Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The Fraud Economy
Deirdre “Dee” Millard
Senior Fraud Prevention Consultant
info@easysol.net
In this presentation we will discuss:
Common Methods of Payment
Card Fraud
How the Black Market
Economy Operates
Impact of...
Phase 1: Payment Card Theft
Phase 2: Payment Card Sale
Phase 3: Cashing
Phases of Fraud
Common Methods:
• Physical Theft (ex. lost or stolen card)
• Skimming (ex. ATM or gas pump)
• Malware on consumer computer...
http://www.statista.com/statistics/419628/payment-card-fraud-losses-usa-by-type/
Phase 1: Payment Card Theft
Shift from fa...
Skimming:
Phase 1: Payment Card Theft
http://krebsonsecurity.com/tag/atm-skimmer/
Devices are small,
compact and easy to g...
Malware on Consumer Computer or Mobile Device:
Phase 1: Payment Card Theft
2015 The Year of Spear
Phishing
• All the lates...
Malware on Consumer Computer or Mobile Device:
Phase 1: Payment Card Theft
Rogue Mobile Apps Emerge:
• 86% of Android malw...
Data Breaches:
Phase 1: Payment Card Theft
Recent breaches have been the result of malware that was placed on Point of Sal...
Phase 2: Black Market Sale
Easy Checkout
.
Customer Support
.
Money Back Gurantee
Technical Support
The rise of online car...
How Much is a Card Worth?
Factors affecting price:
Validity
Rate
Supply
&
Demand
Issuing
Region
Phase 2: Black Market Sale
“A complete identity-theft kit
containing comprehensive health
insurance credentials can be worth
hundreds of dollars or e...
Phase 3: Cashing
Image Source: http://www.tripwire.com/state-of-security/vulnerability-management/how-
stolen-target-credi...
Impact on Financial Institutions
Of financial institutions in a recent
survey were impacted by the Target
breach*
*ISMG Fa...
Impact on Financial Institutions
Top types of fraud experienced?
Impact on Financial Institutions
How did these breaches impact your organization or
customers?
Impact on Financial Institutions
How is a fraud incident typically detected?
“Too often institutions
learn of fraud incide...
• Be sure to have a plan in place
• Make sure you are covering all bases
• Tackle the problem from beginning to end
• Eval...
Questions?
Contact:
Dee Millard
Senior Fraud Prevention Consultant
info@easysol.net
More Info:
Thank You
Detect Monitoring...
Upcoming SlideShare
Loading in …5
×

The Fraud Economy - 2015 The Year of Spear Phishing

806 views

Published on

Almost every day we hear of a new retailer that has experienced a data breach, frustrating financial institutions that must then deal with the fall-out. 95% of all targeted attacks on enterprises involve some kind of spear-phishing to deliver malware. But what exactly happens to all this data that is stolen? How is it sold, and what is it worth?

Attendees will learn:

•How fraudsters cash in on stolen credentials after a retail breach;
•How rogue mobile apps are emerging as an increasingly effective attack vector;
•How to proactively protect your customers after a breach.

Watch the replay here: http://www.easysol.net/resources-2015-the-year-of-spear-phishing

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The Fraud Economy - 2015 The Year of Spear Phishing

  1. 1. The Fraud Economy Deirdre “Dee” Millard Senior Fraud Prevention Consultant info@easysol.net
  2. 2. In this presentation we will discuss: Common Methods of Payment Card Fraud How the Black Market Economy Operates Impact of Card Fraud on Financial Institutions Protection from Payment Card Fraud
  3. 3. Phase 1: Payment Card Theft Phase 2: Payment Card Sale Phase 3: Cashing Phases of Fraud
  4. 4. Common Methods: • Physical Theft (ex. lost or stolen card) • Skimming (ex. ATM or gas pump) • Malware on consumer computer or mobile device • Data breaches  Malware on point-of-sale device  Network compromise  Database or web site compromise Phase 1: Payment Card Theft Card-not- present fraud New account fraud
  5. 5. http://www.statista.com/statistics/419628/payment-card-fraud-losses-usa-by-type/ Phase 1: Payment Card Theft Shift from face to face fraud to card not present online fraud.
  6. 6. Skimming: Phase 1: Payment Card Theft http://krebsonsecurity.com/tag/atm-skimmer/ Devices are small, compact and easy to get. Skimmers have been found on ATM, POS terminals to steal credentials.
  7. 7. Malware on Consumer Computer or Mobile Device: Phase 1: Payment Card Theft 2015 The Year of Spear Phishing • All the latest breaches linked to malware • Trend of targeting employees • Harvest info on social networks to customize attacks • Multi-factor authentication often not required for employees
  8. 8. Malware on Consumer Computer or Mobile Device: Phase 1: Payment Card Theft Rogue Mobile Apps Emerge: • 86% of Android malware was repackaged legitimate apps • 77% of top 50 free apps in Google’s Play Store have fake versions elsewhere • Trend Micro cataloged 890,482 fake apps (59,185 aggressive adware & 394,263 were malware) http://www.zdnet.com/article/android-malwares-dirty-secret-repackaging-of-legit-apps/ http://www.pcworld.com/article/2454980/theres-almost-a-million-fake-apps-targeting-your-phone.html
  9. 9. Data Breaches: Phase 1: Payment Card Theft Recent breaches have been the result of malware that was placed on Point of Sale systems. Often the breached organization has been certified as having the appropriate security controls in place.
  10. 10. Phase 2: Black Market Sale Easy Checkout . Customer Support . Money Back Gurantee Technical Support The rise of online card shops in recent years provides secure forums for buyers and sellers.
  11. 11. How Much is a Card Worth? Factors affecting price: Validity Rate Supply & Demand Issuing Region Phase 2: Black Market Sale
  12. 12. “A complete identity-theft kit containing comprehensive health insurance credentials can be worth hundreds of dollars or even $1,000 each on the black market, and health insurance credentials alone can fetch $20 each; stolen payment cards, by comparison, typically are sold for $1 each.” http://www.pwc.com/gx/en/consulting-services/information-security- survey/assets/the-global-state-of-information-security-survey-2015.pdf Phase 2: Black Market Sale How Much is a Personal Data Worth?
  13. 13. Phase 3: Cashing Image Source: http://www.tripwire.com/state-of-security/vulnerability-management/how- stolen-target-credit-cards-are-used-on-the-black-market/ Stolen credit cards are used to charge pre-paid cards which then purchase store specific gift cards. Credit to Gift Card Shell Game
  14. 14. Impact on Financial Institutions Of financial institutions in a recent survey were impacted by the Target breach* *ISMG Faces of Fraud Survey
  15. 15. Impact on Financial Institutions Top types of fraud experienced?
  16. 16. Impact on Financial Institutions How did these breaches impact your organization or customers?
  17. 17. Impact on Financial Institutions How is a fraud incident typically detected? “Too often institutions learn of fraud incidents only after their customers notify them.”
  18. 18. • Be sure to have a plan in place • Make sure you are covering all bases • Tackle the problem from beginning to end • Evaluate current tools and look for constant innovation • Speed and flexibility are critical when fighting back fraud • Awareness & Visibility • Proactive Approach How to Protect Your Customers
  19. 19. Questions? Contact: Dee Millard Senior Fraud Prevention Consultant info@easysol.net More Info: Thank You Detect Monitoring Service

×