SlideShare a Scribd company logo

Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims

Priyanka Aash
Priyanka Aash

Right now, combatting credit card fraud is mostly a reactionary process. Issuers wait until transactions occur that either appear fraudulent according to rules-based analytic engines or are reported by customers, and only then, do they intervene to prevent further fraud. But by then, it's often too late - losses through merchandise theft, investigation cost, reissuance, etc., have already occurred, and those losses have piled up into over $10B of stolen funds each year being pumped into the online criminal ecosystem. There is a better way. By using intelligence gathered from online sources such as the dark web combined with transactional data, we demonstrate predictive analytics that can not only identify who the next fraud victims will be, but also where card data is being stolen from, all before any fraudulent transactions have occurred. Payment card fraud is the slush fund that underlies most global criminal threats, from organized crime to political meddling, in large part because of antiquated, reactive techniques and a dearth of innovative techniques to more proactively combat it. Our approach represents a paradigm shift in fighting payment card fraud; by using dark web market intelligence combined with transaction data to predict both fraudulent charges and points of compromise, we can intervene before any loss occurs, stopping payment card fraud dead in its tracks and eliminating a major source of funding for the global criminal ecosystem.

Technology
1 of 13
Download to read offline
Terbium labs is a dark web intelligence company made up of an elite group of information security professionals with expertise in everything from cryptography to large-scale information systems. The Royal Bank of Canada is the largest bank in Canada, and one of the largest in the world (by market capitalization). Vanguard Cybersecurity Research is a group within RBC with the mission to perform cutting edge research into future cybersecurity threats and innovations.
• Losses from credit card fraud amount to more than $10 billion dollars annually. • This money feeds into organized crime, gang activity and terrorism. • Combatting credit card fraud historically has been a reactionary process. • By using intelligence gathered from online sources such as the dark web combined with transactional data, we can: • identify who the next fraud victims will be • where card data is being stolen from • before any fraudulent transactions have occurred • Without any criminal financing
• Algorithm/Customer/Payment service flags transaction • Purchase histories of victims are cross-correlated for Common Points of Purchase (CPP). • List of CPP leads to a Point of Compromise (POC) • This approach is problematic: • Allows fraudsters to purchase and use stolen cards. • Requires waiting for more victims to confirm POC.
XSS-FIT 451095 451032 451115 451088 XSS-FIT Burger Haus Trojan Horse Racing Injection Clinic Vision 2: The SQL 451095123456789012 451095098765432109 451095102938475610 451032123456789012 451032098765432109 451032102938475610 451115123456789012 451115098765432109 451115102938475610 451088123456789012 451088098765432109 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 Groups of Candidates Point of Compromise Cards shop Common Points Control Group
• Often a breach can affect a large number of clients. • Each group can have many candidates. • Need to find the right combination of clients out of possibly trillions.
• Set the haystack on fire! • Ruthless reduction of CPP via various thresholds. • The CPP is only shared across less than g groups. • The popularity of the merchant in the control group is greater than some value p. • The number of transactions at the CPP is less than n.
• POC spread across ~10 bases. • Popular restaurant chain – let’s call them “Bob’s”. • Large impact on many clients.
• The dark web enables convenient, one-stop shop selling sensitive information such as credit card details. • Traditional fraud detection is reactive and permits a thriving criminal ecosystem. • By leveraging dark web intelligence we can detect data breaches, prevent fraud, and eliminate criminal funding.
Danny Rogers CEO, Terbium labs Kory Fong Head of Cybersecurity Research, Royal Bank of Canada Daniel Swerdfenger Cyber Analytics Partnerships, Royal Bank of Canada

Recommended

Gambling Motivated Fraud in Australia 2011 to 2016
Gambling Motivated Fraud in Australia 2011 to 2016Gambling Motivated Fraud in Australia 2011 to 2016
Gambling Motivated Fraud in Australia 2011 to 2016Brett Warfield
 
18 computers and the law
18 computers and the law18 computers and the law
18 computers and the lawKhan Yousafzai
 
Fraud seminar for charities
Fraud seminar for charitiesFraud seminar for charities
Fraud seminar for charitiesBlake Morgan LLP
 
What Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit CardsWhat Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit Cardsbusinessforward
 
Life As A Fraudster: Carding 101
Life As A Fraudster: Carding 101Life As A Fraudster: Carding 101
Life As A Fraudster: Carding 101Kount
 
Hacking the world
Hacking the worldHacking the world
Hacking the worldAsian School of Cyber Laws
 
Crypto-related clients play cat and mouse with banks
Crypto-related clients play cat and mouse with banksCrypto-related clients play cat and mouse with banks
Crypto-related clients play cat and mouse with banksVladislav Solodkiy
 
