Fraud Prevention, Dispute Resolution and PCI-DSS Masterclass
What you'll learn
- You'll learn about general and specific approaches to fraud, from social engineering to card block fraud, convenience fraud, and many others by different actors
- You'll learn an extensive list of dispute chargeback codes, from fraudulent processing to invalid core, invalid data, late presentment, and many others
- You'll learn an extensive list of fraud prevention techniques: Hotlists, velocity checks, device identification, out-of-wallet checks, fraud scores, etc
- You'll learn about the dispute resolution flow for banks (acquiring + issuing), with three main steps: Retrieval request, chargeback and 2nd chargeback
- You'll learn about how a fraud monitoring strategy is assembled, based on merchant risk and transaction volume, as well as data processing/usage consideartions
- You'll learn about ADR (Alternative Dispute Resolution), and its three main types: negotiation, mediation and arbitration, as well as their differences
- You don't need prior knowledge (naturally, knowledge of the payment industry helps, or of fraud solutions or dispute resolution mechanisms, but is NOT required)
THE ULTIMATE PAYMENT SYSTEM FRAUD/DISPUTE MASTERCLASS
You'll find this ultimate masterclass contains two courses on payment system fraud and dispute:
Fundamentals of Fraud Prevention and Monitoring;
Introduction to Payment Dispute Resolution;
Together in this masterclass, you'll find the definitive experience for any payment professional that wants to diagnose and address any type of payment issue.
You will learn about dispute frameworks, fraud prevention tools and systems, internal processes, and more.
WHY FRAUD PREVENTION?
If you want to understand how fraud is committed, or how disputes are resolved, you'll see it's not that easy.
You'll find countless fraud techniques to take into account. You'll learn that perpetrators can be of different types and use different approaches. And you'll soon get to know that disputes can come in many shapes and sizes, and due to many different reasons.
If you're aiming to know more about fraud prevention an dispute resolution - whether as a fraud monitoring professional, a payments professional, a commercial banker, or any other type of professional that wants to master the theory and practice of both, you'll agree that finding the right information is crucial.
Unfortunately, most fraud prevention or dispute resolution courses you'll find nowadays don't fit the minimum requirements.
Either the information you come across is too academical and not something you can put into practice, or there are no specific examples, or information is just missing!
In a world where information must be constantly updated, you'll hardly find a reliable, comprehensive information source for fraud and disputes
And this has consequences not just for your career, but yourself personally as well.
What happens when you don't have enough information (or the adequate format)?
You'll become confused by the myriad fraud prevention techniques and types of systems, or the myriad dispute resolution frameworks;
You won't be able to properly identify when to use a certain technique to prevent a certain type of fraud of manage a certain dispute;
You'll become frustrated and irritated that you don't know why a system works, or why it doesn't;
You won't be able to properly identify why a fraud detection technique works, or whether a dispute resolution process works or not;
You won't know how to optimize a specific fraud prevention solution (or why it's not optimized), or a dispute resolution process - both in terms of people and machine problems;
So if you want to know everything about fraud and disputes, what is my proposed solution?
This new course masterclass, of course!
THE ULTIMATE FRAUD AND DISPUTE PREVENTION COURSE
Unlike other fraud prevention or dispute resolution courses you'll find out there, this course is comprehensive and updated.
In other words, not only did I make sure that you'll find more topics (and more in-depth) than other courses you may find, but I also made sure to keep the information relevant to the types of fraud and disputes you'll find nowadays.
Because both fraud prevention systems and dispute resolution workflows seem complex, but they rely on simple principles and practices.
In this course, you'll learn about the essentials of how fraud is both performed and prevented, as well as how disputes and chargebacks are initiated, as well as managed. Information that comes both from the principles and theory present in the finance world, but also my own experience and insider knowledge, working with multiple institutional banks.
In this 11-hour+ masterclass, you'll find the following modules:
Introduction to Fraud Prevention and Monitoring (~4 hours)
You'll learn about the Fundamentals of Fraud (who are the perpetrators, how they obtain information, and how they commit fraud);
You'll get to know the main Approaches to Fraud (including general approaches of obtaining and using information, from identity theft, to convenience fraud, social engineering and more, specific techniques such as cash return fraud or card block fraud, and the different types of perpetrators);
You'll learn about all possible Fraud Prevention Techniques (individual techniques to prevent fraud including hotlists, velocity checks, and many others);
You'll learn about full Fraud Prevention Systems (how complete fraud prevention solutions are assembled and maintained, and best practices of doing so);
Introduction to Dispute Resolution (~2.5 hours)
You'll learn the Fundamentals of Disputes (how they occur, which parties are involved);
You'll get to know the ADR or Alternative Dispute Resolution framework (negotiation, mediation and arbitration, and when each should be used);
You'll learn what ODR or Online Dispute Resolution is (its context, steps, and implementations);
You'll get to know the principles of Dispute Resolution in Merchant Banking (how banks should deal with merchant disputes, process flow, and more);
You'll learn about all major Chargeback Reason Codes (an extensive list of the major categories of chargeback reason codes, from fraud to processing errors, authorization errors or consumer disputes, as well as guidelines for both banks and merchants);
Fundamentals of PCI-DSS (~5 hours)
You'll learn about the Essentials of PCI-DSS (assessment process, history, goals, etc);
You'll learn about the 12 Requirements of PCI-DSS v.3.2.1, and the specific controls demanded by every single one of them;
By the end of this course, you will know exactly how fraud is performed, how disputes occur and are resolved, how both can be prevented, in terms of principles and techniques, and how PCI-DSS compliance can be achieved.
