Ethoca Customer Presentation

1
Fighting fraud through data sharing
- the next evolution in fraud management
2
Introducing the Ethoca team here at GIGSE 2007

• Andre Edelbrock, Chief Executive
• Keegan Johnson, VP Client Services
• Barry Neary, Product Manager

3
Examples of Data Sharing

• Insurance Industry e.g., central claims
  database
• The Police e.g., Interpol
• Government e.g., various depts. sharing
  information
• Credit Bureaus e.g., Experian

4
Data Sharing in the Media
5
Views from Industry Experts

• Increased data-sharing is a must to allow the
  organisations that are being targeted to have the
  widest possible set of data to find patterns.
• Source Anne Green, Fraud Consultant, Experian
• Fighting fraud requires different sectors
  including public and private to work together
  on developing and implementing strategies,
  sharing best practice and, most importantly,
  sharing data."
• Source Sandra Quinn, Director of
  Communications, APACS
• more needs to be done in this area - not only
  to share raw data, but also to exchange other
  information on the perpetrators of fraud.
• Source Financial Services Authority report,
  Firms High-Level Management of Fraud Risk 2006
  
• Banks are not yet sharing data at a level that
  will make a real difference to the struggleto
  combat fraud .
• Source Jackie Barwell, Director of Fraud
  Management, First Data

6
The Growing Fraud Problem

• 16 - increase in UK CNP fraud in 2006 (Source
  APACS)
• 1 million - amount of money lost to card fraud
  every day in the UK
• 9 - gap in seconds between credit card fraud
  incidents in the UK
• 20 - of all recorded fraud which is
  card-related in the UK retail sector (Source
  British Retail Consortium)
• 6 - the estimated percentage of rejected
  orders(Source Cybersource Fraud Report 2004)

1 Source APACS 2 S
7
How can transactional data sharing be used to
fight fraud and other unwanted activity in the
e-gaming industry?
Examples of unwanted activity in the e-gaming
industry -non-payment such as
chargebacks-problem gaming-bonus/promotion
abuse-poker collusion-chip dumping
8
Topics We Will Cover

• The scope of fraud management in the e-gaming
  industry
• The evolution of fraud management in the e-gaming
  industry
• What does a data sharing fraud management system
  look like?
• Whats so different about data sharing?
• Data sharing and its role in better
  decision-making
• Key merchant benefits
• Data sharing questions and how to answer them
• An example of how it works in practice

9
The Scope of Fraud Management
The Tip of the Iceberg

• Reducing fraud rate

• Maximizing purchase limits

• Improving customer satisfaction

?

• Staying within fraud limits, avoid fines, cut off

• Minimizing 3rd partyfraud-risk management costs

• Reducing cost of manual reviews

• Reducing processing costs

Maximizing Profitability

• Becoming less reliant on 3rd party payment
  providers where direct processing is available
  (e.g., ACH, BACS)

• Avoiding lost revenue and losing customers due to
  wrongly rejected orders

• Safely expand into new businesses and geographies

• Identifying multiple identities

• Minimizing transaction lifecycle

• Reducing collusion

• Driving responsible ecommerce

• Enhancing your corporate industry reputation

• Focusing back-office fraud staff on transaction
  review not detection

• Reducing problemgaming

10
The Evolution of Fraud Management
The Evolution of Fraud Management Practices

• New Data Sources
• Age check
• 3D Secure
• Identity check
• IP address check
• Card verification
• Velocity checks
• Online authentication

Information Value, Analysis Automation

• Analytics
• Account linking
• Pattern recognition
• Manual transaction review
• 3rd party automated fraud-services/engines

• Traditional Data Sources
• Card scheme hot lists
• Internal hot lists

Time
11
Traditional Data Sources
Benefits
Drawbacks
Card data focused on reported compromised cards
Card Scheme Hot List
Easy access to data
A simple form of data sharing within your own
company!
Internal Blacklist
Limited to your data
12
Analytics
Benefits
Drawbacks
Labour intensive, does not scale and limited to
your data
Can be very effective
Manual Review
3rd party Automated Fraud tools
Only provides indicators of fraud
Quite effective
Account Linking
Can be manually intensive, limited to your data
only
Identify multiple identities
13
New Data Sources
Benefits
Drawbacks
Works in some geographies, not for 1st party fraud
Can reduce some 3rd party fraud
ID Checks
Limited coverage
AVS checks
Easy and inexpensive
Effectiveness depends on the amount of data
youre checking
Velocity Checks
Works well for 3rd party fraud
Still need to control fraud, limited to card
transactions, increase in workload related to
RFIs, customer awareness issues and lost orders
Shifts chargeback liability for certain types of
chargebacks
3D Secure
14
The Next Evolution of Fraud Management
The Evolution of Fraud Management Practices
DATA SHARING
Information Value, Analysis Automation

