Statementoftheproblem
InHSBC,areportonfraudulenttransactions2017illustratesanincreaseinC NPfraudby25.38%f r o m 2013to2017, especially adramatic growth in201 6,2 0 1 7at68.3%and72.6%.TheproportionofCNPfraudwasunderthreetimesa shighastheremainingtypes.Anothernoticeablepointisachargebackratein2017 accountedfor1.12%,whichexceededacceptablerateis1%andovercontrolledrater e c o m m e n d a t i o n (0.8%).AnincreaseinCNPfraudratio,bothinvolumeofchargeba ckcasesandtotalamountoflossquestionsabouttheadoptionofcurrentr i s k ma nagementi n t e r m o f C N P t r a n s a c t i o n T h e r e f o r e , c a u s e s a n d i m p l e m e n t a t i o n s toreduceCNPfraudratiowill beinvestigatedtopreventHSB
Card-not-present (CNP) fraud presents a significant global challenge for the non-cash payment industry, with retailers projected to incur $130 billion in losses from 2018 to 2023, according to a Juniper Research report This type of fraud is escalating at a faster rate than CNP transactions due to the increasing sophistication of fraudsters' techniques The ongoing global recession has further exposed the vulnerabilities of the international banking and finance systems, making them more susceptible to fraudulent activities Fraud prevention remains a critical challenge in an ever-evolving technological landscape, where the internet serves as a crucial channel for the retail sector As technology advances, criminals gain access to new tools that enable them to obtain sensitive information and funds through increasingly complex methods without the need for physical cards.
InVietnam,from2014to2017,thepercentageofCNPfraudhasincreasedf r o m 75percentto83percent,andoneofthereasonsforthisistheadoptionofEM Vchipinthemarket,whichhelpstopreventcounterfeit(CFT)frauds,andassu ch,fraudshavemigratedfromthecounterfeit(CFT)totheCNPchannel.Globally,t h e f r a u d ratei s l e s s t h a n 1 0 b a s i s p o i n t s , meaningo u t o f e v e r y $ 1 0 0 s p e n t ,
In Vietnam, the reported fraud rate is only $0.03 for every $100 spent, thanks to the collaborative efforts of the government, payment networks, financial institutions, merchants, and law enforcement To promote cashless transactions, the Vietnamese government has set an ambitious goal to reduce cash payments to less than 10% of total market transactions by 2020 This plan includes ensuring that at least 70% of water, electronics, and telecommunication service providers accept cash-free payments, and that 50% of urban households utilize electronic payments for daily transactions by the same year Additionally, the government aims to increase credit card usage by mandating acceptance in all supermarkets, shopping malls, and distributors However, the rise of e-commerce and electronic payments may attract organized cybercriminals, posing significant challenges for card-not-present (CNP) fraud prevention.
Inc o n c l u s i o n , t h e w o r k l o a d b u r d e n o f operationt e a m i n c h a r g e b a c k h an d l i n g andanincreaseinlossvolumeofcard-not- presentfraudwereasymptomo f the gapin the currentcybercrimeriskmanagement to prevent HSBC cardholdersf r o m cybercrimeattack.Hence,thepurposeofthisresearchisidentif iesparticularcau ses a n d p r o p o s e s i m p l e m e n t a t i o n s i n o r d e r t o r e d u c e m o n i t o r i n g c o s t Furthermore, CNPfraudisalsoamutualchallengeofba nkingsystem,pioneeringinf r a u d preventionhelpsHSBCmaintainitsleadingbranchi ncreditcardmarketnotonlyinquantityofcardnumberbutalsoinqualityofcardspendingrev enue.
Researchobjectiveandscope
ThescopeofthisthesisistherealityofCNPfraudconsequencesinHSBCVietnam.Besides that,CNP fraudinthis research isinvestigated fortransact ionsw h i c h cardsarenotphysicallypresentedatPOSonly.
Researchmethodology
ThissurveyquestionnaireisoriginallydevelopedinEnglish,andthentransl atedi n t o Vietnamese.T h e i n - d e p t h i n t e r v i e w i s c o n d u c t e d t o m o d i f y t h e m e a s u r e m e n t scale.Aft erthequalitative phase, aqua nt it at iv e pilotstudy isconductedinwhichindi vidualdacetofaceinterviewsandonlinesurveyareu n d e r t a k e n tot e s t i n t e r v i e w e e ’ u n d e r s t a n d i n g o n t h e c ontentso f t h e q ue s t i o n s i n t h i s questionnairesasw ellastomakesuretheproperlyrunningofonlinesurvey.T h e final questionnaireislaunchedinthefollowingmain survey.ThequestionnaireissenttorespondentsbyusingGoogleSurveytollandpaper.
Thist h e s i s f o c u s e d o n t h e c r e d i t c a r d h o l d e r s l i v i n g i n H o C h i MinhCity.T h e authorselectsthiscityforresearchpurpose,becauseitisthebiggestcreditcard issuea n d u s a g e a r e a a n d f a v o u r i t e t a r g e t m a r k e t o f f r a u d s a s w e l l T h e s t u d y i s con du ct ed t o g a i n b e t t e r u n d e r s t a n d i n g o f thef a c t o r s i n f l u e n c i n g C N P f r a u d s R e sp o n d e n t s o f t h i s s t u d y arep e o p l e w h o l i v e i n H C M C a n d knowa b o u t c r e d i t ca r d s
Researchcontribution
Fromtheissuerandfinancialinstitutionperspective,thestudywillhelpthe bank inidentifyingandreducing the costsandlosses associated withincompetence,enablethebanktominimizecustomercomplaints,reduceburdenfo rchargebackoro t h e r supportingoperationdepartments,whilewinningcustomer’sloy alty,enhancingreputation,buildingupstatusandincreasingreturns.
Fromcustomerperspective,this studywillassistthecustomers u n d e r s t a n d th ev a r i o u s f a c t o r s i n f l u e n c i n g C N P f r a u d ; e n h a n c e t h e i r a w a r e n e s s a b o u t f r a u d prev entio n andhowtomitigatethem.
Fromr es e a r c h p e r s p e c t i v e , t h e r e isveryl i m i t e d p r e v i o u s r e s e a r c h i n VietnameseCNPfraudrate.Althoughfraudpreventionanddetection,particul arlyC N P fraudincreditcardindustryareamuch- discussedtopicthatreceivesalotofattention,thenumberofpubliclyavailableworksisr atherlimited.Througha multi- f a c e d framework,thestudyextendstheliteratureoftransactionalbehavior,system a u t h e n t i c a t i o n , p e r s o n a l informationsecurity,l e g i s l a t i o n int h e c o n t e x t o f c r e d i t c a r d fraudamongVietnamesecardholders.Theresearchresultsnoto nlycontributethel i t e r a t u r e i n t e r m s o f t h e f a c t o r s affectingC N P f r a u d r a t e b u t a l s o s e r v e s t o motivatesimilarstudiesareliketo conducttodeterminewh etherthecorrelateof f a c t o r s reportedherearesimilarordifferent.
Inconclusion,thepaymentsecosystemcontinuestoevolveandchange;asaresu lt,streamliningandimprovingtheoverallpaymentprocessrequiresacompliantfo u n d a t i o n s u p p o r t e d byi n d u s t r y b e s t p r a c t i c e s C N P f r a u d d e t e c t i o n a n d preventionmustcontinuetoeffectivelyaddressobstaclesonreducingfraudlossand maintainpacewithcurrentandemergingsolutionstooptimizefraudmonitoringand authorization.”
Researchstructure
BackgroundofCNPfraudinHSBC
OverviewaboutHSBCVietnam
HSBCVietnamopeneditsfirstofficeinSaigon(nowHoChiMinhCity)in1 8 7 0 I nAugust1995,HSBC openedafull- servicebranchinHoChiMinhCity.HS BC a l s o o p e n e d i t s s e c o n d b r a n c h i n
H a n o i a n d e s t a b l i s h e d a r e p r e s e n t a t i v e officeinCanThoCityin2005.O n1January2009,HSBCbecamethefirstforeignbanktoincorporateinVietnam.Thenew entity,HSBCBank(Vietnam)Ltd.is100p e r c e n t o w n e d byT h e H o n g k o n g a n d
S h a n g h a i B a n k i n g C o r p o r a t i o n L i m i t e d H S B C Bank(Vietnam)Ltd.i salsothefirstwhollyforeign- ownedbanktooperateb o t h b r a n c h e s a n d t r a n s a c t i o n o f f i c e s i n Vietnam.H
HSBCintroducedthefirstcreditcardin2008whichremarksitspioneeringi n CardindustryinVietnam.Fromthattime,HSBChasbeendevelopingcreditcardb us i n e ss asatopprioritysectorofRetailBankingandhonouredbygreatofrewardssuchasBestForeig nBankinVietnam2006–
Aboutc r e d i t c a r d p r o d u c t , d e p e n d i n g o n c u s t o m e r i n c o m e a n d d e m a n d , HSBCi s c u r r e n t l y o f f e r V i s a C l a s s i s , V i s a G o l d ( o r V i s a C a s h b a c k f r o m J u n e 2 0 1 8 ) , V isa P l a t i n u m a n d PremierM a s t e r C a r d Bycontinuouslypromotingc a r d
HSBCwitnessedasignificantincreaseinnewcardissuenumberfrom2012to2 017andreachthepeakin2017.Thisachievementwassupportedbyimpactofinternal andexternalfactors.Intermsofinternalfactors,togetherwithana d v a n t a g e o f i n t e r n a t i o n a l we l l - k n o w n br anc h, H S B C R M W M h a s co nt in uo us ly promotedcampaignsfornew cards,indeed,cashbackrefundupto
VND2mio,freef i r s t yearmembershipfee,widelyrelationshiptoexpandcustomer networkssuch asNguyenKim,Tiki,Lazada, Adayroi,Shooppe… andotherappealingpromotionfors a l a r y a c c o u n t h o l d e r s I t g o e s w i t h o u t t o s a y i n g t h a t H S B C marketings t r a t e g y e f f e c t i v e l y supportsforsaleperformanc einrecentyears.
