of the biggest concern amoung many institutions was synthetic identifies. Basically when bits and pieces of information from various individuals is taken and combined with fake information to create a vitural id, it becomes very scarey. They can go online, apply for credit, open bank accounts, apply for credit cards, Once all the fraud occurs, it is very hard to detect because there is no single individual, the institution is the one that ends up writing off the loss to bad debt. We have seen such an increase in PII type of information being sold in the black market. Think of all the information and personal information floating out there, like with the Anthem and other breaches, the concern is not so much over medical fraud around some of this but around information being used to create synthetic IDs, children’s social security numbers that have been exposed. These black markets are a vital source for organized criminals. They are easy to use, have Easy check out, great customer service, money back guarantee, so if you test out cards and they don’t work, you can get your money back, they even have their own technical support. This is a projected trends that will continue to grow for years to come.
- Some other related attacks already being seen in US and was a result of EMV rollout in other countries is at the non compliant terminals such as ATMs and Gas stations. While these are not new fraud trends here in the US, there is expected to be some focus from the fraudsters on these channels since they can utilize the typical card skimming devices to get card and pin information. Card trapping devices have also been reported and on the increase, they fit over the card acceptance slot and prevent the card from being ejected to the customer after the transaction is completed, it also stops the ATM from retracting it. Cash traps are also being used – it is basically a claw like device that is inserted into the cash dispenser to hold the cash until the fraudster comes to remove it. This type of fraud typically takes place outside of the normal banking hours of course, and usually after the event occurs, fraudulent transactions start occurring 10-15 minutes later at other ATMs. ATM and Gas Stations deadline for EMV compliance is still a year away so it is important merchants and institutions continually monitor their terminals for any tampering.
- Because many have been trying to get in the game of mobile payments. It provides a more safe way since cards are stored in phone, device of phone can be used to authenticate payments. Less exposure to cards getting compromised, however, still many variations of methods would need to be accepted based on supported devices and technology – however with this widely being adopted, fraudsters and on their horses to figure out ways to perpetrate these methods as well.
- During the introduction of apple pay, fraudsters were quick to take advantage of vulnerabilities and while Apple, card issurers and merchants were quick to react to fix the problem, millions of dollars in fraudulent charges were successfully completed and taken by fraudsters. http://www.nytimes.com/2015/03/17/business/banks-find-fraud-abounds-in-apple-pay.html?_r=0
- We can contribute this increase and growth in mobile to our Millennials.
- So with new payment types and new technology comes new risk. Where the money goes, the fraudsters follow. Mobile consisted of 52 Billion worth of http://www.bloomberg.com/news/articles/2015-02-13/mobile-payment-fraud-is-becoming-a-pricey-problem