6. Target: Incident Timeline
Nov 27th
• Beginning of hacking event
Dec 18th
• Incident first reported via KrebsOnSecurity
Dec 19th
• Public acknowledgement from Target
• 40m accounts
Dec 20th
• Downplay the incident “very few reports of credit card fraud”
Jan 10th
• Additional 70m customers had information stolen
10. • Not a directive but a single regulation in the EU
– Harmonization at European level…but with challenges
• Applies to companies based outside of the EU if personal
data is handled abroad by companies that are active in the
EU and offer services to EU citizens
• Right to be forgotten
• Controllers responsibilities
– Policies & procedures
– Staff Training
News: Changes to Data
Protection in the EU
11. • Data processing impact assessment
– Does data present any risk to individuals
• Security
– Both processor and controllers must put security
measures in place
• Data Breach Notification
– Within 24 hours of noticing the breach
• Data Protection Officers
News: Changes to Data
Protection in the EU
12. • Chairs meeting held on 4th March
– Forum groups meet to discuss issues
– Updates from Met / Operation Sterling
• Request made for a forum portal on the Sterling website to
assist with intel sharing
• Courier fraud: Progress with telcos to reduce time that calls
remain “open” when one party hangs up
• SAFERJobs: updated website (http://www.safer-jobs.com/)
News: Operation Sterling
13. • Hotels: Counterfeit Capital One Credit cards
– US, non-chip
• Fake sites / domain names
– New top level domains may cause additional problems
here
– Need to explore how we can best work with domain
registrars for takedowns
• TUFF: PABX hacking and fraud - see www.tuff.co.uk for
an aide memoir on securing exchanges
News: Operation Sterling
16. Fraud Advisory Panel
• Card not present
• Prevention measures
• Choosing a payment
service provider
• Do’s & Don’ts
17. Fraud Advisory Panel
• Common Law & Statutory
Offences in Scotland
• Overview of enforcement
• Prosecution
• Comparison between
Scotland and England &
Wales
18. Fraud Advisory Panel
• Raising awareness at
board level
• Benefits
• Where to start
• Case studies
19. Are We Working Effectively
Across Silos?
Infosec
Counter
Fraud &
AML
Compliance
Audit