Suche senden
Hochladen
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
•
2 gefällt mir
•
1,756 views
Visa
Folgen
Technologie
Wirtschaft & Finanzen
Business
Melden
Teilen
Melden
Teilen
1 von 34
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
Act-On Software
Cloud Privacy
Cloud Privacy
Act-On Software
Cyber Claims: GDPR and business email compromise drive greater frequencies
Cyber Claims: GDPR and business email compromise drive greater frequencies
Δρ. Γιώργος K. Κασάπης
SSO - single sign on solution for banks and financial organizations
SSO - single sign on solution for banks and financial organizations
Mohammad Shahnewaz
ID Watchdog Investor Presentation
ID Watchdog Investor Presentation
IDWatchdog
PrestaShop Barcamp 5 - Authorize.net : Five Notable E-commerce Trends
PrestaShop Barcamp 5 - Authorize.net : Five Notable E-commerce Trends
PrestaShop
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
PCI DSS Slidecast
PCI DSS Slidecast
RobertXia
Weitere ähnliche Inhalte
Was ist angesagt?
Online Identity Theft: Changing the Game
Online Identity Theft: Changing the Game
- Mark - Fullbright
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
Charmaine Servado
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit123
Hedna pii is your goldmine a landmine
Hedna pii is your goldmine a landmine
Evelyne Oreskovich
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
KP Naidu
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit123
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Financial Poise
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
Compliancy Group
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
FIDO Alliance
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Compliancy Group
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
tommy2tone44
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
Aladdin Dandis
04-1 E-commerce Security slides
04-1 E-commerce Security slides
monchai sopitka
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
Was ist angesagt?
(18)
Online Identity Theft: Changing the Game
Online Identity Theft: Changing the Game
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
Hedna pii is your goldmine a landmine
Hedna pii is your goldmine a landmine
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
04-1 E-commerce Security slides
04-1 E-commerce Security slides
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Ähnlich wie CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
nerfslides.pptx
nerfslides.pptx
ssusera5ade5
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
Sarah Fane
2014 ota databreach3
2014 ota databreach3
Meg Weber
Rethinking Trust in Data
Rethinking Trust in Data
DATAVERSITY
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Turner and Associates, Inc.
Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?
Beamery
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
Joan Weber
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLink
Kristina Quinn
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
Group of company MUK
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
Carlos Roberto Paula Soares
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
TrustArc
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
BDO_Consulting
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity Presentation
Turner and Associates, Inc.
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
IBMgbsNA
Lakewood Case Summary
Lakewood Case Summary
Monroe Anderton
Ähnlich wie CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
(20)
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
nerfslides.pptx
nerfslides.pptx
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
2014 ota databreach3
2014 ota databreach3
Rethinking Trust in Data
Rethinking Trust in Data
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLink
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity Presentation
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
Lakewood Case Summary
Lakewood Case Summary
Kürzlich hochgeladen
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
Asko Soukka
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
DianaGray10
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Will Schroeder
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
David Newbury
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Aijun Zhang
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
Adam Moalla
20150722 - AGV
20150722 - AGV
Jamie (Taka) Wang
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
shyamraj55
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
IES VE
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
Brian Pichman
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UbiTrack UK
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
Tarek Kalaji
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
Matsuo Lab
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
Adtran
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
Md Hossain Ali
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
DianaGray10
20230104 - machine vision
20230104 - machine vision
Jamie (Taka) Wang
201610817 - edge part1
201610817 - edge part1
Jamie (Taka) Wang
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
D Cloud Solutions
Kürzlich hochgeladen
(20)
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
20150722 - AGV
20150722 - AGV
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
20230104 - machine vision
20230104 - machine vision
201610817 - edge part1
201610817 - edge part1
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
1.
Top 9 Fraud
Attacks and Winning Mitigating Strategies Carl Tucker Principal, Managed Risk Services CyberSource Tom Donlea Managing Director of Americas Merchant Risk Council © 2012 CyberSource Corporation. All rights reserved.
2.