The best of this masterclass? Inside you'll find all these 3 courses.
In short, even if you only fit one of the three profiles (only fraud, only disputes, only PCI-DSS), you will still have a course dedicated to it!
And naturally, if you are interested in multiple of these topics... this is the ultimate package for you.
THE PERFECT COURSE... FOR WHOM?
This course is targeted at different types of people. Naturally, if you're any current or future fraud prevention/dispute resolution professional, you will find this course useful. If you're a commercial banker, you'll even fit both criteria. But if you're any other professional that aims to know more about fraud or disputes, you'll also find it useful.
More specifically, you're the ideal student for this course if:
Introduction to Fraud Prevention and Monitoring
You're someone who wants to know more about fraud execution itself (how fraud is performed, specific executions, and by whom);
You're someone who is interested in fraud prevention systems (how they work, how can they be optimized, what problems usually occur);
You're someone who wants to know about specific fraud prevention tools and how they act in combination (identity verification tools, technological tools, others, and how they come together);
You're someone who is interested in the role of both people and systems in fraud prevention (how to optimize both a system, but also the people working with that system);
Introduction to Dispute Resolution
You're someone who will directly deal with dispute management or resolution;
You're someone who wants to know more about the different types of dispute resolution (both litigation and ADR, offline or not);
You're someone who wants to specifically know how to address disputes involving merchants and cardholders (as a bank or merchant);
You're someone who wants to know more about the different types of reason codes for chargebacks (and how to prevent them);
Fundamentals of PCI-DSS
You're someone who will directly deal with PCI-DSS certification;
You're someone who regularly deals with card data and wants to know about the associated security controls;
You're someone in charge of specific controls in an organisation that deals with card data (firewall, antivirus, access control, media protection or disposal, etc)
LET ME TELL YOU... EVERYTHING
Some people - including me - love to know what they're getting in a package.
And by this, I mean, EVERYTHING that is in the package.
So, here is a list of everything that this masterclass covers:
From Fundamentals of Fraud Prevention and Monitoring
You'll learn about the general approaches to fraud, including convenience, social engineering, internal fraud and identity theft;
You'll learn about how convenience fraud works, with easily accessible information that can be used to commit fraud;
You'll learn about how social engineering works, manipulating people into giving up confidential information;
You'll learn about how internal fraud works, by leveraging internal information to facilitate fraud;
You'll learn about how identity theft works, by having enough information about someone to impersonate them;
You'll learn about the different execution types of fraud, including consumer fraud, card block fraud, single-use fraud, cash return fraud, collusive and affiliate fraud, and dynamic or morphing fraud;
You'll learn about how consumer fraud works, by lying about product characteristics or other elements to obtain returns or cash;
You'll learn about how card block fraud works, generating a batch of card numbers and gauging which are insecure, to be later exploited in purchases;
You'll learn about how single-use fraud works, by making one single purchase in a merchant (or multiple), being harder to catch;
You'll learn about how cash return fraud works, by buying products with a stolen card and returning them for cash;
You'll learn about how dynamic or morphing fraud works, by changing fraud execution to bypass fraud detection;
You'll learn about fraud prevention techniques relying on data verification, including velocity checks, card verifications, charge and deposit verifications;
You'll learn about how velocity checks work, by analyzing the number of times a credit card (or another field) is either used or changed within a given period of time;
You'll learn about how card verifications work, such as Mod10, BIN, and/or card security schemes, both for data integrity and identity verification;
You'll learn about how charge verifications work (verifying a charge with the bank) and deposit verifications (making a deposit to verify a bank account);
You'll learn about fraud prevention techniques relying on identity verification including lists, field verifications, address verifications, manual authentication and automated lookups;
You'll learn about how lists work - both hotlists and warm lists of known offenders, but also whitelists for trusted clients;
You'll learn about how simple field verifications work for email, age, and others - quick, but not very effective security measures;
You'll learn about how address verifications work, for both the billing and shipping addresses (the latter being more complex and expensive, but a lot more secure in terms of preventing fraud);
You'll learn about how manual authentication works - by having someone call the client to verify a transaction, or manually search information to verify their identity (usually done by bank staff for KYC requirements);
You'll learn about how automated lookups of addresses or phone numbers work, mostly to double-check existing information;
