Common Point of Compromise

A point of compromise refers to entities, such as merchants, terminals, or online service providers, where card numbers are vulnerable to interception for fraud. This can happen in various scenarios, such as skimming devices at gas pumps, unauthorized photographing of cards in restaurants, or data interception during online transactions. Unfortunately, cardholders often remain unaware of such breaches until fraudulent activity takes place on the cards and is reflected on their statements. Tracing back to the source of the compromise is challenging, as it's not always clear whether the issue stemmed from a data breach, poor security at an e-commerce site, or other vulnerabilities.

Galileo’s Common Point of Compromise (CPC) solution helps identify common touchpoints suspected of compromise by analyzing transactional history and correlating them with reported fraudulent activities. If patterns emerge indicating a specific entity is frequently followed by fraudulent charges, we might classify the entity as a potential CPC with a propensity score of being the location of compromise. The approach enables you to take appropriate actions to mitigate risks based on the risk appetite. Moreover, Galileo provides a list of accounts that are still active and have interacted with potentially compromised entities, to help proactively control fraud risks and ensure your program's financial stability.

This proactive approach enhances cardholder trust in the security measures of their financial institutions. Identifying CPCs allow you to implement strategies such as merchant restrictions, fraud detection enhancements, or merchant blocks. Furthermore, it enables you to inform and protect cardholders who have transacted at CPCs, by offering card replacements before any fraudulent activity occurs.

Use case 1

Multiple cardholders dispute unrecognized transactions. Analysis reveals a common pattern of having transacted at the same gas station a few days prior to the fraudulent activity. This leads to listing the merchant identifier and merchant name of the gas station as a potential CPC, enabling you to restrict spending there by modifying fraud strategy accordingly.

Use case 2

A report highlights a merchant as a potential CPC. Further data analysis shows there were additional cardholders that made purchases at the same location. This information gives you the opportunity to proactively contact these cardholders, to inform them of potential future risk and issue replacement cards to prevent any fraudulent attempts by exploiting current card details.

Use case 3

A merchant that happens to be a well-known e-commerce site is flagged as a potential CPC. Instead of blocking the site, you can implement controls to limit transaction spend and/or transaction count, reducing fraud risk exposure while maintaining customer access to the site.

How it works

In order to extend the solution to the program, Galileo requires fraud-related disputes data to be shared to analyze the exposure and calculate appropriate fraud rates. Implementing account based controls allows you to block transactions based on merchant IDs, names, or codes as needed. Galileo provides periodical reports tailored to your transactional volume, detailing identified CPCs. You also receive appropriate visibility into additional reports listing accounts that transacted at these CPCs.

No further setup is required from you to implement this solution.