SlideShare ist ein Scribd-Unternehmen logo

Securing Online Transactions and Customer Data

Als PPTX, PDF herunterladen
National Retail Federation
National Retail Federation

Presentation from NRF Protect 2019: Retail's Loss Prevention and Cyber Risk Event. Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA Adam Hunt, CTO and Chief Data Scientist, RiskIQ DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions

Einzelhandel
1 von 12
Securing Online Transactions and Customer Data Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA Adam Hunt, CTO and Chief Data Scientist, RiskIQ DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions
NCFTA Programs and Initiatives CYFIN PROGRAM BRAND & CONSUMER PROTECTION PROGRAM MALWARE & CYBER THREATS PROGRAM CYFIN PROGRAM E-COMMERCE FRAUD CYBERHEALTH WORKING GROUP (CHWG) • BANKING • BROKERAGE • PREPAID CARD • POINT OF SALE COMPROMISE • ACCOUNT TAKEOVER • HUMAN TRAFFICKING • BUSINESS EMAIL COMPROMISE • TRAVEL FRAUD PHARMACEUTICAL FRAUD INITIATIVE LONG-TERM INFECTION ANALYSIS IPR INITIATIVE • AUTOMOTIVE • TOBACCO • GENERAL COUNTERFEIT APPLICATION & HARDWARE MALWARE ANALYSIS INTERNET FRAUD ALERT (IFA) SOCIAL MEDIA RESEARCH HACKTIVISM DARK WEB RESEARCH MULTI-LINGUAL INTEL ANALYSTS — RUSSIAN / CHINESE / SPANISH / FRENCH / JAPANESE / ARABIC
NCFTA Collaboration Insurance, Healthcare Financial Institutions & Brokerage Prepaid & Payroll Processing Retail & Ecommerce Other Critical Infrastructure Manufacturing (Pharma, Auto, Agriculture) ACADEMIA & SME’s HQ-Level Law Enforcement CO-LOCATED AT NCFTA Multiple Industry Sectors CONSENSUS Law Enforcement Analysts NCFTA Analysts Feedback PSAs Actionable Intelligence Investigative Reports Targeted DisruptionTraining
Retail Threats – Dark Web • Malware • ATO • Card dumps • Loyalty program fraud
MageCart
MageCart
MageCart
Dark Web Attribution Valuable Information from Vendor Profiles Contact Information Additional Points of Sale Customer Reviews Seller Rating Dialect Used Shipping Methods/ Locations
Clearnet Research Actor Recorded Data Breaches Public Records Social Media Compare Interests Other Open Source Resources
Actor Investigation
11 Recommendations • Keep software updated • Establish a strong password policy • Use ‘captcha’ or some other bot protection • Encrypt data at multiple stages • Send notifications to the customer • Educate customers • Remove unnessary javascript from payment pages • Use Subresource integrity • Verify S3 bucket permissions
Contact Intelligence Analysts Molly Pro mpro@ncfta.net Harley Rohrbacher hrohrbacher@ncfta.net CTO @ RiskIQ Adam Hunt Adam.hunt@riskiq.net Editor-in-Chief, Card Not Present D.J. Murphy dmurphy@reedexpo.com

Empfohlen

Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DivePrathan Phongthiproek
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014n|u - The Open Security Community
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
 

Empfohlen

Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DivePrathan Phongthiproek
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014n|u - The Open Security Community
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyDavid Rogers
 
OWASP Top 10 for Mobile
OWASP Top 10 for MobileOWASP Top 10 for Mobile
OWASP Top 10 for MobileAppvigil - Mobile App Security Scanner
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008Jim Geovedi
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellPrathan Phongthiproek
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Aditya Mukherjee Information Security
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile securityJudy Ngure
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicSimon Hartley
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Krupin kirill (fraud) research proposal
Krupin kirill (fraud) research proposalKrupin kirill (fraud) research proposal
Krupin kirill (fraud) research proposalKirill Krupin
 

Weitere ähnliche Inhalte

Was ist angesagt?

Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyDavid Rogers
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008Jim Geovedi
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Aditya Mukherjee Information Security
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile securityJudy Ngure
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicSimon Hartley
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 

Was ist angesagt? (20)

Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
 
OWASP Top 10 for Mobile
OWASP Top 10 for MobileOWASP Top 10 for Mobile
OWASP Top 10 for Mobile
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in Action
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 Risks
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile security
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - Public
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authentication
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...
 

