Embed Size (px)
Citation preview
THE CHANGING TECHNOLOGY LANDSCAPE
CHIP CARDS, EMV & FRAUD
Ryan MilesTreasury Management Specialist at Alerus
WHO IS ALERUS?
At Alerus, our purpose is to help you achieve yours. We do this by bringing you people, products, and services dedicated to your best
interest. We do this by providing diversified financial resources delivered in a remarkable unified way. We do this by creating strong relationships
that endure. With Alerus, you can achieve your purpose.
BANKING :: MORTGAGE :: RETIREMENT :: WEALTH MANAGEMENT
GOALS FOR TODAY
• General history of credit and credit cards
• Understanding of chip cards and EMV technology
• Liability shift and business impact
• Current consumer & business frauds
• Questions
Page 5
HISTORY OF CREDIT & CARD PAYMENTSHOW IT ALL STARTED….. The charge coin was a small and easily portable numbered
metal coin that the customer presented when making a credit purchase. The number of the coin was also used as the customer’s account number in the store’s debtors ledger. The coin functioned as both an accounting and authentication device. The only information on the credit coin was the name of the store and a number representing the customer.
The Farrington Manufacturing Company of Massachusetts developed the Charga-Plate, a small metal plate was embossed with the customer’s name, address, and account number. The Charga-Plate was wildly successful. The first store to implement the system in 1928 issued 93,000 plates within the first month. A customer would present this plate at the point of purchase; the merchant would then fix the plate into a manual hand-held press that would then imprint the customer’s information onto a sales bill.
Page 6
HISTORY OF CREDIT & CARD PAYMENTSHOW IT ALL STARTED….. 1946: Banker John Biggins introduces the first bank card,
“Charg-It,” into his Brooklyn neighborhood. Whenever a customer charged a purchase at a local merchant, the charge is forwarded to Biggins’ bank, which reimburses the merchant and retrieves payment from the customer. It is a relatively simple transaction, as all Charg-It cardholders are also account holders at Biggins’ bank.
1951: New York’s Franklin National Bank introduces the first bank credit card. It can be used only by the bank’s account holders. Over the next decade, several similar single-bank franchises in each major U.S. city begin accepting cards as payment with certain merchants they have chosen to work with.
Page 7
HISTORY OF CREDIT & CARD PAYMENTSHOW IT ALL STARTED…..
1955: Diners Club, whose cardholders have been using its card to pay for meals at upscale New York City restaurants since 1950, begins enabling its 200,000 cardholders to use it for purchases at stores in more than a dozen countries.
Page 8
HISTORY OF CREDIT & CARD PAYMENTSHOW IT ALL STARTED…..
The Diner's Club had no serious competition until 1958, when American Express Company initiated a world-wide credit card system. This was followed by Hilton credit corporation six months later. These three credit card companies competed fiercely to get as many cards as possible into circulation while simultaneously signing up as many businesses as possible to accept the card. Bank of America, Carte Blanche, and Chase Manhattan Bank soon joined the competition, and the credit card industry was born
1966: On August 16, InterBank Card Association (ICA) is established by a group of credit-issuing banks, creating a national credit card system. Unlike other similar organizations, ICA (now MasterCard Worldwide) is not dominated by a single bank.
Page 9
HISTORY OF CARD PAYMENTSHOW IT ALL STARTED…..
By the '60s, credit card fraud was on the rise and hard to prevent with the lag between purchase and account verification. Using a device called a imprinter, a merchant would apply a roller over paper covering the raised numbers on the customer's card, then physically take the paper to the bank. The bank would read it optically and manually check the number against known fraudulent accounts. That process could take days.
Page 10
HISTORY OF CARD PAYMENTSHOW IT ALL STARTED…..
1980 the magnetic stripe credit card become widely adopted by Visa and Mastercard. A simple swipe of a credit card in an electronic reader sends the customer's information to the bank that issued the card. The bank's computers verify that the cardholder has sufficient credit or funds to cover the purchase and can either approve the request or decline --- all within seconds.
Page 11
PROBLEMS WITH MAGNETIC STRIPE TECHNOLOGYHOW IT ALL STARTED…..
Magnetic stripe technology has been incredibly easy to duplicate
EMV TECHNOLOGY
Page 13
HISTORY OF EMVIT’S BEEN AROUND AWHILE
A chip card is a device that includes a secure, embedded integrated circuit chip (ICC)
Invented in 1977 by Honeywell
Has the ability to read and write information to the chip
Performs functions that validate, store, and encrypt data
Data is more secure on a chip-embedded card that utilizes dynamic authentication, rather than on a static mag-stripe card.
Unlike a mag-stripe card that can be copied (“skimmed”), chip technology combats counterfeiting by assigning a dynamic value for each transaction.
