SECURE BUSINESS AUTOMATION
Card fraud
Card fraud in Hungary
(case study ) and
MON™
fraud prevention system
Mr. Antal KUTHY
President-CEO, E-GROUP Plc
President-CEO, E-GROUP Plc
Board Member of Hungarian Assoc. Of IT Companies
Board Member of Hungarian Assoc. Of IT Companies
& Chairman, Hungarian-Hong Kong Innovative Business
& Chairman, Hungarian-Hong Kong Innovative Business
Council
Council
2
SECURE BUSINESS AUTOMATION
= Banking Front-Office Technology
3
SECURE BUSINESS AUTOMATION
Integrated Product Portfolio
4
SECURE BUSINESS AUTOMATION
Card fraud
Card fraud in Hungary
( a case study )
5
SECURE BUSINESS AUTOMATION
OTP Group
OTP Group
Merkantil Group
(leasing group)
OTP Building Society Ltd.
OTP Mortgage Bank
Ltd.
OTP-Garancia
Insurance Ltd.
OTP Fund Management
Ltd.
Hungarian International Finance
Ltd.
OTP Real Estate Ltd.
OTP Factoring
Ltd.
OTP Fund Services
Ltd.
OTP National Health FundOTP Travel Ltd.
6
SECURE BUSINESS AUTOMATION
Main f. indicators of OTP Bank
(audited, HUF billion, 1USD=250HUF)
2002 2003 growth %
Current accounts 2741000 28563000 4,1
cards issued connected to retail accounts
3023000 3162000 4,6
number of the Bank’s ATMs 1168 1305 11,2
Total number of cards issued in 2003 3599000
FYI: Hu popolution is only 9.5m, so over 60% of card
market)
7
SECURE BUSINESS AUTOMATION
•
The number of transactions executed by the Bank's card
owners through the Bank’s ATMs, reached 65.0 million in
2003 (2005: over 100m)
•
Turnover of these transactions was HUF1,594.2 billion, an
increase of 5.6% and 17.8%, resp. over 2002.
•
The number of withdrawal transactions on the Bank’s own
POS network was 6.7 million, the turnover was
HUF1,084.8 billion. (2005 over 10m)
•
The number of purchases on POS terminals at merchants
was 42.8 million (34.1% increase) valuing HUF351.4
billion (34.1% increase).
1 EUR=250 HUF
8
SECURE BUSINESS AUTOMATION
OTP Bank as Acquirer
Fraud by Type (%)
2003
1998 24,09
1999 5,19
2000 0,45
2001 0,35
2002 0,29
2003 0,25
Basis Points OTP
9
SECURE BUSINESS AUTOMATION
4.
Fraud by Type (%)
2003
Increase in 2002: 25%
OTP Bank as Issuer
1999 2,19
2000 0,64
2001 0,42
2002 0,29
2003 0,24
Basis Points OTP
10
SECURE BUSINESS AUTOMATION
•
Counterfeited cards:
•
74% on POS
•
26% on ATM (2003)
( this rate in 2000 was 100% POS.)
•
ATM fraud is technical based
•
Where use PIN code (POS) the fraud rate is smaller
•
ATM robbery takes only <5 minutes
•
Team size: 10 specialists enough
Nature of counterfeited cards transactions
11
SECURE BUSINESS AUTOMATION
OTP’s acquiring-network monitoring systems
1. On-line Monitoring for detecting suspicious purchases and
ATM transactions
The following POS transaction are monitored:
•
Multiple use of Bankcards at the same merchant outlet on a single
day
•
Bankcards used at more than 2 different merchant outlets in our
network on a single day
•
Purchases where the transaction amount exceeds the daily
average transaction value of the merchant.
Remark: In case of new merchants the value is compared to MCC
average (successful transactions)
•
Rejected purchases where transaction amount exceeds the
predefined amounts set by rejected codes
1.
12
SECURE BUSINESS AUTOMATION
•
All Internet, MOTO and other key-entered transactions
•
Transactions made by cards having been used previously at a
merchant during the counterfeiting period (possible
counterfeited transactions in need of extra attention).