Fraud attackbeginswith datainformation.Inaddition,customer ismoreandmorefamiliarwithcreditcardpaymentconvenient,thereforeaperioddat areviewa n d b a c k u p s h o u l d bet a k e n i n t o c o n s i d e r a t i o n I n a n o t h e r w o r d s , d a t a r e v i e w proceduresneedtobemodifiedtoadoptwithnewcustome rsandachangeintheirh ab i t
DefinitionofCard-not-presentfraud
A credit card is a plastic rectangular slab issued by a financial company, allowing cardholders to borrow funds for purchasing goods and services Cardholders are required to repay the borrowed amount along with interest and any additional charges The convenience of credit cards has led to their widespread use, but they have also become targets for fraud in recent years Fraud is defined as the unauthorized use of an account, which includes identity theft for opening or taking over accounts and executing unauthorized transactions Common types of credit card fraud include the use of lost or stolen cards by criminals and counterfeit cards.
(3) CardsnotphysicallypresentedatPOS.Inthisresearch,theauthorjustfocuseso nf r a u d o c c u r s whe nc a r d s n o t p h ys i c a l l y presenteda t P O S , i n o t h e r w o r d , i t iscalledcard-not-presentfraud.
Card-not- presentfraudisincreasingwiththeexpansionofmoderntechnologyandglobalcommuni cation.Thisincreaseinthefraudulenttransactions,r e s u l t i n g i n s u b s t a n t i a l l o s s e s t o t h e b u s i n e s s , a n d t h e r e f o r e , f r a u d d e t e c t i o n h a s becomeanimportant issuetobeconsidered.
UK 3DS e c u r e o f t e n t r i g g e r s co n f u s i o n t o card holdersandthissolutionescapesacademic scrutiny.
Themajorc a u s e o f C N P t r a n s a c t i o n f r a u d i s attributedtoidentitytheft,andfutureresearc hesc o n c e n t r a t e onmoretacklingidentitytheft.Pa ge
India Thecreditscoreoftransactionisoneofthemosti m p o r t a n t f a c t o r s u s e d t o p r e d i c t t h e trans action,detectfraudulenttransactions.
System securitya n d alopholeofdocumentauthent icati oncontributeforcreditcardfraud.
Jordan Dataminingu s i n g A I t e c h n i q u e s a c h i e v e d b ett e r performance thantraditionalst atistical methods.
Frauddetectionprocessingclassifiestransactio nsintot w o classes:Legitimate& fraudulent.
Frauddetectionsystemshouldhavesomeproper tiestoperformgoodresults,andtakeintoaccou nt thecostoffraudulentbehavior.
Tetroetal.(2004) USA Twot y p e s o f s e c u r i t y measured e v e l o p e d f o r electroniccardtransactionsisbillingaddr essa n d automatednumberidentificationblocking. U.S
Thet w o mostc o m m o n l y u s e d m e t h o d f o r a u t he n t i c a t i n g on li ne t r a n s a c t i o n s a re c a r d verificationnumbersandnegativelists.
UK Suspicionscorestodetectcompromisedaccountcan bebased on customer’s pr ev io us usagepatt erns.
Belgium Hourlybehaviorincreasetheoddsoffraud,whe nthereareshort- termincreaseinpurchasingthereisahigherriskoffrau d.
Theinclusionoftransactionaverages,curre ncyan d countryvariablehasaminor,albeitpo sitive,impactonthedescriptionof fraudfor d at a set.
AihuaShen(2007)investigated the efficacyofapplyingclassification modelsto detectcreditcardfraudproblemsandrecognizethecreditcardfraudrisk.B e s i d e s that,Ait eGroupLLCreportsannually aboutconsumerfraudbyconducings u r v e y intheglobe.Thisstudyusesquestionnairet ocollectdatatogetherwithdatafromHSBCVietnamreport Thequestionnaireis originallydevelopedinEnglish andsamplequestionsarebasedontheoriesofclassification modelstocreditcar df r a u d detectionproblemsandsamplequestionsofGlobalConsumerCardFraudbyA i t e GroupLLCforinterviewerswhomeetHSBCconditionsaboutcreditopeningo wn er s
Participantsinonlinepaymentprocessingis o pe r a t e d underthe Four- partymodelaccordingtoVisaandMasterCorporation.Thefourpartiesare:
- TheIssuer:Thebankororganisationthatissuesthecreditcardinvolvedinthetr ansaction.Itreceivesthepaymentauthorizationrequestfromthecreditcardnet workandeitherapprovesordeclinesthetransaction.
- TheA c q u i r e r : T h e b a n k w h i c h i s r e s p o n s i b l e f o r r e c e i v i n g p a y m e n t authorization r e q u e s t s f r o m t h e merchanta n d s e n d i n g t h e m t o t h e i s s u i n g bankt h r o u g h t h e a p p r o p r i a t e c h a n n e l s I t t h e n relayst h e i s s u i n g b a n k ’ s r e s p o n s e tothemerchant.
- TheMerchant:Theentitywithgoodsorservicestosellthatreceivespaymen tinstructionsanddetailsfromthecardholder– tobesettledbytheiracq ui r er (viatheschemenetwork)withtheissuer.
Figure2 2 i l l u s t r a t e s t h e f o u r - pa r t y model, i n c l u d i n g t h e t r a ns a c t i o n f l o w a n d relatedcharges.Merchantstyp icallybear thecostof bothapayment- processingf e e byt h e a c q u i r i n g b a n k a s w e l l a s ani n t e r c h a n g e f e e T h e i n t e r c h a n g e f e e i s designedtorecoverthecostsofoperatingtheschemenetwork,aswell ascorrecttheimbalanceincostsincurredbetween theissuerand acquirer.Whiletheacquirerwillt y p i c a l l y havepaymentdevicesatpointofsale– aterminalorcardreader,capableo f a c c ep t i n g paymentsfrom manycardholders–the issuerwillbearthegreatercosto f issuingandmanagingpaymentcardsandtransactionsforeve rycardholder.
3%ofthetransactionvalue,withfixedcapsinplacef o r c e r t a i n transactions.However,f o r onlinepaymentprocessingpaymentp r o c e s s o r s m a y c h a r g e a s mucha s 6%o f t h e t r a n s a c t i o n v a l u e T h e four- partymodela l l o w s f o r s c a l a b l e “ t r u s t r e l a t i o n s h i p s ” b e t w e e n multipleacquirersandissuersthataremembersofasi ngleschemeornetwork–suchasVisaorMasterCard– w h i l e a l l o w i n g m e r c h a n t s a n d c a r d h o l d e r s t o e s t a b l i s h t h e i r o w n a c co un t s andtrustrelationshipswithmerchantorissuingbanksoftheirchoice.
HSBC and Visa define card-not-present (CNP) transactions as those that occur remotely, such as over the internet, by telephone, or by post CNP fraud refers to fraudulent activities conducted by criminals using information obtained unlawfully, including the unauthorized use of a payment card number, card verification code (CVC), and the cardholder's address details to purchase products or services online, via call centers, on mobile devices, or through mail orders.
- Thec a r d h o l d e r cannot be verifiedbyc o m p a r i n g a s i g n a t u r e witht h e signaturestripebyenteringaPINintoanEMVterminal.
- Thecar dh ol de r m a y initiallybeu n a w a re t h a t t he ir car dd eta il sar eb ei ng usedfraudulentlyinCNPtransactions(unlikethephysicaltheftofpaymentcard). andCNPfraudcanbeapproachedthrough5commonmethods:
Phishing :P h i s h i n g i s a s e r i o u s a n d i n c r e a s i n g p r o b l e m t ha to c c u rs w h e n fr audsters trytoobtainsensitiveinformation(usuallyusernamesandpass wordsorc r e d i t cardorbankaccountnumbers)inanattempttoutilizethisconfide ntialdatat o makef r a u d u l e n t p u r c h a s e s o r s t e a l a p e r s o n a l ’ s i d e n t i t y T h e a t t e m p t t o s t e a l informationismadeviaelectroniccommunicationlikeanem ailorinstantmessagean d leadsvictimstoawebsiteaskingtosubmitthissensitivedata.
Accountt a k e o v e r : A c c o u n t t a k e o v e r i s a n o t h e r s e r i o u s typeo f f r a u d t h a t co m p r o m i s e s auser account and putssensitiveinformationatrisk. Fraudsters targetw e b userswhiletheusersareaccessingtheirvariousaccounts,emailaddressesan dsocial n e t w o r k s w i t h t h e g o a l o f s t e a l i n g t h e s e c r e d e n t i a l s t o m a k e f r a u d u l e n t purchases.
Carding:Carding happenswhenfraudstersusewebsiteswithreal- timetransactionprocessingtovalidatestolencardinformation(creditcardnumbersandp e r s o n a l data)bymakingasmallpurchasesoastonotattractattentionontotheirac tivity.Iftheirfraudulentpurchasegoesthrough,signalingthatthecardisgood,f r a u d s t e r s willusethestolencardnumbertomakeadditionalpurchasesorwillsellth e informationtoothercriminals.
Malware :Potentialattackerscaneitherusephishingtomisleadthevictimtoinstall a maliciousa p p orexploitanotherremotevulnerabilityofsomeappa n d c o n d u c t back groundmonitoring.Amaliciousappcandisguiseitselfasanappthatr u n s inthebackg round(e.g.music)toconductmonitoring,disruptcomputero p e r a t i o n , gathersensit iveinformation,orgainaccesstoprivatecomputersystems.
Locationmasking:This threatdoesnotdirectlyaffectcardholdersbutoccurs whenafraudstermaskstheirtruelocationandcomputercharacteristics.The fraudster’smachinetypicallymasksmanyofitsfeatures.Forexample,thebrowserb e i n g usedmaybeFirefoxbutmaybereportedasIE9,theoperatingsystemmaybeL i n u x butma ybereportedasWindows,andtheIPaddressmaybemisrepresented,h i d i n g thetrueloc ationofthefraudster.Onlineservices,websitesandapplicationst y p i c a l l y relyhea vilyonIPlocationinformationtofunction– e.g.abusinessmayp r o v i d e g e n e r a l i n f o r m a t i o n o v e r t h e w e b , b u t c o m p l e t e l y denyo n l i n e s e r v i c e requestsfromlocationswhereitdoesnothav eapresence.
Althoughcurrentbankcardfraudoperationsarenumerousandvaried,severals chemesaccountforthemajorityofthe industry’slossesbytakinga d v a n t a g e ofdate dtechnology,customernegligence,andlawspeculiartotheindustry.
