SlideShare ist ein Scribd-Unternehmen logo
1 von 34
Downloaden Sie, um offline zu lesen
Top 9 Fraud Attacks
and Winning
Mitigating Strategies

Carl Tucker
Principal, Managed Risk Services
CyberSource

Tom Donlea
Managing Director of Americas
Merchant Risk Council

© 2012 CyberSource Corporation. All rights reserved.
Confidentiality Notice

Forward-Looking Statements

By accepting this presentation and the information
herein, you acknowledge that the information furnished to
you is confidential, (the “Information”) and that your use
of the information is limited to your business dealings
with CyberSource Corporation, or its affiliated company,
(“CyberSource”). You agree to keep the Information
confidential and not to use the Information for any
purpose other than in your business dealings with
CyberSource. The Information may only be disseminated
within your organization on a need-to-know basis to
enable your participation in business dealings with
CyberSource. Please be advised that the Information
may constitute material nonpublic information under
U.S. federal securities laws and that purchasing or
selling securities of Visa Inc., the parent company of
CyberSource, while being aware of material nonpublic
information would constitute a violation of applicable
U.S. federal securities laws.

Today’s presentations may contain, in addition to historical
information, forward-looking statements within the meaning
of Section 27A of the Securities Act of 1933, as amended,
and Section 21E of the Securities Exchange Act of 1934,
as amended.
These forward-looking statements are based on our current
assumptions, expectations and projections about future
events which reflect the best judgment of management and
involve a number of risks and uncertainties that could
cause actual results to differ materially from those
suggested by our comments today. You should review and
consider the information contained in Visa, CyberSource’s
parent company, filings with the SEC regarding these risks
and uncertainties.
CyberSource, a subsidiary of Visa Inc., disclaims any
obligation to publicly update or revise any forward-looking
statements or information provided during today’s
presentation.

© 2012 CyberSource Corporation. All rights reserved.

2
G2W Housekeeping
• Please use Questions area of your control panel.
• Questions at the end unless additive.
• Links will be provided as follow-up.
• Any unanswered questions will be shared with presenters.

© 2012 CyberSource Corporation. All rights reserved.

3
MRC Program Objectives
Networking

“Connect members to
other members and
industry leaders to share
information and best
practices.”

Benchmarking

“Provide member access
to industry-specific data
and information used to
measure operational
functionality and
efficiency.”

Education

“Develop and implement
programming that assists
with professional
development, improves
organizational operations
and enhances long-term
strategic growth.”

© 2012 CyberSource Corporation. All rights reserved.

Advocacy

“Lead and facilitate efforts
to effect positive change
in the electronic payments
industry.”

4
© 2012 CyberSource Corporation. All rights reserved.

5

5
CyberSource
The Universal Payment Management Platform

Fraud Management

$190B

Merchant

Complete
Lifecycle
Management

Global Payment
Acceptance

Payment
Security

Fraud
Management

Analytics and
Administration

Payment Management Platform
Integrations and
Developer Services

Professional
Services

Managed Risk
Services

One platform | Multiple channels | Single integration

© 2012 CyberSource Corporation. All rights reserved.

6
MRC Survey of Merchants
• Survey sent to MRC members
between August 1-8
• 81 respondents

© 2012 CyberSource Corporation. All rights reserved.

7
Top 9 Fraud Attacks
9.Triangulation
Schemes

© 2012 CyberSource Corporation. All rights reserved.

8
9. Triangulation: Definition
eRetailer/
Marketplace

Fraudster

Auction Site
Innocent
Consumer

© 2012 CyberSource Corporation. All rights reserved.

9
9. Triangulation: Strategy
Purchase History/ Velocity
Consumer Electronics
Situation

• One user making multiple purchases with multiple
shipping locations

• Customer complaints
increasing

• One user purchasing the same or similar products
multiple times

Analysis

Customer Activity

• Customer complaints linked to
chargebacks

• Age of the customer account

• Same IP

• Number of purchases compared to the age
of customer account

Solution

• Ignoring product discounts or promotions

• Velocity of IP and email accounts
• Product velocity

Session Profile
• Length of buying process

© 2012 CyberSource Corporation. All rights reserved.

