220 likes | 322 Views
Reasons for Revenue Leakage in CNP Transactions and their prevention DRF EU Conference 2005 Amsterdam Sven Slazenger BDOA e.V. – AK Integration Technologies, AK ePayment Managing Director, InterLake Informationssysteme GmbH. Agenda. Agenda. Current Status: Revenue Leakage in CNP Situations
E N D
Reasons for Revenue Leakage in CNP Transactions and their preventionDRF EU Conference 2005 Amsterdam Sven SlazengerBDOA e.V. – AK Integration Technologies, AK ePaymentManaging Director, InterLake Informationssysteme GmbH
Agenda Agenda • Current Status: Revenue Leakage in CNP Situations • Main factors for revenue loss • Adding some statistics • How to prevent Revenue Leaks • Special focus on Geolocation and Fraud Prevention • Challenges & Roundup
Situation Current Situation • Revenue Leakage as a percentage of business revenue through online / mail order fraud is up to 40 times higher than in an offline environment. (Internet Fraud Prevention Advisory Council) • Revenue Leakage rises with the complexity of your revenue chain: Telcos lost 13.7% of their revenue in 2003 (Analysis Group) but on average they have 24 steps in the revenue chain. • Although there are less stolen and counterfeit cards out there, revenue loss due to fraud is rising. One of the main factors is identity theft. Financial services companies lost 4 billion USD in 2003 due to identity theft (IDC) • Revenue is leaking in several places, due to internal and external factors!
Factors Main Factors • Main factors for revenue leakage • Insufficient billing/invoicing systems and bad systems integration • Poor internal procedures • Credit management • Fraud through stolen or manipulated data, including identity theft • Internal factors are often swept under the rug. Almost no public data available. External factors concerning fraud are well documented.
Statistics Statistics • Federal Trade Commission (US) on internet fraud and identity theft in 2004 • average amount lost 1.440 USD, median amount lost 214 USD • main methods of payment37% credit card19% bank debit15% money order13% wire transfer • top services for internet related fraud complaints48% internet auctions17% internet shopping10% internet access services6% foreign money offers3% adult services • stolen identities mostly used for credit card fraud (28%)
Statistics Statistics • IC3 2004 Internet Fraud Report • 66% increase in internet fraud reports between 2003 and 2004 • mostly auction fraud, non-delivery, credit card fraud • median loss of 219 USD per case (similiar to FTC figures) • Large number of auction fraud complaints (81.2%) due to eBay link to IC3. • Non-delivered merchandise and/or payment accounts for 15.8%. • Credit Card fraud accounts for 5.4% • E-Mail (63.5%) and the web (23.5%) were the two primary mechanisms by • Which fraudulent contact took place.
Statistics Statistics
Statistics Statistics • APACS (Umbrella body for UK Banking Industry) • In 2003: • counterfeit cardsdown 28% • stolen cards down 2% • CNP fraud up 6% • non-delivery up 17% • identity theft fraud up 45% (!) • Identity theft is the fastest growing financial crime in the UK!
Statistics Statistics APACS Data
Statistics Statistics APACS Data
Statistics Statistics APACS Data
Statistics Statistics • Merchant Risk Council member survey on Internet Fraud trends 2003 • merchants spend more: 17% spend >2% of revenue on fraud prevention • fraudulent chargeback rates >1% fall to 9.7% in 2003 vs. 18% in 2002 • 45% of merchants use/want to use Verified by Visa and MC SecureCode • 16% of merchants have never heard of the above • International Fraud has become the biggest problem! 38% of businessesdeclare international fraud to be „out of control“ or „a big problem“.
Statistics Statistics Roundup • Key facts • revenue loss due to online fraud is up • besides auction fraud, credit card fraud and identity theft are leading causes for rising losses • merchants using fraud prevention services bring down fraud • international fraud is still the biggest problem • lack of awareness among merchants and customers adds to the problem • no data on lost revenue due to bad internal processes
Fix it Who can fix it? • Main factors: • Insufficient billing/invoicing systems and bad systems integration • Poor internal procedures • Credit management • Fraud through stolen or manipulated data, including identity theft • It‘s a CXO Issue: • Includes billing (CIO), risk management (CFO), systems integration (CTO) • Solution: appoint a revenue assurance director at boardroom level • Don‘t fix it yourself: hire a revenue assurance consultant. Payback period usually 6 months, never longer than a year. • Every EUR saved adds another 40 cents in cost reduction as system discrepancies are resolved in the course of a revenue leakage review.
Fix it Who can fix it? • Solve external factors by connecting to external resources: • Fraud Prevention Platforms • AVS • Caller ID • GeoIP • Credit scoring • Credit card security codes • Verified by Visa, MC SecureCode • Address Checks • Blacklist Checks • Finally: • Educate your customers: protect them from spyware and update them on internet scams • work in partnership with others • learn from your own experiences
GeoIP GeoIP • Can GeoIP information prevent identity theft fraud? • 31% of e-commerce businesses already use geolocation for several purposes. Another 22% plan to use GeoIP information (Cybersource) • Case Study: • 75% of fraudulent orders with a US billing address were placed from abroad • in 85% of fraudulent domestic transactions the billing address did not match the state from which the order was placed. Fraud rates for such mismatched transactions were 15 times higher. • Fraud losses were cut by 15% after blocking orders from the 15 US cities that were the source of more than half the fraudulent transactions. • Geolocation cuts these risks by determining the geographic location of a web site visitor in real time, comparing that data with billing and shippingaddresses, and flagging the merchant.
trails F Internet-User Online-Shop À Internet Webserver Electronic trails What information can an IP address unveil? DNS Reverse Lookup: interlake.net • 213.61.110.37 • IP Address • Time and date • Viewed pages • Transferred volume • OS and browser • NET Domain = USA • Manual RIPE-Check with IP Adress = München • Domain-Check = Friedrichshafen • So where‘s the user? More details through GeoIP information • Realtime availability • adds a geographic location to an IP address • high relevance of data through a combination of technical gathering instruments
GeoIP F Internet-User Online-Shop G Internet Payment Service Provider þ ª scoring, address check, blacklists GeoIP Tracking How it works How GeoIP works Information gathered through GeoIP: • Country, City, Language, geographic coordinates with high relevance (country 99%, city up to 94%) • Information on high-risk countries • Distance between location and billing/delivery address • Demographic information on the location • Proxy usage
Phishing Phishing Attacks rise as much as 110% month over month Phishing
Roundup GeoIP Roundup • Key facts • which information do I need? Direct identity check not possible • cost ranges from 500 EUR to 100.000 EUR per year, depending on quality • Geolocation information will not solve your problems • combine Geolocation with other fraud prevention methods • use Geolocation for other areas in your company to lower the cost: content geo-targeting, digital rights management,…
Roundup Roundup • Conclusion • Internal Factors: check your processes and systems integration • External Factors: use a combination of external resources to gather information on each transactionAs cross-border trade grows, international credit and identity checks become more important. There already are fraud prevention platformsproviding international information, so use them. Finally, organizationslike the DRF EU and BDOA can be communication platforms to providetransparency to these issues.Thank you for your attention.