You'll learn about fraud prevention techniques relying on technology (device or token identification, digital signatures and/or consumer location);
You'll learn about how device or token identification works, by using software such as cookies or hardware such as USB dongles, smart cards or biometrics in order to tie a device to a specific person, and authenticate them using that device;
You'll learn about how digital signatures work, through asymmetric cryptography, authenticating a transaction through the person's private key;
You'll learn about how consumer location techniques work - both in terms of tracking someone's IP or proxy (including VPN), or through their cell phone GPS location;
You'll learn about how fraud scoring and fraud rules can work to prevent fraud - appearing to be competing solutions, but actually working well together under certain conditions;
You'll learn about fraud prevention techniques that are actual processes of institutions, including insurance, guarantees, manual reviews and representment;
You'll learn about how insurance and guaranteed payments work, helping reimburse a merchant in the case of fraud, but representing an overhead in terms of costs and being restrictive in terms of the transactions accepted;
You'll learn about how manual reviews by banks help guarantee the authenticity of a transaction, and how representment of information by the acquiring bank can help a merchant, but both with unstable results and high costs;
You'll learn about technique considerations when assembling fraud prevention strategies, including determining the risk level of an entity, and the recommended techniques based on it;
You'll learn about considerations in terms of the usage of fraud data - fraud rules, fraud scores, and guaranteeing consistency in the database;
You'll learn about considerations in terms of the processing of fraud data - making sure that database field changes are documented, and that ETL (Extract, Transform, Load) processes don't ruin the data between operational DB and data warehouse;
From Introduction to Payment Dispute Resolution
You'll learn about the essentials of disputes (contractual vs. non-contractual disputes, payment disputes, issuer and acquirer banks);
You'll learn about how ADR (Alternative Dispute Resolution) is and how it differs from litigation;
You'll learn what the different types of ADR are (negotiation, mediation and arbitration), as well as the differences between these, and specific implementations of them;
You'll learn about the ODR (Online Dispute Resolution) framework, as well as its context and six key principles (accountability, transparency, accessibility, credibility/accreditation, security and enforceability);
You'll learn about the three major steps in an ODR process;
You'll learn about the three major types of ODR tools (cyber courts, electronic ADR, internal ADR);
You'll learn about implementations of ODR (such as blind bidding, cyber mediation, cyber negotiation and cyber arbitration), as well as specific case studies, such as ICANN-WIPO;
You'll learn about general guidelines for more efficient dispute resolution as a merchant bank;
You'll learn about the steps in the lifecycle of a dispute between an issuer and an acquirer bank, including the retrieval request, chargeback, and second chargeback;
You'll learn about the conditions under which the payment scheme may become involved in a chargeback, as well as some measures by them (allocation vs. mediation, pre-arbitration vs. arbitration, liability shifts);
You'll learn about disputes by different payment systems: debit cards, credit cards, ACH, prepaid cards, ATM;
You'll learn about the four major categories of chargeback reason codes: fraud, authorization errors, processing errors, customer disputes;
You'll learn about the usual types of chargeback reason codes due to fraud (not authorised or recognised transactions, fraudulent processing, monitored merchant or monitored card, the EMV liability shift);
You'll learn about the usual types of chargeback reason codes due to authorization issues (missing or declined authorisation, card in recovery/lost card/stolen card, invalid authorization information),
You'll learn about the usual types of chargeback reason codes due to processing errors (late presentment, invalid transaction code or invalid transaction data, duplicated payment or paid by other means, currency mismatches);
You'll learn about the usual types of chargeback reason codes due to consumer disputes (mismatches in terms of goods - counterfeit, misrepresented, not delivered, others - cancelled or incomplete transactions, credit not processed);
From Fundamentals of PCI-DSS:
You'll learn about the clarification of all terms used in the PCI-DSS, including what is the CDE, what is CHD, SAD, whether an organisation must take an ROC or SAQ, as well as some "general" payment industry terms such as what is an issuing bank and an acquiring bank;
You'll learn about the history of the PCI-DSS since 2004, with several iterations and its own release lifecycle;
You'll learn about the merchant assessment process, based on their classification from Level 1-4, and how both SAQs and ROCs work, as well as the 8 different types of SAQs, and the types of machines/merchants they target, including the SAQ-A and SAQ-A-EP, the SAQ-B and SAQ-B-IP, the SAQ-C and SAQ-C-VT, the SAQ-P2PE-HW, and finally, the most general SAQ-D;
You'll learn about the anatomy of a payment process, involving a cardholder and a merchant, from authorisation to authentication, clearing and settlement, and the role of the issuing bak, the acquiring bank and the card company;