(Hutchins, 2002) As cardbusiness transactions havebeingincreased i nr e c e n t years,s o t o o dof r a u d s Clearly,g l o b a l n e t w o r k i n g presentsa s m a n y ne w o p p o r t u n i t i e s forcriminalsasitdoesforbusiness.Whileofferingnumerousa d v a n t a g e s andopeningnewchannelsfortransactionbusiness,theinternethasalsob r o u g h t i n i n c r e a s e d p r o b a b i l i t y o f f r a u d i n c r e d i t c a r d t r a n s a c t i o n s C r e d i t c a r d frauddetectionisawidelystudiedresearchdomainin globaltofindtherootcausesoff r a u d B h a t l ae t a l
In 2009, various types of fraud were identified, including application fraud, which involves acquiring a credit card with false information, as well as stolen or lost cards, counterfeit cards, and card-not-present (CNP) fraud, where credit card details are used for distance purchases This study specifically focused on CNP fraud occurring through online transactions.
Most academic research on credit card fraud, particularly Card-Not-Present (CNP) fraud, primarily emphasizes detection techniques rather than the factors leading to fraudulent transactions These detection methods can be categorized into supervised and unsupervised approaches Supervised techniques utilize historical data of known legitimate and fraudulent cases to create models that generate suspicion scores for new transactions In contrast, unsupervised methods operate without prior knowledge of transaction legitimacy A notable study by Ghosh and Reilly (1994) employed a large sample of credit card transactions to identify fraudulent accounts.
Hanagandi,Dharan d B u e s c h e r ( 1 9 9 6 ) u s e d h i s t o r i c a l i n f o r m a t i o n o n c r e d i t c a r d t r a n s a c t i o n s t o generat e a f r a u d s c o r e model.A i h u a S h e n , R e n c h e n g T o n g a n d Y a o c h e n D e n g (2007)appliedforecastdat ausedforthefraudmodelsweremainlyfromthereal- timetransactionauthorizedinformationandhistorydatabase.
Card-not-presentfraudinHSBC
ThissectionpresentstherealityofCNPfraudinHSBCVietnamfrom2013t o 2 017bytwo symptoms:Thefirstsymptomisanincreaseinchargebackratioandthesecondisanincreas einthepercentageofCNPfraudtype.Therisesinvolumeo fnewcardissueandtheincr easingaccessibilitytotheInternetaregeneralbackg ro un dexplainingforsymptoms.
HSBC has observed a notable increase in new credit card issuance from 2017 to 2021, reflecting the significant shift in payment methods driven by modern technology Credit cards have become essential for daily transactions; however, credit card fraud poses a serious threat to both issuers and cardholders, resulting in millions in losses each year and undermining trust between users and issuers While fraudulent activities related to card-present transactions can be tracked more swiftly, the rise in Card Not Present (CNP) fraud through online and electronic methods continues to escalate, posing a substantial risk to participants Unfortunately, the implementation of chip and PIN technology has not effectively addressed this growing issue.
Fromeconomicperspective,anincreaseinCNPfraudcanbeexplainedb yth e increasingaccessibilitytotheInternet.VietnamfirstconnectedtotheInternetinNovem ber1997.Inthelast20years,VietnamhaswitnessedadramaticriseinthenumberofIn ternetusers.A nincreaseofVietnameseinternetusersisindicatedinF i g u r e 2.2
ThechartshowsatremendousincreaseinthenumberofInternetuserintheperi odshown.Vietnamhadapproximately52millionInternetuserin2017,a c c o u n t e d for54%Internetpenetrationrate,whichisabovetheglobalaverageof4 6
5 % T h i s p u t s V i e t n a m a t t h e t o p o f Asianc o u n t r i e s a n d t h e numb ersa r e e x p e c t e d tocontinuerisingatafastpace,thankstorelativelyflexibleb andwidthsservicesandlowcellulardatacost.Thisisapositivesignal foradevelop mentofpaymentindustry,particularlynon-cashpaymentindustry– theservicesbehindthes e n s e s ofE- commerce.However,anincreaseofpaymentprocessingwithoutkeepupdatedw it ht h e r ise o f s o p h i s t i c a t e d o f cybercrimelea ds t o a n i nc rease i n CNP f r a u d
Fromo r g a n i z a t i o n a l p e r s p e c t i v e , a n i n c r e a s e i n C N P f r a u d i s inve stigateda n d explainedbyacombinationofinternalandexternalfactorsdependingo neachbusinesses I n H S B C , a n i n v e s t i g a t i o n f o r thisp r o b l e m w i l l b e a p p r o a c h e d f r o m perspectiveoftransactionalbehaviour,systemauthentication,personalinformation se cu r i t y a n d l e g i s l a t i o n I n g e n e r a l , c r o s s - b o r d e r f r e q u e n c y oft r a n s a c t i o n a l b e h a v i o u r , i n a p p r o p r i a t e a p p r o v a l p r o t o c o l s i n f r a u d m o n i t o r i n g s y s t e m a n d applyingofsystemauthentic ation,lowerconsumerawarenessinpersonali n f o r m a t i o n securityandlackofonlinep urchasecomplianceinlegislationaremaincausesofanincreaseincard-not- presentfraudratio inrecentyears.Aninclusiveanalysiswillbedeeplyexplainedin Chapter3ofthisresearch.
Inordertomaintainandexpandcreditcardmarket,HSBC primarilyprotectsconsumersfromfraudulentcreditcardactivities,achargeback isinitiatedwhenacustomerdisputesachargefromunauthorizedmerchantsandasksthei ssuer(hereinH S B C ) t o r e v e r s e i t Itt a k e s 4 5 dayst o 6 0 daystoc o m p l e t e a d i s p u t e c a s e I n HS B C,d i s p u t e t r a n s a c t i o n s a p p l i e d i n c a s e ( i ) C a r d h o l d e r h a s n e i t h e r maden o r a u t ho r i z ed disputetransactions.Thecardwasincar dholderpossessionatthetimeoftransaction(ii)Cardholderdidnotmakeanyreser vationwiththemerchant(iii)C a r d h o l d e r h a s n e i t h e r m a d e n o r a u t h o r i z e d d i s p u t e t r a n s a c t i o n C a r d h o l d e r onlyauthorizedaspecifictransaction.Creditc ardchargebackswereoriginallyinventeda s aconsumerprotectionand,amercha nt'schargebackrateisgenerallycalculatedu s i n g thefollowingequation:
Eacho f t h e c a r d schemesimposest h e i r o w n m a x i m u m c h a r g e b a c k r a t e , knowna s a c h a r g e b a c k t h r e s h o l d T h e s t a n d a r d c h a r g e b a c k t h r e s h o l d is1 % o f transactionsinmostcases.
HSBCw i t n e s s e d a s i g n i f i c a n t i n c r e as e inch a r g e b ac k a p p l i c a t i o n s i n 2 0 1 6 an dr e a c h e d t h e p e a k i n 2 0 1 7 a t
(Figure2.3).Thisratiowascalculatedaccordingquantityo f c a s e s a n d c ha r g e b a c ka p p l i ca t i o n s w a s h a n d l e a n d r es p o n d e d m a i n l y bychargeback team,withnineh eadcountsforthisoperationfromDaNangtoHoChiMinhCity(8branches&transact ionoffices).Itcreatesaworkloadburdenforthist e a m influencingnotonlyinjobeffecti vebutalsoinjobsatisfaction.Therefore,itisn e c e s s a r y tourgentlyreviewcurrentfra udmanagementprocedures tosupportforo p e r a t i o n teamandadoptwithhigh- techfraudprevention.
Int h e paymentc y c l e , t hei s s u i n g b a n k i s t h e c u s t o m e r ’ s r e p r e s e n t a t i v e w h i l e theacquiringbankisthemerchant’s representativeincar dnetworks’associationsi n c a r d n e t w o r k s ’ a s s o c i a t i o n s ( o r c a r d s c h e m e s ) l i k e V i s a orMastercardandbeingcontrolledbymutualagreemento f paymentp r o c e s s i n g I n MerchantChargebackMonitoringProgram(MCMP)byVisa,firstnotifica tionofe x c e s s i v e chargebacksfor aspecificmerchant isconsideredawarn ing.Ifactions aren o t t a k e n w i t h a n a p p r o p r i a t e p e r i o d o f timet o r e t u r n c h a r g e b a c k r a t e s t o
CNP fraud Lost/Stolen Counterfeit 40
2013 2014 2015 2016 2017 acceptablel e v e l s , V i s a m a y i m p o s e f i n a n c i a l p e n a l t i e s ona c q u i r e r s t h a t f a i l t o reducee x c e s s i v e m e r c h a n t - c h a r g e b a c k r a t e s I n a d d i t i o n , i f t h e a c q u i r e r o r Mastercarddeterminesth atamerchantisanexcessivechargebackprogram(ECM)a n d theacquirerfailstosubmi tatimelyECMreporttoMastercardforthatECM,Mastercardmayassesstheacquire ruptoUSD500perdayforeachofthefirst15daysthattheECMreportforthatanECMisov erdueanduptoUSD1,000perdayth er eaft er untilthedelinquentECMreportissubmitted.
Notonlyi n H S B C , a r i s e i n o n l i n e r e t a i l m a r k e t a l s o c a u s e a h i g h e r l o s s valueinothercountries.AccordingtotheGlobalFraud Index™,global e- commercefraudpeakedduringtheQ42015andQ12016periodat5.5%ofsalesa nda s o f t h e Q 1 2 0 1 7 a n d Q 2 2 0 1 7 p e r i o d s t o o d a t 3 8 5 % o f s a l e s P u b l i c l y av ail able estimatesoftheactualcostofCNPfraudvaryconsiderably, withestimatesoftheglobalscaleofe- commercefraudlossesrangingfrom$25to$40b i l l i o n TheUS– thebiggestmarketofHSBCcardspendingiscurrentlyfacingasignificantincrea seinCNPfraudduetotheEMVrollout.Thereportoffraudtypefrom2013to2017isindi catedinFigure2.5
From 2013 to 2017, CNP fraud losses significantly decreased, while counterfeit loss dropped from 28.15% in 2013 to just 9.3% in 2017 This trend can be attributed to the implementation of the Europay Mastercard Visa (EMV) standard, which enhances chip-based security Additionally, before 2018, HSBC cards issued in Thailand adhered to HSBC group compliance, enabling HSBC Vietnam to leverage advanced technology in physical cards and reduce risks associated with information exposure.
Inconclusion,ontheriseoftheE- commerceindustryi n Vietnamandst rat egy o f e x p a n d i n g r e t a i l markets h a r e , t h e g r o w t h o f CNPi s ani n t e g r a l p a r t u nless u p g r a d i n g r i s k m a n a g e m e n t B e c a u s e theh i g h e r t e c h n o l o g y ist h e m o r e sophisticatedofcybercrim eincreases,hence,causesandaccordingimplementationst o improveC N P f r a u d p r e v e n t i o n s h o u l d b e t a k e n i n t o c o n s i d e r a t i o n a n d investigate.
