countering cross-channel fraud threats
DESCRIPTION
TRANSCRIPT
Countering Cross-Channel Fraud Threats
BAI Payments Connect
March 11, 2013 — 11:00 a.m.-11:30 a.m.
1
Dena Hamilton
Countering Cross-Channel Fraud Threats
Detica’s - 2013 Top Three U.S. Fraud and Compliance Trends
• Enhanced focus on the fraudster footprint
Fraudsters were accountable for significant financial losses in 2012, as many firms overlooked key
fraudster behavior and risk characteristics until it was too late. Institutions will need to carefully and
consistently investigate and better understand the fraudster to better protect against financial crime in 2013 –
reviewing history, patterns and other characteristics to provide investigators with more well rounded insight and
create a clear view of relationships in the networks in which the fraudsters operate.
• ACH and wire fraud remain favorite tools for organized criminals
With FI’s seen as easy prey, 2013 will see an increased exploitation of ACH and wire fraud by
organized criminal rings. Firms will need to invest more to develop their defenses and implement anomaly detection
to combat both anticipated and unexpected attacks.
• Mobile fraud matures
Mobile fraud will finally come into its own in 2013, as criminals leverage past source-code and tested techniques to
develop more resilient malware and gain access to high level data stored on mobile devices. FI’s will be
challenged to protect mobile data as the number of transactions and volume of data on
smart phones grows
© BAE Systems Detica 2013 Company Confidential 2
Cross-Channel Fraud Definition
Federal Reserve Presentation 2009
Cross-Channel Fraud —
“Theft from deposit accounts by way of multiple points of access —
whether branch, automated teller machine, call center, debit card, online
banking, ACH or wire.”
- Dan Tobin,
IT Examiner
Supervision, Regulation and Credit
Federal Reserve Bank of Boston
© BAE Systems Detica 2013 Company Confidential 3
These Threats Are Pervasive and Relentless
© BAE Systems Detica 2013 Company Confidential 4
Why This Topic and What’s New?
© BAE Systems Detica 2013 Company Confidential 5
Global Evolution of
Existing Payments
Emergence of New Payment
Players and Mechanisms
Why This Topic and What’s New?
© BAE Systems Detica 2013 Company Confidential 6
The Rise of Mobile
In the U.S.
Why This Topic and What’s New?
© BAE Systems Detica 2013 Company Confidential 7
The Rise of Mobile
Why This Topic and What’s New?
© BAE Systems Detica 2013 Company Confidential 8
The Rise of Mobile
Why This Topic and What’s New?
© BAE Systems Detica 2013 Company Confidential 9
2012 Payments Fraud Survey Summary of Results — September 2012
Source: Payments Information and Outreach Office — Federal Reserve Bank of Minneapolis
Why This Topic and What’s New?
© BAE Systems Detica 2013 Company Confidential 10
Source: Payments Information and Outreach Office — Federal Reserve Bank of Minneapolis
Why This Topic and What’s New?
© BAE Systems Detica 2013 Company Confidential 11
Source: Payments Information and Outreach Office — Federal Reserve Bank of Minneapolis
Why This Topic and What’s New?
• The faces of fraud are changing and evolving. Organizations are familiar
with the traditional forms of fraud with checks and payment cards, but
over the past year many different fraud events have made the headlines:
• ATM skimming sprees
• Multiple retail chain breaches
• Social networking sites infiltrated
• Fraudsters swapping out POS pin pad units at a favorite arts and craft retailer
• ACH and wire fraud with business banking clients
• Many targeted phishing schemes
• Because of the increase in these access points as well as the innovation
of new electronic payment methods, criminals and their attacks are
becoming much more sophisticated
© BAE Systems Detica 2013 Company Confidential 12
Regardless of the Source
In the 2012 AFP Payments Fraud and Control Survey • Introduction and Key Findings:
“As payment options proliferate, so, too, do new twists on fraudster’s
schemes and techniques. Checks continue to lead as the payment type
most attached, even as their use dramatically declines. But as paper
gives way to plastic, Internet and mobile payments accelerate, and the
globalization of business continues to grow, the need for new
security models becomes ever more important”
- Stephen W. Markwell,
Product Executive of Treasury Services, J.P. Morgan
13 © BAE Systems Detica 2013 Company Confidential
Why This Topic?
• Financial Crime Survey 2012 — Operational Risk and Regulation in
conjunction with Detica NetReveal®:
• The outlook for continued investment in financial crime detection and prevention
remains positive for 2013, with anticipated annual growth well ahead of the previous
© BAE Systems Detica 2013 Company Confidential 14
On average, 83% of respondents
expect an increase in their
financial crime and compliance
budgets (compared to 42% in
both 2011 and 2010), of which a
staggering 56% predict an
increase of more than 20%
(compared to 14% in both 2011
and 2010).