You'll learn about an overview of all 12 PCI-DSS requirements, as well as their relationship with the 6 goals;
You'll learn all about Requirement 1 (Have a Firewall), including firewall configurations and standards, documentation on network topology and card data flows, setting up a DMZ, rejecting unsecured traffic, and more;
You'll learn all about Requirement 2 (No Defaults), about removing default passwords/accounts/strings from devices, but also isolating server functionality and removing unnecessary ports/services/apps that may present vulnerabilities;
You'll learn all about Requirement 3 (Protect Stored Data), about using strong encryption to protect cardholder data, as well as having proper data retention policies, data purging, as well as masking plaintext PANs, not storing SAD, and using proper key management and key lifecycle procedures;
You'll learn all about Requirement 4 (Protect Transmitted Data), about using strong encryption when transmitting CHD across public networks such as cellular or satellite, as well as masking plaintext PANs in transit, especially across IM channels;
You'll learn all about Requirement 5 (Prevent Malware), about having an antivirus solution on all commonly affected computers in order to prevent malware, as well as access control policies to prevent disabling AV software;
You'll learn all about Requirement 6 (Develop Securely), about doing vulnerability ranking and timely patch installation for both internal and 3rd-party applications, as well as including security requirements in the SDLC, as well as training developers to protect against common exploits such as code injections, buffer overflows and many others;
You'll learn all about Requirement 7 (Need-to-Know Access), about limiting access to CHD by personnel as much as possible, defining permissions by role, and having a formal mechanism for access control to consolidate this, such as LDAP, AD or ACLs;
You'll learn all about Requirement 8 (Identify Access), about tying each action to a unique user, including forcing unique IDs, automatic logouts on inactivity, lockouts on wrong password attempts, removing inactive accounts, limiting third-party access, forbidding the use of shared IDs, forcing physical security measures to be used only by the intended user, and more;
You'll learn all about Requirement 9 (Restrict Physical Access), about authorising and distinguishing visitors, enforcing access control to rooms with CHD, as well as the proper transport, storage and disposal of physical media containing CHD, with different sensitivity levels;
You'll learn all about Requirement 10 (Monitor Networks), about logging. Having a logging solution that is operating, logging specific events (such as all failed operations, all admin operations, all operations on CHD, etc), logging specific elements in each event (such as the user ID, the operation status, the affected resource, etc), as well as having a single time synchronisation mechanism for all logs, FIM (File Integrity Monitoring) on logs, frequent log review and proper log retention;
You'll learn all about Requirement 11 (Test Regularly), about performing regular scans for Access Points (APs), both authorised and non-authorised ones, as well as regular vulnerability scanning and regular penetration testing (from inside and outside, and multiple layers), as well as having FIM (File Integrity Monitoring) on all critical files, as well as having an IDS/IPS (Intrusion Detection/Prevention System) to prevent attacks;
(Rest truncated due to text length limit);
MY INVITATION TO YOU
Remember that you always have a 30-day money-back guarantee, so there is no risk for you.
Also, I suggest you make use of the free preview videos to make sure the course really is a fit. I don't want you to waste your money.
If you think this course is a fit and can take your fraud prevention knowledge to the next level... it would be a pleasure to have you as a student.
See you on the other side!
Who this course is for:
- You're any current (or future) fraud monitoring professional, looking to know more about how fraud is performed and how it's stopped
- You're any current (or future) dispute resolution professional, looking to know how disputes and chargebacks are resolve between merchants and cardholders
- You're anyone else curious about fraud prevention or dispute resolution!
I have what could be considered an unconventional background as a coach. I don’t come from psychology or medicine. In fact, I come from tech. I created two tech startups that reached million-dollar valuations, backed by the MIT-Portugal IEI startup accelerator, afterwards becoming its Intelligence Lead.
After years of coaching and mentoring startup founders on talent management, emotional management, influence and persuasion, among other topics, I started being requested by executives and investors, like venture capitalists, with more complex, large-scale problems.
After years of doing executive work, I started specializing in coaching asset management professionals. With the signing of my first fund manager/CIO clients, I started adapting my performance and influence techniques for purposes such as talent management for PMs and analysts, fundraising from allocators, effective leading a team, and properly assessing talent for compensation/promotion/allocation increases.
I currently provide performance coaching and influence/persuasion coaching for executives and asset management professionals, mostly but not limited to purposes like managing people, leading and closing sales/capital commitments.