CNPfraudmanagementinHSBC
Accountatriskprocedure
Accountatriskmeanscardhaspotentialfraud.Thiscardisgivenbasingonmo n it o ri n g systemfromVisaandneedtobereplacedassoonaspossibletoavoidr i sk
10c a s e s e a c h w e e k b u t sometimei t ismorethan100cases.Ifthatisashortlist- lessthan20cases-
HSBCwillcontactwith customerbyphonetoadvicenewcardrightafterreceiv ing.Ifthatisalonglist , card s willbeblockedimmediately( e x c l u d e cardis inoverseas trip)andconnectiontocustomerwilldoafterthat.
Checkc u r r e n t c a r d i n f o r m a t i o n o n system,i f o n e o f elementl i k e : c a r d number,expirydateorCVVchangednoactionsofar.
Ifu nab le tocontact customerbyphoneteamwillblockcardand a n emaila lertwillbesent.
Advise to replace card Block card for security, send email
You can cancel your old card and receive a new one at no charge To enhance security, set your card to a special status that limits each transaction to under 10 million VND If any transaction exceeds this limit, our fraud monitoring system will trigger an alert, and the card will be automatically blocked to prevent unauthorized use.
Customers reply email or call back agree to replace cardCard will be blocked until reaching and get agreement to replace card from
Inconclusion,becausemostofcasesappliedaccidentalreviewarereceived throughVisaalertsystem,somecasesweretriggeredbyAntiMoneyLaundering( A M L t e a m ) b u t bya c c o u n t a t r i s k p r o c e d u r e s T h e r e f o r e , fromt h e B a n k perspe ctive, itis essentialtoimplementinternal corporate policiesthat helpidentifyf r a u d casesandalertbacktoVisaCorporation.
Fraudriskmonitoringsystem
HSBC Vietnam employs a sophisticated fraud monitoring system to safeguard customer credit card accounts from fraudulent activities This system identifies potentially fraudulent payment card accounts by analyzing transaction data received from external sources Utilizing a neural network model, it calculates fraud scores based on patterns of fraudulent behavior and individual card usage profiles, creating "cases" for suspicious accounts Fraud analysts review these cases, while other users manage administrative tasks and establish rules to enhance the analysis of payment card data, ensuring a robust defense against fraud.
Popedupcasesinsystem:The transactionswhich isevaluatedpotential frau d.Itincludestransactionismadebychip,byswipeandcardnotpresent.
Potential fraud indentifications:Based on the natureoftransaction,hisoryofcardandhabitualofcustomer.Forexample:At8AM15O ctcustomermadepurchasingtransactionatmerchantbyc h i p (cardmustpresent)inVietn am,9 PManothertransactionhappenedinUSbyswipingcard.Itisunablebecausetimetofli ghtfromV i e t n a m toUSis24hours,sohowcancustomerdoesit?
Certainlya fraudtransactionwasdone.Thereforethesecondtransactionwillbedisplayedo nt h e m o n i t o r i n g systemforfutheraction.
Firstly,HSBCneedstolookalltransactionsofcustomerwithin4months.Ifthereisc o n f i r m a t i o n thatno fraud fo r the same merchantorcu st ome r inform transaction b e f o r e doing,casewillbeclosed.Ifnothingisonrecord,movetothenextstep
If HSBC is unable to reach customers for confirmation, the case will be set to "pending" status and monitored for fraud Specifically, cases related to Card Not Present (CNP) transactions must be addressed within 24 hours, with analysts required to check the card every 6 hours If no new transactions occur within this timeframe, the case will be closed with the status "unable to confirm," and an email alert will be sent to the customer Conversely, if new transactions arise, they will trigger a review, leading to the card being blocked for security reasons Analysts must adhere to over 20 established rules, although they can take immediate action, such as blocking a card, in certain situations where prior fraud has been confirmed Additionally, the system reserves the right to automatically refuse transactions deemed "very high risk" before they are processed.
Fromthebankperspective,thissystemhelpstodetect,alertpotentialfrau dtransactionsforanalysttakeactioninordertopreventloss.T he reportsfromthi ssy st em cansupport thebankfind thetrend o f fraudulence tominimiselost va luealso.Thissystemreceiveshighappreciationfromcustomerbecauseithelp sthemp r o t e c t moneyandstopfaketransactions.
Inconclusion,alerttransitionssystemprovidedbyVisa,Masterandaccountatr i s k a r e c r u c i a l p a r t s t o b u i l d f r a u d monitoringsystem.H o w e v e r , f o r C N P transactionprotection,customerdatainformationisthemostfactorsmustbef o c u s e d a ndregularlysecuredandbackedup Atpresent,a policywhichformulatessuspiciousaccountsneedtobemodifiedandprovidedtoadoptwit hsophisticatedfraudnowadays.
Othermethods
Sw h i c h i s s e n t t o p r i m a r y c a r d h o l d e r ' s m o b i l e p h o n e w i t h i n 1- 3minutesa f t e r a transactionontheirc a r d ortheirs u p p l e m e n t a r y card(s)isappr oved.Thisi s a commonnotificationthatcustomersawareabouttransactionpaymentinth eircreditc a r d I n H S B C , S M S a l e r t i s p r o v i d e d w i t h o u t f e e a n d a p p l i e d for a l l l o c a l a n d fo r eign retailpurchasessuccessfullymadeatmerchants,onlinetransactions, MOTO
- mailordersandtelephoneordersandcashadvances.Customercanchangephonenu mberbycontactingservicehotlineorviainternetbanking.Rightafterreceivingap provalcodefromcardsystem,anSMSwillbegeneratedandsent,soithelpsfindoutsuspicio ustransactioninshortesttime.
However,thereare somedisadvantages inthisservicethatcausecustome rd o e s n ’ t receivetransactionnotificationimmediately.Infact,roamingservice mustb e turnedonifcustomerisinoverseas.For thetypeofrecurrent transactionsuchasr e n e w a l membershipfee,paylatertransactionortransactionwithon eauthorizationc o d e l i k e U b e r , F a c c e b o o k o r G r a b , h e r e w i l l b e n o S M S a l e r t a s f o r t h e s e c a s e customerisinformedthepaymentbeforeithappen.WhileatUb er,FaccebookorG r a b , itisconvenientforcustomerstoidentifyorre- checktransactionwithmerchants,thetypeofrenewalfeeorsubscriptionchargeform embershipservicei s difficultforbothHSBCandcustomerbecausethiscondition normallyindicatesi n T e r m a n d C o n d i t i o n w h e n c u s t o m e r o r i n f o r m a t i o n i s r e g i s t e r e d m e m b e r s h i p account.
Atpresent,customerservicehotlineisthedepartmentsupportcustome rdothat ,thatisthereasonwhytheyworks24/7.IncaseofCNPfraud,reportlost/ stolenc a rd s o l u t i o n c a n t e m p o r a r y customers noc o n f i d e n t a b o u t c a r d infor matione x p o s u r e A l l n o t i f i c a t i o n o f l o s t o r s t o l e n c a r d , i n writing,byt e l e p h o n e o r ortherwise,mustbeprocessedimmidiaetlyandrecordedinfilebeforeverifying.
Ingeneral,Callagentwillblockandrecored lostorstolencases.Thisserviceisf r e e o f c h a r g e , a r e c o r d s h o u l d b e k e p t byt h e C o n t a c t c e n t e r s e r v i c e o f t h e numberoftimesacardholderhaslosthiscardor reportedthemstolen.Thei n f o r m a t i o n , whichismecessarytomonitorthepossibilityof acardholdersellingorf r a u d u l e n t y usi ng h i s c a r d a f t e r h a v i n g r e p o r t e d i t a s m issing,m u s t b e p a s s e d t o o t h e r departmentonasmoothlybasisforadditionalr eview.Ifcardholderfraudissuspected, investigationmustbeconducted,theaccountcancelledimmediately,anda policereportmad e,ifnecessary.
Afterblockcard,cardtransactionsarecancelledduetolost/ stolenmustbeadd ed “w anri ng ” statuson Visaonlie, a system belongs to
VisaCorporation, to alertto merchantincasecardisusedafterthat.Cardcanceledbecauseofcounterfeito rf r a u d havetoupdateonVisasystemaswellasreporttoHSBCRegionforinvestigation.
R e p l a c e m e n t o f c a r d s w i l l b e a d v i s e d a f t e r customerr e p o r t lost/ stolen.ThefeeVND200,000willbeappliedforthisservice.
Inconclusion,becausecustomerisprotectedbytherightof“Zero- liability”i f theyholdscardatthetimetransactionhappens.However,forCNPfraud,con ditionso f physicalc a r d i n i n v a l i d b u t i n f o r m a t i o n e x p o s u r e I n addition,t h e p e r c e n t a g e o f c u s t o m e r r e p o r t l o s t / s t o l e n r e p l a c e t h e i r c a r d i s j u s t 2 7 % i n 2 0 1 7 acco rd in g to reportfromCallCenter.Hence,alimitationhereisadditionalstepstoincreasep e r c e n t a g e o f r e p l a c e d c a r d a f t e r reportl o s t a n d m i t i g a t e r i s k o f c a r d i n f o rmat i on exposure.
Thischapterpresentscausesanalysisresult,whichisapproachedfromper spe ctive oftransactionalbehaviour,systemauthentication,personalinformationse c u ri ty a n d l e g i s l a t i o n A n a l y s i s r e s u l t i s b a s e d o n H S B C d a t a , c o n d u c t i o n o f s u r v e y a n d p r e v i o u s t h e o r i e s I n g e n e r a l , c r o s s - b o r d e r f r e q u e n c y o f t r a n s a c t i o n a l b e h a v i o u r , i n a p p r o p r i a t e a p p r o v a l p r o t o c o l s i n f r a u d m o n i t o r i n g s y s t e m a n d applyingofsystemauthenticati on,lowerconsumerawarenessinpersonali n f o r m a t i o n securityandlackofonlinepur chasecomplianceinlegislationaremaincausesofanincreaseincard-not- presentfraudratioinrecentyears
Cross-borderfrequenceintransactionalbehaviour
Transactional behavior is defined as the characteristics of card-not-present transactions conducted with credit cards This theory aims to assess whether variations in transaction characteristics influence the potential for fraud Key variables in transactional behavior will be analyzed through transaction data, encompassing overall transaction statistics, regional statistics reflecting usage across different geographical areas, and daily transaction amounts Specifically, the analysis will focus on geographic locations, purchase volumes, currency details, transaction amounts, transaction ownership, and transaction frequency.
