Risk Management views at Authentiction level (MPE 2014)

Merchant Payments Ecosystem

February 18-20, Berlin

RISK MANAGEMENT

VIEWS AT

AUTHENTICATION LEVELHow banks and payment networks can leverage their KYC

knowledge to become leaders at real time authentication.



UNLOCKING

THE KEY

POINTS

• A Broader Definition of Fraud from a

Risk Analysis Perspective

• Innovation at KYC Level

• Compliance “Headaches”

• Multi-Industry Collaboration

• Biometrics Barriers and Future

Developments



A BROADER DEFINITION OF

FRAUD FROM A RISK ANALYSIS

PERSPECTIVE

We cannot solve our problems with

the same thinking we used when we

created them.

“ “



STANDARD DATA AND ASPECTS WE CONSIDER IN

RISK MANAGEMENT

BSINESS + PAYMENTS DATA

AS A CONVERSION TOOL

CONTROL

• Merchant Category Code (MCC)

• Customer Behavior

• Authorisation Rates

• Static Geo-Location

• Fraud and Scoring Rules (bin velocity?)

• Declined Code (type) — Separate Analysis/Dashboard

• Device Fingerprinting

• Biometric Data

• Multi-Factor Authentication

• Third-Party Identity Providers

• Real Time Location Data (Mobile/Geo-Fencing)

LAYERS WE MUST ADD OR CONSIDER



WHAT IS DATA

CONVERGENCE?

TRANSACTION + CHANNEL + DEVICE DATA

CUSTOMER PROFILING

CONVERSIONS AND

PROCESS OPTIMIZATION

Merge all transactions with device + channel DATA

• Reduce Manual Reviews

• Increase Authorization Rates

• Reducing Processing Costs

(Balancing Gateways/RMTs)

• Automating Internal Processes

Segment customer database upon different

behavior as well as their preferences in terms of

payments method used and the ongoing scoring

results (Black /White Listing)



INNOVATION AT

KYC LEVEL



Source: www.litle.com



SOME INITIATIVES AND/OR PROVIDERS

Some of them can serve as authentication tools but not all will meet your compliance needs…



COMPLIANCE

“HEADACHES”

Some Issues:

• Data Protection

• Money Laundering

• Multi-Jurisdiction Approach

Who is the owner and responsible

for enforcing them at product

and operational level?



MULTI-INDUSTRY

COLLABORATION

WHY?

82% of fraud attempts are from

customers with no account history with

the merchant

8% of fraud attempts result from

consumers with more than 241 days

of account history with a merchant -

classic account take-over fraud

So what…?



CASE STUDY OF RED AND DISCOVER:

C10s TO BE REDEVELOPED?

Information added to

positive / negative

databases

Suspicious or High Risk

Transactions

Authentication

ISSUER RESPONSE TO MERCHANTS’ REQUEST FOR VERIFICATION

MATCH Merchant input field and Issuer Data match exactly.

NOT MATCHED Merchant input field and Issuer Data do not match exactly.

UNKNOWN Merchant input data but Issuer has no data on file with which

to present a match response.

NO RESPONSE Merchant input field is blank (Issuer Data is not considered).

Merchants alerted to all

associated ordersMerchants’ ability to

verify Cardholder with

Issuing Bank through

ReD’s Customer Service

Interface (CSI)

MERCHANT

CARDHOLDER

Source: Merchant Risk Council



• Increase revenue

• Adapt risk strategies faster

• Lower fraud and reduce chargebacks

• Simplify authentication of Cardholder’s information directly with Issuer

• Stop shipment of goods or disable services on confirmed fraud

FOR MERCHANTS FOR ISSUERS

• Reduces the resources and costs associated with managing chargebacks and handling account validation requests from Merchants

• Delivers a direct return on investment through the identification of fraudulent transactions

• Enables the Issuer to write rules on data and, so, further refine fraud strategies

• Enables the Issuer to be proactive in alerting Cardholders and protecting them against fraud

• Increases Cardholder confidence and improves Cardholder relationships

Source: Merchant Risk Council



BIOMETRICS BARRIERS

AND FUTURE

DEVELOPMENTS

69% of the Europeans would be willing

to use biometry.

- Synovate Censydiam Research

“

“

AND TO CONCLUDE…



CONCLUSIONSON BIOMETRICS• Biometrics at KYC and transactional level will be a must soon, as it is not longer a promise, but a trend

• Most providers still use old fashion OCR technology instead of biometric authentication systems

A HOLISITC VIEW• See big data as “chopping onions” - too many layers can make you blind (cry)

• Keep in mind that in most cases, payments and fraud go together, look at data from both angles,

and an “apples to apples” perspective

• Multi-factor authentication is the way to follow as biometrics won’t be enough on their own. Apply

this at different risk levels (withdrawals, etc.)

Are banks or payments networks going to take the lead in

fraud prevention systems and processes?

REMEMBER…• “The more secure you make something, the less secure it becomes” • “Fraud never sleeps”…so, never stop studying/learning!



THANK

YOU!

@jerusomix

es.linkedin.com/in/jesusperezbatlles

www.jesusperezbatlles.com

Date post:	17-Jul-2015
Category:	Business
Upload:	jesus-perez-batlles
View:	125 times
Download:	0 times

Risk Management views at Authentiction level (MPE 2014)

Business