Credit Card Fraud
My company has developed a solution for credit card fraud and I need help getting time in front of those in the banking industry to demonstrate it. I would need about 5 minutes to demonstrate this solution. Anyone who works in this industry or could connect me with those who do, I'd appreciate your input.
Clarification added May 21, 2008:
This solution would eliminate credit card fraud both at the POS and online. It can be demonstrated with a simple web based API.
Answers (5)
Kaia-Triin T.
Advisor to European companies entering the US
Best Answers in: Offshoring and Outsourcing (1), Communication and Public Speaking (1)
I don't work for the industry, but just wanted to give you some competitive business intelligence information. In Europe, at least in Estonia, there is a rather effective method for fighting online credit card fraud: virtual credit cards, which expire in about 4 weeks.
So technically you could create a new virtual credit card every time you need to make an internet purchase. The process for creating a virtual credit card is to log into your online bank account, select "create new credit card", define the spending limit, and voila - you have got a "credit card" (which is actually a debit card) complete with a card number, CVV code, expiration date, etc.
The idea is that the card expires soon enough so that by the time a hacker has getten the info, the card is expired. Likewise, the spending limit can be set according to the card owner's definition to prevent total charges larger than X.
More info: http://www.seb.ee/index/1301
Links:
James R.
Auditor, Security Specialist, and Compliance Subject Matter Expert
Best Answers in: Corporate Governance (1)
Below are 2 links you may want to follow. You may also want to talk to bank core application service providers like COCC and Fiserv
http://www.cocc.com/
Links:
Just as a side note, you might want to contact individuals in the risk management arena. As well, depending on what changes need to be implemented either through process or technology it might not be cost effective for the company. The key is to show the lowering the risk is cost effective enough to implement your solution.
But good luck with with big companies, and changing the way they do anything. If there a way to demonstrate that there is a real-life benefit towards your solution in a smaller type environment, then your chances would be better. Create a case study and a business case in order to convince them.
Paul W.
MEA Principal Consultant at Verizon Business
Best Answers in: Criminal Law (4), Information Security (4), Computers and Software (2), Risk Management (1), Employment and Labor Law (1), Small Business (1), Enterprise Software (1), Information Storage (1), Web Development (1)
Hi,
In the UK you need to approach APACS http://www.apacs.org.uk/
They are a UK trade association for payments and for those institutions that deliver payment services to customers. It provides the forum for its members to come together on non-competitive issues relating to the payments industry. Currently, they have 31 members.
They in turn support and partially fund the Dedicated Cheque and Plastic Crime Unit (DCPCU)
http://www.dcpcu.org.uk/
Launched as a pilot project on 29 April 2002 to tackle the organised criminal networks that commit cheque and plastic card fraud.
The Unit comprises police officers drawn from the City of London and Metropolitan Police Forces. Investigators from the banking industry and case support staff support these officers. Head of the unit is Detective Chief Inspector John Folan.
Regards
Paul
Lynn W.
virtualization since Jan68, online at home since Mar70
Best Answers in: Financial Regulation (5), Information Security (5), Economics (4), Government Policy (3), Equity Markets (3), Risk Management (2), Blogging (2), Enterprise Software (2), Budgeting (1), Mergers and Acquisitions (1), Sales Techniques (1), Planning (1), Bond Markets (1), Derivatives Markets (1), Hedge Funds (1), Career Management (1), Computer Networking (1), Information Storage (1), Telecommunications (1), Web Development (1)
In the mid-90s, the x9a10 financial standard working group had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments. part of the effort was detailed end-to-end threat & vulnerability study.
one of the major threats & vulnerabilities identified was being able to use information from previous transactions enabling fraudulent transactions (i.e. skimming at pos, evesdropping on the internet, security breaches and data breaches of log files, and lots of other kinds of compromises). we have sort of made reference to the general phenomena as the "naked transaction" (where ever it exists, it is vulnerable).
the x9a10 financial standard working group produced the x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959
... which slightly tweaked the paradigm, eliminating the "naked transaction" phenomena ... aka it didn't do anything about attempting to hide the information from previous transactions ... it just eliminated attackers being able to use the information for fraudulent transactions.
somewhat related answer
http://www.linkedin.com/answers/technology/information-technology/information-security/TCH_ITS_ISC/237628-24760462
part of the x9.59 financial standard protocol had been based on the earlier work we had done on what is now usually referred to as electronic commerce. we were asked to consult with a small client/server startup that wanted to do financial transactions on their servers and had this technology called SSL they had invented and wated to use. The major use of SSL in the world today is involved with this thing called electronic commerce and hiding information related to the transactions.
Part of the x9.59 standard was eliminating the need to hide financial transaction information as countermeasure to fraudulent transactions ... which then can be viewed as also eliminating the major use of SSL in the world today.
