200 likes | 414 Views
1- Card fraud prevention: need for a cooperative approach. 3. Card fraud in SEPA: some facts. Approximately 10 million fraudulent transactions per year in the SEPA area affecting 500,000 merchants and representing roughly
E N D
1. 1
2. 1- Card fraud prevention: need for a cooperative approach
3. 3 Card fraud in SEPA: some facts Approximately 10 million fraudulent transactions per year in the SEPA area affecting 500,000 merchants and representing roughly € 1 billion losses for the banking industry
Scale, extent and level ? Pan-European issue
Card fraud damages image of banking industry and acceptance of electronic payment instruments
Fraud prevention: within the cooperative space, and a societal obligation for all stakeholders
4. 4 EPC approach to fraud prevention “An essential, if not paramount, ingredient needed to build the SEPA is the degree of Trust and Confidence perceived by all the parties involved in a card transaction. (…)
There should be a concerted effort to attain a uniform level of equipment in the different zones of SEPA, so that any cardholder who wishes to pay with a card is provided with the same facility, and the same level of security, in each of the different Member States.”
Source: EPC Cards WG Findings & Recommendations, Jan. 2003
5. 5 EPC Cards WG Recommendation Nr. 1, January 2003 “The banking industry should reinforce actions to prevent and combat fraud through active co-operation between banks, card schemes, retailers, the Eurosystem, the European Commission, law enforcement authorities, governments, and other stakeholders. Minimum security standards (including EMV chip) and a common approach for tackling fraud will be defined, and their implementation monitored. ”
6. 6 EPC Card Fraud Prevention TF Task Force of EPC Cards WG
Created in March 2003
Participation of ECB, EC, and card schemes
EPC Forum on “Fighting Card Fraud across Europe”, Paris, 8-9 October 2003
Industry “Battle Plan” to combat card fraud
EPC Resolution on “Fighting and preventing card fraud across Europe” (approved in Dec. 2003)
Participation in EU Fraud Prevention Experts Group
7. 7 Fighting and preventing card fraud across Europe: actions completed European antifraud database opportunity and feasibility study
Consolidated security standards and procedures:
European antifraud toolkit
EMV implementation snapshot
Inventory of standardisation initiatives
Strengthen EPC involvement in the EU Fraud Prevention Experts Group
Best practices’ section on EC website
8. 8 Types of Fraud 2 very different phases:
Attack (Data Capture)
Theft of card
Compromise of card details & PIN
etc.
Usage (Misuse)
Use of stolen card
Use of manufactured counterfeit
etc.
Need to react / prevent at every level
Prevent – Identify – React – Limit consequences – etc.
9. 2- EMV roll-out: migration status in SEPA EPC figures as of end September 2006 (Q3 2006)
10. 10 EMV roll-out: status in EU-25 As of end September 2006:
50.0% of payments cards (debit & credit)
47.1% of POS terminals
56.6% of ATMs
… had already been converted to EMV
Source: EPC quarterly “EMV Implementation Snapshots”
11. 11
12. 12 EMV Migration in EU25: Cards % in EU25
13. 13 EMV Migration in EU25: POS % in EU25
14. 14 EMV Migration in EU25: % of EMV ATMs in EU25
15. 15 EMV accompanying measures Implementation monitoring by EPC Card Fraud Prevention Task Force:
Overview of EMV “liability shift” rule implementation (deadline 01-01-2008): not only for cross-border transactions, but also for national transactions!
Overview of EMV transactions and magstripe fallback rates at POS/ATMs: comparison with EMV implementation snapshot; identification of possible issues
Overview of EMV “acceptance holes”: best practices to convince petrol and vending sectors to migrate; overview of terminal types present in SEPA
16. 3- Latest EPC initiatives in the area of card fraud prevention
17. 17 Card fraud prevention: 3 new axis of work (1/3) Issue: problems at POS & ATMs with magstripe fallback on EMV transactions
? Proposal: shift the liability of fraud losses in case of EMV magstripe fallback from the issuer to the acquirer as from 1st January 2008 for ATM transactions. Consider a similar measure on POS transactions at a date to be defined.
18. 18 Card fraud prevention: 3 new axis of work (2/3) Issue: fast increasing CNP fraud
? Proposal: card schemes to mandate as from 1st Jan. 08:- acquirers to acquire and transmit CVX2 values for e-commerce transactions- issuers to decline any authorization request made with a false CVX2 and any authorization request not carrying a CVX2 value for those transactions.
? Proposal: card schemes to analyse a similar rule for MOTO transactions.
? Proposal: card schemes to incentivise 3DSecure implementation by protecting acquirers from liability when the merchant is 3DSecure enabled, as from 1st January 2009.
19. 19 Card fraud prevention: 3 new axis of work (3/3) Issue: lack of aggregated statistics on card fraud in SEPA; difficulty to monitor trends
? Proposal: collection of aggregated statistics on card fraud in SEPA through card schemes and using the intermediary of the ECB as a trusted third party; fraud categories = those currently commonly used by international schemes (Lost & Stolen; Card Not Received; Counterfeit; Card Not Present; and “others”).
20. 20