Confidentiality Notice Forward-Looking Statements By
accepting this presentation and the information herein, you acknowledge that the information furnished to you is confidential, (the “Information”) and that your use of the information is limited to your business dealings with CyberSource Corporation, or its affiliated company, (“CyberSource”). You agree to keep the Information confidential and not to use the Information for any purpose other than in your business dealings with CyberSource. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in business dealings with CyberSource. Please be advised that the Information may constitute material nonpublic information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc., the parent company of CyberSource, while being aware of material nonpublic information would constitute a violation of applicable U.S. federal securities laws. Today’s presentations may contain, in addition to historical information, forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. These forward-looking statements are based on our current assumptions, expectations and projections about future events which reflect the best judgment of management and involve a number of risks and uncertainties that could cause actual results to differ materially from those suggested by our comments today. You should review and consider the information contained in Visa, CyberSource’s parent company, filings with the SEC regarding these risks and uncertainties. CyberSource, a subsidiary of Visa Inc., disclaims any obligation to publicly update or revise any forward-looking statements or information provided during today’s presentation. © 2012 CyberSource Corporation. All rights reserved. 2
3.
G2W Housekeeping • Please
use Questions area of your control panel. • Questions at the end unless additive. • Links will be provided as follow-up. • Any unanswered questions will be shared with presenters. © 2012 CyberSource Corporation. All rights reserved. 3
4.
MRC Program Objectives Networking “Connect
members to other members and industry leaders to share information and best practices.” Benchmarking “Provide member access to industry-specific data and information used to measure operational functionality and efficiency.” Education “Develop and implement programming that assists with professional development, improves organizational operations and enhances long-term strategic growth.” © 2012 CyberSource Corporation. All rights reserved. Advocacy “Lead and facilitate efforts to effect positive change in the electronic payments industry.” 4
5.
© 2012 CyberSource
Corporation. All rights reserved. 5 5
6.
CyberSource The Universal Payment
Management Platform Fraud Management $190B Merchant Complete Lifecycle Management Global Payment Acceptance Payment Security Fraud Management Analytics and Administration Payment Management Platform Integrations and Developer Services Professional Services Managed Risk Services One platform | Multiple channels | Single integration © 2012 CyberSource Corporation. All rights reserved. 6
7.
MRC Survey of
Merchants • Survey sent to MRC members between August 1-8 • 81 respondents © 2012 CyberSource Corporation. All rights reserved. 7
8.
Top 9 Fraud
Attacks 9.Triangulation Schemes © 2012 CyberSource Corporation. All rights reserved. 8
9.
9. Triangulation: Definition eRetailer/ Marketplace Fraudster Auction
Site Innocent Consumer © 2012 CyberSource Corporation. All rights reserved. 9
10.
9. Triangulation: Strategy Purchase
History/ Velocity Consumer Electronics Situation • One user making multiple purchases with multiple shipping locations • Customer complaints increasing • One user purchasing the same or similar products multiple times Analysis Customer Activity • Customer complaints linked to chargebacks • Age of the customer account • Same IP • Number of purchases compared to the age of customer account Solution • Ignoring product discounts or promotions • Velocity of IP and email accounts • Product velocity Session Profile • Length of buying process © 2012 CyberSource Corporation. All rights reserved. 10
11.
Top 9 Fraud
Attacks 9.Triangulation Schemes 8. Phishing/ Pharming/ Whaling © 2012 CyberSource Corporation. All rights reserved. 11
12.
8. Phishing/Pharming/Whaling: Definition ©
2012 CyberSource Corporation. All rights reserved. 12
13.
8. Phishing/Pharming/Whaling: Definition Targeted
Brands Phished 1Q 2012 450 400 350 300 370 392 392 February March 250 200 150 100 50 0 January * Phishing Activity Trends Report 1Q 2012; antiphishing.org © 2012 CyberSource Corporation. All rights reserved. 13
14.
Top 9 Fraud
Attacks 9.Triangulation Schemes 8. Phishing/ Pharming/ Whaling 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 14
15.
7. BotNet: Definition Over
3 Million Zombie Botnets in 2011. Bill Detroit Symantec Internet Security Threat Report 2011 Mary Los Angeles Merchant George Miami Fraudster Nigeria © 2012 CyberSource Corporation. All rights reserved. 15
16.
7. Botnet: Strategy Ticketing
Company Device Fingerprint • Device associated with a Botnet Situation • Organized crime attack • Time zone difference from the IP to the Device • Browser language consistency with device location Analysis • Multiple tracking elements linked to same device? • Identified true IP = Vietnam, associated with multiple purchases Proxy Piercing • Does FP = VPN Solution • Proxy identification: anonymous, hidden, transparent • Device IP = Vietnam • Same Device IP with multiple credit cards © 2012 CyberSource Corporation. All rights reserved. 16
17.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 17
18.
6. Re-shipping: Definition Fraudster eRetailer/ Marketplace “Mules” ©
2012 CyberSource Corporation. All rights reserved. 18
19.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 19
20.