10
Top 9 Fraud Attacks
9.Triangulation
Schemes
8. Phishing/
Pharming/
Whaling

© 2012 CyberSource Corporation. All rights reserved.

11
8. Phishing/Pharming/Whaling: Definition

© 2012 CyberSource Corporation. All rights reserved.

12
8. Phishing/Pharming/Whaling: Definition
Targeted Brands Phished 1Q 2012
450
400
350
300

370

392

392

February

March

250
200
150
100
50
0

January
* Phishing Activity Trends Report 1Q 2012; antiphishing.org

© 2012 CyberSource Corporation. All rights reserved.

13
Top 9 Fraud Attacks
9.Triangulation
Schemes
8. Phishing/
Pharming/
Whaling
7. Botnets

© 2012 CyberSource Corporation. All rights reserved.

14
7. BotNet: Definition
Over 3 Million
Zombie Botnets
in 2011.

Bill
Detroit

Symantec Internet Security Threat Report 2011

Mary
Los Angeles

Merchant

George
Miami

Fraudster
Nigeria

© 2012 CyberSource Corporation. All rights reserved.

15
7. Botnet: Strategy
Ticketing Company

Device Fingerprint
• Device associated with a Botnet

Situation
• Organized crime attack

• Time zone difference from the IP to the Device
• Browser language consistency with device location

Analysis

• Multiple tracking elements linked to same device?

• Identified true IP =
Vietnam, associated with
multiple purchases

Proxy Piercing
• Does FP = VPN

Solution

• Proxy identification: anonymous, hidden, transparent

• Device IP = Vietnam
• Same Device IP with multiple credit cards

© 2012 CyberSource Corporation. All rights reserved.

16
Top 9 Fraud Attacks
9.Triangulation
Schemes

6. Re-Shipping

8. Phishing/
Pharming/
Whaling
7. Botnets

© 2012 CyberSource Corporation. All rights reserved.

17
6. Re-shipping: Definition

Fraudster

eRetailer/
Marketplace

“Mules”

© 2012 CyberSource Corporation. All rights reserved.

18
Top 9 Fraud Attacks
9.Triangulation
Schemes

6. Re-Shipping

8. Phishing/
Pharming/
Whaling

5. Affiliate
Fraud

7. Botnets

© 2012 CyberSource Corporation. All rights reserved.

19
5. Affiliate Fraud: Definition

eRetailer

Affiliate

Innocent
Consumer

1. Affiliate and merchant have relationship
2. Affiliate and merchant have NO relationship
© 2012 CyberSource Corporation. All rights reserved.

20
Top 9 Fraud Attacks
9.Triangulation
Schemes

6. Re-Shipping

8. Phishing/
Pharming/
Whaling

5. Affiliate
Fraud

7. Botnets

4. Identity
Theft

© 2012 CyberSource Corporation. All rights reserved.

21
4. Identity Theft: Definition

*Symantec Internet Security Threat Report 2011

© 2012 CyberSource Corporation. All rights reserved.

22
4. Identity Theft: Definition
Identity fraud
2009

2010

2011

Incidence Rate

6.0%

4.35%

4.9%

Total Annual Cost $B

$31

$20

$18

Mean Fraud Amount

$2,219

$1,911

$1,513

85

78

55

Mean Misuse Time
(days)

*2012 Identity Fraud Report: Javelin Strategy & Research

© 2012 CyberSource Corporation. All rights reserved.

23
Top 9 Fraud Attacks
9.Triangulation
Schemes

6. Re-Shipping

8. Phishing/
Pharming/
Whaling

5. Affiliate
Fraud

7. Botnets

4. Identity
Theft

© 2012 CyberSource Corporation. All rights reserved.

3. Friendly
Fraud

24
3. Friendly Fraud
Definition
• Individual behavior, not systematic
but can be expensive
• Buyers remorse—can’t detect

Strategy
• Business processes
• Review process

© 2012 CyberSource Corporation. All rights reserved.

