1. www.prepaidfinancialservices.comwww.prepaidfinancialservices.com 2016 FRAUD

2.  Over 50 public sector clients with over 100 live programmes and £12 million GBP loaded monthly  10 staff in our fraud team  Every Council transaction is monitored by our fraud engine In the news recently: 145m eBay customers had to reset passwords after hack 32m Twitter accounts hacked and passwords leaked Fraudsters can clone 15 bank cards a second with hi-tech contactless device How Even the FTC’s Lead Technologist Can Get Hacked….. Even billionaire tech entrepreneurs get hacked! (Admitted re-using passwords) Some PFS Statistics

3. One example – BIN range attempts  Generating multiple card numbers based on known BIN/card numbers  Use software to generate the numbers – hundreds per second in sequential order (with the same expiry date)  Card numbers that generate a ‘hit’ are then ‘tested’ with merchants, usually for a very small value transaction  Numbers that prove successful are then used at other internet sites  Fraudsters have no personal details in these instances  PFS is exposed to this type of attack in the same way as every other debit, credit and prepaid card provider is globally  PFS invest millions into security and fraud prevention annually

4.  Example A – 8 Cards targeted  7 cards successfully declined by our fraud engine  1 card attempt successful for £812.21 – a counterfeit card was created  Fraud loss refunded in full by PFS within 3 days (if this was cash it would have been lost forever)  New fraud monitoring rules implemented as a result of this attack  Example B – 46 cards targeted  £0.03p transactions all for University of Toronto book store (which has very little security – easy target)  No transactions were successful as our fraud engine detected and declined all  The cards were placed in a “Deposit Only” status where no spend can occur  Cards were replaced instantly  PFS report the cards to Mastercard as being compromised 2016 Fraud Attempts

5. Other fraud types and our anti-fraud rules  Lost cards  Identity theft  Skimming/cloning (using a magnetic card reader to copy the genuine card details on the blank card)  We use a variety of rules to monitor card activity which are constantly reviewed and refined and updated as fraudsters are constantly coming up with new ways to attack us: –Velocity rules – multiple transactions made within a certain timeframe –Geo-location rules – multiple transactions are made within a certain timeframe in a higher risk country –Volume rules – large amounts of money are spent in a certain timeframe –Security rules – multiple invalid PIN/CVV attempts are made –Loading rules – card load is immediately followed by a cash withdrawal –Merchant rules – a transaction occurs at certain higher risk merchants

6. 3D Secure  PFS have enrolled all public sector programmes to 3D secure (Three Domain secure.)  Designed to improve both cardholder and merchant confidence in internet purchases and to reduce disputes and fraudulent activity related to card use  Cardholder creates a unique password to authorise payments on-line as part of the authentication process prior to approving transactions  Merchant does need to be 3D enabled (we should win chargebacks if fraud was committed with a merchant who did not enable this.)  3D secure requires 4 identifiers  Name  Valid mobile telephone number  Date of Birth  Postcode  Enrolment process procedure document available

7. Cash –No monitoring possible, if money is stolen there is no audit trail, no comeback, no reclaim/chargeback process (for prepaid the chargeback process applies) –Safeguarding issues Bank accounts/debit cards –The Public sector organisation has no oversight, no monitoring access –Cannot liaise with the bank due to data protection rules so account holder must do so  PFS will invoke the chargeback policy and retrieve funds instantly  Cards will be replaced immediately  In most cases we will refund the cardholder whilst the chargeback process progresses (as we did in the scenarios detailed earlier) Cards v Alternatives (re. Fraud)

8. Deanna Fernandez & Lee Britton Deanna.Fernandez@prepaidfinancialservices.com Lee.Britton@prepaidfinancialservices.com Anti-Fraud Team FraudOps@prepaidfinancialservices.com James.Sheridan@prepaidfinancialservices.com Contact Us