Thegrowingofnewcardissuenumberandtransactionsthroughcreditcardi s s i g n i f i c a n t inr e c e n t years,a n d i t i s veryd i f f i c u l t f o r H S B C t o p r o c e s s t h e massiveamountofdateefficiently.Frauddetectionhasbeenusuallyseenas adataminingp r o b l e m w h e r e t h e o b j e c t i v e i s toc o r r e c t l y c l a s s i f y t h e t r a n s a c t i o n s aslegitimateorfraudulent.Dataminingtechniqueisthebestapproac htoexplorehuged a t e e f f e c t i v e l y t op r o d u c e t a n g i b l e r e s u l t s T h i s t e c h n i q u e playsa m a j o r r o l e i n d a t a t r a c k i n g o f f r a u d m o n i t o r i n g s y s t e m T h e r e a r e d i f f e r e n t miningt e c h n i q u e s usedtouncoverthehiddeninformationfromavailablestructuredandunstructure ddatabecauseeveryindividualhavedifferenttransactionalbehaviour.
Cross-borderE - c o m m e r c e i s e x p e c t e d tog r o w b i g T h e n u m b e r o f Vietnamesea c c o u n t s o n A l i b a b a w a s 5 0 0 , 0 0 0 i n 2 0 1 6 , w i t h 1 0 0 , 0 0 0 a d d i t i o n a l a c c o u n t s e v e r y years i n c e t h e n V i e t n a m e s e buyersc o n s u m e f o r e i g n g o o d s a n d servicesinlargernumbersthanforeignbuyersconsumegoodsandservicesfromViet nam.A c c o r d i n g tot h e V i e t n a m E -
C o m m e r c e A s s o c i a t i o n , t h i s t r e n d c a n b e e x p l a i n e d bythreefactors.Fir st,foreigngoodsaremorevariedandmorelikelytomeetd o m e s t i c c u s t o m e r s ’ n e e d s S e c o n d , V i e t n a m e s e E - commercew e b s i t e s a r e g e n e r a l l y distrustedwhilereputablenamessuchasAm azon,AlibabaandRakuten,a r e perceivedas moretrustworthy.Finally,shipping fromoverseastoVietnamisl e s s costlythantheotherwayaround.Severalactionsh avebeentakentofacilitateE- commercetoandfromVietnam.AmazonhavepartneredwithVECOMtoprovidet r a i n i n g f o r Vietnameses e l l e r s o n h o w t o e f f i c i e n t l y s e l l o n Amazon.M oreover,theMinistryofIndustryandTradehasproposedvariouspoliciesf a v o u r a b l e toE-commerceinthehopethatitwillboostcross-borderE- commercebet ween Vietnamandothercountries.
Fromgeographicalperspective, on li ne domestic transactions(inclu dingf o r e i g n firmsinstalledservers inVietnam)accountedfor80%ofalltrans actions,b u t j u s t a p p r o x i m a t e l y 3 0% o f f r a u d u l e n t t r a n s a c t i o n s C r o s s - b o r d e r t r a n s a c t i o n s , e s p e c i a l l y intheUSmadeupfor8%ofalltransactions,butn early40%offraudulenttransactions,followingbyEurope,ChinaandAsia-
(HSBC,I n t e r n a l F r a u d r e p o r t 2 0 1 7 ) T h e r e f o r e t h e f r e q u e n c y ofc r o s s - b o r d e r t r a n s a c t i o n s andc r o s s - b o r d e r c o n s u m e r h a b i t i s o n e mainc a u s e s o f C N P f r a u d a p p r o a c h oncre ditcard.
Anothercharacteristicoftransactionalbehaviourtakenintoconsiderationismer chanttype.Awide- rangefunctionmakescreditcardbecomeapreferabletargeto f cybercrime.Inthecentur yofinformationtechnologyrevolution,payment
0 methodhasmovedfromphysicaltodigitalandcreditusagedemandhasincreasedsi gnificantly Areport conducting CNPfraudconcerningmerchant typebase dondisputeapplicationsshowssubscriptionserviceaccountedthelargestproporti onofC N P ratiobymerchanttype,followingbydigitalservicepaymentanda c c o m m o d a t i o n
2 0 1 6 O v e r a l l , thef i g u r e f o r s u b s c r i p t i o n s e r v i c e r e c o r d e d t h e h i g h e s t p r o p o r t i o n ofCNPfraudclassifiedbymerchanttypeinperiodshown.Whilefraud r a t i o n insubscriptionserviceincreasedintheperiodshown,theremainingfigures
Digitalm a r k e t i n g , d i s t a n c e l e a r n i n g d e v e l o p m e n t a n d p a r a l l e l importe n c o u r a g e cardholderutilizecreditcardasconvenientregistrationand payment.In
Weekly online shopping Payment ownership Cross-border payment frequency
Oversea frequency with higher value
Oversea frequency with lower value
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Strong disagree Disagree Neutral Agree Strong agree
HSBC subscription service disputes arise when cardholders claim unauthorized charges for memberships or payments made to websites, particularly in categories such as Kindle, LinkedIn, dating sites, and trading forums These disputes predominantly involve digital services, which include internet-based offerings like websites, hosting, VoIP, content streaming, and e-commerce access High rates of dispute applications are noted for merchants like Google, Facebook, and iTunes Additionally, accommodation disputes typically relate to booking issues, cancellation fees, or unauthorized double payments.
Figures3.2illustratesabouttransactionalbehaviourwhencustomerpurchas eo n li n e Averysizeablemajority ofrespondent agreesandstrongagreest h a t they oftenu s e c r e d i t c a r d t o b u y onlinei n d o m e s t i c w e b s i t e , t h e p e r c e n t a g e i s a p p r o x i m a t e l y 80%.Withregardtoforeignonlinetransaction,
Transactionalbehaviourfactorisakeyvariableof researchesregardingCNPf r au d i n v e s t i g a t i o n a n d p r o t e c t i o n I n p a r t i c u l a r l y , g e o g r a p h i c a l s t a t i s t i c a n d merchanttypeareproveditsimpactinanincreaseoffra udattackoncreditcard.
Firstly,EkremDuman&M.HamdiOzcelik(2011)indicatedthatlocalandtr ansnationalcriminalgroupsareverydynamicintheirstructureandapproaches,a n d t h e f r a u d s t e r s s t a r t t o b e h a v e m o r e a n d m o r e s o p h i s t i c a t e d S o w h a t i s n e e d i nd eed isamorerobustsolutionwhichisnotbasedonlyonthebehaviourofthe fr au d st er s b u t o n t h e b e h a v i o u r o f c o n s u m e r s a l s o M o s t c u s t o m e r s h a v e t y p i c a l behaviours inusingtheircardanddonotchangefrequently,thustypicalb ehaviouro f eachcustomercanbedefinedandanyincomingtransactioncanbecompa redtothattypicalbehaviour.Ifitseems tobeunusual,it canbe alertedasapossiblefraudcase.
P r e v e n t i o n u s i n g A d v a n c e d t r a n s a c t i o n Exploration)t o t a c k l e c r e d i t c a r d t r a n s a c t i o n f r a u d bym a p p i n g p a s t p u r c h a s i n g patternsandc ustomerbehaviourintomeaningfulfeaturesandcomparethosef eat ures w i t h t h e c h a r a c t e r i s t i c s o f a n e w , incomingt r a n s a c t i o n S u p e r v i s e d d a t a minin gtechniqueswasappliedformodeldetection.
Duman and Ozcelik (2011) focused on minimizing fraud loss by redefining the levels and weights of behavioral parameters Their study aimed to enhance the customer behavior module of an existing solution by evaluating various behavioral variables If a variable's value exceeds the average plus a specified number of deviations, a suspiciousness point (weight) is assigned The variables were categorized into four groups: general transaction statistics, regional statistics, daily transaction amounts, and excluded statistics related to merchant category codes (MCC) and transaction countries The research highlighted the relative importance of these variable types, as illustrated in Figure 3.3 Additionally, the US Payment annual report on card-not-present fraud revealed global fraud rates by merchant type, showing that subscription service merchants have the highest fraud rates for CNP transactions worldwide.
Other Services, excl Digital Goods travel
Source:Card-not-presentfraudaroundtheworld,USPaymentForum,2017
Transactions generate a suspicion score, indicating the likelihood of fraud, which ranges from 0 to 1 Each card profile comprises various variables that reflect the card usage behavior, such as spending habits related to geographic locations, times of the month, hours of the day, and merchant category codes (MCC) that identify the type of merchant involved These variables are utilized to develop a model for fraud detection systems, enabling them to identify fraudulent activities that significantly deviate from stored card usage profiles By comparing transaction data with historical patterns, financial institutions can predict the probability of fraud for new transactions, providing a scientific basis for authorization mechanisms Additionally, resources can be directed toward more suspicious transactions to effectively reduce fraud levels.
Behavioral data mining techniques have been introduced to detect credit transaction fraud by analyzing differences in transaction behavior This approach is categorized into two models: the Personalized model and the Aggregate model, both utilizing the same data collection methods Data is gathered through online questionnaires, capturing essential details such as credit card number, transaction number, card expiry date, merchant category, purchase volume, currency information, transaction amount, transaction time, transaction frequency, and credit score This collected data serves as the training set for both models to identify key factors associated with suspicious transactional behavior Furthermore, this research can be expanded to include card-present transactions by analyzing customer purchase patterns alongside additional information, including the location of card usage relative to its issuance location.
Inconclusion,transactionalbehaviourisamainfactortokeeptrackofCNPf ra ud Ontheriseofcross-bordere-commerce,thegrowthinthefrequencyofcross- b o r d e r transactionsorconsumerhabitandwide- rangeusageofcreditpaymentaremaincausesofanincreaseinCNPratioin2016,2017.