•
Cash withdrawals made in our post offices or in our branches, if
either the transaction amount exceeds pre-defined limit or more
transactions were initiated with the same card
•
Bankcards with more transactions initiated with at Filling
stations – Gas Stations- (MCC 5541) on a single day
•
All refunds made by merchants
2.
13
SECURE BUSINESS AUTOMATION
The following ATM transactions are monitored:
•
Too many cash disbursement trials with a card on a single day
considering cardholders’ average spending habit
•
Banckards used both before and after midnight
•
Captured bankcards
•
Bankcards that have been used multiple days, „ongoing”
14
SECURE BUSINESS AUTOMATION
OTP’s acquiring network monitoring systems
Off-line Monitoring programs for filtering out merchants with
suspicious activity has been developed …
•
Chargeback Monitoring
•
Merchant Authorisation Request Monitoring (considering
previous day; off-line):
Analyis of daily card acceptance activity of a merchant outlet such as total
number and amount of succesful and declined transaction requests, number
of key entered transactions to magnetic stripe read transactions, purchases
with cards with the same BIN etc. and compares the data to the average
parameters characterizing the outlet.
•
High Risk Blocking:
The amount of the suspicious purchase is paid to the merchants after the
issuer bank has confirmed the genuineness of the transaction in question.
15
SECURE BUSINESS AUTOMATION
On-line Monitoring for detecting suspicious POS and ATM
transactions
The following POS transactions are monitored:
•
Bankcards used several times at the same merchant outlet on
a single day
•
Bankcards used at more than 3 different merchant outlets on
a single day
•
Purchases where the transaction amount exceeds the daily
average transaction value of the merchant. In case of new
merchants the value is compared to MCC average.
•
Bankcards used in different countries on a single day.
•
Transactions made by cards that has been used previously at
a CPP merchant during the counterfeiting period (possible
counterfeited transactions need extra attention).
Issuer side monitoring systems
1.
16
SECURE BUSINESS AUTOMATION
•
Transactions made in risky countries
•
All Internet, MOTO and other key-entered transactions
•
Suspicious Internet or MOTO terminals, where possibly fraudulent
transactions occurs with generated account numbers
•
Cash withdrawals made in branches and in post offices where transaction
amount exceeds the predefined limits.
•
Bankcards which more than the set prepaid mobile phone transactions via
Hungarian ATMs (MCC 4816) are initiated with on a single day
The following ATM transactions are monitored:
•
Too many cash disbursement trials with a card on a single day considering
cardholders’ average spending habit
•
Banckards used both before and after midnight
•
Bankcards used at ATMs located at high risk areas
•
Captured bankcards
• Bankcards that have been used more days running abroad
17
SECURE BUSINESS AUTOMATION
•
Off-line Monitoring and other instruments to minimize fraud
Issuer Referral Call Service
–
Off-line Monitoring Program:
Transactions under floor limit are monitored.
–
Collusive Cardholder Monitoring
•
Blocked and Expired Card Monitoring:
In case of transactions under floor limit with non-existing cards,
cards are inserted into the international stop-list. If
continuous fraudulent usage arises. Acquirer banks are also
advised of the phenomenon.
•
SMS Control Service („MONEYGUARD” : most succesful
innovation implemented 6 years ago)
•
Transactions number which appear in the monitoring
system: 3-10,000 / day (>>> Intelligent Analysis is
necessary, special high value add expert systems)
18
SECURE BUSINESS AUTOMATION
Monitoring process
•
Visualization
•
Analysis
•
Alarm message (telephone, fax)
•
Blocking card
19
SECURE BUSINESS AUTOMATION
OTP Bank as Acquirer
Total Reported Fraud / Sales Ratio
Total Reported Fraud / Sales Ratio
Basis Points
Basis Points
20
SECURE BUSINESS AUTOMATION
The Hungarian and European ratios are calculated for only Mastercard and Maestro products.
OTP Bank as Issuer
Total Reported Fraud / Sales Ratio
Total Reported Fraud / Sales Ratio
Basis Points
Basis Points
21
SECURE BUSINESS AUTOMATION
End of 1st Part of
End of 1st Part of
Presentation
Presentation