When managing fraud, processors, acquirers and merchants should look at the entire ecosystem of the transaction activity, not just the point-of-sale solution. And once that’s figured out, the key important next step is to have to have a program and appropriate staff in place that are dynamic, because fraud constantly is changing.
That was among the key messages that Dan Charron, president and CEO of Chase Paymentech, left during a recent podcast conversation with Market Platform Dynamics CEO Karen Webster. Indeed, one of the biggest challenges is to obtain a mindset around security, looking at security solutions versus security programs, or solving a static problem versus having a dynamic environment, he said, noting the whole ecosystem must be looked at simultaneously.
Today, crooks breaching the payment data systems treat their activities as a business, Charron said. (jump to: 2:03) “They wake up every morning, (and) they’re trying to find holes. And they are constantly changing and probing, he said. “So I would say the biggest thing (necessary) is a mindset there around a very robust, dynamic program that covers the entire landscape and having that in place is probably the biggest challenge that we face today in the industry."
Tokenization also important
From merchants’ perspective, it’s all about protecting data. Historically their focus has been on building high enough walls where crooks can’t get in. And if they do, the next emphasis is limiting how far in they can go.
That’s where tokenizing data becomes important, Charron said, because then the actual card information is never present. “So even if they do get through those doors or windows, there’s nothing of value that they can have it,” he said, using a house as a metaphor.
Outside of protecting data, fraud prevention also plays a role. And this goes into the behavioral analysis of transactions and actually looking at. This includes exploring velocity or information around the transactions and making sure that the fraud aspect doesn’t happen at the site. And then the third piece involves the third-party management components of a dynamic program around compliance management and training and audit, Carron said.
The package deal
(Jump to: 8:50) Fraudsters ideally want three things: the card account number, the PIN and credentials, Charron said. “Really, a fraudster wants all three of those things. If they can get all of those things, then that’s probably the biggest risk factor that merchants have,” he said. “And I think as you look at sort of the evolution of how cyber attacks happen, right? Identify them, they’re installing malware, they get access, right? They go and collect and transmit that data, they monitor that, and then they take that data and then use that to produce counterfeit fraud or things of that nature."
Chase recently announced its support for unique chip-and-PIN, but it also is looking at end-to-end tokenization and encryption within a payment stream, Charron said.
(Jump to: 12:08) “And that’s really the end state of, I think, where we need to get,” Charron said.
To learn more about Charron’s views on what it will take to protect the nation’s payments infrastructure and on EMV, tokenization and encryption, listen to the full podcast by clicking below.