Inappropriateapprovalprotocolsinfraudmonitoringandsystemauthentication 43 3.3 Lowerconsumerawarenessinpersonalinformationsecurity
Systemauthentication h e r e i n i s d e f i n e d a s t he a d d i t i o n a l v e r i f i c a t i o ns t e p s customersp e r f o r m af ter i n p u t t i n g c r e d i t c a r d d e t a i l s d u r i n g o n l i n e o r o t h e r t y p e s c a r d - n o t - p r e s e n t t r a n s a c t i o n p a y m e n t p r o c e s s i n g T h e p r i m a r y p r o b l e m o f C N P transactionisthatthereisnowaytoverifyifthepurchaser,givingoutthei n f o r m a t i o n , istheactualownerofthecard.Sincethetransactiondoesnotrequirethep hysicalcardandovertheInternetwouldrequirenothingmorethancorrectlyf i l l i n g o u t t h e b l a n k s int h e o r d e r f o r m , t h e r e i s n o r e a l waytoc h e c k t h e a c t u a l identityofthepurchaser.Anyverificationquestionscouldhavetheiranswersstolenr i g h t alongwiththecreditcardinformation.Theobjectiveofsystemauthenticationi s toredu ceCNPfraud,sointhistheory,anincreaseincustomerawarenessabouttechnicalpay mentprotectionleadstoareductioninfraudrate,andareductionin
Cardf r a u d d e t e c t i o n systemsa n d frauds c r e e n i n g t o o l s i n c l u d i n g o n l i n e systemsa r e us e d f o r t h e p u r p o s e o f t h e effectivep r e ve n t i o n o f C
N P f r a u d for e- merchants,b a n k s and payments e r v i c e p r o v i d e r s T he b a s i s of t h e s e sys te ms andi n s t r u m e n t s aredifferenttechniquessuchas:decisiontrees,GeneticAlgorithmsa ndo th er a l g o r i t h m s , Ne u r a l N e t w o r k s, t h e H i d de n M a r k o v M o d e l an d o t h e r s T h e r e a r e waystocombatchargebacks.Anobviousmoveistighteningtrans actionsecuritybya d d i n g t o o l s t o verifyt h e c u s t o m e r ’ s i d e n t i t y , s u c h a s c r e d i t c a r d information T h e t w o t r a n s a c t i o n v a l i d a t i o n t o o l s s c h e d u l e d t o b e deployedmostof ten aree-mailaddressvalidationandpayerauthentication(3DS).
Paid- for public records services
Email Adress validation Google Map lookup
Telephone number verification / reverse lookup
Currentlyin use Plan toaddin12months
Source:Card-not-presentfraudaroundtheworld,USPaymentForum,2017
AVSisaneffectivesecuritymeasureto detectonlinefraud.Whencustomersp u r c h a s e items,theyneedtoprovidetheirbill ingaddressandZIPcode.AnAVSwill checkifthisaddressmatcheswithwhatthe cardissuingbankhasonfile.Parto f acard-not- present(CNP)transaction,thepaymentgatewaycansendarequestforu s e r verificationtotheis suingbank.TheAVSrespondswithacodethatwouldhelpthemerchantunderstandifthe transactionishasafullAVSmatch.Iftheydon’tmatch,moreinvestigationshouldb ecarriedoutbycheckingtheCVV(CardV e r i f i c a t i o n V a l u e ) , e m a i l a d d r e s s , I P a d d r e s s o n t h e t r a n s a c t i o n o r a l l o w yourpaymentgatewaytodeclinethe transactions
TheC V V ( o r C a r d V e r i f i c a t i o n C o d e ) i s t h e 3 o r 4 - d i g i t c o d e t h a t i s o n ev er y creditcard.Thecodeshouldneverbestoredonthe merchant’sdatabase.ACVVfilteractsasanaddedsecuritymeasure,allowing onlythecardholdertousethecardsinceitisavailableonlyontheprintedcard.
3DS e c u r e : 3 D S e c u r e i s a n e w t e c h n i c a l s t a n d a r d c r e a t e d byV i s a a n d MasterCardtosecurecard-not- presenttransactions.Thesystemverifiesthebuyer’si d e n t i t y byrequestingapersonalc ode,usuallysentasatextmessageoremailwitha one- timePIN.“3D”standsfor“3DomainSecure,”becauseitverifiesthethreep a r t i e s inthetransaction:thevendor,thebank,andthecreditcardcompany(Visao r M asterCard).Italsoexcusesfraudliabilityformerchantsthatusethesystem.
Devicei d e n t i f i c a t i o n : I t p r o f i l e s t h e o p e r a t i n g system,i n t e r n e t c o n n e c t i o n a n d b r o w s e r t o g a u g e i f t h e o n l i n e t r a n s a c t i o n h a s t o b e a p p r o v e d , f l a g g e d ord eclin ed Alldevices(phones,computers,tablet s,etc)haveauniquedevicefingerprint, similart o t h e f i n g e r p r i n t s o f p e o p l e , t h a t h e l p s i d e n t i f y f r a u d u l e n t p a t t e r n s andassessriskifany
Fraudm o n i t o r i n g : A n o t h e r i n n o v a t i v e a p p r o a c h t o f i g h t i n g c h a r g e b a c k s i s identifyingp o t e n t i a l l y f r a u d u l e n t t r a n s a c t i o n s i n r e a l t ime.U s i n g a c e n t r a l i z e d d a t a b a s e ofconfirmedfraudinformationreporte dbycreditcardissuers,merchantsc a n querythesystemtoverifycreditcardtrans actionsinrealtime,givingthemaw i n d o w tostopthesaleandrefundthemoneyb eforethechargebacktakesplace.Insteadofincurringlossesduetochargebacks,m erchantspayanominalfeeforthed a t ab a se s e r v i c e tov a l i d a t e t r a n s a c t i o n s i n a d v a n c e , s a v i n g t h o u s a n d s o f d o l l a r s , eliminatingchargebackdisputes,andimprovin gthecustomerexperience.
RiskCountries:Ifyouareshippingitemsoverseas,youneedtoe x e r c i s e greaterrest rictionforsuchorders.Paymoreattentiontoordersmadefromc o u n t r i e s consideredto be“high- risk”.Customersinthesecountrieshavetocalltheco mp a n y toverifytheiridentitiesbeforet heirtransactionsareprocessed.Accordingt o t h e O n l i n e FraudGuide,someofthecountries withthe highestonline fraudrates
RiskScoring:Riskscoringtoolsarebasedonstatisticalmodelsdesignedtoreco gnizefraudulenttransactionsbasedonanumberofrules.Whenapaymentisd o n e o n yourwebsite, the toolswill indicatethe probabilityofthetransactionbeingfr au d u len t Ahigherprobability ofatransactionbeingfraudulentindicatesthatyoushouldverifytheorder.
Iti s c l e a r t h a t C a r d V e r i f i c a t i o n ( C V V ) a n d A d d r e s s V e r i f i c a t i o n S e r v i c e (AVS ) a r e moste f f e c t i v e t o o l s w h i c h p r e v e n t m o r e t h a n 5 0 % off r a u d c a s e s H owever CVVistheinformationonphysicalcreditc ardanditalsoaeasiestwaythatfraudsstolesuchinformation,especiallyincasec ustomernothighawarenessa b o u t fraudrisk, henceCVVandAVSarethemosteffectivetoolsbutalsothemost vulnerabletools.Th is is areason whataba ck - up techniques alwaysnecessary toa d o p t withcyberfraud.
InanattempttoreducethemerchantandconsumerriskoffraudulentCNPt ransactions,paymentcardmanufacturershaveaddedothercardholderverificationme thodsandfraudmonitoringsteps.Se ver al well- knownauthenticationsolutions f o r mobileCNPtransactionsarecustomer- facing,suchasusernameandpassword,C V V 2 , V i s a /
MasterCard SecurePay, also known as 3D Secure Code, along with knowledge-based authentication (KBA), one-time passwords (OTPs), and out-of-band authentication (OOBA), are essential methods for secure online transactions Additional techniques include device and location-based authentication, such as device ID, geolocation, and biometrics like fingerprints, as well as data verification, risk-based authentication (RBA), and behavioral analytics Strong authentication practices advocate for multi-layered or multi-factor authentication (MFA), which combines various authentication methods to enhance security By employing layered authentication, such as combining a username and password with KBA, organizations can create a robust defense against unauthorized access to physical locations, computing devices, networks, or databases If one authentication factor is compromised, multiple barriers remain to protect sensitive information Despite the variety of solutions available, authentication remains the most significant fraud challenge that merchants and issuers face in online trading.
Toidentifyhowcustomersunderstandand applysupportiveauthentic ationmethodin creditcard payment for onlinetransaction, the author conducted asurveyw h i c h interviewcardholderslivinginHCMCandtherespondentsurveyonf actorso fsystemauthenticationisindicatedinFigure3.8
Strong disagree Disagree Neutral Agree Strong agree
Thef i g u r e 3 8 i l l u s t r a t e s r e s p o n d e n t a c k n o w l e d g e m e n t o f s y s t e m authentication.Ingeneral,3Dsecurepayingreceivedhighestattentionw hileackno wledg e encryptedwebsitereceivedtheleastattention.Theratingof3Dsecurep ay overneutralisabout70%,andnearly50%ofrespondentsagreethattheyoftenu s e V i s a /
Master Secure Pay (3D Secure code) is essential for online payments, yet over 50% of respondents do not recognize that encrypted websites (HTTPS) are safer than those using HTTP OTP Secure Pay is a familiar authentication method for cardholders, while callback authentication used by banks received over 70% ratings ranging from strong disagreement to neutral acknowledgment This highlights the need to enhance consumer awareness about encrypted website domains, as it presents a cost-effective approach for banks and customers alike Improving consumer knowledge is crucial, as discussed in Chapter 4, to ensure safer online transactions.
Inconclusion, sys te m authentication playsa mainrole i n fraud pr eve n ti on a n d protectiontoreducefraudratioinHSBC.Therefore,HSBCITdepartmentmustma kesurethateveryworkstationandInternet-enableddeviceusedinthecompany
Credit card for online shopping
Pulic information Replacing card if information disclosed
Lock mobile phone Set payment on mobile app
Use same password Purchasing on famous website
0%10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Strong disagree Disagree Neutral Agree Strong agree hasa f i r e w a l l t h a t i s e n a b l e d A f i r e w a l l b l o c k s a l l c o m m u n i c a t i o n fromunauthorized sources.Arecommendationaboutsystemauthenticationmodifi cationtoadoptadvancedauthenticationtechniquesissuggestedtoreduceCNPfraudrati oinHSBC.
