Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
EUROPEAN BANKING GROUP Online fraud plummets as European Banking Group partners with anti-fraud network AT-A-GLANCE Key Requirements –– Accurate, real-time fraud/threat detection to combat an upsurge in fraud due to new online e-commerce system –– Ability to share cybercrime data across thousands of network organizations –– System that learns from past behavior to prevent future attacks Solution –– Developed and implemented a risk-based transaction-monitoring solution –– Joined network which tracks fraudster profiles, patterns, and behavior Results –– Fraud levels immediately fell by 80 percent –– Prevented more than £13 million in attempted e-commerce fraud –– Phishing incidents plunged CUSTOMER PROFILE “Partnering in the RSA® eFraudNetwork™ has accelerated our learning about anti-fraud technology and developing a comprehensive fraud strategy. In fact, it’s been such a success that what started out as a single project has now extended into other areas of the bank and will be developed even further.” FRAUD STRATEGY MANAGER As one of the leading retail banks in Europe, with a number of market-leading positions, this banking organization serves more than 30 million people. KEY REQUIREMENTS In 2004, an arm of this company faced a dilemma. Global companies Visa and MasterCard introduced a new online system, 3D Secure, that shifted liability for online card fraud from e-commerce merchants to card issuers such as banks. However, 3D Secure did not require mandatory registration for card holders. Immediate registration was voluntary. A default configuration on the online page allowed cardholders to opt out up to three times before having to register and receive a password. Fraudsters took advantage of this by not registering their stolen cards and gaining guaranteed acceptance at supposedly secure e-commerce sites. Unsurprisingly, the amount of fraud using e-commerce sites spiraled. According to industry figures, it grew to 3 percent of all transactions. Apart from undermining trust in e-commerce transactions, card issuers also had to absorb the losses. The bank’s existing neural-network system was unable to track the theft due to the speed at which Internet fraud was evolving. They needed a real-time fraud/threat detection system that could keep pace with the cybercrime surge as well as a way to network with organizations to prevent future attacks. SOLUTION To find a solution, the bank engaged RSA—The Security Division of EMC. RSA was developing a transaction-monitoring solution designed to flag potential fraudulent activity before it happened. The bank could see the potential in the technology and embarked on a partnership with RSA, with a view to integrating the technology into the 3D Secure system. The RSA technology was based on a new concept called risk-based authentication. Essentially it tracked Internet data and e-commerce transaction data parameters. These included IP address and IP geographical location, ISPs, device “fingerprints,” merchant, country code, transaction amounts, currency, and so on. Technically, the transaction-monitoring system broke the rules of Visa and MasterCard, which recommended that cardholders could choose not to participate in voluntary security registration. However, for the bank’s existing system it was a pre-requirement that the bank’s card users needed to register before conducting e-commerce transactions. But both MasterCard and Visa soon became convinced when they realized that excessive losses could undermine their 3D Secure system and that the transaction-monitoring system had a minimal impact on customer experience. To bolster this system, the bank also became a member of the RSA eFraudNetwork, the industry’s first and largest cross-institution and cross-platform online fraud network. This network identifies and tracks fraudster profiles, patterns, and behavior. When an active fraud pattern is identified, the fraud data, transaction profile, and fingerprints are moved to a centralized database and disseminated to all network members. RESULTS The transaction-monitoring solution was launched in 2004 and soon after fraud levels dropped by 80 percent. More recently, results have been equally compelling. For example, 90 percent of attempted ‘card not present’ fraud has been blocked and from October 2007 into late 2008, more than £13 million of attempted e-commerce fraud has been stopped. Between April 1st and October 1st 2008 incidents of phishing fell by 85 percent. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com www.rsa.com These results are in stark contrast to figures released by APACS, the UK trade association for payments, which in September 2008 revealed that ‘card not present’ fraud had jumped by 70 percent in the previous two years. In addition, in the 12 months ending September 2008, phishing incidents soared by 186 percent. Transaction monitoring and the effectiveness of the anti-fraud network have been so successful that the technologies are now widely deployed across different business channels within the banking group including retail banking, debit cards, and new-use credit card cases. The organization is now identifying new deployment areas and a recent pilot in balance transfers led to an 80 percent plunge in fraud. © 2007 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and eFraud Network are trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks mentioned herein are the property of their respective owners. EURBG CP 0809