25
Top 9 Fraud Attacks
9.Triangulation
Schemes

6. Re-Shipping

3. Friendly
Fraud

8. Phishing/
Pharming/
Whaling

5. Affiliate
Fraud

2. Account
Takeover

7. Botnets

4. Identity
Theft

© 2012 CyberSource Corporation. All rights reserved.

26
2. Account Takeover: Definition
Overview.mail.yahoo.com/accountsettings/mail

Change Account Settings

Add an address
Full Name:

Name:

Edit

E-mail:

Edit

Address Line 1:
Password: ************
Mobile Phone
number:

Edit

Street address, P.O. box, company name, c/o

Address Line 2:
Apartment, suite, unit, building, floor, etc.

Add

City:
Done

State/Province/Region:
Zip:
Country:
Phone Number:

Optional Delivery Preferences (What’s this?)
Address Type:
Security Access Code:
For buildings or gated communities

Save & Payment Method

© 2012 CyberSource Corporation. All rights reserved.

Save & Continue

27
2. Account Takeover: Strategy
Account Takeover Methods 2011
Change the physical address
Add their name as a registered user on the account
Change the email address on an account
Obtain a debit or credit card with their name
Change the phone number
Change the password to an online account
Change the PIN on a card
Obtain checks
0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

% of Fraud Victims
*2012 Identity Fraud Report: Javelin Strategy & Research

© 2012 CyberSource Corporation. All rights reserved.

28
2. Account Takeover: Strategy
General Goods

Account Activity
• Age of account

Situation

• Purchase history

• Abuse by established customers

• Additional verification for any account information changes

Analysis
• Different emails
• Descriptive emails
• Same ID
• Same password

Solution
• Same ID associated different email
accounts
• Multiple users same password

Identity Authentication
• Require 2-factor authentication for new (customer)
login devices
• If login device is from suspicious location
• Velocity of the user activity
• Check if device fingerprint associated with fraudulent activities
• Check if password is the same for multiple accounts

© 2012 CyberSource Corporation. All rights reserved.

29
Top 9 Fraud Attacks
9.Triangulation
Schemes

6. Re-Shipping

3. Friendly
Fraud

8. Phishing/
Pharming/
Whaling

5. Affiliate
Fraud

2. Account
Takeover

7. Botnets

4. Identity
Theft

1. Clean
Fraud

© 2012 CyberSource Corporation. All rights reserved.

30
1. Clean Fraud: Definition

Order appears good…
Checking Merchant’s
Own Order History
Database…

Standard Processing
Services Checks…
John Q.

Account
Information
Matches

No Negative Order
History? (Name)...

Public
3333 E. Troy Street

Chicago

IL

60616

773 555 6589

Checking Outside Services…
IP Geolocation…
IP Address Matches
Location

John Q. Public
4XXX XXXX XXXX 1803

Card Verification
Number Matches

No Negative Order
History? (Card Number)...

099

© 2012 CyberSource Corporation. All rights reserved.

31
1. Clean Fraud: Strategy
High End Luxury Goods
Situation
• Auto-accepts becoming fraud chargebacks

1

Use device fingerprint to connect
yourself to the fraudster

2

Separate the new customers
from loyal ones

3

Lock down purchase delivery

4

Real time order review feedback

5

Analyze your system data to
understand fraudster behavior

Analysis
• Different accounts = same ID
• Linked during order review
• Abnormal customer behavior

Solution
• Proactive order review
• Established customer process

© 2012 CyberSource Corporation. All rights reserved.

32
1. Clean Fraud: Strategy
Analyze Results

Bad

Good

Expected Results

Good

Valid
orders

Chargebacks

Bad

Actual Results

Customer
insults

Captured
fraud

© 2012 CyberSource Corporation. All rights reserved.

33
Questions?

Carl Tucker

Tom Donlea

Principal, Managed Risk Services
CyberSource
ctucker@cybersource.com
Sales: 1-888-330-2300

Managing Director of Americas
Merchant Risk Council
tom@merchantriskcouncil.org

© 2012 CyberSource Corporation. All rights reserved.

