1 / 38

JPMorgan Chase Commercial Card Solutions

Risk Management May, 2007. JPMorgan Chase Commercial Card Solutions. Agenda. Definitions Fraud Dispute Case Study – Employee Fraud State of Oklahoma Audit Findings. Definitions. Definitions.

ady
Download Presentation

JPMorgan Chase Commercial Card Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management May, 2007 JPMorgan Chase Commercial Card Solutions

  2. Agenda • Definitions • Fraud • Dispute • Case Study – Employee Fraud • State of Oklahoma Audit Findings 2

  3. Definitions 3

  4. Definitions • Fraud – Unauthorized use of a payment card resulting from lost, stolen or compromised account. The user has malicious intent and is seeking personal gain from use of account. • Dispute – Authorized cardholder questions the validity of a transaction. More along the lines of a transaction that was “mistakenly” applied to an account. MasterCard defines valid dispute reasons. • Employee Abuse – Authorized cardholder uses card in a manner which the State receives no benefit. MasterCard defines the type of employee abuse for which customers can be indemnified. 4

  5. Fraud 5

  6. Common Fraud Types • Lost/Stolen • Counterfeit Card • Mail Theft/Non-Receipt • Unauthorized Use • Skimming • Phishing 6

  7. Lost/Stolen • Major source of fraud, along with counterfeit cards • Perpetrator not sophisticated • May know cardholder address, date of birth and social security number • Generally does not have false identification • Various types of spending 7

  8. Counterfeit Card • Credit card has been manufactured • Security features will not be present or authentic • Sophisticated perpetrator • False identification used • Often found within organized fraud rings 8

  9. Mail Theft/Non-Receipt • New account or replacement card recently mailed • Perpetrator slightly more sophisticated • Will know cardholder address, usually does not know date of birth and social security number • Generally does not have false identification • In-store purchases or mail/telephone order 9

  10. Unauthorized Use • Transactions are made without an actual plastic via mail or telephone orders • Perpetrator is more sophisticated • Adult or Internet-type transactions 10

  11. Skimming • Magnetic stripe is compromised • Card has been manufactured • Identification matches with a false name embossed on credit card • Sophisticated perpetrator - organized fraud rings • Enhanced security features deter perpetrators 11

  12. Phishing • Phishing is an attempt to gain private information about you and your accounts. Most often via e-mail that looks like it is from your financial institution • You should never reply to or enter any information if you receive a suspicious e-mail • If you are unsure if the e-mail is legitimate call the 800 number on the back of your card 12

  13. Phishing • It is not JPMorganChase’s practice to: • Send e-mail that requires you to enter personal information directly into the e-mail • Send e-mail threatening to close your account if you do not take immediate action of providing personal information • Send e-mail asking you to reply by sending personal information • Send e-mail asking you to enter your user ID, password, or account number into an e-mail or non-secure web page 13

  14. Protection Against Fraud Loss is a Partnership • Fraud statistics vary from customer to customer, depending upon the controls they have in place. • Statistically, customers with higher loss are not taking advantage of the controls and reporting provided by the Bank. • JPMChase is there to assist in reducing fraud losses through preventative measures, reporting, and recovery efforts. • There are a number of things customers can do to guard against fraud. 14

  15. Card Design Security Features • Hologram • Stylized Logo • Tamper-evident signature panel (CVC2) • Unique magnetic stripe coding (CVC1) 15

  16. Top Fraud MCCs • 5411 – Grocery Stores • 5732 - Electronics • 5311 – Department Stores • 5310 – Discount Stores • 4812 – Telecommunication Equipment including telephone sales 16

  17. Fraud Detection System • Criteria for queues based on current fraud trends • Reacts to request for authorization • Queues are populated with authorization “hits” on criteria • Queues can be defined for specific MCCs, dollar amounts, states/countries, etc. 17

  18. Fraud Detection System • Detection cases are reviewed by a fraud analyst • Cardholder or Program Administrator is contacted to validate activity • Accounts may be temporarily suspended until activity is validated • Account analyzed by history, previous spending patterns, type of transaction, recently issued card 18

  19. Disputes 19

  20. Dispute Handling Guidelines • Merchants have 45 days to respond to your dispute claim • Provisional credit provided during the research process • File disputes timely • Maintain sufficient documentation on transactions to support your dispute • Avoid card sharing, it forfeits your dispute rights • Avoid use of department cards 20