PersonalInformationsecurityhereinisdefinedastheconsumerbehaviour sr eg a r d i n g topersonalinformationandcreditcardinformationprotection.Per sonali n f o r m a ti o n i s i n f o r m a t i o n t h a t a b o u t i d e n t i f i e d i n d i v i d u a l o r i n d i v i d u a l w h o i s r e a s o n a b l y identifiable.Inaddition,nowadaystheworld’s mostvaluableresourceisn o longeroil,butdata,especiallypersonaldata.Themaj orityofcreditcardfraudt a k e s playso n l i n e byu s i n g a victim’sc a r d numbers,e x p i r y d a t e a n d s o m e t i m e s e c u r i t y codetoacquiregoodsorservices.“Chip
Thef i g u r e 3 9 i l l u s t r a t e s h o w r e s p o n d e n t a w a r e o f p e r s o n a l i n f o r m a t i o n security.Itisclearlythatpurchasingonfamouswebsitean dafrequencyinusingc r e d i t c a r d f o r o n l i n e s h o p p i n g a c c o u n t t h e v a s t m a j o r i t y inr e s p o n d e n t a n s w e r s Anothernoticeablepointisrespondentanswerabo ut howoftentheylettheirphoneunlockedwhennotusingit(lockmobilephone),averysizea blemajority(90%)ofintervieweestheydon’tlettheirphoneunlockifnotusingit.Fromaut horp e r s p e c t i v e , thisnotbecauseofpersonalhabit,itisbecauseofmobilefunction.
However,thefigure3.9alsoindicatesaconcernaboutreplacingcardchoiceifcus tomerb e l i e v e s orw o r r i e s i n f o r m a t i o n d i s c l o s e d Asmentioni n c h a p t e r
3 , r epl acin g cardisoneofmandatorystepifcreditcardhitriskrulealertbysystemofen c o ur ag ed stepaftercustomerrepostlostorstolencard.Inthefirstsituation,creditc a r d willb ereplacedwithoutfeewhileinnextsituation,replacementfeeisVND
200.000forbothmainandsupplementarycardexcludingPremiercreditcard.Thisf e e i s h i g h e r c o m p a r e t o somec o m p e t i t i v e i n t e r n a t i o n a l b a n k s , f o r i n s t a n c e , C i t i Ban kreplacementcardfeeisVND100.000,Standard
CharteredisVND50.000,andinlocalbank,cardreplacementfeeisaroundfromVND50 000toVND100.000.Afeeisamainreasonthatmostcustomersstillunlockcardaf tertheyfindouttheirc a r d , evenitwaslostinpublicplaces.However,banktariff changeinHSBCwasapprovedbygroupcompliance,thatwhyfromriskmanageme ntpolicy,theauthornotrecommenditasimplementations, insteadofit, areco mmendationenhancingcustomera w a r e n e s s w i l l b e a p p r o a c h e d t h i s p o i n t t o e n c o u r a g e consumert a k e paymentinformationprotectioninconsideration.
Anotherriskyb e h a v i o u r i s u s i n g t h e samep a s s w o r d f o r a l l o n l i n e membershipaccounts.Nearly40%ofintervieweesagreeandstrongagreethattheyo f te n usethesamepasswordforallonlinemembershipaccountwhileonlya p p r o x i m a t e l y 7%disagreeorstrongdisagreeaboutusingsamepasswordforregistrationaccou nts.Inaddition,theawarenessofpublicpersonalinformationandsettingpaymentonmobi leapplicationisquitelow,withalowlevelofrespondent,a r o u n d 20%strongdisagreeordi sagreeforthosehabits.
Inthisrespondentresult,itisnoticeablethatcreditcardforonlineshoppingis reallyhighwhiletheirawareness ofpersonal informationremainsatlowlev el.O n t h e r i s e o f o n l i n e marketa n d d e m a n d f o r c r e d i t c a r d p a y m e n t , ift h e r e i s n o ch an g e inadvancedauthenticationsystemandconsumerawareness,r i s k ratewillincreaseandcausehigherchallengeforHSBCriskmanagement.
Ther a p i d g r o w t h o f c r e d i t c a r d u s a g e o n t h e i n t e r n e t h a s m a d e d a t a b a s e securitylapsesp a r t i c u l a r l y costly;i n som e cases, millionso f a c c o u n t s have b e e n c o m p r o m i s e d S t o l e n c a r d s c a n b e r e p o r t e d q u i c k l y byc a r d h o l d e r s , b u t a co m p ro m i s ed a c c o u n t c a n b e h o a r d e d bya t h i e f f o r w e e k s o r monthsb e f o r e a n fr au d u len t u s e , makingi t d i f f i c u l t t o i d e n t i f y t h e s o u r c e o f t h e c o m p r o m i s e T h e c a r d h o l d e r mayn o t d i s c o v e r f r a u d u l e n t u s e u n t i l r e c e i v i n g a b i l l i n g s t a t e m e n t , which maybedeliveredinfrequently.Thatiswhycardh oldersneedtochecktheiraccountdailytoensureconstantawarenessincasethere areanysuspicious,unknowntransactionsoractivities.(Sriganesh,2008)
Theobjectiveofpersonal information securityistoreduceCNPfraud ratethroughconsumerbehavioursandfraudawareness.I n t h i s theory,a n i n c r e a s e i n c ustomerawarenessaboutpersonal informationprotection leadstoareducti oninf r a u d r a t e , a n d a r e d u c t i o n i n f r a u d s h o u l d meana r e d u c t i o n i n c u s t o m e r f r a u d e x p e r i e n c e s t h r o u g h c a r d - n o t - p r e s e n t t r a n s a c t i o n s P e r s o n a l i n f o r m a t i o n s e c u r i t y v a r i a b l e s w i l l b e c o n d u c t e d t h r o u g h c o n s u m e r b e h a v i o u r s w h i c h r e g a r d s tot h e i r a w a r e n e s s aboutprotectingpersonalandcreditcardinformationindailylife.
Globalc o n s u m e r c a r d f r a u d r e p o r t i n 2 0 1 6 i n d i c a t e d t h a t c o n s u m e r behaviourh a s somei m p a c t s onw h e t h e r s o m e o n e b e c o m e s a victim.T h e surveyq u e s t i o n e d c o n s u m e r s o n w h e t h e r theyh a d e n g a g e d i n f i v e d i f f e r e n t r i s k y behavioursi n thel a s t f i v e years.T h e q u e s t i o n s u r v e y i n c l u d e d leftsmartphoneu n l o c k e d w h e n n o t u s i n g i t , t h r o w n p a p e r s o r d o c u m e n t s w i t h a c c o u n t n u m b e r s (e.g.,bankstatement)inthetrashbin,usedanonlin ebankingorinternetshoppingwithoutsecuritysoftwareoronapubliccomputers,ma deanoteofPINandcarried itwithaccount/ cardholdersorkeptitwithcard,respondedtoemailsorcallsaskingf o r bankdetails.
Inc o n c l u s i o n , o n t h e cycleo f c a r d - n o t - p r e s e n t p r o t e c t i o n a n d p r e v e n t i o n , T h e r e f o r e , cardholdersshouldbeedu catedaboutthedangerswhichexistforpaymentsinanInternetenvironment.They mustbeawareofthelatestfraudulenttechnologiesusedbyfraudstersforon- linecardtransactions.Itisessentialtohaveaspecialsectiononbanking sitesfor cardfraud,fraudpreventionandthe presenceofadvice f o r s a f e o n - l i n e s h o p p i n g I n a d d i t i o n , c u s t o m e r m u s t b e p r o v i d e d w i t h g u
Lackofonlinepurchasecomplianceinlegislation
Legislationhe r e i n i s d e f i n e d as ru les or la wsg ove rn in gf ra ud in general lya n d CNPfraudinparticularly Tothebestknowledgeofauthor andaccord ingtoCNP F r a u d A r o u n d t h e World2 0 1 7 r e p o r t e d byUS P a y m e n t f o r u m , t h e r e i s n o globallegislationgoverningCNPfraud,andthissituationwilllikelype rsist.H o w e v e r , somer e g i o n s a n d c o u n t r i e s h a v e , o r a r e c o n s i d e r i n g , v a r i o u s typeso f legislationtoprotectconsumersandseparaterightsandobligationsofr e l e v a n t p a r t i e s iffraudoccurs.
Regradingt o p a y m e n t scrutiny,O n A p r i l 272 0 1 0 , V i s a a n n o u n c e d an e wr u l e expresslyrestrictonlinemarketersfromsharingcardholderinformationtoothercompa nieswithouttheconsumer’sknowledgeorconsent– apracticereferredtoas“ d a t a pass”.Thelegalstandardforonlinemerchantincollecting andsharingconsumerd a t a w i t h o t h e r merchantsf o r marketingp u r p o s e a r e r a p i d l y evolving, w h i c h canhelpidentifythepracticesthatarelikelytotriggerunwantedscr utinyandp r o a c t i v e s t e p s o n l i n e businesscan take toavoid such scrutiny( a n d p o t e n t i a l investigationsandlawsuits).
0%10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Strong disagree Disagree Neutral Agree Strongly agree fraudulentmerchanta c t i v i t y a s w e l l ast h e f r a u d u l e n t u s e o f t h e i r c a r d d e t a i l s Schemep r o t e c t i o n i n p a r t i c u l a r w i l l a l l o w a c a r d h o l d e r t o d i s p u t e a f r a u d u l e n t paymenttransactioninordertoreceivearefund.Ifdisp utedclaimissuccessful,itw i l l resultina“chargeback”initiatedbythecard- issuingbankagainsttheacquiringbankandmerchant.Themerchant’saccountwillbede bitedandthefundsreturnedtothecardholders.
The awareness of respondents regarding the acknowledgment of terms and conditions is alarmingly low, with only about 21% understanding payment terms and 17% recognizing their rights and obligations related to credit usage Subscription services have been identified as the leading category in Card Not Present (CNP) fraud during 2016 and 2017 A significant reason for the high rate of dispute applications in subscription services is that customers often overlook renewal terms and conditions when initially registering their accounts Many websites promote free premium trials or memberships in the first year, yet customers frequently miss critical regulations concerning fees and obligations Common phrases like “By clicking Join, you agree to abide by our terms of service” are often presented in smaller text, leading to unrecognized agreements This lack of attention to terms and conditions can result in unexpected transactions after cardholders successfully register.
