Presentation on theme: "Reasons for Revenue Leakage in CNP Transactions and their prevention DRF EU Conference 2005 Amsterdam Sven Slazenger BDOA e.V. – AK Integration Technologies,"— Presentation transcript:
Reasons for Revenue Leakage in CNP Transactions and their prevention DRF EU Conference 2005 Amsterdam Sven Slazenger BDOA e.V. – AK Integration Technologies, AK ePayment Managing Director, InterLake Informationssysteme GmbH
Agenda Current Status: Revenue Leakage in CNP Situations Main factors for revenue loss Adding some statistics How to prevent Revenue Leaks Special focus on Geolocation and Fraud Prevention Challenges & Roundup
Situation Current Situation Revenue Leakage as a percentage of business revenue through online / mail order fraud is up to 40 times higher than in an offline environment. (Internet Fraud Prevention Advisory Council) Revenue Leakage rises with the complexity of your revenue chain: Telcos lost 13.7% of their revenue in 2003 (Analysis Group) but on average they have 24 steps in the revenue chain. Although there are less stolen and counterfeit cards out there, revenue loss due to fraud is rising. One of the main factors is identity theft. Financial services companies lost 4 billion USD in 2003 due to identity theft (IDC) Revenue is leaking in several places, due to internal and external factors!
Factors Main Factors Main factors for revenue leakage Insufficient billing/invoicing systems and bad systems integration Poor internal procedures Credit management Fraud through stolen or manipulated data, including identity theft Internal factors are often swept under the rug. Almost no public data available. External factors concerning fraud are well documented.
Statistics Federal Trade Commission (US) on internet fraud and identity theft in 2004 average amount lost 1.440 USD, median amount lost 214 USD main methods of payment 37% credit card 19% bank debit 15% money order 13% wire transfer top services for internet related fraud complaints 48% internet auctions 17% internet shopping 10% internet access services 6% foreign money offers 3% adult services stolen identities mostly used for credit card fraud (28%)
Statistics IC3 2004 Internet Fraud Report 66% increase in internet fraud reports between 2003 and 2004 mostly auction fraud, non-delivery, credit card fraud median loss of 219 USD per case (similiar to FTC figures) Large number of auction fraud complaints (81.2%) due to eBay link to IC3. Non-delivered merchandise and/or payment accounts for 15.8%. Credit Card fraud accounts for 5.4% E-Mail (63.5%) and the web (23.5%) were the two primary mechanisms by Which fraudulent contact took place.
APACS (Umbrella body for UK Banking Industry) In 2003: counterfeit cardsdown 28% stolen cards down 2% CNP fraud up 6% non-delivery up 17% identity theft fraud up 45% (!) Identity theft is the fastest growing financial crime in the UK!
Statistics Merchant Risk Council member survey on Internet Fraud trends 2003 merchants spend more: 17% spend >2% of revenue on fraud prevention fraudulent chargeback rates >1% fall to 9.7% in 2003 vs. 18% in 2002 45% of merchants use/want to use Verified by Visa and MC SecureCode 16% of merchants have never heard of the above International Fraud has become the biggest problem! 38% of businesses declare international fraud to be „out of control“ or „a big problem“.
Statistics Statistics Roundup Key facts revenue loss due to online fraud is up besides auction fraud, credit card fraud and identity theft are leading causes for rising losses merchants using fraud prevention services bring down fraud international fraud is still the biggest problem lack of awareness among merchants and customers adds to the problem no data on lost revenue due to bad internal processes
Fix it Who can fix it? Main factors: Insufficient billing/invoicing systems and bad systems integration Poor internal procedures Credit management Fraud through stolen or manipulated data, including identity theft It‘s a CXO Issue: Includes billing (CIO), risk management (CFO), systems integration (CTO) Solution: appoint a revenue assurance director at boardroom level Don‘t fix it yourself: hire a revenue assurance consultant. Payback period usually 6 months, never longer than a year. Every EUR saved adds another 40 cents in cost reduction as system discrepancies are resolved in the course of a revenue leakage review.
Fix it Who can fix it? Solve external factors by connecting to external resources: Fraud Prevention Platforms AVS Caller ID GeoIP Credit scoring Credit card security codes Verified by Visa, MC SecureCode Address Checks Blacklist Checks Finally: Educate your customers: protect them from spyware and update them on internet scams work in partnership with others learn from your own experiences
GeoIP Can GeoIP information prevent identity theft fraud? 31% of e-commerce businesses already use geolocation for several purposes. Another 22% plan to use GeoIP information (Cybersource) Case Study: 75% of fraudulent orders with a US billing address were placed from abroad in 85% of fraudulent domestic transactions the billing address did not match the state from which the order was placed. Fraud rates for such mismatched transactions were 15 times higher. Fraud losses were cut by 15% after blocking orders from the 15 US cities that were the source of more than half the fraudulent transactions. Geolocation cuts these risks by determining the geographic location of a web site visitor in real time, comparing that data with billing and shipping addresses, and flagging the merchant.
trails Electronic trails Internet Internet-User Online-Shop Webserver What information can an IP address unveil? IP Address Time and date Viewed pages Transferred volume OS and browser 18.104.22.168 DNS Reverse Lookup: interlake.net More details through GeoIP information NET Domain = USA Manual RIPE-Check with IP Adress = München Domain-Check = Friedrichshafen So where‘s the user? Realtime availability adds a geographic location to an IP address high relevance of data through a combination of technical gathering instruments
GeoIP How it works How GeoIP works Internet Internet-User Online-Shop Payment Service Provider Information gathered through GeoIP: scoring, address check, blacklists GeoIP Tracking Country, City, Language, geographic coordinates with high relevance (country 99%, city up to 94%) Information on high-risk countries Distance between location and billing/delivery address Demographic information on the location Proxy usage
Phishing Phishing Attacks rise as much as 110% month over month
Roundup GeoIP Roundup Key facts which information do I need? Direct identity check not possible cost ranges from 500 EUR to 100.000 EUR per year, depending on quality Geolocation information will not solve your problems combine Geolocation with other fraud prevention methods use Geolocation for other areas in your company to lower the cost: content geo-targeting, digital rights management,…
Roundup Conclusion Internal Factors: check your processes and systems integration External Factors: use a combination of external resources to gather information on each transaction As cross-border trade grows, international credit and identity checks become more important. There already are fraud prevention platforms providing international information, so use them. Finally, organizations like the DRF EU and BDOA can be communication platforms to provide transparency to these issues. Thank you for your attention.