Suche senden
Hochladen
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
•
2 gefällt mir
•
1,756 views
Visa
Folgen
Technologie
Wirtschaft & Finanzen
Business
Melden
Teilen
Melden
Teilen
1 von 34
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
Act-On Software
Cloud Privacy
Cloud Privacy
Act-On Software
Cyber Claims: GDPR and business email compromise drive greater frequencies
Cyber Claims: GDPR and business email compromise drive greater frequencies
Δρ. Γιώργος K. Κασάπης
SSO - single sign on solution for banks and financial organizations
SSO - single sign on solution for banks and financial organizations
Mohammad Shahnewaz
ID Watchdog Investor Presentation
ID Watchdog Investor Presentation
IDWatchdog
PrestaShop Barcamp 5 - Authorize.net : Five Notable E-commerce Trends
PrestaShop Barcamp 5 - Authorize.net : Five Notable E-commerce Trends
PrestaShop
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
PCI DSS Slidecast
PCI DSS Slidecast
RobertXia
Empfohlen
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
Act-On Software
Cloud Privacy
Cloud Privacy
Act-On Software
Cyber Claims: GDPR and business email compromise drive greater frequencies
Cyber Claims: GDPR and business email compromise drive greater frequencies
Δρ. Γιώργος K. Κασάπης
SSO - single sign on solution for banks and financial organizations
SSO - single sign on solution for banks and financial organizations
Mohammad Shahnewaz
ID Watchdog Investor Presentation
ID Watchdog Investor Presentation
IDWatchdog
PrestaShop Barcamp 5 - Authorize.net : Five Notable E-commerce Trends
PrestaShop Barcamp 5 - Authorize.net : Five Notable E-commerce Trends
PrestaShop
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
PCI DSS Slidecast
PCI DSS Slidecast
RobertXia
Online Identity Theft: Changing the Game
Online Identity Theft: Changing the Game
- Mark - Fullbright
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
Charmaine Servado
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit123
Hedna pii is your goldmine a landmine
Hedna pii is your goldmine a landmine
Evelyne Oreskovich
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
KP Naidu
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit123
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Financial Poise
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
Compliancy Group
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
FIDO Alliance
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Compliancy Group
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
tommy2tone44
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
Aladdin Dandis
04-1 E-commerce Security slides
04-1 E-commerce Security slides
monchai sopitka
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
nerfslides.pptx
nerfslides.pptx
ssusera5ade5
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
Sarah Fane
Weitere ähnliche Inhalte
Was ist angesagt?
Online Identity Theft: Changing the Game
Online Identity Theft: Changing the Game
- Mark - Fullbright
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
Charmaine Servado
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit123
Hedna pii is your goldmine a landmine
Hedna pii is your goldmine a landmine
Evelyne Oreskovich
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
KP Naidu
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit123
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Financial Poise
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
Compliancy Group
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
FIDO Alliance
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Compliancy Group
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
tommy2tone44
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
Aladdin Dandis
04-1 E-commerce Security slides
04-1 E-commerce Security slides
monchai sopitka
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
Was ist angesagt?
(18)
Online Identity Theft: Changing the Game
Online Identity Theft: Changing the Game
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
Hedna pii is your goldmine a landmine
Hedna pii is your goldmine a landmine
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
04-1 E-commerce Security slides
04-1 E-commerce Security slides
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Ähnlich wie CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
nerfslides.pptx
nerfslides.pptx
ssusera5ade5
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
Sarah Fane
2014 ota databreach3
2014 ota databreach3
Meg Weber
Rethinking Trust in Data
Rethinking Trust in Data
DATAVERSITY
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Turner and Associates, Inc.
Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?
Beamery
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
Joan Weber
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLink
Kristina Quinn
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
Group of company MUK
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
Carlos Roberto Paula Soares
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
TrustArc
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
BDO_Consulting
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity Presentation
Turner and Associates, Inc.
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
IBMgbsNA
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
Cloudera, Inc.
Ähnlich wie CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
(20)
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
nerfslides.pptx
nerfslides.pptx
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
2014 ota databreach3
2014 ota databreach3
Rethinking Trust in Data
Rethinking Trust in Data
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLink
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity Presentation
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
Kürzlich hochgeladen
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Jago de Vreede
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
Kürzlich hochgeladen
(20)
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategies Webinar
1.
Top 9 Fraud
Attacks and Winning Mitigating Strategies Carl Tucker Principal, Managed Risk Services CyberSource Tom Donlea Managing Director of Americas Merchant Risk Council © 2012 CyberSource Corporation. All rights reserved.
2.