Thebehaviourthatignoresprivacy andtermsofservice policiesfor soc ialn e t w o r k s e r v i c e s , w h i c h a p p e a r s t o b e commonb o t h w h e n n e w r e g i s t r a t i o n a n d change registration.Whenpeople doreadpolicies,theyo f t e n remain ontherelevantp a g e s j u s t l o n g e n o u g h tos c r o l l tot h e “ a c c e p t ” b u t t o n , a n d i n t h e f e w instanceswheredetailedreadingtakesplace,almostallparticipantsdemonst rater e a d i n g timesfarbelowtheaveragereadingtimeneeded.(Obar,2016)
Inc o n c l u s i o n , u n d e r s t a n d i n g o f customersa b o u t r i g h t s a n d o b l i g a t i o n s inf r a u d preventionandfraudprotectioniscrucialtopreventthemfromfr audattack.However,thereisnoevidentshowasignificanteffectoflegislationinan increaseo f C N P r at io bu t a r eco mm en dat io n fromVisa g u i d e l i ne an dU S pay ment.F r o m a u t h o r p e r s p e c t i v e , c r e d i t c a r d p a y m e n t i s a s e n s i t i v e s e r v i c e , thereforea mutualun derstan ding
Chapter 3 analyzes the causes of increased card-not-present (CNP) fraud in HSBC Vietnam, focusing on transactional behavior, system authentication, personal information security, and legislation Key factors contributing to this rise include the frequency of cross-border transactions, inadequate approval protocols within fraud monitoring systems, insufficient consumer awareness regarding personal information security, and a lack of compliance with online purchase legislation.
Fromc h a p t e r t h r e e a n a l y s i s , r e c o m m e n d a t i o n s i n c h a p t e r 3 w i l l f o c u s o n ho wt o mitigater i s k s r e l a t e d t o ( 1 ) A c o m b i n a t i o n o f a d v a n c e d a u t h e n t i c a t i o n methodprotectsaccountshavehighvolume andfr equencyofcross-borderonlinetransaction.
(2)Enhanceconsumerawarenessinpersonalinformationsecurityandf r a u d p r e v e n t i o n a n d ( 3 ) a n d a s t r i c t m u t u a l a g r e e m e n t i n r i g h t s a n d o b l i g a t i o n s betweenHSBCwitheac hparty inthefour- party modelofonlinepaymentp r o c e s s i n g
Adoptadvancedauthenticationtechniquesforonlinetransactiontracking.564 2 Inhanceconsumerawareness
Thefirstrecommendedimplicationisusingacombinedapproach.Nosingles e c u r i t y technologyissufficienttofoolproofabank’sITsystem.Hence,banksneedt o implement acombinationofseveraltechniquestofortifytheirITinfrastructure.E v er y techn ologyhasitsownstrength– selectinganappropriatecombinationofther i g h t technologieswillprovidebenefitslikestro ngauthentication,behaviouralfraudd e t e c t i o n , andout-of- bandtransactionverification.Thiscombinedapproachisr e g ar d e d asoneofthebesttech niqueforcombatingcyberrimes.
Technologyadvanceshouldbeappliedtohandletech- relatedfraud.Incurrently,3DSecureisbeingusedasamainmethodinfraudagainst.3D Secureisa n additionalauthenticationstepforCNPpayments.VisadevelopedthisExtensi bleM a r k u p L a n g u a g e ( X M L ) - b a s e d p r o t o c o l t o i m p r o v e t h e s e c u r i t y o f I n t e r n e t payments.Thisp rotocolisusedasanadditionalsecurity layerforonlinecreditandd e b i t c a r d t r a n s a c t i o n s H o w e v e r , t h i s a u t h e n t i c a t i o n m e t h o d p l a c e s a n inconvenienceonthecustomerbyaddingauthentication stepduringthesalesp r o c e s s Abandonmentratesmay increasewhencustomersseethe3DlogobyVisaorMastercard.
To effectively combat cybercrime, a global solution approach is essential, with a focus on data solutions, particularly in addressing Card Not Present (CNP) fraud that often originates from customer databases Customer validation is a crucial first step, utilizing consumer data from various sources to verify billing information associated with payment methods This process can involve multiple levels of checks, such as validating names, addresses, and contact details, although it may be limited by the provider's capabilities and can be costly The second approach involves identity verification, which confirms a person's identity through information like name, address, date of birth, and country-specific IDs While beneficial for high-value transactions and age-restricted industries, this method can slow down transaction speed and may be perceived as invasive by customers Lastly, knowledge-based authentication is gaining traction in financial institutions, where users answer questions that are not readily available in their wallets or online This method is particularly useful for high-value or age-restricted transactions but can hinder user experience if users struggle to recall obscure personal information.
With the dramatic rise in mobile usage, mobile-based technology has become a crucial method for combating online fraud One significant development is mobile secure location, which verifies a cardholder's mobile location during post-transaction reviews This tool helps identify actual fraud cases and reduces false positive administrative costs, thereby enhancing the customer experience However, this authentication method relies on the availability of mobile phones and is an out-of-band fraud prevention technique Another mobile-based approach being researched is the identification and isolation of suspect transactions By utilizing radio environment examination captured by a customer's mobile device during transactions, merchants can gather valuable information to enhance fraud detection efforts.
Fiaccesspoints,celltowers andgeo- locatedIPaddresses.However,thissolutionisp o st transactioncompletionanddoesnotprev entthefraudbeforeithappens.
Anotherr e c o m m e n d a t i o n f r o m t h e o r y i s e m a i l v e r i f i c a t i o n a p p r o a c h T h i s emergingsolutionassociates emailaddresswithanindividualand/oraddress.Sometechnologiesleveragealgorithmic,li nkingtechnologytoevaluatean emailprovidedw i t h orderinformation,name,address,andphonenumberprovid ingafraudscoref o r deaccessioning.Authenticatesthatanemailaddressbeingus edinatransactionisassociatedwiththenameandaddressprovided.
Inconclusion,thebankshoulddeployadvancedtechniquesthatdetectcybercrime o n t h e b a s i s o f t h e p a t t e r n s d e t e c t e d i n w e b s i t e n a v i g a t i o n o r t r a n s a c t i o n s Th esecouldincludesmartcards,apin,facialrecognition,fingerprintse nsors.Asmoreandmorecustomersareusingmobiledevices,banksmustalsodeplo yverificationtechniqueslikemobile- basedtransactionverificationanddynamicdevice a u t h e n t i c a t i o n F r a u d m onitoringm o d i f i e d p o l i c i e s mustb e r e v i e w e d a n d alsosetappropriateapprovalp rotocols.AnytransactionthatinvolvesawiretransferoranAutomatedClearingHousetransfer mustinvolvetwoapprovers.
Cardholdersshouldbeeducatedaboutthedangerswhichexistforpaymentsina nInternetenvironment.Theymustbeawareofthelatestfraudulenttechnologiesu s e d byf r a u d s t e r s f o r o n - l i n e c a r d t r a n s a c t i o n s I t ise s s e n t i a l t o h a v e a s p e c i a l sectiononbankings itesforcardfraud,fraudpreventionandthepresenceofadvicef o r safeon-lineshopping.
Customersmustbeprovidedwithguidelinesforcheckingtheauthenticityofa n y s ourcesthatareasking foraccountde ta ils Customers mus t alsobe provide dw i t h guidelinesfortakingprecautionswhileusingthebank’swebsites.
Formulatepoliciesaddresscybersecurity
Limitationandsuggestionsforfutureresearch
Althoughthestudyresultsfoundevidencesupportingtosomeofthetheor eticalexpectationsaboutcard-not- presentfraudcausesoncredit card,itstillh a s somelimitationsofitsown.Futu restudiesshouldstrivetoaddresslimitationsinthepresentstudy.
First,duetotimelimitations,thesamplessizeofthesisisnotlargeenough and t h e s a m p l e i s n o t r a n d o m l y s e l e c t e d I n p a r t i c u l a r , t h i s t h e s i s u s e s a s u r v e y conducted inHoChiMinhcity.Eventhoughthisisthebiggestmarketofcard issuean d cardusageinVietnam,itsrespondentcannotbegeneralizedtoentireVietna m.I tw o u l d b e r e a s o n a b l e t o e l e v a t e s a m p l e s i z e byc o n d u c t i n g t h e s u r v e y i n o t h e r p r o v i n c e s , f o r exampleH a n o i i n t h e n o r t h a n D a n a n g i n t h e c e n t r a l , o r d e e p l y conductedr e s u l t byo t h e r f a c t o r s u c h a s : A g e , s e x , o w n e r s h i p o f c r e d i t c a r d t o determineimpactofthosedifferentfactortoCNPfraud.
Secondly,thoughCNPfraudisatopicalquestionoffinancialservicep r o v i d e r s , it still noth a s ma ny researches about it.Be s i d es t h a t, c red it fraud is as ensitiveandrestricteddataofHSBCandotherbankstoo,sothattheauthorfoundd i f f i c u l t togeneralmoreobjectivejustificationstomakeconclusionofCNPfraudcau se sandsolutionsaswell.Innextresearches,itwouldbebetterif theresearcherscan combinemoredatefromotherbank,notonlyinCNPlossdatabu talsoinitsa u t h e n t i c a t i o n methodsusedcurrently.
CNPf ra ud isa t o p i c a l q u e s t i o n o f f i n a n c i a l pr ov id er s A s ani n t e r n a t i o n a l bank andatopleadingcreditcard issuerinVietnam,HSBChasfacedwi thCNPfraudincreasefrombeginningof2016,whichnotonlyposeathreatonop erationr i s k butalsoinreputationriskoftheBank.
Ino r d e r tor e d u c e a l o s s o f C N P f r a u d , t h e r e s e a r c h r e c o m m e n d s implementationo f i n t e r n a l policiesforVisa a le r t onlinetransaction m usti nv ol ve t w o a p p r o v e r s , a c o m b i n a t i o n o f s e v e r a l t e c h n i q u e s to f o r t i f y I T i n f r a s t r u c t u r e , e n h a n c e customerawarenessandastrictmutualagr eementin rightsandobligationsbetweenH S B C w i t h customera n d m e r c h a n t F o r i n t e r n a l i m p l e m e n t a t i o n , f r a u d m a n a g e m e n t departmentinchargeforfraudtransactio ntracking,ITdepartmentsetsa periodreviewforITinfrastructure,amutualagreeme ntisadvisedbytheComplianced e p a r t m e n t F o r e x t e r n a l i m p l e m e n t a t i o n , s a l e a n d s e r v i c e - o r i e n t e d st a f f s mustbealwayssupportedandremindaboutfraudpreventionandprotecti on.
Insummary,thepaymentsecosystemcontinuesto evolveandchange;as aresult,streamliningandimprovingtheoverallpaymentprocessrequiresacompliantfoun dations u p p o r t e d byi n d u s t r y b e s t p r a c t i c e s C N P f r a u d d e t e c t i o n a n d preventionmustcontinuetoeffectivelyaddressobstaclesonreducingfraudlossand maintainpacewithcurrentandemergingsolutionstooptimizefraudmonitoringand authorization.”