Ähnlich wie Securing Online Transactions and Customer Data

Krupin kirill (fraud) research proposal
Krupin kirill (fraud) research proposalKrupin kirill (fraud) research proposal
Krupin kirill (fraud) research proposalKirill Krupin
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cade Zvavanjanja
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and DesignAlbert Hui
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Impact of IP piracy on rights valuation, advertisers & media channels
Impact of IP piracy on rights valuation, advertisers & media channelsImpact of IP piracy on rights valuation, advertisers & media channels
Impact of IP piracy on rights valuation, advertisers & media channelsrm86
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...BodeGeorge
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Andrea Rossetti
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security reportMarco Antonio Agnese
 
Cyber security (2) (2)
Cyber security (2) (2)Cyber security (2) (2)
Cyber security (2) (2)ameyjakate
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Seminário Big Data, 19/05/2014 - Apresentação Federico Grosso
Seminário Big Data, 19/05/2014 - Apresentação Federico GrossoSeminário Big Data, 19/05/2014 - Apresentação Federico Grosso
Seminário Big Data, 19/05/2014 - Apresentação Federico GrossoFecomercioSP
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by RegulaRegula
 
Pirates are not confined to the caribbean.pdf
Pirates are not confined to the caribbean.pdfPirates are not confined to the caribbean.pdf
Pirates are not confined to the caribbean.pdfGurudev Basavaraj Goud
 

Ähnlich wie Securing Online Transactions and Customer Data (20)

Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
Krupin kirill (fraud) research proposal
Krupin kirill (fraud) research proposalKrupin kirill (fraud) research proposal
Krupin kirill (fraud) research proposal
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Impact of IP piracy on rights valuation, advertisers & media channels
Impact of IP piracy on rights valuation, advertisers & media channelsImpact of IP piracy on rights valuation, advertisers & media channels
Impact of IP piracy on rights valuation, advertisers & media channels
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training Summary
 
Cyber security (2) (2)
Cyber security (2) (2)Cyber security (2) (2)
Cyber security (2) (2)
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
Seminário Big Data, 19/05/2014 - Apresentação Federico Grosso
Seminário Big Data, 19/05/2014 - Apresentação Federico GrossoSeminário Big Data, 19/05/2014 - Apresentação Federico Grosso
Seminário Big Data, 19/05/2014 - Apresentação Federico Grosso
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula
 
Pirates are not confined to the caribbean.pdf
Pirates are not confined to the caribbean.pdfPirates are not confined to the caribbean.pdf
Pirates are not confined to the caribbean.pdf
 

Mehr von National Retail Federation

Conversational digital humans: The future of retail?
Conversational digital humans: The future of retail?Conversational digital humans: The future of retail?
Conversational digital humans: The future of retail?National Retail Federation
 
Drive enhanced customer experiences with the power of data
Drive enhanced customer experiences with the power of dataDrive enhanced customer experiences with the power of data
Drive enhanced customer experiences with the power of dataNational Retail Federation
 
Driving optimal decision-making in fresh grocery
Driving optimal decision-making in fresh groceryDriving optimal decision-making in fresh grocery
Driving optimal decision-making in fresh groceryNational Retail Federation
 
Five Guys and Flybuy - Challenges, innovations, and what's next
Five Guys and Flybuy - Challenges, innovations, and what's nextFive Guys and Flybuy - Challenges, innovations, and what's next
Five Guys and Flybuy - Challenges, innovations, and what's nextNational Retail Federation
 
Thermal intelligence - Advancing food safety and profitability for retailers
Thermal intelligence - Advancing food safety and profitability for retailersThermal intelligence - Advancing food safety and profitability for retailers
Thermal intelligence - Advancing food safety and profitability for retailersNational Retail Federation
 
Unlocking the power of in-session marketing to convert the anonymous
Unlocking the power of in-session marketing to convert the anonymousUnlocking the power of in-session marketing to convert the anonymous
Unlocking the power of in-session marketing to convert the anonymousNational Retail Federation
 
Navigating uncertainty: The art and science of learning and doing 10x in a te...
Navigating uncertainty: The art and science of learning and doing 10x in a te...Navigating uncertainty: The art and science of learning and doing 10x in a te...
Navigating uncertainty: The art and science of learning and doing 10x in a te...National Retail Federation
 
Building deeper empathy for your customers in uncertain times and beyond
Building deeper empathy for your customers in uncertain times and beyondBuilding deeper empathy for your customers in uncertain times and beyond
Building deeper empathy for your customers in uncertain times and beyondNational Retail Federation
 
The state of commerce: Key trends and future predictions
The state of commerce: Key trends and future predictionsThe state of commerce: Key trends and future predictions
The state of commerce: Key trends and future predictionsNational Retail Federation
 