5. Affiliate Fraud:
Definition eRetailer Affiliate Innocent Consumer 1. Affiliate and merchant have relationship 2. Affiliate and merchant have NO relationship © 2012 CyberSource Corporation. All rights reserved. 20
21.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 21
22.
4. Identity Theft:
Definition *Symantec Internet Security Threat Report 2011 © 2012 CyberSource Corporation. All rights reserved. 22
23.
4. Identity Theft:
Definition Identity fraud 2009 2010 2011 Incidence Rate 6.0% 4.35% 4.9% Total Annual Cost $B $31 $20 $18 Mean Fraud Amount $2,219 $1,911 $1,513 85 78 55 Mean Misuse Time (days) *2012 Identity Fraud Report: Javelin Strategy & Research © 2012 CyberSource Corporation. All rights reserved. 23
24.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 3. Friendly Fraud 24
25.
3. Friendly Fraud Definition •
Individual behavior, not systematic but can be expensive • Buyers remorse—can’t detect Strategy • Business processes • Review process © 2012 CyberSource Corporation. All rights reserved. 25
26.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 3. Friendly Fraud 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 2. Account Takeover 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 26
27.
2. Account Takeover:
Definition Overview.mail.yahoo.com/accountsettings/mail Change Account Settings Add an address Full Name: Name: Edit E-mail: Edit Address Line 1: Password: ************ Mobile Phone number: Edit Street address, P.O. box, company name, c/o Address Line 2: Apartment, suite, unit, building, floor, etc. Add City: Done State/Province/Region: Zip: Country: Phone Number: Optional Delivery Preferences (What’s this?) Address Type: Security Access Code: For buildings or gated communities Save & Payment Method © 2012 CyberSource Corporation. All rights reserved. Save & Continue 27
28.
2. Account Takeover:
Strategy Account Takeover Methods 2011 Change the physical address Add their name as a registered user on the account Change the email address on an account Obtain a debit or credit card with their name Change the phone number Change the password to an online account Change the PIN on a card Obtain checks 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% % of Fraud Victims *2012 Identity Fraud Report: Javelin Strategy & Research © 2012 CyberSource Corporation. All rights reserved. 28
29.
2. Account Takeover:
Strategy General Goods Account Activity • Age of account Situation • Purchase history • Abuse by established customers • Additional verification for any account information changes Analysis • Different emails • Descriptive emails • Same ID • Same password Solution • Same ID associated different email accounts • Multiple users same password Identity Authentication • Require 2-factor authentication for new (customer) login devices • If login device is from suspicious location • Velocity of the user activity • Check if device fingerprint associated with fraudulent activities • Check if password is the same for multiple accounts © 2012 CyberSource Corporation. All rights reserved. 29
30.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 3. Friendly Fraud 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 2. Account Takeover 7. Botnets 4. Identity Theft 1. Clean Fraud © 2012 CyberSource Corporation. All rights reserved. 30
31.
1. Clean Fraud:
Definition Order appears good… Checking Merchant’s Own Order History Database… Standard Processing Services Checks… John Q. Account Information Matches No Negative Order History? (Name)... Public 3333 E. Troy Street Chicago IL 60616 773 555 6589 Checking Outside Services… IP Geolocation… IP Address Matches Location John Q. Public 4XXX XXXX XXXX 1803 Card Verification Number Matches No Negative Order History? (Card Number)... 099 © 2012 CyberSource Corporation. All rights reserved. 31
32.
1. Clean Fraud:
Strategy High End Luxury Goods Situation • Auto-accepts becoming fraud chargebacks 1 Use device fingerprint to connect yourself to the fraudster 2 Separate the new customers from loyal ones 3 Lock down purchase delivery 4 Real time order review feedback 5 Analyze your system data to understand fraudster behavior Analysis • Different accounts = same ID • Linked during order review • Abnormal customer behavior Solution • Proactive order review • Established customer process © 2012 CyberSource Corporation. All rights reserved. 32
33.
1. Clean Fraud:
Strategy Analyze Results Bad Good Expected Results Good Valid orders Chargebacks Bad Actual Results Customer insults Captured fraud © 2012 CyberSource Corporation. All rights reserved. 33
34.
Questions? Carl Tucker Tom Donlea Principal,
Managed Risk Services CyberSource ctucker@cybersource.com Sales: 1-888-330-2300 Managing Director of Americas Merchant Risk Council tom@merchantriskcouncil.org © 2012 CyberSource Corporation. All rights reserved. 34
Jetzt herunterladen