Low cost 3d authentication service for atm and pos
Low cost 3d authentication service for atm and pos Low cost 3d authentication service for atm and pos
Low cost 3d authentication service for atm and pos Bank Alfalah Limited
 

Recommended

Gambling Motivated Fraud in Australia 2011 to 2016
Gambling Motivated Fraud in Australia 2011 to 2016Gambling Motivated Fraud in Australia 2011 to 2016
Gambling Motivated Fraud in Australia 2011 to 2016Brett Warfield
 
18 computers and the law
18 computers and the law18 computers and the law
18 computers and the lawKhan Yousafzai
 
Fraud seminar for charities
Fraud seminar for charitiesFraud seminar for charities
Fraud seminar for charitiesBlake Morgan LLP
 
What Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit CardsWhat Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit Cardsbusinessforward
 
Life As A Fraudster: Carding 101
Life As A Fraudster: Carding 101Life As A Fraudster: Carding 101
Life As A Fraudster: Carding 101Kount
 
Hacking the world
Hacking the worldHacking the world
Hacking the worldAsian School of Cyber Laws
 
Crypto-related clients play cat and mouse with banks
Crypto-related clients play cat and mouse with banksCrypto-related clients play cat and mouse with banks
Crypto-related clients play cat and mouse with banksVladislav Solodkiy
 
Low cost 3d authentication service for atm and pos
Low cost 3d authentication service for atm and pos Low cost 3d authentication service for atm and pos
Low cost 3d authentication service for atm and pos Bank Alfalah Limited
 
eCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Merchants
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsVi Tính Hoàng Nam
 
8 ways to protect yourself from credit card theft while travelling
8 ways to protect yourself from credit card theft while travelling8 ways to protect yourself from credit card theft while travelling
8 ways to protect yourself from credit card theft while travellingletzpooja
 
Adventures in PCI Wonderland
Adventures in PCI WonderlandAdventures in PCI Wonderland
Adventures in PCI WonderlandMichele Chubirka
 
An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
An Investigator’s Guide to Blockchain, Bitcoin and Wallet TransactionsAn Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
An Investigator’s Guide to Blockchain, Bitcoin and Wallet TransactionsCase IQ
 
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...In-Memory Computing Summit
 
ACSN Issue #9
ACSN Issue #9ACSN Issue #9
ACSN Issue #9Tony Weiss
 
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNorth Texas Chapter of the ISSA
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conferencegppcpa
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Donald E. Hester
 
Blockchain Impact in Financial Sector Research by Artivatic.ai
Blockchain Impact in Financial Sector Research by Artivatic.aiBlockchain Impact in Financial Sector Research by Artivatic.ai
Blockchain Impact in Financial Sector Research by Artivatic.aiArtivatic.ai
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
05 Identity Theft (C6)
05 Identity Theft (C6)05 Identity Theft (C6)
05 Identity Theft (C6)#TheFraudTube
 
CryptoFinalizedBSAF1A.pptx
CryptoFinalizedBSAF1A.pptxCryptoFinalizedBSAF1A.pptx
CryptoFinalizedBSAF1A.pptxArnoldHause
 
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmIRJET Journal
 
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The i-Capital Africa Institute
 
TPC_Presentation.pptx
TPC_Presentation.pptxTPC_Presentation.pptx
TPC_Presentation.pptxSPMTPCAMPUS
 
TPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxTPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxSPMTPCAMPUS
 
Srw 2018 yermack
Srw 2018 yermackSrw 2018 yermack
Srw 2018 yermackARTOTEL Academy
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQTelcoBridges Inc.
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 

More Related Content

Similar to Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims

eCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Merchants
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsVi Tính Hoàng Nam
 
8 ways to protect yourself from credit card theft while travelling
8 ways to protect yourself from credit card theft while travelling8 ways to protect yourself from credit card theft while travelling
8 ways to protect yourself from credit card theft while travellingletzpooja
 
Adventures in PCI Wonderland
Adventures in PCI WonderlandAdventures in PCI Wonderland
Adventures in PCI WonderlandMichele Chubirka
 
An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
An Investigator’s Guide to Blockchain, Bitcoin and Wallet TransactionsAn Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
An Investigator’s Guide to Blockchain, Bitcoin and Wallet TransactionsCase IQ
 
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...In-Memory Computing Summit
 
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNorth Texas Chapter of the ISSA
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conferencegppcpa
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Donald E. Hester
 
Blockchain Impact in Financial Sector Research by Artivatic.ai
Blockchain Impact in Financial Sector Research by Artivatic.aiBlockchain Impact in Financial Sector Research by Artivatic.ai
Blockchain Impact in Financial Sector Research by Artivatic.aiArtivatic.ai
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
05 Identity Theft (C6)
05 Identity Theft (C6)05 Identity Theft (C6)
05 Identity Theft (C6)#TheFraudTube
 
