EMV Transition: What Credit Card Call Centers Can Expect

2015 Pindrop Security™. Confidential.

EMV TRANSITIONWHAT CREDIT CARD CALL CENTERS CAN EXPECT

Matt Garland, Vice President of ResearchPindrop SecurityAugust 20, 2015


NOTE

These slides are from a webinar held August 20,

2015.

You may view a recording of the webinar at

www.pindropsecurity.com/webcast-archive

http://www.pindropsecurity.com/webcast-archive

http://www.pindropsecurity.com/webcast-archive

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

KEY FACTS ABOUT EMV

Europay International,Mastercard, andVisa


KEY FACTS ABOUT EMV


A set of standards for interactions between chip cards and POS devices


KEY FACTS ABOUT EMV



A way to prevent Card-Present Fraud


KEY FACTS ABOUT EMV



A way to prevent Card-Present Fraud

World Usage: Europe, Canada, Australia, Latin America, Asia


THE EMV REALITY

Being a fraudster is a professionEMV won’t make them disappear


THE EMV REALITY

Being a fraudster is a professionEMV won’t make them disappear

Fraudsters look for the weakest linkEMV only protects against Card Present Fraud


CREDIT CARD FRAUD BY TYPE (2014)

37%

45%

14%

4%

Card-PresentCard-Not-PresentLost or StolenOther

Source: Aite Group, June 2014


CREDIT CARD FRAUD BY TYPE (2018)

23%

64%

10%3%

Card-PresentCard-Not-PresentLost or StolenOther

Source: Javelin Strategy & Research, 2015


CARD NOT PRESENT CHANNELS

OnlineHighly Defended

6-8 Layers of Security

FirewallIDsAuthenticationContent FilteringDB SecurityAccess Control


CARD NOT PRESENT CHANNELS

PhoneOnlineHighly Defended

6-8 Layers of Security

FirewallIDsAuthenticationContent FilteringDB SecurityAccess Control

Lightly Defended1-2 Layers of Security

KBAVoice Biometrics


FRAUD CALL RATES

Avg. Call Cen-ter

Banks Brokerages Credit Card Retail

1 in 22001 in 2650

1 in 3000

1 in 900

1 in 1000


RISING PHONE FRAUD


PHONE CHANNEL ATTACKS & TECHNIQUES


RECONNAISSANCE

• Account holders• Available credit• Recent transactions• Number of cards• Rewards points


ACCOUNT TAKEOVER

• Impersonating cardholders• Contact information• Password changes• Online account setup• Card replacement request• Additional cards and users


REDUCE FRAUD TRIGGERS

• Travel notifications• Pre-authorized

transactions• Verification intercept


MONETIZING STOLEN ACCOUNTS

• Card Not Present (CNP)

• Balance transfer• Mobile payment


BEST PRACTICES

Track Phone Fraud


BEST PRACTICES

Detect Phone FraudTrack Phone Fraud


LOSS• Packet loss • Robotization • Dropped frames

SPECTRUM• Quantization • Frequency filters• Codec artifacts

NOISE• Clarity• Correlation • Signal-to-noise ratio

147 audio features

UniquePhone

Geo-Location Risk Factors

PHONEPRINTING™

Phoneprint™

Call AudioRequires 15 seconds

of call audio

Risk Score

Call Type


CONCLUSION

• EMV will drive fraudsters to CNP fraud, especially the phone channel

• Fraudsters use the phone channel for:• Reconnaissance• Account Takeover• Reducing Fraud Triggers• Monetizing Stolen Accounts

• Best Practices• Monitor and track fraud back to phone channel• Use PhoneprintingTM to detect phone fraud


PINDROP SECURITYPhone Fraud Stops Here.

For more information contact [email protected]

Technology

EMV Transition: What Credit Card Call Centers Can Expect