34

Weitere ähnliche Inhalte

Was ist angesagt?

Online Identity Theft: Changing the Game
Online Identity Theft: Changing the GameOnline Identity Theft: Changing the Game
Online Identity Theft: Changing the Game- Mark - Fullbright
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012Charmaine Servado
 
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification streamCallcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification streamCallcredit123
 
Hedna pii is your goldmine a landmine
Hedna   pii is your goldmine a landmineHedna   pii is your goldmine a landmine
Hedna pii is your goldmine a landmineEvelyne Oreskovich
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit123
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Financial Poise
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionCurrent Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionFIDO Alliance
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?tommy2tone44
 
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Aladdin Dandis
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Aspiration Software LLC
 

Was ist angesagt? (18)

Online Identity Theft: Changing the Game
Online Identity Theft: Changing the GameOnline Identity Theft: Changing the Game
Online Identity Theft: Changing the Game
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
 
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification streamCallcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
 
Hedna pii is your goldmine a landmine
Hedna   pii is your goldmine a landmineHedna   pii is your goldmine a landmine
Hedna pii is your goldmine a landmine
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionCurrent Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
 
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slides
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
 

Ähnlich wie CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar

Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Rethinking Trust in Data
Rethinking Trust in Data Rethinking Trust in Data
Rethinking Trust in Data DATAVERSITY
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborTurner and Associates, Inc.
 
Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?Beamery
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinklendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinkKristina Quinn
 
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Group of company MUK
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationDouglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationTurner and Associates, Inc.
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863IBMgbsNA
 

Ähnlich wie CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar (20)

Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Rethinking Trust in Data
Rethinking Trust in Data Rethinking Trust in Data
Rethinking Trust in Data
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
 
Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinklendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLink
 
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
 
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdfCDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationDouglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity Presentation
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
 
Lakewood Case Summary
Lakewood Case SummaryLakewood Case Summary
Lakewood Case Summary
 