Redefining intelligence: Exploring the latest advances in next-generation AI ...
Redefining intelligence: Exploring the latest advances in next-generation AI ...Redefining intelligence: Exploring the latest advances in next-generation AI ...
Redefining intelligence: Exploring the latest advances in next-generation AI ...National Retail Federation
 
Top global consumer trends for retailers in 2023
Top global consumer trends for retailers in 2023Top global consumer trends for retailers in 2023
Top global consumer trends for retailers in 2023National Retail Federation
 
Data-driven site selection: How understanding consumer movement drives Little...
Data-driven site selection: How understanding consumer movement drives Little...Data-driven site selection: How understanding consumer movement drives Little...
Data-driven site selection: How understanding consumer movement drives Little...National Retail Federation
 
Demystifying data: Profitability, people and the power of analytics
Demystifying data: Profitability, people and the power of analyticsDemystifying data: Profitability, people and the power of analytics
Demystifying data: Profitability, people and the power of analyticsNational Retail Federation
 
Five reasons automation will save your restaurant
Five reasons automation will save your restaurantFive reasons automation will save your restaurant
Five reasons automation will save your restaurantNational Retail Federation
 
Retail Media Networks: How the physical store will power their next phase of ...
Retail Media Networks: How the physical store will power their next phase of ...Retail Media Networks: How the physical store will power their next phase of ...
Retail Media Networks: How the physical store will power their next phase of ...National Retail Federation
 
Working together to combat organized retail crime
Working together to combat organized retail crimeWorking together to combat organized retail crime
Working together to combat organized retail crimeNational Retail Federation
 
Voice in retail: It speaks, it listens, it’s impacting our real world businesses
Voice in retail: It speaks, it listens, it’s impacting our real world businessesVoice in retail: It speaks, it listens, it’s impacting our real world businesses
Voice in retail: It speaks, it listens, it’s impacting our real world businessesNational Retail Federation
 
A look ahead to 2023: Impasse or opportunity for a new path
A look ahead to 2023: Impasse or opportunity for a new pathA look ahead to 2023: Impasse or opportunity for a new path
A look ahead to 2023: Impasse or opportunity for a new pathNational Retail Federation
 

Mehr von National Retail Federation (20)

Conversational digital humans: The future of retail?
Conversational digital humans: The future of retail?Conversational digital humans: The future of retail?
Conversational digital humans: The future of retail?
 
Drive enhanced customer experiences with the power of data
Drive enhanced customer experiences with the power of dataDrive enhanced customer experiences with the power of data
Drive enhanced customer experiences with the power of data
 
Driving optimal decision-making in fresh grocery
Driving optimal decision-making in fresh groceryDriving optimal decision-making in fresh grocery
Driving optimal decision-making in fresh grocery
 
Five Guys and Flybuy - Challenges, innovations, and what's next
Five Guys and Flybuy - Challenges, innovations, and what's nextFive Guys and Flybuy - Challenges, innovations, and what's next
Five Guys and Flybuy - Challenges, innovations, and what's next
 
Thermal intelligence - Advancing food safety and profitability for retailers
Thermal intelligence - Advancing food safety and profitability for retailersThermal intelligence - Advancing food safety and profitability for retailers
Thermal intelligence - Advancing food safety and profitability for retailers
 
NRF 2023 Back-to-Class Consumer Trends
NRF 2023 Back-to-Class Consumer TrendsNRF 2023 Back-to-Class Consumer Trends
NRF 2023 Back-to-Class Consumer Trends
 
Unlocking the power of in-session marketing to convert the anonymous
Unlocking the power of in-session marketing to convert the anonymousUnlocking the power of in-session marketing to convert the anonymous
Unlocking the power of in-session marketing to convert the anonymous
 
Navigating uncertainty: The art and science of learning and doing 10x in a te...
Navigating uncertainty: The art and science of learning and doing 10x in a te...Navigating uncertainty: The art and science of learning and doing 10x in a te...
Navigating uncertainty: The art and science of learning and doing 10x in a te...
 
Building deeper empathy for your customers in uncertain times and beyond
Building deeper empathy for your customers in uncertain times and beyondBuilding deeper empathy for your customers in uncertain times and beyond
Building deeper empathy for your customers in uncertain times and beyond
 
The state of commerce: Key trends and future predictions
The state of commerce: Key trends and future predictionsThe state of commerce: Key trends and future predictions
The state of commerce: Key trends and future predictions
 
Redefining intelligence: Exploring the latest advances in next-generation AI ...
Redefining intelligence: Exploring the latest advances in next-generation AI ...Redefining intelligence: Exploring the latest advances in next-generation AI ...
Redefining intelligence: Exploring the latest advances in next-generation AI ...
 
