CFOs and COOs from 17 leading Associations discuss Enterprise Risk Management (ERM) and the role of the CFO as the Chief Risk Officer of the organization: Best Practices and Issues
January 28, 2020: Enterprise Risk Management (ERM) and the role of the CFO as chief risk officer: Best Practices and Issues was the topic of discussion when CFOs and COOs from 17 leading Associations met on January 28, 2020 for the Presidential Forum Roundtable breakfast in Washington, DC. The peer-to-peer discussion was moderated by Jeff Tomitz, CFO, National Electrical Manufacturers Association (NEMA).
For CFOs and COOs in attendance, it provided invaluable insights into what their peers are doing at other Associations on identifying key risks, assessing severity of risks, and defining actions for mitigation. How to start the conversation with your CEO about formalizing ERM in your organization. How to communicate ERM to your Board. Ideas for where to find useful frameworks for formalizing your ERM. And much more.
Enterprise Risk Management (ERM) was summarized in a few words by Tomitz with the following: “Financial professionals may instinctively relate to risk management in the context of financial management and related controls. However, as boards have become more engaged on the topic of Enterprise Risk Management, their expectations are often that financial professionals will communicate their awareness of key risks facing the organization beyond traditional fiscal risk management, such as compliance, strategic, operational, and reputational risks. ERM offers financial professionals several new career-enhancing opportunities, including the ability to operate beyond traditional borders of financial responsibilities, to significantly contribute to the long-term viability of their organizations, and to offer their boards new governance insights through, for example, broader reporting of key organizational risks.”
In addition to the CFO/COOs in attendance, the sole sponsor Aronson LLC – Rob Eby, Partner, and Greg Plotts, Partner – provided additional subject matter expertise to the discussion based on their experience helping leading Associations in their ongoing Enterprise Risk Management journey. See their Website for their White Paper on Top 10 Risks for Associations: Aronson_Top10_RisksAssociations
See the Presidential Forum Calendar for upcoming Association executive roundtable events (invitation-only) at 2020_Calendar. For additional information, please contact Wade Tetsuka, firstname.lastname@example.org
CIOs from 20 leading Associations discuss the state of Digital Transformation in the Association Industry
January 8, 2020: The state of Digital Transformation at your Association: What have you accomplished, where do you go from here? was the topic of discussion when CIOs and CTOs from 20 leading Associations met on January 8, 2020 for the Presidential Forum Roundtable breakfast in Washington, DC. The peer-to-peer discussion was moderated by Prabhash Shrestha, Group EVP & Chief Digital Strategy Officer, Independent Community Bankers of America (ICBA).
For CIOs in attendance, it provided invaluable insights into what their peers are doing at other Associations from “productizing” data, creating virtual conferences, “non-AMS” implementation, capturing a member/customer needs database, the Association in a “platform economy”, data driven decision making, measuring engagement of members and taking action, tools to energize your chapters, creating a better member experience, the role of the CIO in helping to change the culture of the organization.
The meaning of Digital Transformation was summarized in a few words by Shrestha with the following: Associations can better help their members and the industry that they serve by astronomically enhancing their ability to translate internal, member, customer, partners, vendors data into business and customer insights. While technology is an important part, Digital transformation is more about business strategy, culture, and holistic digital customer experience as customers engage with associations’ innovative products, programs, resources, services and network.
In addition to the CIOs in attendance, the sole sponsor Adage Technologies provided additional subject matter expertise to the discussion based on their experience helping leading Associations such as the American Academy of Pediatrics, National Sporting Goods Association, and many others in their ongoing Digital Transformation journey. https://www.adagetechnologies.com/digital-transformation-aap/
See the Presidential Forum Calendar for upcoming Association executive roundtable events (invitation-only). For additional information, please contact the Association CIO Roundtable co-founders: Prabhash Shrestha or Wade Tetsuka, email@example.com
Edited by Julie Duncan
What is carding?
Carding is a form of credit card fraud where thieves use stolen credit cards to charge prepaid cards and sell them to other people. This information is often bought on the dark web. People perpetrating this type of fraud are called “carders”. Because credit cards are often canceled quickly after being lost, a major part of carding involves testing the stolen card information to see if it still works. Bots are often used to run a large volume of card numbers in the shortest amount of time to verify if the card is still active.
If you see a large volume of small transactions being tested on your merchant account, it is possible your account is being used to test stolen cards. You must react quickly and deliberately.
What should I do if I suspect carding on my account?
Credit card fraud can be a significant problem for merchants with widespread consequences. If you are a victim of fraud or suspect fraudulent transactions, take the following actions:
- Contact your merchant bank and notify them that fraudulent activity has taken place.
- Issue a VOID or CREDIT to the card or cards to avoid chargeback fees from your merchant bank.
