Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr Alan Solomon Credit Card fraud on the Internet.

Similar presentations


Presentation on theme: "Dr Alan Solomon Credit Card fraud on the Internet."— Presentation transcript:

1

2 Dr Alan Solomon

3 Credit Card fraud on the Internet

4 Dr Alan Solomon “But we already solved this” The engineer, the physicist and the computer security guru The engineer, the physicist and the computer security guru

5 Dr Alan Solomon CC Fraud The myth The myth The reality The reality Who gets hurt? Who gets hurt?

6 Dr Alan Solomon The myth Wily hackers stalk cyberspace, sniffing packets and assembling them to get your credit card number so they can steal from your account Wily hackers stalk cyberspace, sniffing packets and assembling them to get your credit card number so they can steal from your account The customer loses money The customer loses money

7 Dr Alan Solomon The reality Inadequate narrative Inadequate narrative Kids making up numbers Kids making up numbers Repudiation Repudiation The merchant loses money The merchant loses money

8 Dr Alan Solomon The CC system Designed for retail Designed for retail Adapted for Mail Order Adapted for Mail Order Adapted for Phone Order Adapted for Phone Order Adapted for Net Order Adapted for Net Order A bridge too far A bridge too far

9 Dr Alan Solomon Inadequate narrative I bought some stuff from Starship I bought some stuff from Starship I got a CC bill (no invoice) I got a CC bill (no invoice) Two months later, I got another bill Two months later, I got another bill From American Computer Products From American Computer Products Who are they??? Who are they???

10 Dr Alan Solomon Adequate narrative Merchants should be given 120 characters for narrative Merchants should be given 120 characters for narrative Carried through to the statement Carried through to the statement So the customer knows what it’s for So the customer knows what it’s for

11 Dr Alan Solomon Kids making up numbers To buy software To buy software To buy access To buy access To buy music CD Roms (www.MP3.com) To buy music CD Roms (www.MP3.com) To buy other virtual goods/services To buy other virtual goods/services

12 Dr Alan Solomon Making up numbers Six digit bin number Six digit bin number Any nine digits Any nine digits Luhn check (mod 10) Luhn check (mod 10) Why is it so easy? Why is it so easy? Because the banks don’t see the cc number as a password, they see it as a username (account number) Because the banks don’t see the cc number as a password, they see it as a username (account number)

13 Dr Alan Solomon Creditmaster AT&T Universal AT&T Universal 4013 … Baltimore Bank 4013 … Baltimore Bank 5100 … Southwestern States 5100 … Southwestern States 5172 … First Bank Card Center 5172 … First Bank Card Center etc etc

14 Dr Alan Solomon Creditmaster I phoned up the 4013 bank I phoned up the 4013 bank Told them about it Told them about it Gave them a dozen examples Gave them a dozen examples They don’t seem to see it as their problem They don’t seem to see it as their problem They don’t care They don’t care

15 Dr Alan Solomon Chargebacks Merchants have no defence Merchants have no defence Imagine you sold a newspaper for £1 Imagine you sold a newspaper for £1 Two weeks later, the customer comes back Two weeks later, the customer comes back Takes £1 out of your till Takes £1 out of your till You watch, and wonder why this is allowed You watch, and wonder why this is allowed

16 Dr Alan Solomon Chargebacks Or nine months later... Or nine months later...

17 Dr Alan Solomon Chargebacks Merchants need non-repudiable transactions Merchants need non-repudiable transactions Technically easy Technically easy Whoever does it first, will become the currency of the internet Whoever does it first, will become the currency of the internet

18 Dr Alan Solomon Non-repudiability - the NR-card Limit liability up to £50 Limit liability up to £50 If you lose your money, tough luck If you lose your money, tough luck Just like losing £50 in your wallet Just like losing £50 in your wallet Merchants will offer deals that persuade customers to use the NR- card Merchants will offer deals that persuade customers to use the NR- card

19 Dr Alan Solomon Non-repudiability - the NR-card Merchants will prefer them - no chargebacks! Merchants will prefer them - no chargebacks! “NR-price, 25% off!” “NR-price, 25% off!” “Free gift if you buy with NR” “Free gift if you buy with NR” So customers will prefer them too So customers will prefer them too

20 Dr Alan Solomon Non-repudiability - the NR-card NR-card comes with a CD Rom. NR-card comes with a CD Rom. CD Rom has dual key cryptosystem and your two keys CD Rom has dual key cryptosystem and your two keys The CD Rom becomes your digital signature for that card The CD Rom becomes your digital signature for that card I don’t need to tell you folks what’s on that CD Rom! I don’t need to tell you folks what’s on that CD Rom!

21 Dr Alan Solomon But that’s the future What about now? What about now? We’re stuck with a CC system designed for retail. We’re stuck with a CC system designed for retail. We have to do the best we can with what we have We have to do the best we can with what we have

22 Dr Alan Solomon Risk management Get a lot of detail from the customer Get a lot of detail from the customer Name, address, post code, etc Name, address, post code, etc Name of issuing bank Name of issuing bank Customer support number Customer support number

23 Dr Alan Solomon Risk management Check the country he’s from, against the IP address Check the country he’s from, against the IP address Check the Zip code against the state Check the Zip code against the state Check the phone number against the location Check the phone number against the location Check for creditmaster numbers Check for creditmaster numbers

24 Dr Alan Solomon Risk management Check the bank name Check the bank name Check the bank support number Check the bank support number Buy the $5000 list of bank names/bin numbers Buy the $5000 list of bank names/bin numbers Or make your own Or make your own