Kürzlich hochgeladen

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 

Kürzlich hochgeladen (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 

CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar

  • 1. Top 9 Fraud Attacks and Winning Mitigating Strategies Carl Tucker Principal, Managed Risk Services CyberSource Tom Donlea Managing Director of Americas Merchant Risk Council © 2012 CyberSource Corporation. All rights reserved.
  • 2. Confidentiality Notice Forward-Looking Statements By accepting this presentation and the information herein, you acknowledge that the information furnished to you is confidential, (the “Information”) and that your use of the information is limited to your business dealings with CyberSource Corporation, or its affiliated company, (“CyberSource”). You agree to keep the Information confidential and not to use the Information for any purpose other than in your business dealings with CyberSource. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in business dealings with CyberSource. Please be advised that the Information may constitute material nonpublic information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc., the parent company of CyberSource, while being aware of material nonpublic information would constitute a violation of applicable U.S. federal securities laws. Today’s presentations may contain, in addition to historical information, forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. These forward-looking statements are based on our current assumptions, expectations and projections about future events which reflect the best judgment of management and involve a number of risks and uncertainties that could cause actual results to differ materially from those suggested by our comments today. You should review and consider the information contained in Visa, CyberSource’s parent company, filings with the SEC regarding these risks and uncertainties. CyberSource, a subsidiary of Visa Inc., disclaims any obligation to publicly update or revise any forward-looking statements or information provided during today’s presentation. © 2012 CyberSource Corporation. All rights reserved. 2
  • 3. G2W Housekeeping • Please use Questions area of your control panel. • Questions at the end unless additive. • Links will be provided as follow-up. • Any unanswered questions will be shared with presenters. © 2012 CyberSource Corporation. All rights reserved. 3
  • 4. MRC Program Objectives Networking “Connect members to other members and industry leaders to share information and best practices.” Benchmarking “Provide member access to industry-specific data and information used to measure operational functionality and efficiency.” Education “Develop and implement programming that assists with professional development, improves organizational operations and enhances long-term strategic growth.” © 2012 CyberSource Corporation. All rights reserved. Advocacy “Lead and facilitate efforts to effect positive change in the electronic payments industry.” 4
  • 5. © 2012 CyberSource Corporation. All rights reserved. 5 5
  • 6. CyberSource The Universal Payment Management Platform Fraud Management $190B Merchant Complete Lifecycle Management Global Payment Acceptance Payment Security Fraud Management Analytics and Administration Payment Management Platform Integrations and Developer Services Professional Services Managed Risk Services One platform | Multiple channels | Single integration © 2012 CyberSource Corporation. All rights reserved. 6
  • 7. MRC Survey of Merchants • Survey sent to MRC members between August 1-8 • 81 respondents © 2012 CyberSource Corporation. All rights reserved. 7
  • 8. Top 9 Fraud Attacks 9.Triangulation Schemes © 2012 CyberSource Corporation. All rights reserved. 8
  • 9. 9. Triangulation: Definition eRetailer/ Marketplace Fraudster Auction Site Innocent Consumer © 2012 CyberSource Corporation. All rights reserved. 9
  • 10. 9. Triangulation: Strategy Purchase History/ Velocity Consumer Electronics Situation • One user making multiple purchases with multiple shipping locations • Customer complaints increasing • One user purchasing the same or similar products multiple times Analysis Customer Activity • Customer complaints linked to chargebacks • Age of the customer account • Same IP • Number of purchases compared to the age of customer account Solution • Ignoring product discounts or promotions • Velocity of IP and email accounts • Product velocity Session Profile • Length of buying process © 2012 CyberSource Corporation. All rights reserved. 10
  • 11. Top 9 Fraud Attacks 9.Triangulation Schemes 8. Phishing/ Pharming/ Whaling © 2012 CyberSource Corporation. All rights reserved. 11
  • 12. 8. Phishing/Pharming/Whaling: Definition © 2012 CyberSource Corporation. All rights reserved. 12
  • 13. 8. Phishing/Pharming/Whaling: Definition Targeted Brands Phished 1Q 2012 450 400 350 300 370 392 392 February March 250 200 150 100 50 0 January * Phishing Activity Trends Report 1Q 2012; antiphishing.org © 2012 CyberSource Corporation. All rights reserved. 13
  • 14. Top 9 Fraud Attacks 9.Triangulation Schemes 8. Phishing/ Pharming/ Whaling 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 14
  • 15. 7. BotNet: Definition Over 3 Million Zombie Botnets in 2011. Bill Detroit Symantec Internet Security Threat Report 2011 Mary Los Angeles Merchant George Miami Fraudster Nigeria © 2012 CyberSource Corporation. All rights reserved. 15
