SPA-19: 3-Days – Payment Card Fraud Deep Dive: Card Present Fraud and Mitigation, CNP Fraud Types for Online and Mobile, CNP Security Techniques – 3DS, Tokenization, SRC and FIDO

America’s Secure Payments Academy is pleased to bring you a new three-day course to describe payment fraud for both card present and card not present transactions, answer many questions that have arisen post COVID-19, as more transactions go online and bring with them more fraudulent transactions.

For about 50 years payment cards were used with magnetic stripes at the back of the card. Over the years fraudsters learned how to copy card numbers off the magnetic stripe and make fraudulent purchases. As the total amount of fraud escalated with new ways of stealing and using card numbers, issuers and card networks were looking at solutions that would stop the card present fraud. The solution was EMV. Using an embedded chip in the plastic card, EMV created a secure platform that is based on the latest encryption technologies with all transaction being dynamic such that they cannot be re-run. There are many security features with the EMV platform that will be discussed during the first day of this three-day course.

Card Not Present (eCommerce) online transactions have shot up very rapidly during the lockdown and post lockdown due to COVID-19. With this increase in the online transactions, there has been a sharp increase in online fraud, or Card Not Present (CNP) Fraud. To understand how  to combat fraud, an understanding of the eCommerce world is required. There are a multitude of techniques offered by various vendors to stop or at least decrease the amount of CNP fraud. On the third day of the course, EMVCo’s standards 3DS are presented and discussed. These specifications encourage merchants to check their online customers and only send the issuer/processor the transactions that they have approved as coming from a genuine customer. In addition, we will discuss other CNP fraud mitigation techniques including Tokenization, where the PAN is replaced by a token, SRC framework that allows many techniques to be adopted and standards from FIDO Alliance that removes the need for using passwords by using an approved device.

Many of the techniques used today work on collecting data about the customer and analyzing this data to determine if the customer is a real customer. These techniques are generally based on data Analytics. One issue with the data analytics is False Declines – meaning although the customer is a genuine customer, their transaction has been declined by mistake (with bad analytics). False Declines damage merchants tremendously as a declined customer will not buy from that merchant again.

Another looming problem for the eCommerce environment is that digital keys used to encrypt data may become hackable with the advent of Quantum Computing. During the three days of the workshop Quantum Computing (QC) and its effect on encrypted data will also be discussed and solutions for combatting QC hacks are described.

Learning Outcomes

By the end of this course delegates will be able to:

  • Describe the fraud types for card present transactions.
  • Analyze security types provided by EMV for both contact and contactless transactions
  • Identify differences between CNP and card present fraud patterns
  • Evaluate how tokenization impacts CNP fraud types
  • Explain how FIDO and 3DS detect fraud
  • Illustrate how SRC and PCI function within the CNP environment

Who should Attend:

  • Merchant System Operations, Engineering
  • Issuer/Processor Operations, Engineering
  • Fraud Analysis personnel
  • System Architects and Developers
  • Product Development and Product Marketing
  • IT and Technical Departments
  • Vendors of CNP fraud detection Systems

Day 1 –Payment Card Fraud – Card Present Fraud and Its Mitigation

  • Card Present Fraud
  • Card present fraud types
  • EMV Technology
  • Features of EMV Security
  • Deep dive into EMV Security types
  • Effects of EMV on Card Present Fraud
  • NFC Contactless Technology
  • NFC Security
  • Use of CDCVM (Consumer Device Cardholder Verification Method)
  • Mobile Devices as Card Present Transactions

Day 2 – Payment Card Fraud – CNP Fraud, Detection and Mitigation

  • Differences between Card Present and Card Not Present transactions
  • CNP Transaction basics
  • CNP Fraud Types
  • Card Not Present Fraud Detection
  • CNP Fraud
  • Relative Fraud Type values
  • Total Fraud Type Values
  • Techniques for CNP Fraud Detection
  • Quantum Computing effect on Encryption
  • QC Safe Processing and Data protection

Day 3 – Payment Card Fraud – CNP Security Techniques – 3DS,  Tokenization, SRC and FIDO

  • Introduction EMVCo 3DS
  • Components of 3DS
  • Data types collected
  • Analysis of data collected
  • How to decide Approval or Decline of transactions
  • Example of a 3DS system
  • Payment Tokenization techniques
  • Implementation & Security Considerations
  • Types of Payment Tokens
  • Token Provider Services
  • Token Lifecycle Management
  • Tokenization Use Cases
  • Card On File Tokenization
  • SRC/One Click Standards
  • FIDO
  • Live Demonstration – 2-Factor Authentication

SPA-19: 3-Days – Payment Fraud – Payment Card Fraud Deep Dive: Card Present Fraud and Mitigation, CNP Fraud Types for Online and Mobile, CNP Security Techniques – 3DS, Tokenization, SRC and FIDO workshop, is brought to you by Secure Payments Academy, America’s Payments Experts and led by skilled instructors with more than 3 decades of technical, systems and business case experience in payments systems and technologies.  This course is a deep dive guide into “How to mitigate fraudulent transactions” for the card present as well as the CNP eCommerce world.

Students will receive a course workbook and completion certificate at the conclusion of this 3-day workshop.

For more information about our upcoming schedule, visit the Workshop Schedule.

To contact us please go to Contact.

For more information about our upcoming schedule, visit the Workshop Schedule.