25 Dr Alan Solomon Risk management Offer a high-price option that no-one should ever want … Offer a high-price option that no-one should ever want … … except someone who doesn’t care how much he’s spending … except someone who doesn’t care how much he’s spending

26 Dr Alan Solomon Risk management When you get a fraud, don’t give a refusal to the customer When you get a fraud, don’t give a refusal to the customer Say “Hello, Mr Customer, here’s what you ordered …” … Say “Hello, Mr Customer, here’s what you ordered …” … “… there might be a slight delay …” “… there might be a slight delay …” “ … please be patient …” “ … please be patient …” “ … you’ll get it within 48 hours …” “ … you’ll get it within 48 hours …”

27 Dr Alan Solomon Risk management “ … we’re doing the best we can …” “ … we’re doing the best we can …” “ … due to a computer crash, there will be a slight delay …” “ … due to a computer crash, there will be a slight delay …” “… the recent problems in New Orleans has meant …” “… the recent problems in New Orleans has meant …” “ … we value your custom and thankyou for being patient …” “ … we value your custom and thankyou for being patient …” “ … your business is important to us” “ … your business is important to us”

28 Dr Alan Solomon Risk management I call this the “inefficient bumbler” I call this the “inefficient bumbler” The grammatical mistakes are to make it look more authentic The grammatical mistakes are to make it look more authentic Many companies do this anyway, so he won’t realise he’s getting a run-around Many companies do this anyway, so he won’t realise he’s getting a run-around

29 Dr Alan Solomon Risk management Why? Why? Well, if you say “That card was no good, please try again …” Well, if you say “That card was no good, please try again …” What do you suppose he’ll do? What do you suppose he’ll do?

30 Dr Alan Solomon Risk management If you can, give him something a bit like what he ordered If you can, give him something a bit like what he ordered But which doesn’t work very well (slow, or less functionality) But which doesn’t work very well (slow, or less functionality) Since you won’t be billing his card, you aren’t defrauding him Since you won’t be billing his card, you aren’t defrauding him He’ll stop trying to defraud you He’ll stop trying to defraud you

31 Dr Alan Solomon Authorisation What most people think is “It doesn’t guarantee payment, it only checks that there sufficient funds in the account” What most people think is “It doesn’t guarantee payment, it only checks that there sufficient funds in the account” This isn’t quite correct This isn’t quite correct

32 Dr Alan Solomon Authorisation In fact, if it’s outside the UK, auths go through Visa-net In fact, if it’s outside the UK, auths go through Visa-net If the amount is small, Visa-net can just check the first six digits (bin number) and the modulo If the amount is small, Visa-net can just check the first six digits (bin number) and the modulo Whoopee. Whoopee.

33 Dr Alan Solomon Authorisation So, authing doesn’t give the merchant the risk reduction he thought it did So, authing doesn’t give the merchant the risk reduction he thought it did But it can lead to higher costs, via referrals But it can lead to higher costs, via referrals Here’s how Here’s how

34 Dr Alan Solomon Authorisation Authorisation eq “Go ahead, bill” Authorisation eq “Go ahead, bill” Decline eq “No way, Jose” Decline eq “No way, Jose” Referral eq “Maybe. Phone us up and we’ll talk about it.” Referral eq “Maybe. Phone us up and we’ll talk about it.” This takes 5 to 10 minutes, and requires two people This takes 5 to 10 minutes, and requires two people This is the “Modern Electronic Credit Card System” This is the “Modern Electronic Credit Card System”

35 Dr Alan Solomon Referrals One-in-N; banks choose one in three or one in 20 and do a referral One-in-N; banks choose one in three or one in 20 and do a referral If you have a lot of customers, then you’ll get a lot of referrals If you have a lot of customers, then you’ll get a lot of referrals Each referral is 5-10 minutes, two people Each referral is 5-10 minutes, two people

36 Dr Alan Solomon Referrals Why wasn’t this a problem before? Why wasn’t this a problem before? Because merchants had floor limits Because merchants had floor limits Below the floor limit, no need to auth Below the floor limit, no need to auth With the “Modern Electronic Credit Card System” all billings must be authed. Even $1.00 With the “Modern Electronic Credit Card System” all billings must be authed. Even $1.00 Even though authing doesn’t ensure that the card even exists! Even though authing doesn’t ensure that the card even exists!

37 Dr Alan Solomon Referrals When the amount is $10, the bank gets $0.40. Can they hire people for £1.50 per hour? When the amount is $10, the bank gets $0.40. Can they hire people for £1.50 per hour? The current system for internet commerce in the UK is about to break down The current system for internet commerce in the UK is about to break down

38 Dr Alan Solomon Chargebacks Visa is about to introduce penalties for chargebacks Visa is about to introduce penalties for chargebacks If you exceed 5%, you pay $100 per chargeback If you exceed 5%, you pay $100 per chargeback The current system for internet commerce in the UK is about to break down The current system for internet commerce in the UK is about to break down

39 Dr Alan Solomon So where will it go? To wherever the business requirements are met. To wherever the business requirements are met. Probably the US. Probably the US. Bye bye, Tony Bye bye, Tony

40 Dr Alan Solomon Credit Card fraud on the Internet

41 Dr Alan Solomon Questions ?

42


Download ppt "Dr Alan Solomon Credit Card fraud on the Internet."

Similar presentations


Ads by Google