Reasons for Revenue Leakage in CNP Transactions and their prevention DRF EU Conference 2005 Amsterdam Sven Slazenger BDOA e.V. – AK Integration Technologies,

Reasons for Revenue Leakage in CNP Transactions and their prevention

DRF EU Conference 2005 Amsterdam

Sven SlazengerBDOA e.V. – AK Integration Technologies, AK ePayment

Managing Director, InterLake Informationssysteme GmbH

Agend

a

Agenda

• Current Status: Revenue Leakage in CNP Situations

• Main factors for revenue loss

• Adding some statistics

• How to prevent Revenue Leaks

• Special focus on Geolocation and Fraud Prevention

• Challenges & Roundup

Situatio

n

Current Situation

• Revenue Leakage as a percentage of business revenue through online / mail order fraud is up to 40 times higher than in an offline environment. (Internet Fraud Prevention Advisory Council)

• Revenue Leakage rises with the complexity of your revenue chain: Telcos lost 13.7% of their revenue in 2003 (Analysis Group) but on average they have 24 steps in the revenue chain.

• Although there are less stolen and counterfeit cards out there, revenue loss due to fraud is rising. One of the main factors is identity theft. Financial services companies lost 4 billion USD in 2003 due to identity theft (IDC)

Revenue is leaking in several places, due to internal and external factors!

FactorsMain Factors

Main factors for revenue leakage

• Insufficient billing/invoicing systems and bad systems integration

• Poor internal procedures

• Credit management

• Fraud through stolen or manipulated data, including identity theft

Internal factors are often swept under the rug. Almost no public data available. External factors concerning fraud are well documented.

Statistic

s

Statistics

Federal Trade Commission (US) on internet fraud and identity theft in 2004

• average amount lost 1.440 USD, median amount lost 214 USD• main methods of payment

37% credit card19% bank debit

15% money order13% wire transfer

• top services for internet related fraud complaints48% internet auctions17% internet shopping10% internet access services6% foreign money offers3% adult services

• stolen identities mostly used for credit card fraud (28%)

Statistic

s

Statistics

IC3 2004 Internet Fraud Report

• 66% increase in internet fraud reports between 2003 and 2004• mostly auction fraud, non-delivery, credit card fraud• median loss of 219 USD per case (similiar to FTC figures)

Large number of auction fraud complaints (81.2%) due to eBay link to IC3.Non-delivered merchandise and/or payment accounts for 15.8%.Credit Card fraud accounts for 5.4%

E-Mail (63.5%) and the web (23.5%) were the two primary mechanisms byWhich fraudulent contact took place.

Statistic

s

Statistics

Statistic

s

Statistics

APACS (Umbrella body for UK Banking Industry)

In 2003:

counterfeit cards down 28%stolen cards down 2%CNP fraud up 6%non-delivery up 17%identity theft fraud up 45% (!)

Identity theft is the fastest growing financial crime in the UK!

Statisti

cs

Statistics

APACS Data

Statistic

s

Statistics

APACS Data

Statisti

cs

Statistics

APACS Data

Statistic

s

Statistics

Merchant Risk Council member survey on Internet Fraud trends 2003

• merchants spend more: 17% spend >2% of revenue on fraud prevention

• fraudulent chargeback rates >1% fall to 9.7% in 2003 vs. 18% in 2002

• 45% of merchants use/want to use Verified by Visa and MC SecureCode• 16% of merchants have never heard of the above

International Fraud has become the biggest problem! 38% of businessesdeclare international fraud to be „out of control“ or „a big problem“.

Statistic

s

Statistics Roundup

Key facts

• revenue loss due to online fraud is up

• besides auction fraud, credit card fraud and identity theft are leading causes for rising losses

• merchants using fraud prevention services bring down fraud

• international fraud is still the biggest problem

• lack of awareness among merchants and customers adds to the problem

• no data on lost revenue due to bad internal processes

Fix itWho can fix it?

Main factors:

• Insufficient billing/invoicing systems and bad systems integration • Poor internal procedures• Credit management • Fraud through stolen or manipulated data, including identity theft

It‘s a CXO Issue: • Includes billing (CIO), risk management (CFO), systems integration (CTO)• Solution: appoint a revenue assurance director at boardroom level• Don‘t fix it yourself: hire a revenue assurance consultant. Payback period usually 6 months, never longer than a year.• Every EUR saved adds another 40 cents in cost reduction as system discrepancies are resolved in the course of a revenue leakage review.

Fix itWho can fix it?

Solve external factors by connecting to external resources:

• Fraud Prevention Platforms• AVS• Caller ID• GeoIP• Credit scoring• Credit card security codes• Verified by Visa, MC SecureCode• Address Checks• Blacklist Checks

Finally:• Educate your customers: protect them from spyware and update them on internet scams• work in partnership with others • learn from your own experiences

GeoIPGeoIP

Can GeoIP information prevent identity theft fraud?

• 31% of e-commerce businesses already use geolocation for several purposes. Another 22% plan to use GeoIP information (Cybersource)

Case Study: • 75% of fraudulent orders with a US billing address were placed from abroad• in 85% of fraudulent domestic transactions the billing address did not match the state from which the order was placed. Fraud rates for such mismatched transactions were 15 times higher.• Fraud losses were cut by 15% after blocking orders from the 15 US cities that were the source of more than half the fraudulent transactions.

Geolocation cuts these risks by determining the geographic location of a web site visitor in real time, comparing that data with billing and shippingaddresses, and flagging the merchant.

trailsElectronic trails

Internet

Internet-User€

Online-Shop

Webserver

What information can an IP address unveil?

• IP Address

• Time and date

• Viewed pages

• Transferred volume

• OS and browser

• 213.61.110.37 DNS Reverse Lookup: interlake.net

More details through GeoIP information

• NET Domain = USA

• Manual RIPE-Check with IP Adress = München

• Domain-Check = Friedrichshafen

So where‘s the user?

• Realtime availability

• adds a geographic location to an IP address

• high relevance of data through a combination of technical gathering instruments

GeoIPHow it works

How GeoIP works

Internet

Internet-User€

Online-Shop

Payment Service

Provider

Information gathered through GeoIP:

scoring, address check, blacklists

GeoIP

Tracking

• Country, City, Language, geographic coordinates with high relevance (country 99%, city up to 94%)

• Information on high-risk countries

• Distance between location and billing/delivery address

• Demographic information on the location

• Proxy usage

PhishingPhishing

Phishing Attacks rise as much as 110% month over month

Roundu

p

GeoIP Roundup

Key facts

• which information do I need? Direct identity check not possible

• cost ranges from 500 EUR to 100.000 EUR per year, depending on quality

• Geolocation information will not solve your problems

• combine Geolocation with other fraud prevention methods

• use Geolocation for other areas in your company to lower the cost: content geo-targeting, digital rights management,…

Roundu

p

Roundup

Conclusion

• Internal Factors: check your processes and systems integration• External Factors: use a combination of external resources to gather information on each transaction

As cross-border trade grows, international credit and identity checks become more important. There already are fraud prevention platformsproviding international information, so use them. Finally, organizationslike the DRF EU and BDOA can be communication platforms to providetransparency to these issues.

Thank you for your attention.

www.bdoa.dewww.interlake.net