Successfully reported this slideshow.
Your SlideShare is downloading. ×

Securing Online Transactions and Customer Data

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 12 Ad

Securing Online Transactions and Customer Data

Download to read offline

Presentation from NRF Protect 2019: Retail's Loss Prevention and Cyber Risk Event.
Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA
Adam Hunt, CTO and Chief Data Scientist, RiskIQ
DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions

Presentation from NRF Protect 2019: Retail's Loss Prevention and Cyber Risk Event.
Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA
Adam Hunt, CTO and Chief Data Scientist, RiskIQ
DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to Securing Online Transactions and Customer Data (20)

Advertisement

More from National Retail Federation (20)

Recently uploaded (20)

Advertisement

Securing Online Transactions and Customer Data

  1. 1. Securing Online Transactions and Customer Data Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA Adam Hunt, CTO and Chief Data Scientist, RiskIQ DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions
  2. 2. NCFTA Programs and Initiatives CYFIN PROGRAM BRAND & CONSUMER PROTECTION PROGRAM MALWARE & CYBER THREATS PROGRAM CYFIN PROGRAM E-COMMERCE FRAUD CYBERHEALTH WORKING GROUP (CHWG) • BANKING • BROKERAGE • PREPAID CARD • POINT OF SALE COMPROMISE • ACCOUNT TAKEOVER • HUMAN TRAFFICKING • BUSINESS EMAIL COMPROMISE • TRAVEL FRAUD PHARMACEUTICAL FRAUD INITIATIVE LONG-TERM INFECTION ANALYSIS IPR INITIATIVE • AUTOMOTIVE • TOBACCO • GENERAL COUNTERFEIT APPLICATION & HARDWARE MALWARE ANALYSIS INTERNET FRAUD ALERT (IFA) SOCIAL MEDIA RESEARCH HACKTIVISM DARK WEB RESEARCH MULTI-LINGUAL INTEL ANALYSTS — RUSSIAN / CHINESE / SPANISH / FRENCH / JAPANESE / ARABIC
  3. 3. NCFTA Collaboration Insurance, Healthcare Financial Institutions & Brokerage Prepaid & Payroll Processing Retail & Ecommerce Other Critical Infrastructure Manufacturing (Pharma, Auto, Agriculture) ACADEMIA & SME’s HQ-Level Law Enforcement CO-LOCATED AT NCFTA Multiple Industry Sectors CONSENSUS Law Enforcement Analysts NCFTA Analysts Feedback PSAs Actionable Intelligence Investigative Reports Targeted DisruptionTraining
  4. 4. Retail Threats – Dark Web • Malware • ATO • Card dumps • Loyalty program fraud
  5. 5. MageCart
  6. 6. MageCart
  7. 7. MageCart
  8. 8. Dark Web Attribution Valuable Information from Vendor Profiles Contact Information Additional Points of Sale Customer Reviews Seller Rating Dialect Used Shipping Methods/ Locations
  9. 9. Clearnet Research Actor Recorded Data Breaches Public Records Social Media Compare Interests Other Open Source Resources
  10. 10. Actor Investigation
  11. 11. 11 Recommendations • Keep software updated • Establish a strong password policy • Use ‘captcha’ or some other bot protection • Encrypt data at multiple stages • Send notifications to the customer • Educate customers • Remove unnessary javascript from payment pages • Use Subresource integrity • Verify S3 bucket permissions
  12. 12. Contact Intelligence Analysts Molly Pro mpro@ncfta.net Harley Rohrbacher hrohrbacher@ncfta.net CTO @ RiskIQ Adam Hunt Adam.hunt@riskiq.net Editor-in-Chief, Card Not Present D.J. Murphy dmurphy@reedexpo.com

×