  21. Chargeback Tip - Disputes • Cardholder should contact merchant to resolve dispute • Cardholder must tender return of merchandise • Quality of service requires supporting documentation • Issuers may assist with cancellation of recurring payments on behalf of the cardholder 21

  22. Case Study Employee Fraud 22

  23. Case Study Recovering From Employee Fraud • Classic Fraud Profile • Trusted long term employee • Employee rarely took vacations/time off • Employee had no real backup • Had multiple levels of responsibility • Employee enforced policy for everyone else • Had access to forms to cover fraud • Start small and built up over time • New supervision – limited training 23

  24. Case Study Recovering From Employee Fraud • Internal Weaknesses • Poorly trained supervision • Was a program administrator and a cardholder • Limited transparency • Limited audit/review by department • No internal audit • Limited review by accounts payable • Weak purchase oversight, small dollar purchases • Start small and built up over time • New supervision – limited training 24

  25. Case Study Recovering From Employee Fraud • Best Practices/Learning Points • Act quick and decisively • Advise senior management immediately • Get HR involved • Think before you act or say anything • Consider the consequences • Work the data • There is a reason for the program • There are corrective actions • There have been successful accomplishments 25

  26. Case Study Recovering From Employee Fraud • Best Practices/Learning Points • Clearly define the underlying issues • Have the facts straight • Describe why the program exist • Describe the effectiveness • Describe what you are doing to resolve the issue • Consider the former employee • Consider the current co-workers 26

  27. Case Study Recovering From Employee Fraud • Corrective Action Steps • New reporting requirements • Transaction monitoring • Minimum use requirements • Card Authorizations • Review of authorized levels • Internal audit corrective action plans • New supervisor manual 27

  28. MasterCoverage Liability Protection Program • Coverage afforded by MasterCard to indemnify entities for instances of employee abuse • Maximum coverage of $100K per cardholder • Program administrator action required • Adhere to claim criteria • Limited to certain activity up to 75 days before and 14 days after JPMC is notified of employee termination • Claims available through customer service or program coordinator • Key Requirements • Employee must be terminated • Cards must be cancelled within two business days of employee termination date 28

  29. MasterCoverage Liability Protection Program • Key Exclusion • Department Cards • Charges made by someone who is not an employee 29

  30. State of Oklahoma Audit Findings 30

  31. State of Oklahoma Purchase Card Audits • 2006 Audit Cycle • Purchase Card Expenditures $17.9MM • For the agencies audited, there was $7MM or 39% of purchase card expenditures • 25 Agencies audited • On average of 42% of the expenditures for each Agency were tested • Estimated administrative cost savings for the State of Oklahoma for calendar year 2006 of $6.4 MM* • *2005 RPMG Research, P-Card Benchmark Survey Results 31

  32. Most Common Purchase Card Audit Findings • Receipts filed were not properly signed, dated, and annotated as “Received” • Internal Procedures were not properly submitted or updated to the Department of Central Services • Memo Statements were not properly signed, dated, or included in the Agency’s purchase documentation • Employee Agreements that were not signed by participating employees of the Purchase Card program 32

  33. Highest Occurrences of Quantifiable Audit Findings • Applicable items that exceeded $500 were not included on the inventory list of the Agency • Receipts reviewed were not properly signed, dated, and annotated as “Received” • Employee Agreements that were not signed by participating employees of the Purchase Card program 33

  34. Findings Associated with Highest Dollar Amount • Total purchase card expenditures exceeding the amount encumbered by the agency • Purchase card transactions not having appropriate documentation • Purchase card transactions not having a detailed or itemized receipt 34

  35. Highest Error Rate Associated with Purchase Card Findings • Agencies who reported lost cards did not have Missing Lost Card Reports on file at the time of the audit • Items for Inventory were not included on the inventory list of the Agency 35

  36. Outcome of Continuous Monitoring Performed • 13 agency directors voluntarily deactivated cards due to lack of or inappropriate Approving Officials • 4 more agency directors deactivated their cards during or regular audits • 5 purchase cards were cancelled and 4 were placed on hold due to cardholders not recorded on the DCS training log 36

  37. Questions? 37

  38. Contacts Lisa Martin Department of Central Services State of Oklahoma (504) 522-1654 David W Cox Vice President JPMorganChase (312) 954-3533 38

More Related