Top global consumer trends for retailers in 2023
Top global consumer trends for retailers in 2023Top global consumer trends for retailers in 2023
Top global consumer trends for retailers in 2023
 
Data-driven site selection: How understanding consumer movement drives Little...
Data-driven site selection: How understanding consumer movement drives Little...Data-driven site selection: How understanding consumer movement drives Little...
Data-driven site selection: How understanding consumer movement drives Little...
 
Can resale increase foot traffic in stores?
Can resale increase foot traffic in stores?Can resale increase foot traffic in stores?
Can resale increase foot traffic in stores?
 
Demystifying data: Profitability, people and the power of analytics
Demystifying data: Profitability, people and the power of analyticsDemystifying data: Profitability, people and the power of analytics
Demystifying data: Profitability, people and the power of analytics
 
Five reasons automation will save your restaurant
Five reasons automation will save your restaurantFive reasons automation will save your restaurant
Five reasons automation will save your restaurant
 
Retail Media Networks: How the physical store will power their next phase of ...
Retail Media Networks: How the physical store will power their next phase of ...Retail Media Networks: How the physical store will power their next phase of ...
Retail Media Networks: How the physical store will power their next phase of ...
 
Working together to combat organized retail crime
Working together to combat organized retail crimeWorking together to combat organized retail crime
Working together to combat organized retail crime
 
Voice in retail: It speaks, it listens, it’s impacting our real world businesses
Voice in retail: It speaks, it listens, it’s impacting our real world businessesVoice in retail: It speaks, it listens, it’s impacting our real world businesses
Voice in retail: It speaks, it listens, it’s impacting our real world businesses
 
A look ahead to 2023: Impasse or opportunity for a new path
A look ahead to 2023: Impasse or opportunity for a new pathA look ahead to 2023: Impasse or opportunity for a new path
A look ahead to 2023: Impasse or opportunity for a new path
 

Securing Online Transactions and Customer Data

  • 1. Securing Online Transactions and Customer Data Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA Adam Hunt, CTO and Chief Data Scientist, RiskIQ DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions
  • 2. NCFTA Programs and Initiatives CYFIN PROGRAM BRAND & CONSUMER PROTECTION PROGRAM MALWARE & CYBER THREATS PROGRAM CYFIN PROGRAM E-COMMERCE FRAUD CYBERHEALTH WORKING GROUP (CHWG) • BANKING • BROKERAGE • PREPAID CARD • POINT OF SALE COMPROMISE • ACCOUNT TAKEOVER • HUMAN TRAFFICKING • BUSINESS EMAIL COMPROMISE • TRAVEL FRAUD PHARMACEUTICAL FRAUD INITIATIVE LONG-TERM INFECTION ANALYSIS IPR INITIATIVE • AUTOMOTIVE • TOBACCO • GENERAL COUNTERFEIT APPLICATION & HARDWARE MALWARE ANALYSIS INTERNET FRAUD ALERT (IFA) SOCIAL MEDIA RESEARCH HACKTIVISM DARK WEB RESEARCH MULTI-LINGUAL INTEL ANALYSTS — RUSSIAN / CHINESE / SPANISH / FRENCH / JAPANESE / ARABIC
  • 3. NCFTA Collaboration Insurance, Healthcare Financial Institutions & Brokerage Prepaid & Payroll Processing Retail & Ecommerce Other Critical Infrastructure Manufacturing (Pharma, Auto, Agriculture) ACADEMIA & SME’s HQ-Level Law Enforcement CO-LOCATED AT NCFTA Multiple Industry Sectors CONSENSUS Law Enforcement Analysts NCFTA Analysts Feedback PSAs Actionable Intelligence Investigative Reports Targeted DisruptionTraining
  • 4. Retail Threats – Dark Web • Malware • ATO • Card dumps • Loyalty program fraud
  • 8. Dark Web Attribution Valuable Information from Vendor Profiles Contact Information Additional Points of Sale Customer Reviews Seller Rating Dialect Used Shipping Methods/ Locations
  • 11. 11 Recommendations • Keep software updated • Establish a strong password policy • Use ‘captcha’ or some other bot protection • Encrypt data at multiple stages • Send notifications to the customer • Educate customers • Remove unnessary javascript from payment pages • Use Subresource integrity • Verify S3 bucket permissions
  • 12. Contact Intelligence Analysts Molly Pro mpro@ncfta.net Harley Rohrbacher hrohrbacher@ncfta.net CTO @ RiskIQ Adam Hunt Adam.hunt@riskiq.net Editor-in-Chief, Card Not Present D.J. Murphy dmurphy@reedexpo.com