Online fraud is still a big problem and as long as the number of online shoppers continues to grow, so will the
number of ...
PID#
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or...
4
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or di...
5
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or di...
6
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or di...
7
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or di...
8
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or di...
9
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or di...
10
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
11
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
12
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
13
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
14
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
15
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
16
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
17
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
RECOMMENDATIONS
19
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
20
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
21
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
22
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
23
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
24
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or d...
PCI forensic investigations
Upcoming SlideShare
Loading in …5
×

PCI forensic investigations

551 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
551
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PCI forensic investigations

  1. 1. Online fraud is still a big problem and as long as the number of online shoppers continues to grow, so will the number of fraud cases. According to the European Central Bank there were 7.9 million cases of fraud with a value of 1.16 billion euros in 2011 of which 56% took place in e-commerce. European Merchant Services organizes the EMS RISK EVENT annually for retailers who are active in e-commerce and multichannel. It is an excellent opportunity to increase your knowledge in the field of online fraud, risk management and advanced fraud prevention and detection tools. We help you to stay ahead of online fraudsters and to protect your online business by sharing the knowledge and experience of our fraud and risk experts, our customers and our partners. Do you want to attend next year’s EMS RISK EVENT? Please contact the EMS Marketing Department at T +31 20 660 3054 or send an email to marketing@emscard.com. For more information visit www.emscard.com/riskevent Follow us on:
  2. 2. PID# Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. PCI Forensic Investigations Presented by Ben Van Erck EMEA RISK team
  3. 3. 4 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4 PROPRIETARY STATEMENT © 2013 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon.
  4. 4. 5 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5 INTRODUCTION
  5. 5. 6 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6 RISK Team: More than an acronym RESEARCH INVESTIGATIONS SOLUTIONS KNOWLEDGE
  6. 6. 7 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7 OUR TEAM •Diverse investigator backgrounds •Licensed private investigators •Truly global coverage — 24x7 -Investigators based in 16 countries -Forensic labs and evidence storage facilities in America, Europe, and Asia-Pacific •No subcontractors •Global PFI Firm OUR SERVICES •IT investigative support (on-demand) •Guaranteed response (retainer-based) •eDiscovery and litigation support •PCI forensic investigations •Electronic data recovery/destruction •Incident response training •Mock-incident exercises •Corporate IR program development VERIZON RISK TEAM HAS INVESTIGATED 8 OUT OF 10 OF THE WORLD’S LARGEST DATA BREACHES (http://www.idtheftcenter.com/) RISK TEAM OVERVIEW
  7. 7. 8 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8 DATA BREACHES
  8. 8. 9 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
  9. 9. 10 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10 The DBIR analyzes forensic evidence to uncover how sensitive data is stolen from organizations, who’s doing it, why they’re doing it, and what can be done to prevent it.
  10. 10. 11 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11 VARIED MOTIVATIONS VARIED TACTICS • Aim is to maximize disruption and embarrass victims from both public and private sector. • Use very basic methods and are opportunistic. • Rely on sheer numbers. • Motivated by financial gain, so will take any data that might have financial value. • More calculated and complex in how they chose their targets. • Criminals are now trading information for cash. • Often state-sponsored. • Driven to get exactly what they want, from intellectual property to insider information. • Often state-sponsored, use most sophisticated tools to commit most targeted attacks. • Tend to be relentless. WHO ARE THE ATTACKERS?
  11. 11. 12 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12 THIS YEAR’S BIGGEST THREATS? SAME AS LAST YEAR’S. WHAT TO WORRY ABOUT • Very few surprises, mostly variations on theme. • 75% of breaches were driven by financial motives. • 95% of espionage relied on plain old phishing. • Well-established threats shouldn’t be ignored.
  12. 12. 13 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13 • The weak links haven’t changed much: –Desktops 25% –File servers 22% –Laptops 22% • Unapproved hardware accounts for 43% of misuse cases. WHAT DO ATTACKERS TARGET? STILL THE TRADITIONAL ASSETS. WHAT TO WORRY ABOUT
  13. 13. 14 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Difficulty of initial compromise 14
  14. 14. 15 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 15 • In 84% of cases, initial compromise took hours or less. WHAT TO WORRY ABOUT QUICK TO COMPROMISE
  15. 15. 16 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 16 SLOW TO DISCOVERY • 66% of breaches went undiscovered for months… … Or even years. QUICK TO COMPROMISE WHAT TO WORRY ABOUT
  16. 16. 17 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Discovery methods 17
  17. 17. RECOMMENDATIONS
  18. 18. 19 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19 ADDITIONAL INFORMATION • Download DBIR – www.verizonenterprise.com/dbir • Learn about VERIS - www.veriscommunity.net and http://github.com/vz-risk/veris • Explore the VERIS Community Database: http://public.tableausoftware.com/views/vcdb/Overview and learn more about this data http://veriscommunity.net/doku.php?id=public • Ask a question – DBIR@verizon.com • Read our blog - http://www.verizonenterprise.com/security/blog/ • Follow on Twitter - @vzdbir and hashtag #dbir
  19. 19. 20 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 20 PCI FORENSIC INVESTIGATIONS
  20. 20. 21 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 21 WHAT ARE WE TRYING TO ACHIEVE? GOALS OF A PFI INVESTIGATION 1) Mobilize and respond to the potential security breach and assist in efforts to mitigate further damage; 2) Investigate the security breach and identify, to the extent possible, the source of the security breach; 3) Ascertain, to the extent possible, any compromised cardholder data and provide at- risk information to the respective owners to minimize any impact to the consumer and customer; 4) Identify, to the extent possible, any other details of evidentiary value relative to the security breach; and, 5) Transition, if and only as directed by the customer, any evidence and findings to law enforcement.
  21. 21. 22 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 22 WHAT IS EXPECTED OF YOU? VICTIM RESPONSIBILITIES 1) Retaining evidence of compromise; 2) Hire a PFI; (list of approved PFI’s on PCI SSC website) 3) Cooperate with the PFI, acquirer, and/or Participating Payment Brand; 4) Allowing the PFI to drive the PFI Investigation; 5) Participating in discussions with affected Participating Payment Brands and the PFI; 6) Resolving any security weaknesses identified; 7) Notifying acquirers and Participating Payment Brands; and, 8) Notifying and working with law enforcement as applicable.
  22. 22. 23 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 23 KEY DEADLINES VICTIM RESPONSIBILITIES Notification of the brands involved: - “Immediately” After notification that PFI is required: -Identify PFI within five (5) business days; -Ensure that the PFI is engaged within ten (10) business days; and -The PFI must be onsite within five (5) business. Reporting: -Preliminary Incident Response Report - five (5) business days; -Final Incident Report - ten (10) business days; -PIN Security Requirements Report - ten (10) business days; -Monthly Status Reports
  23. 23. 24 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 24 DBIR: www.verizon.com/enterprise/databreach VERIS: www.veriscommunity.net/

×