Course Overview

We have developed a comprehensive course on all aspects of Card Payments Fraud, in four different modules. These modules describe both Card-Present and Card-Not-Present fraud types and fraud prevention methods deployed today.
Here is a description of the four modules in this course:

Module 1 – “Card Present Payments Fraud.”
In this module we describe card-present transactions, the fraud associated with card-present payments, and techniques used to mitigate and block card-present fraudulent activities. We describe the EMV technology and its security features that are being deployed globally to block card-present payment fraud.
We also describe mobile contactless card payment technology using NFC interface, and how the mobile contactless is being secured stopping fraudulent payment transactions.

Module 2 – “Online Payments Fraud.”
In this module we continue with online or Card-Not-Present payment transactions fraud that has become a huge problem, especially after COVID-19 lockdowns when everyone had to go online for their purchases and pay online. This module includes an explanation of the differences between Card-Present and Card-Not Present
payment transactions and the way fraudsters attack each scenario. We detail different types of online or card-not-present fraud. This is followed by a description of technologies used to mitigate online card payment fraud.

Module 3 – “Mobile Device Authentication & Customer Verification”.
This module includes a description of technologies and methods used for authenticating mobile devices. This is really important for preventing fraudulent payment transactions from mobile devices. This is followed by categorizing techniques used for mobile authentication that includes customer verification.
There are four groups of techniques each with a number of sub-groups. These are all described in this third module.

Module 4 – “FIDO-3DS-SRC and Tokenization”.
In this chapter we describe FIDO, or Fast Identity Online. FIDO Alliance Association has developed a number of specifications for allowing users to authenticate themselves to an approved device, and the approved device will then provide secure authentication for access to external services that users need. This is followed by three EMVCo sets of standards for providing additional security for online card-not-present purchases. These include: 3D Secure, Secure Remote Commerce and Payment Tokenization.

Overall Course Objective

At Secure Payments Academy we have been providing payments technology training courses, covering current and new card payment technologies. This course is a deep dive guide into “How to mitigate fraudulent transactions” for the card present as well as the CNP eCommerce world. All our courses are designed based on our hands-on experiences in implementation of payment technologies through our consulting engagements. Our consulting work is through our main company Smart Commerce International or www.scil.us, our training courses are listed in www.securepaymentsacademy.com.

Who should Attend:

 Payment stakeholders with an online presence for online purchase and payment of goods.
 Merchant System Operations, Engineering
 Issuer/Processor Operations, Engineering
 Fraud Analysis personnel
 System Architects and Developers
 IT and Technical Departments
 Vendors of CNP fraud detection Systems

Learning Outcomes:

 Describe the fraud types for card present transactions.
 Analyze security types provided by EMV for both contact and contactless transactions
 Identify differences between CNP and card present fraud patterns
 Evaluate how tokenization impacts CNP fraud types
 Explain how FIDO and 3DS detect fraud
 Illustrate how SRC and PCI function within the CNP environment

Course Syllabus

Module 1 : Card Present Payments

• What is Card-Present Fraud
• Card-present fraud types
• EMV Technologies
• Features of EMV technology Security
• Deep dive into EMV Security types
• EMV and how it mitigates Card-Present Fraud
• NFC (Near Field Communication) or Contactless Technology
• NFC Security
• Use of CDCVM (Consumer Device Cardholder Verification Method)
• Mobile Devices for Card-Present Transactions

Module 3 : Mobile Device Authentication & Customer Verification

Consumer Verification:
• Static Password, Knowledge-Based Authentication
• Out of Band Authentication: One Time PIN or Passcode
• Mobile PKI for Push-Based Authentication
• Virtual Credit Card Authentication
• EMV Secure Remote Commerce (SRC)
• Biometrics
• FIDO (Fast Identity Online)
• W3C WebAuthn API

Device Authentication:
• Dynamic Cryptogram
• MNO Risk Scoring, Phone Number Validation, Device Binding and MNO Intelligence

Risk-Based Authentication:
• Adaptive Authentication
• EMVCo 3D Secure
• Identity & Verification (ID&V) Provisioning

Analytics and Familiarity Signals:
• Predictive Analysis
• Machine learning/AI Authentication
• Device Familiarity, Risk & Attack Sig

Module 2 : Online Payments

• Introduction – a description of what is online fraud and how it affect the payment systems
• Card Present Vs Card Not Present Transaction Flows
• Card Not Present Online Fraud – we describe types of online fraud
• True Cost of Fraud – we describe three scenarios and how stakeholders are affected by fraudulent activities for online payments
• Card Not Present Fraud Mitigation Principal Attributes – we describe the main attributes of techniques used for mitigation technologies
• Card Not Present Fraud Prevention Technologies – here we describe different techniques used for online fraud prevention.

Module 4 : FIDO-3DS-SRC-Tokenization

• FIDO (Fast Identity Online)
• EMVCo 3D Secure
o Components of 3DS
o Data types collected
o Analysis of data collected
o How to decide Approval or Decline of transactions
o Example of a 3DS system
• SRC – Secure Remote Commerce
o SRC Participants
o SRC Use Cases
o SRC Interaction with other applications
• EMV Payment Tokenization
o What Is Tokenization
o Implementation Considerations for Tokenization
o Tokenization Use Cases
o Security Considerations for Tokenization
o EMV Payment Tokenization Services
o Merchant Card-on-file (COF) Tokenization

Meet the Instructor

Mansour Karimzadeh
Mansour Karimzadeh

An experienced Technical Consultant with over 25 years experience in the financial and telecommunications industries, Mansour had major roles in strategy, design, development, project management/implementation and marketing of smart card solutions in financial and payment markets.

He worked with all major credit card brands and many major banks and financial institutions internationally.

Edit Page