CryptoFinalizedBSAF1A.pptx
CryptoFinalizedBSAF1A.pptxCryptoFinalizedBSAF1A.pptx
CryptoFinalizedBSAF1A.pptxArnoldHause
 
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmIRJET Journal
 
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The i-Capital Africa Institute
 
TPC_Presentation.pptx
TPC_Presentation.pptxTPC_Presentation.pptx
TPC_Presentation.pptxSPMTPCAMPUS
 
TPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxTPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxSPMTPCAMPUS
 

Similar to Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims (20)

eCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers Presentation
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
 
8 ways to protect yourself from credit card theft while travelling
8 ways to protect yourself from credit card theft while travelling8 ways to protect yourself from credit card theft while travelling
8 ways to protect yourself from credit card theft while travelling
 
Adventures in PCI Wonderland
Adventures in PCI WonderlandAdventures in PCI Wonderland
Adventures in PCI Wonderland
 
An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
An Investigator’s Guide to Blockchain, Bitcoin and Wallet TransactionsAn Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
 
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detect...
 
ACSN Issue #9
ACSN Issue #9ACSN Issue #9
ACSN Issue #9
 
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conference
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016
 
Blockchain Impact in Financial Sector Research by Artivatic.ai
Blockchain Impact in Financial Sector Research by Artivatic.aiBlockchain Impact in Financial Sector Research by Artivatic.ai
Blockchain Impact in Financial Sector Research by Artivatic.ai
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
05 Identity Theft (C6)
05 Identity Theft (C6)05 Identity Theft (C6)
05 Identity Theft (C6)
 
CryptoFinalizedBSAF1A.pptx
CryptoFinalizedBSAF1A.pptxCryptoFinalizedBSAF1A.pptx
CryptoFinalizedBSAF1A.pptx
 
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
 
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
 
TPC_Presentation.pptx
TPC_Presentation.pptxTPC_Presentation.pptx
TPC_Presentation.pptx
 
TPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxTPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptx
 
Srw 2018 yermack
Srw 2018 yermackSrw 2018 yermack
Srw 2018 yermack
 
STIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQSTIR-SHAKEN Top 10 FAQ
STIR-SHAKEN Top 10 FAQ
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims

  • 1.
  • 2. Terbium labs is a dark web intelligence company made up of an elite group of information security professionals with expertise in everything from cryptography to large-scale information systems. The Royal Bank of Canada is the largest bank in Canada, and one of the largest in the world (by market capitalization). Vanguard Cybersecurity Research is a group within RBC with the mission to perform cutting edge research into future cybersecurity threats and innovations.
  • 3. • Losses from credit card fraud amount to more than $10 billion dollars annually. • This money feeds into organized crime, gang activity and terrorism. • Combatting credit card fraud historically has been a reactionary process. • By using intelligence gathered from online sources such as the dark web combined with transactional data, we can: • identify who the next fraud victims will be • where card data is being stolen from • before any fraudulent transactions have occurred • Without any criminal financing
  • 4. • Algorithm/Customer/Payment service flags transaction • Purchase histories of victims are cross-correlated for Common Points of Purchase (CPP). • List of CPP leads to a Point of Compromise (POC) • This approach is problematic: • Allows fraudsters to purchase and use stolen cards. • Requires waiting for more victims to confirm POC.
  • 5. XSS-FIT 451095 451032 451115 451088 XSS-FIT Burger Haus Trojan Horse Racing Injection Clinic Vision 2: The SQL 451095123456789012 451095098765432109 451095102938475610 451032123456789012 451032098765432109 451032102938475610 451115123456789012 451115098765432109 451115102938475610 451088123456789012 451088098765432109 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 452095098765432109 451295102938475610 452095123456789012 452095098765432109 451295102938475610 Groups of Candidates Point of Compromise Cards shop Common Points Control Group
  • 6. • Often a breach can affect a large number of clients. • Each group can have many candidates. • Need to find the right combination of clients out of possibly trillions.
  • 7. • Set the haystack on fire! • Ruthless reduction of CPP via various thresholds. • The CPP is only shared across less than g groups. • The popularity of the merchant in the control group is greater than some value p. • The number of transactions at the CPP is less than n.
  • 8. • POC spread across ~10 bases. • Popular restaurant chain – let’s call them “Bob’s”. • Large impact on many clients.
  • 9.
  • 10.
  • 11.
  • 12. • The dark web enables convenient, one-stop shop selling sensitive information such as credit card details. • Traditional fraud detection is reactive and permits a thriving criminal ecosystem. • By leveraging dark web intelligence we can detect data breaches, prevent fraud, and eliminate criminal funding.
  • 13. Danny Rogers CEO, Terbium labs Kory Fong Head of Cybersecurity Research, Royal Bank of Canada Daniel Swerdfenger Cyber Analytics Partnerships, Royal Bank of Canada