• New Data Sources
• 3D Secure
• Age check
• Identity check
• IP address check
• Card verification
• Outbound calling
• Velocity

• Analytics
• Account linking
• Pattern recognition
• Manual transaction review
• 3rd party automated fraud-services/engines

• Traditional Data Sources
• Card scheme hot lists
• Internal hot lists
• Mailings to confirm address

Time
15
Data Sharing at a High Level
Initial and ongoing contribution of transaction
data
e-Gaming Company
Request for Information
Telecoms Company
Request for Information
Shared-Data Pool
Request for Information
Ongoing connection to shared-data pool
Retailer
16
So Whats Different?
Make decisions based the experience of other
businesses in addition to your own.
Your own data volume
TIME
Data-sharing pool volume
- Growth from existing business
- Growth from adding new businesses
50 X
10 X
5 X
17
How You Make Decisions Today
Your Data
Data
1
External Verification Data
Analysis
2
?
Valid mailing address
?
Over 18 years of age
Assessment
3
An Informed Decision
18
Traditional Fraud Management
You get a 500 deposit attempt from a customer
using your existing fraud tools, do you accept it?
Traditional Data Sources Check

• Not on my blacklist
• Not lost/stolen
• CV2 and Expiry Date OK
• Valid credit card

Analytics
An Informed Decision

• Manual Review
• Account Linking
• 3rd party fraud service
• Pattern Recognition

New Data Sources Check

• Age Verification
• ID Verification
• Card/cardholder verification
• IP Address vs. BIN vs. Billing Address

19
How You Make Decisions with Data Sharing
Your Data
Data
Analysis
1
Data Sharing
Analysis
2
Assessment
3
External Verification Data
?
Valid mailing address
A MORE Informed Decision
?
Over 18 years of age
20
Data Sharing Fraud Management
You get the same 500 deposit attempt from a
customer using your existing fraud tools plus a
data-sharing system, do you accept it?
Shared-Data Pool
300 chargeback at e-Gaming company yesterday at
445 PM
A MORE Informed Decision
450 suspected chargeback at Retailer 1 week ago
750 total potential chargebacks at 2
merchants in the last 7 days
21
Potential Merchant Benefits

• Reduce fraud and other unwanted activity(e.g.,
  problem gaming, poker collusion, chip dumping)
• Reduce time cost of manual reviews(including
  responding to card issuer RFIs)
• Increase purchase limits
• Minimise wrongly rejected orders and lost revenue
• Improve customer satisfaction
• More safely expand into new businesses and
  geographies
• Focus back-office fraud staff on transaction
  review not detection

22
Typical Questions asked about Data Sharing

• Privacy - Can we share data?
• Security - Is our data and our customer data
  safe?
• Access - Can others retrieve our data and our
  customer data?
• Integrity - Can we trust the data?
• Critical Mass How do you achieve it?

23
Answering the Questions
Questions
Answers
- comply with international data laws - external
auditing of privacy practices
Data Privacy

• policy and process
• data encryption
• technology partners

Data Security

• sharing the experiences, not the data
• - independent solution provider

Data Access
- data audit - operations audit
Data Integrity

• - sign blue chip merchants
• partner with key channel partners/resellers
• work closely with industry associations/coalition
  s

Critical Mass
24
The Request for a Risk Assessment
An Event is sent to Ethoca, and a Risk Assessment
is returned to the Member
EVENT
RISK ASSESSMENT

• Personal Data
• (e.g., name, address, email, telephone...)
• Financial Data (e.g., bank account, cc,
  expiry date)
• Other Identifying Data (e.g., IP address,
  Drivers License Passport ...)

• Risk Score
• Recommendation
• Summary
• Details

25
The Ethoca Risk Assessment
Risk Score Recommendation
Summary
Details
26
The Ethoca Risk Assessment
27
The Risk Score and Recommendation
Example
Score based on Members settings
Action based on Members settings
Override condition met based on Members settings
28
The Summary
The Summary provides a high-level view into the
Hits associated with the Event submitted
The numbers in ( ) represent your own data
Example
29
The Details
Example
30
Summary of Key Points

• Data sharing is a hot topic, widely discussed
  across many industries including e-gaming
• Data sharing can offer a fraud management
  solution to online gaming companies right now
• A credible data sharing solution is the only way
  to make more informed decisions by including
  other companies experiences
• The right data sharing solution can overcome
  privacy and security concerns
• The right data sharing solution can integrate
  seamlessly with existing fraud management systems
• The right data sharing solution can be customised
  to your specifications
• The right data sharing solution can help you
  increase profits by
• Reducing overall fraud rates
• Minimising wrongly rejected orders
• Improving a host of other metrics, e.g., less
  manual reviews, reduce problem gaming