Confidentiality Notice Forward-Looking Statements By
accepting this presentation and the information herein, you acknowledge that the information furnished to you is confidential, (the “Information”) and that your use of the information is limited to your business dealings with CyberSource Corporation, or its affiliated company, (“CyberSource”). You agree to keep the Information confidential and not to use the Information for any purpose other than in your business dealings with CyberSource. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in business dealings with CyberSource. Please be advised that the Information may constitute material nonpublic information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc., the parent company of CyberSource, while being aware of material nonpublic information would constitute a violation of applicable U.S. federal securities laws. Today’s presentations may contain, in addition to historical information, forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. These forward-looking statements are based on our current assumptions, expectations and projections about future events which reflect the best judgment of management and involve a number of risks and uncertainties that could cause actual results to differ materially from those suggested by our comments today. You should review and consider the information contained in Visa, CyberSource’s parent company, filings with the SEC regarding these risks and uncertainties. CyberSource, a subsidiary of Visa Inc., disclaims any obligation to publicly update or revise any forward-looking statements or information provided during today’s presentation. © 2012 CyberSource Corporation. All rights reserved. 2
3.
G2W Housekeeping • Please
use Questions area of your control panel. • Questions at the end unless additive. • Links will be provided as follow-up. • Any unanswered questions will be shared with presenters. © 2012 CyberSource Corporation. All rights reserved. 3
4.
MRC Program Objectives Networking “Connect
members to other members and industry leaders to share information and best practices.” Benchmarking “Provide member access to industry-specific data and information used to measure operational functionality and efficiency.” Education “Develop and implement programming that assists with professional development, improves organizational operations and enhances long-term strategic growth.” © 2012 CyberSource Corporation. All rights reserved. Advocacy “Lead and facilitate efforts to effect positive change in the electronic payments industry.” 4
5.
© 2012 CyberSource
Corporation. All rights reserved. 5 5
6.
CyberSource The Universal Payment
Management Platform Fraud Management $190B Merchant Complete Lifecycle Management Global Payment Acceptance Payment Security Fraud Management Analytics and Administration Payment Management Platform Integrations and Developer Services Professional Services Managed Risk Services One platform | Multiple channels | Single integration © 2012 CyberSource Corporation. All rights reserved. 6
7.
MRC Survey of
Merchants • Survey sent to MRC members between August 1-8 • 81 respondents © 2012 CyberSource Corporation. All rights reserved. 7
8.
Top 9 Fraud
Attacks 9.Triangulation Schemes © 2012 CyberSource Corporation. All rights reserved. 8
9.
9. Triangulation: Definition eRetailer/ Marketplace Fraudster Auction
Site Innocent Consumer © 2012 CyberSource Corporation. All rights reserved. 9
10.
9. Triangulation: Strategy Purchase
History/ Velocity Consumer Electronics Situation • One user making multiple purchases with multiple shipping locations • Customer complaints increasing • One user purchasing the same or similar products multiple times Analysis Customer Activity • Customer complaints linked to chargebacks • Age of the customer account • Same IP • Number of purchases compared to the age of customer account Solution • Ignoring product discounts or promotions • Velocity of IP and email accounts • Product velocity Session Profile • Length of buying process © 2012 CyberSource Corporation. All rights reserved. 10
11.
Top 9 Fraud
Attacks 9.Triangulation Schemes 8. Phishing/ Pharming/ Whaling © 2012 CyberSource Corporation. All rights reserved. 11
12.
8. Phishing/Pharming/Whaling: Definition ©
2012 CyberSource Corporation. All rights reserved. 12
13.
8. Phishing/Pharming/Whaling: Definition Targeted
Brands Phished 1Q 2012 450 400 350 300 370 392 392 February March 250 200 150 100 50 0 January * Phishing Activity Trends Report 1Q 2012; antiphishing.org © 2012 CyberSource Corporation. All rights reserved. 13
14.
Top 9 Fraud
Attacks 9.Triangulation Schemes 8. Phishing/ Pharming/ Whaling 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 14
15.
7. BotNet: Definition Over
3 Million Zombie Botnets in 2011. Bill Detroit Symantec Internet Security Threat Report 2011 Mary Los Angeles Merchant George Miami Fraudster Nigeria © 2012 CyberSource Corporation. All rights reserved. 15
16.
7. Botnet: Strategy Ticketing
Company Device Fingerprint • Device associated with a Botnet Situation • Organized crime attack • Time zone difference from the IP to the Device • Browser language consistency with device location Analysis • Multiple tracking elements linked to same device? • Identified true IP = Vietnam, associated with multiple purchases Proxy Piercing • Does FP = VPN Solution • Proxy identification: anonymous, hidden, transparent • Device IP = Vietnam • Same Device IP with multiple credit cards © 2012 CyberSource Corporation. All rights reserved. 16
17.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 17
18.
6. Re-shipping: Definition Fraudster eRetailer/ Marketplace “Mules” ©
2012 CyberSource Corporation. All rights reserved. 18
19.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets © 2012 CyberSource Corporation. All rights reserved. 19
20.
