Published on March 10, 2014
Merchant Payments Ecosystem February 18-20, Berlin RISK MANAGEMENT VIEWS AT AUTHENTICATION LEVEL How banks and payment networks can leverage their KYC knowledge to become leaders at real time authentication.
Merchant Payments Ecosystem February 18-20, Berlin UNLOCKING THE KEY POINTS • A Broader Definition of Fraud from a Risk Analysis Perspective • Innovation at KYC Level • Compliance “Headaches” • Multi-Industry Collaboration • Biometrics Barriers and Future Developments
Merchant Payments Ecosystem February 18-20, Berlin A BROADER DEFINITION OF FRAUD FROM A RISK ANALYSIS PERSPECTIVE We cannot solve our problems with the same thinking we used when we created them. “ “
Merchant Payments Ecosystem February 18-20, Berlin STANDARD DATA AND ASPECTS WE CONSIDER IN RISK MANAGEMENT BSINESS + PAYMENTS DATA AS A CONVERSION TOOL CONTROL • Merchant Category Code (MCC) • Customer Behavior • Authorisation Rates • Static Geo-Location • Fraud and Scoring Rules (bin velocity?) • Declined Code (type) — Separate Analysis/Dashboard • Device Fingerprinting • Biometric Data • Multi-Factor Authentication • Third-Party Identity Providers • Real Time Location Data (Mobile/Geo-Fencing) LAYERS WE MUST ADD OR CONSIDER
Merchant Payments Ecosystem February 18-20, Berlin WHAT IS DATA CONVERGENCE? TRANSACTION + CHANNEL + DEVICE DATA CUSTOMER PROFILING CONVERSIONS AND PROCESS OPTIMIZATION Merge all transactions with device + channel DATA • Reduce Manual Reviews • Increase Authorization Rates • Reducing Processing Costs (Balancing Gateways/RMTs) • Automating Internal Processes Segment customer database upon different behavior as well as their preferences in terms of payments method used and the ongoing scoring results (Black /White Listing)
Merchant Payments Ecosystem February 18-20, Berlin INNOVATION AT KYC LEVEL
Merchant Payments Ecosystem February 18-20, Berlin Source: www.litle.com
Merchant Payments Ecosystem February 18-20, Berlin SOME INITIATIVES AND/OR PROVIDERS Some of them can serve as authentication tools but not all will meet your compliance needs…
Merchant Payments Ecosystem February 18-20, Berlin COMPLIANCE “HEADACHES” Some Issues: • Data Protection • Money Laundering • Multi-Jurisdiction Approach Who is the owner and responsible for enforcing them at product and operational level?
Merchant Payments Ecosystem February 18-20, Berlin MULTI-INDUSTRY COLLABORATION WHY? 82% of fraud attempts are from customers with no account history with the merchant 8% of fraud attempts result from consumers with more than 241 days of account history with a merchant - classic account take-over fraud So what…?
Merchant Payments Ecosystem February 18-20, Berlin CASE STUDY OF RED AND DISCOVER: C10s TO BE REDEVELOPED? Information added to positive / negative databases Suspicious or High Risk Transactions Authentication ISSUER RESPONSE TO MERCHANTS’ REQUEST FOR VERIFICATION MATCH Merchant input field and Issuer Data match exactly. NOT MATCHED Merchant input field and Issuer Data do not match exactly. UNKNOWN Merchant input data but Issuer has no data on file with which to present a match response. NO RESPONSE Merchant input field is blank (Issuer Data is not considered). Merchants alerted to all associated orders Merchants’ ability to verify Cardholder with Issuing Bank through ReD’s Customer Service Interface (CSI) MERCHANT CARDHOLDER Source: Merchant Risk Council
Merchant Payments Ecosystem February 18-20, Berlin • Increase revenue • Adapt risk strategies faster • Lower fraud and reduce chargebacks • Simplify authentication of Cardholder’s information directly with Issuer • Stop shipment of goods or disable services on confirmed fraud FOR MERCHANTS FOR ISSUERS • Reduces the resources and costs associated with managing chargebacks and handling account validation requests from Merchants • Delivers a direct return on investment through the identification of fraudulent transactions • Enables the Issuer to write rules on data and, so, further refine fraud strategies • Enables the Issuer to be proactive in alerting Cardholders and protecting them against fraud • Increases Cardholder confidence and improves Cardholder relationships Source: Merchant Risk Council
Merchant Payments Ecosystem February 18-20, Berlin BIOMETRICS BARRIERS AND FUTURE DEVELOPMENTS 69% of the Europeans would be willing to use biometry. - Synovate Censydiam Research “ “ AND TO CONCLUDE…
Merchant Payments Ecosystem February 18-20, Berlin CONCLUSIONS ON BIOMETRICS • Biometrics at KYC and transactional level will be a must soon, as it is not longer a promise, but a trend • Most providers still use old fashion OCR technology instead of biometric authentication systems A HOLISITC VIEW • See big data as “chopping onions” - too many layers can make you blind (cry) • Keep in mind that in most cases, payments and fraud go together, look at data from both angles, and an “apples to apples” perspective • Multi-factor authentication is the way to follow as biometrics won’t be enough on their own. Apply this at different risk levels (withdrawals, etc.) Are banks or payments networks going to take the lead in fraud prevention systems and processes? REMEMBER… • “The more secure you make something, the less secure it becomes” • “Fraud never sleeps”…so, never stop studying/learning!
Merchant Payments Ecosystem February 18-20, Berlin THANK YOU! @jerusomix es.linkedin.com/in/jesusperezbatlles www.jesusperezbatlles.com
... healthcare risk management professionals with options and inspiration for developing a successful Enterprise Risk Management program tailored to their ...
... only from computers running Remote Desktop with Network Level Authentication ... the Network Level ... are based on my personal views/usage ...
Medical Protection Society is the leading society for ... Casebook September 2014. ... Improving performance and risk management in Scotland; MPS around ...
Authentication, complex passwords and limiting permissions are three of the top bullet points on this Microsoft SQL Server security ... risk management ...
The method proposed in the essay can satisfy source authentication ... thus reducing key control risks ... 2014. View at Publisher · View at ...
In order to reduce the risk of these problems, ... in which user’s authentication requires the certificate ... 2014. View at Publisher · View at ...
2016 PRMIA Risk Management Challenge. 2016 PRMIA Risk Management Challenge[Case Competition] *Team Registration Deadline Extended: ... View All News.
Xerox® Secure Print Manager Suite ... visit www.xerox.com/mps ©2014 Xerox Corporation. ... authentication, you risk a data breach at the
Network security: LAN Manager authentication level. Updated: January 21, 2005. Applies To: Windows Server 2003, Windows Server 2003 R2, Windows ...