Risk Management
Case Study
agenda
 Firm Overview
 Case Study – Risk Management
 Q&A
Sonik Consulting Group




Management / IT Consulting
Active since March 1999; based in Vancouver, BC
3 full-time employees
Client Track record includes
case study
 Discussion Framework
•
•
•
•
•
•
Client / Project Overview
Project Objectives
The Challenge
The Environment
The Solution
Key Learnings
case study
 The Client
• Client is a private,
services-based firm; one
of the main incumbents
in its industry
• ~ $50 M in annual
revenue; 6 main product
lines
• Key business drivers:
• client looking to expand
into a service bureau
model, processing
transactions for other
service-based
companies
• increase existing
product line revenue by
accepting ‘riskier’
transactions
 Project Structure
• Project roles
• Sponsor: CEO
• Client team: CFO,
Controller, LOB
manager, Product
Manager,
Development Team
Lead.
• Sonik - PM and
Business Analyst
roles
case study
 Some Definitions
• Merchant Accounts
• Chargebacks /
thresholds
• First-time customer
• Negative data
• ‘Friendly fraud’
• Card not present
transactions
 The Objectives
• Improve fraud detection
across all product
offerings
• Support the
development /
expansion and
management of new
product areas (Internet,
self-service, pay-percall)
• Reduce call center costs
by optimizing business
processes, reducing
unnecessary traffic
• Retain all merchant
accounts
case study
 The Challenge
• Assess risk associated to a
credit card transaction (realtime basis)
• Optimize credit card
chargeback thresholds by
merchant account based on
this risk assessment
case study
 The Environment
•
Sales Channels
• project focus on IVR
and Live Agent
•
Payment Methods
Sales
channels
Web
IVR
Live Agent
(Call Centre)
• project focus on credit
cards
Payment
methods
Bill-to-phone
Online
Debit
Cheque
Credit
Card
Money Order
case study
 The Environment
• Vantive CRM
• profiling, transaction
history
• Acxiom
• ANI verification
• Equifax ePORT
• address verification
• PaylinX
• payment gateway
Before State
case study
 Some Definitions
•
•
•
•
•
‘Risk Management’
Treatment
Transaction Limits
Verified by VISA
Address Verification
Service
• AVS
• Card verification
• CVC2/CVV2
Risk Management Architecture
case study
 The Solution
1. Project Charter
• Capture the strategic
long term vision and
short term goals.
• Interviews / workshops
with key stakeholders,
managers, employees
• Determine objectives /
targets
• Evaluate / determine
strategies, tactics
case study
 The Solution
2. Vendor Selections
• Conducted Vendor
Selections for:
• Risk Scoring services
• Risk Management
platform
• Assessed 20+ vendor
solutions
case study
 The Solution
3. Process Re-design
•
Identified key business
processes and reporting
needs
•
Identified areas of
opportunity (areas where
current business rules too
restrictive)
•
New process design to allow
processing of transactions
that would have normally
been either denied or sent to
the Call Centre -- based
partly on ‘risk score’ as well
as internal rules (minimize
costs and improve order
conversion)
Sonik Process Swimlane Methodology
case study
 The Solution
4. Phased Development
•
Phased approach
based on business
priorities and building
block approach
•
Risk Scoring
•
Payment gateways
•
Automated
Transaction /
Merchant Account
Routing
Phase 1 Risk Management Architecture
case study
 The Solution
5. Risk Scoring Analysis
•
Conducted test run on 1
month of credit card
transaction using 3rd party
risk scoring engine
•
Determined internal
thresholds to either
‘accept’ or ‘reject’ a
transaction based on its
score
•
Cross-referenced to
internal business rules to
determine correct score
threshold
•
Cross-referenced score
thresholds to actual
chargeback data collected
over a 3-month period
Score Threshold Analysis Next Page
case study
Score Threshold Analysis
case study
 The Results
 The Results
• Process:
• Re-organized internal fraud
check sequence (preauthorizations conducted
only after transaction
approved internally)
• added additional fraud
check process involving 3rd
party risk scoring vendor
• Merchant Account
Reports
• track chargebacks down to
the indivudual transaction
level (by product line, cc
issuer, merchant account)
• Risk Scoring Interface
• Developed, tested and
implemented interface to
3rd party risk scoring
engine; launched May 28,
2002.
• Effect on Processed
Transactions
• Early indications show
more transactions being
processed overall, which
will have a net positive
effect to revenue
• Follow-up review regarding
chargeback since launch
(set for 8 weeks postlaunch)
case study
 The Results
• Next Steps
• Tracking stats daily over
next 3 months to watch
chargebacks
• Phase 2 to proceed within
6 – 8 months (complete
Risk Management system)
Risk Management Architecture
case study
 Key Learnings
• Trusted 3rd Party
information
• Timeliness of
chargeback information
varies greatly
• Hurdles faced when
prompting for CVV/CVN
• Real-time transaction
processing based on
configurable business
rules
• Need dedicated in-house
risk management
analysts for daily
operations
 Web Related Items
•
•
•
•
•
Use of negative/blocking
databases for CC,
Addresses, Phone, IP, &
Email.
Positive databases for
"good" customers
Geographic location checks
Threshold checks - Email,
IP, CC, etc
Use of the new
which provides chargeback
protection.
Q&A
www.sonikgroup.com