5. Affiliate Fraud:
Definition eRetailer Affiliate Innocent Consumer 1. Affiliate and merchant have relationship 2. Affiliate and merchant have NO relationship © 2012 CyberSource Corporation. All rights reserved. 20
21.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 21
22.
4. Identity Theft:
Definition *Symantec Internet Security Threat Report 2011 © 2012 CyberSource Corporation. All rights reserved. 22
23.
4. Identity Theft:
Definition Identity fraud 2009 2010 2011 Incidence Rate 6.0% 4.35% 4.9% Total Annual Cost $B $31 $20 $18 Mean Fraud Amount $2,219 $1,911 $1,513 85 78 55 Mean Misuse Time (days) *2012 Identity Fraud Report: Javelin Strategy & Research © 2012 CyberSource Corporation. All rights reserved. 23
24.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 3. Friendly Fraud 24
25.
3. Friendly Fraud Definition •
Individual behavior, not systematic but can be expensive • Buyers remorse—can’t detect Strategy • Business processes • Review process © 2012 CyberSource Corporation. All rights reserved. 25
26.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 3. Friendly Fraud 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 2. Account Takeover 7. Botnets 4. Identity Theft © 2012 CyberSource Corporation. All rights reserved. 26
27.
2. Account Takeover:
Definition Overview.mail.yahoo.com/accountsettings/mail Change Account Settings Add an address Full Name: Name: Edit E-mail: Edit Address Line 1: Password: ************ Mobile Phone number: Edit Street address, P.O. box, company name, c/o Address Line 2: Apartment, suite, unit, building, floor, etc. Add City: Done State/Province/Region: Zip: Country: Phone Number: Optional Delivery Preferences (What’s this?) Address Type: Security Access Code: For buildings or gated communities Save & Payment Method © 2012 CyberSource Corporation. All rights reserved. Save & Continue 27
28.
2. Account Takeover:
Strategy Account Takeover Methods 2011 Change the physical address Add their name as a registered user on the account Change the email address on an account Obtain a debit or credit card with their name Change the phone number Change the password to an online account Change the PIN on a card Obtain checks 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% % of Fraud Victims *2012 Identity Fraud Report: Javelin Strategy & Research © 2012 CyberSource Corporation. All rights reserved. 28
29.
2. Account Takeover:
Strategy General Goods Account Activity • Age of account Situation • Purchase history • Abuse by established customers • Additional verification for any account information changes Analysis • Different emails • Descriptive emails • Same ID • Same password Solution • Same ID associated different email accounts • Multiple users same password Identity Authentication • Require 2-factor authentication for new (customer) login devices • If login device is from suspicious location • Velocity of the user activity • Check if device fingerprint associated with fraudulent activities • Check if password is the same for multiple accounts © 2012 CyberSource Corporation. All rights reserved. 29
30.
Top 9 Fraud
Attacks 9.Triangulation Schemes 6. Re-Shipping 3. Friendly Fraud 8. Phishing/ Pharming/ Whaling 5. Affiliate Fraud 2. Account Takeover 7. Botnets 4. Identity Theft 1. Clean Fraud © 2012 CyberSource Corporation. All rights reserved. 30
31.
1. Clean Fraud:
Definition Order appears good… Checking Merchant’s Own Order History Database… Standard Processing Services Checks… John Q. Account Information Matches No Negative Order History? (Name)... Public 3333 E. Troy Street Chicago IL 60616 773 555 6589 Checking Outside Services… IP Geolocation… IP Address Matches Location John Q. Public 4XXX XXXX XXXX 1803 Card Verification Number Matches No Negative Order History? (Card Number)... 099 © 2012 CyberSource Corporation. All rights reserved. 31
32.
1. Clean Fraud:
Strategy High End Luxury Goods Situation • Auto-accepts becoming fraud chargebacks 1 Use device fingerprint to connect yourself to the fraudster 2 Separate the new customers from loyal ones 3 Lock down purchase delivery 4 Real time order review feedback 5 Analyze your system data to understand fraudster behavior Analysis • Different accounts = same ID • Linked during order review • Abnormal customer behavior Solution • Proactive order review • Established customer process © 2012 CyberSource Corporation. All rights reserved. 32
33.
1. Clean Fraud:
Strategy Analyze Results Bad Good Expected Results Good Valid orders Chargebacks Bad Actual Results Customer insults Captured fraud © 2012 CyberSource Corporation. All rights reserved. 33
34.
Questions? Carl Tucker Tom Donlea Principal,
Managed Risk Services CyberSource ctucker@cybersource.com Sales: 1-888-330-2300 Managing Director of Americas Merchant Risk Council tom@merchantriskcouncil.org © 2012 CyberSource Corporation. All rights reserved. 34
Jetzt herunterladen