Mitigating Residual Risks
• In the current climate of advanced persistent threats, data breaches and
malware-infected end-points, it is not surprising that information security
stands out as a serious concern that warrants more attention
© BAE Systems Detica 2013 Company Confidential 15
Countering Cross-Channel Fraud
Why so hard to catch?
• Multiple interactions with distinct touch-points
• Forensics typically focuses on the point of the breach, not the
interactions leading up to it
• When accessed only for exploration, the online channel typically
doesn’t record activity
© BAE Systems Detica 2013 Company Confidential 16
Countering Cross-Channel Fraud
Why is the risk growing?
• Payments products are increasingly using multiple channels
• Emerging payments products are being adopted by financial
institutions
• The increasing role of third-party processors
• Operational, information security and legal/compliance risks may not
be fully understood
• Growing complexity of systems
© BAE Systems Detica 2013 Company Confidential 17
Detica’s Financial and Cyber Crimes Intelligence Platforms
© BAE Systems Detica 2013 Company Confidential 18
19
Securing a Connected World
A full suite of products and services to protect institutions
INSIDE, AT, and OUTSIDE THE PERIMETER
AT THE PERIMETER • Penetration Testing
• Secure Network Guard (SNG)
INSIDE THE PERIMETER • Fraud Detection/Management
• AML/Compliance
• Cyber Monitoring and Detection
(CyberReveal)
• Cyber Response and Remediation
• Communications Monitoring
OUTSIDE THE PERIMETER • Threat Intelligence
• Cyber Defense Strategies and
Consulting
INSIDE
AT
OUTSIDE
© BAE Systems Detica 2013 Company Confidential
ENTITY
ANALYTICS
DETECTION
SCENARIOS
ALERT AND
CASE
MANAGEMENT
SOCIAL
NETWORK
ANALYTICS
ENTITY ANALYTICS
• Single view of entities
• Applies analytics to create
electronic fingerprints / profiles
• Holistic, cross-channel
approach
SOCIAL NETWORK
ANALYTICS
• Relational approach of entities
• Detect collusive behavior and
hidden relationships
DETECTION SCENARIOS
• Out of the box scenarios —
combines rules and analytics
• Risk Scores
• Ability to incorporate external
models and behavioral scores
EXPERTISE
• Industry risk, fraud and
compliance SMEs
• Highly regarded graduate
program
• In-house data labs
ALERT AND CASE
MANAGEMENT
• 360° view of client
• Single technology platform
• Alert Triage and Optimization
Offers Depth of Defense
© BAE Systems Detica 2013 Company Confidential
Detica Recommendations
• Single platform approach — risk, fraud, and compliance
• Integrated command and control KPIs and risk indicators
• Full solution suite — across every stage of the customer journey from
initiation through to remediation
• Full 360° view of the customer
• Unprecedented, perceptive approach to detection and prevention
• Predefined social network analytics
• Customer-centric analytics and profiling
• Watch list management
• Enterprise case management
• Compliance reporting capabilities
• Real time and batch, proven detection and prevention industry models
21 © BAE Systems Detica 2013 Company Confidential
22
Dena Hamilton
www.deticanetreveal.com
North America Head Office
BAE Systems Detica
265 Franklin Street
Boston
MA 02110
USA
Tel: +1 (617) 737 4170
Fax: +1 (617) 737 4190
International Offices
Australia
Belgium
Canada
Dubai
France
Germany
Ireland
India
Poland
Singapore
Spain
The Netherlands
UK
© BAE Systems plc 2013. All Rights Reserved.
BAE SYSTEMS, DETICA, NETREVEAL, Detica NetReveal are
trademarks of BAE Systems plc.
Detica Limited is a BAE Systems company registered in England and
Wales under number 1337451. Its registered office is at Surrey
Research Park, Guildford, England, GU2 7YP
If you have any questions or would like to find out more about Detica
NetReveal® please contact:
Contact Details
© BAE Systems Detica 2013 Company Confidential
References and Resources
Detica
• Knowledge Center — https://www.deticanetreveal.com/en/knowledge-centre.html
• 2013 Trends — https://www.deticanetreveal.com/en/knowledge-centre/news/item/bae-systems-detica-forecasts-
top-us-fraud-and-compliance-trends-for-2013.html
• Cross Channel Fraud — https://www.deticanetreveal.com/en/knowledge-centre/financial-services-collateral-
en/general.html?task=weblink.go&id=119
AFP
• 2012 Survey: Key Results — http://www.afponline.org/pub/pdf/2012_AFP_Payments_Fraud_and_Control_Survey--
Introduction_and_Key_Results.pdf
• Mobile Trends — http://www.thinkwithgoogle.com/insights/library/studies/our-mobile-planet-us/
• Mobile Banking Trends — http://www.thinkwithgoogle.com/insights/library/studies/mobile-banking-trends-2012/
Federal Reserve
• Payment Fraud Survey — http://www.minneapolisfed.org/about/whatwedo/payments/2012-payments-fraud-
survey-consolidated-results.pdf
© BAE Systems Detica 2013 Company Confidential 23