Page 14
THE EMV STANDARDWHO IS EMV
EMV was established in 1994 by Europay, MasterCard and Visa
EMVCo’s primary purpose is to define a global standard for credit and debit payment cards based on chip card technology. EMVCo information can be found at www.emvco.com
Cards can be Contact or Contactless
Page 15
HISTORY OF EMVWHAT’S IN THE CHIP?
EmbeddedAntenna
EmbeddedChip
Security Data
Memory
CPU
Page 16
HOW DOES IT WORK?WHAT’S IN THE CHIP?
https://youtu.be/_dq5suDRoK0
The mag stripe currently encodes data like this: %B5XXXXXXXXXXXXXX2^ANTONIEWICZ/BRAD^1103101000000001000000003000000?;5XXXXXXXXXXXXXX2=1103101000000300001?
BHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVV.
The EMV Chip encodes data like this…
Page 17
EMV DATAWHAT’S IN THE CHIP?
https://youtu.be/_dq5suDRoK0
The mag stripe currently encodes data like this: %B5XXXXXXXXXXXXXX2^ANTONIEWICZ/BRAD^1103101000000001000000003000000?;5XXXXXXXXXXXXXX2=1103101000000300001?
BHEREISYOURCARDNUMBER^HEREIS/YOURNAME^EXPIREDATESERVICECODECVV.
The EMV Chip encodes data like this:
Page 18
THE EMV GOLD STANDARDEVERYWHERE BUT THE US
LIABILITY SHIFT
BUSINESS OWNER LIABILITY
Page 20
Page 21
BUSINESS LIABILITY EXAMPLEWENDY’S MAY FACE LIABILITY FOR FAILING TO UPGRADE PAYMENT SYSTEMS
An Orlando, Florida man purporting to be a victim of the Wendy’s breach in January initiated a class action lawsuit against the company on February 8, 2016, claiming that Wendy’s “lackadaisical” and “cavalier” security measures allowed his debit card data to be stolen and used to purchase nearly $600.00 of merchandise from various retailers. An attorney representing the plaintiff suggested that Wendy’s failed to incorporate technology allowing for use of chip-enabled cards. One of the 1st lawsuits of it’s kind, exposing the danger of failing to adopt the EMV system and new business liability.
CURRENT FRAUDS
CARD SKIMMING, BUSINESS EMAIL COMPROMISE AND OTHER FRAUDS
Page 23
FRAUD: CARD SKIMMINGATM & GAS STATIONS
A tiny device placed over a legitimate card reader meant to read your magnetic stripe and steal your information to duplicate your card
EMV liability shift will not happen until October, 2017 for ATM’s and Gas Station pumps, we will continue to see a rise in card skimmers at these locations
Page 24
CARD SKIMMING ATM & GAS STATIONSBEWARE-CAN YOU SPOT?
Page 25
CARD SKIMMING ATM & GAS STATIONSBEWARE-CAN YOU SPOT?
Page 26
CARD SKIMMING ATM & GAS STATIONSBEWARE-CAN YOU SPOT?
Page 27
CARD SKIMMING ATM & GAS STATIONSDOUBLE CHECK!
Page 28
FRAUD: BUSINESS EMAIL COMPROMISEAN EMERGING GLOBAL THREAT
Version 1A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent.
Version 2The e-mail accounts of high-level business executives (CFO, CTO, etc) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests. This particular version has also been referred to as “CEO Fraud,” “Business Executive Scam,” “Masquerading.”
Page 29
FRAUD: BUSINESS EMAIL COMPROMISEAN EMERGING GLOBAL THREAT
Since the FBI’s Internet Crime Complaint Center began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized—with total dollar losses exceeding $740 million. That doesn’t include victims outside the U.S. or unreported losses.
Page 30
FRAUD: BUSINESS EMAIL COMPROMISEPREVENTION
Avoid Free Web-Based E-mail: Establish a company web site domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchal information, and out of office details.
Be suspicious of requests for secrecy or pressure to take action quickly.
Consider additional IT and Financial security procedures and 2-step verification processes.
Page 31
FRAUD: INTERNAL COMPANY FRAUDDUAL CONTROL, DUAL CONTROL, DUAL CONTROL
1. Revenue skimmingWhen customers pay cash for an item or service. The cashier just has to make sure the customer does not receive a receipt. The employee collects the cash from the customer and pockets it.
2. Fraudulent invoicing or billingA person or business will send a professionally constructed invoice for products or services that were never purchased. Businesses will pay these invoices without thinking or checking that the purchase was actually made.
3. Payroll fraudWhen a commissioned employee reports false sales or orders. In order to prevent payroll fraud, economic crime investigation experts suggest having supervisors or managers review timesheets on a regular basis.
QUESTIONS?
BANKING :: MORTGAGE :: RETIREMENT :: WEALTH MANAGEMENT
Ryan Miles
218.788.9944 Office
218.341.9778 Cell
ALERUS
THANK YOU FOR ATTENDING!
