Pub. 4 2015 Issue 7

l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s 24 COMBATING FRAUD: WHAT HACKERS CAN TEACH YOUR FINANCIAL INSTITUTION By EdO’Neill Vice President, PULSE FraudOperations and Risk Management T HE NEXT 18 MONTHS WILL USHER IN A NEW era of greater security capabilities for the payments industry. After many years of planning, all the pieces are finally in place to transition from a system that relies on static data on magnetic stripes to one of chip cards and tokenized transactions that enable dynamic data. While it will be a profound change, it must be viewed as a milestone and not a finish line. As the realization sinks in that the work of mitigating fraud losses must continue to be a high priority, there are lessons to be learned from an unlikely source: hackers and fraudsters. At PULSE, we devote a tremendous amount of time and resources to observing hacker behavior so we can better anticipate and ultimately prevent fraud. What we have observed Hackers are collaborating more and more with other hackers, and their efforts are becoming increasingly sophisticated. Hackers are singularly focused. They are natural problem solvers. They are skilled at parsing valuable information from the overwhelming volume of data they observe. They typically are early adopters of technology. And, they recognize the power of sharing information and working together. Everyone involved in the transaction – networks, issuers, merchant acquirers and cardholders – can learn from hackers. Work together and share information There is a misconception of hackers tapping away down in their mom’s basement. In fact, hackers have become very organized. They have emulated the various parts of the payments industry and have set up separate organizations to handle hacking, sales and fraudulent data use. All parties involved in payments similarly need to work together and share information quickly and seamlessly. PULSE recommends the following collaborative approaches: • Don’t allow conflicts to be a distraction Our observations suggest that hackers are exceptionally focused on the task at hand. In contrast, the payments industry can, at times, be slow to act on security advances due to competing interests. A good example is the issue of liability, which determines how fraud losses are handled. It can cause a great deal of tension among the various participants in payments. But our collective, singular focus should be on preventing fraud from occurring in the first