  • 16. 7. Botnet: Strategy Ticketing Company Device Fingerprint • Device associated with a Botnet Situation • Organized crime attack • Time zone difference from the IP to the Device • Browser language consistency with device location Analysis • Multiple tracking elements linked to same device? • Identified true IP = Vietnam, associated with multiple purchases Proxy Piercing • Does FP = VPN Solution • Proxy identification: anonymous, hidden, transparent • Device IP = Vietnam • Same Device IP with multiple credit cards © 2012 CyberSource Corporation. All rights reserved. 16
  • 17. Top 9 Fraud Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 17
  • 18. 6. Re-shipping: Definition Fraudster eRetailer/ Marketplace “Mules” © 2012 CyberSource Corporation. All rights reserved. 18
  • 19. Top 9 Fraud Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 19
  • 20. 5. Affiliate Fraud: Definition eRetailer Affiliate Innocent Consumer 1. Affiliate and merchant have relationship 2. Affiliate and merchant have NO relationship © 2012 CyberSource Corporation. All rights reserved. 20
  • 21. Top 9 Fraud Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 21
  • 22. 4. Identity Theft: Definition *Symantec Internet Security Threat Report 2011 © 2012 CyberSource Corporation. All rights reserved. 22
  • 23. 4. Identity Theft: Definition Identity fraud 2009 2010 2011 Incidence Rate 6.0% 4.35% 4.9% Total Annual Cost $B $31 $20 $18 Mean Fraud Amount $2,219 $1,911 $1,513 85 78 55 Mean Misuse Time (days) *2012 Identity Fraud Report: Javelin Strategy & Research © 2012 CyberSource Corporation. All rights reserved. 23
  • 24. Top 9 Fraud Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 3. Friendly Fraud 24
  • 25. 3. Friendly Fraud Definition • Individual behavior, not systematic but can be expensive • Buyers remorse—can’t detect Strategy • Business processes • Review process © 2012 CyberSource Corporation. All rights reserved. 25
  • 26. Top 9 Fraud Attacks 9.Triangulation Schemes 6. Re-Shipping 3. Friendly Fraud 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 2. Account Takeover 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 26
  • 27. 2. Account Takeover: Definition Overview.mail.yahoo.com/accountsettings/mail Change Account Settings Add an address Full Name: Name: Edit E-mail: Edit Address Line 1: Password: ************ Mobile Phone number: Edit Street address, P.O. box, company name, c/o Address Line 2: Apartment, suite, unit, building, floor, etc. Add City: Done State/Province/Region: Zip: Country: Phone Number: Optional Delivery Preferences (What’s this?) Address Type: Security Access Code: For buildings or gated communities Save & Payment Method © 2012 CyberSource Corporation. All rights reserved. Save & Continue 27
  • 28. 2. Account Takeover: Strategy Account Takeover Methods 2011 Change the physical address Add their name as a registered user on the account Change the email address on an account Obtain a debit or credit card with their name Change the phone number Change the password to an online account Change the PIN on a card Obtain checks 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% % of Fraud Victims *2012 Identity Fraud Report: Javelin Strategy & Research © 2012 CyberSource Corporation. All rights reserved. 28
  • 29. 2. Account Takeover: Strategy General Goods Account Activity • Age of account Situation • Purchase history • Abuse by established customers • Additional verification for any account information changes Analysis • Different emails • Descriptive emails • Same ID • Same password Solution • Same ID associated different email accounts • Multiple users same password Identity Authentication • Require 2-factor authentication for new (customer) login devices • If login device is from suspicious location • Velocity of the user activity • Check if device fingerprint associated with fraudulent activities • Check if password is the same for multiple accounts © 2012 CyberSource Corporation. All rights reserved. 29
  • 30. Top 9 Fraud Attacks 9.Triangulation Schemes 6. Re-Shipping 3. Friendly Fraud 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 2. Account Takeover 7. Botnets 4. Identity Theft 1. Clean Fraud © 2012 CyberSource Corporation. All rights reserved. 30
  • 31. 1. Clean Fraud: Definition Order appears good… Checking Merchant’s Own Order History Database… Standard Processing Services Checks… John Q. Account Information Matches No Negative Order History? (Name)... Public 3333 E. Troy Street Chicago IL 60616 773 555 6589 Checking Outside Services… IP Geolocation… IP Address Matches Location John Q. Public 4XXX XXXX XXXX 1803 Card Verification Number Matches No Negative Order History? (Card Number)... 099 © 2012 CyberSource Corporation. All rights reserved. 31
  • 32. 1. Clean Fraud: Strategy High End Luxury Goods Situation • Auto-accepts becoming fraud chargebacks 1 Use device fingerprint to connect yourself to the fraudster 2 Separate the new customers from loyal ones 3 Lock down purchase delivery 4 Real time order review feedback 5 Analyze your system data to understand fraudster behavior Analysis • Different accounts = same ID • Linked during order review • Abnormal customer behavior Solution • Proactive order review • Established customer process © 2012 CyberSource Corporation. All rights reserved. 32
  • 33. 1. Clean Fraud: Strategy Analyze Results Bad Good Expected Results Good Valid orders Chargebacks Bad Actual Results Customer insults Captured fraud © 2012 CyberSource Corporation. All rights reserved. 33
  • 34. Questions? Carl Tucker Tom Donlea Principal, Managed Risk Services CyberSource ctucker@cybersource.com Sales: 1-888-330-2300 Managing Director of Americas Merchant Risk Council tom@merchantriskcouncil.org © 2012 CyberSource Corporation. All rights reserved. 34