- Verify security of your login and password information both internally and on your website.
- Contact your Internet Service Provider (ISP) or hosting company to see if they have a record of the IP addresses where the fraudulent transactions came from. Next, have your account restrict access from those IP addresses.
- Complete a full virus and malware scan of all systems involved including your website and computer stations.
How do I detect and prevent future carding activity?
As with other fraudulent activity, there is no one thing to detect and prevent all carding. We suggest implementing a layered approach, including the following features and activities:
- Use a CAPTCHA-CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) creates challenges to ensure that payment attempts are not sent by automated scripts or bots.
- AVS responses-The Address Verification System (AVS) checks the billing address that buyers provide at checkout against the address that the credit card company has on file for them. The credit card company sends a response immediately to let you know if the billing address matches. The common responses are:
– Full address match
– Address match only
– Only the zip code provided matches
– No information matches. The credit card company will not stop a transaction if the AVS response is No unless the card has been reported lost or stolen.Unfortunately, this can also create an issue of declines for your valid merchants, so it will require you to use discretion regarding the level of strictness you apply to this setting.
- CSC/CVV responses-The Card Security Code (CSC) or Card Verification Value (CVV) system checks the 3 or 4 digit number of the credit card and verifies it during the authorization processes. The common responses are:
– N-does not match
– You should only accept transactions where the CSC/CVV matches.
Velocity checks on your shopping cart– Velocity is the number or speed of payments made within a certain period of time, for example, 10 payments sent from the same customer within seconds or minutes of each other. Monitoring this activity is important. Even with donation sites, it may be unusual for a user to make low dollar payments in rapid succession. Payment velocity can be monitored by dollar amount, user IP, billing address, BIN, or device. Discuss this option with merchant service provider.
Shopping cart session velocity-This refers to the number of times that one buyer can attempt to complete an order in one shopping cart session. By putting a limit on the attempts in one checkout session, you have visibility into the number of shopping cart declines which may assist in identifying a possible carding situation.
Authorization/capture-If you are using authorization/capture, review the transactions during the authorization period. If you believe that you are being targeted by carding activity, do not capture the funds. If you have already captured the funds, you have the option to issue a refund rather than wait for a chargeback. In this instance, issuing the refund is better than waiting for a chargeback since the chargeback fees can be $15.00 per transaction or higher.
Credit card BIN checks-The Bank Identification Number (BIN) is the first six digits of every credit and debit card. Not only does it provide information regarding the type of card that is being used (Visa, MasterCard, American Express, or Discover), but it can also be used to find the name and location of the bank that issued that particular card. This information can be very important in detecting carding. Typically, you should see a wide dispersal of cards with the same BIN. For instance, you may receive two payments from cards with the same BIN in a month; with carding, especially if credit card information has been purchased online, you may receive ten payments from cards that have the same BIN, within a day or two. Tracking BINs may help identify this activity.
Talk with your merchant service provider, your AMS/LMS/Events Registration service provider, and/or your web developer. See what solutions they recommend. A coordinated, proactive approach will ensure your Association will be in a better position to weather potential threats.
If you would like more information about how US Transactions Corporation helps Associations, please contact us directly at WadeTetsuka@ustranscorp.com or firstname.lastname@example.org.
n.d. Credit Card Fraud Analysis. Accessed 12 9, 2019. https://cardconnect.com/launchpointe/payment-security/credit-card-fraud-analysis.
Reviewed by James Chen. 2019. Fraudulent Activity: Carding. April 9. Accessed 12 9, 2019. https://www.investopedia.com/terms/c/carding.asp.
n.d. What do I Need to Know About Carding Attacks, Prevention, and the Payflow carding prevention module?https://www.paypal.com/mq/smarthelp/article/what-do-i-need-to-know-about-carding-attacks,-prevention,-and-the-payflow-carding-prevention-module-ts2243#what-is-carding.
Each year, we at U.S. Transactions Corp. speak with well over 150 companies across the U.S. with respect to their credit card processing services. These companies are typically doing business with the Fortune 500 and are naturally concerned about how to have the lowest possible cost for processing Purchasing Card payments (Visa/MasterCard/AMEX) from their Fortune 500 clients. Likewise, these companies are concerned about credit card data security (referred to as PCI Compliance).
Each year, we at U.S. Transactions Corp. speak with well over 100 Associations across the U.S. with respect to their credit card processing services. Out of countless discussions and observations, we have discovered the problems and solutions boil down to 5 major issues that make about 80% of the difference for Associations when it comes to credit card processing. These 5 “Problems” arise in virtually every Association we come across. Instead of keeping the solutions a secret to ourselves or to those Associations who happened to have met with us, we thought it would be worthwhile to make the recommendations available for everyone’s benefit.