Although the recent Equifax breach that reportedly compromised 143 million accounts has sent consumers scrambling to protect their assets, financial institutions and corporations are likely to feel the impending effects of this attack as well. It is predicted there will be a surge in social engineering and BEC scams, as the hackers now have a wealth of information needed to impersonate individuals and corporate entities in a variety of contexts. However, the right strategic approach and technology solutions can effectively mitigate the fraud risk. In this webinar, guest speaker Andras Cser, VP, Principal Analyst in Security & Risk from Forrester Research, will provide an expert industry perspective and discuss what financial institutions and corporations can do to protect themselves. You will gain insight into how organizations are raising their defenses, understand the best practices to minimize fraud loss, and learn how advanced analytics solutions can help minimize the risk.

1. November 15, 2017
Preventing ATO in a Post-
Equifax Breach World

2. 2© 2017 Guardian Analytics. All Rights Reserved
Guardian Analytics Presents
Speakers:
Eric Tran-Le
VP Product Management
Andras Cser
VP, Principal Analyst
in Security & Risk
&

4. © 2017 Forrester Research, Inc. Reproduction Prohibited 4
We work with business and
technology leaders to develop
customer-obsessed strategies
that drive growth.

5. Is Your Fraud & Compliance
Strategy Ready for the Future?
Andras Cser, VP Principal Analyst
November 15, 2017

6. 6© 2017 Forrester Research, Inc. Reproduction Prohibited
It’s a difficult balance and a hard
problem to solve
Customer
satisfaction
Security
Operational
efficiency

7. 7© 2017 Forrester Research, Inc. Reproduction Prohibited
› Fraudsters don’t have to be compliant – banks
do (AML, KYC, etc.)
› Fraudsters only have to get it right once – banks
have to get it right all the time
› Omnichannel models are behind
› EFM Data and analytics skills are hard and
expensive to get
Fraudsters are one step ahead of banks

8. 8© 2017 Forrester Research, Inc. Reproduction Prohibited
Source: LexisNexis 2016 True Cost of Fraud Study, Source https://www.lexisnexis.com/risk/downloads/assets/true-cost-fraud-2016.pdf, page 9
Cost of online and mobile fraud is increasing fast

9. 9© 2017 Forrester Research, Inc. Reproduction Prohibited
Source: LexisNexis 2016 True Cost of Fraud Study, Source https://www.lexisnexis.com/risk/downloads/assets/true-cost-fraud-2016.pdf, page 26
Proportion of online and mobile fraud is increasing fast

10. 10© 2017 Forrester Research, Inc. Reproduction Prohibited
› Card (credit and debit, CP and CNP)
› ACH
› Wire
› ATM
› Online banking
› Real time
› Peer to Peer
Fraud impacts many transaction types

11. 11© 2017 Forrester Research, Inc. Reproduction Prohibited
› Online and mobile web
› Mobile app
› POS
› In-person
› Call center
› Kiosk
› Chat and Chatbot
› Email
› Snail-mail
For all the channels

12. 12© 2017 Guardian Analytics. All Rights Reserved 12
A tough nut to
crack

13. 13© 2017 Forrester Research, Inc. Reproduction Prohibited
› Business has a higher tolerance for mobile fraud
› IP addresses of mobile devices change frequently
› Old MITB detection techniques do not work
› 3DSecure was not designed for mobile devices
› Legacy EFM tools can’t cope with real-time device and
location data
› MNO payment schemes are relatively closed and hard to
monitor
Mobile Fraud Is Difficult To Detect

14. 14© 2017 Forrester Research, Inc. Reproduction Prohibited
› Get the data
› Integrate the data
› Use Machine Learning
› Use Risk Based Authentication
› Use biometrics
› Use passive/behavioral authentication
› Tune your models and expectations
Recommendations

15. 15© 2017 Forrester Research, Inc. Reproduction Prohibited
› AML, Cyber and Fraud
› True GPS location
› Device power settings
› Touchscreen attributes
› Biometric data from sensors
(fingerprint, microphone, camera, etc.)
› Jailbreaking and rooting information
› IMEI and SIM
Recommendation: Get Data, Lots of It

16. 16© 2017 Forrester Research, Inc. Reproduction Prohibited
› Create link graphs, SNA
› Identify broader customer activity and
segmentation dynamically
› Integrate mobile fraud management
with other channels
› Build user and device behavioral
profiles to detect anomalous and
fraudulent behaviors
Recommendation: Integrate the Data

17. 17© 2017 Forrester Research, Inc. Reproduction Prohibited
› Support decision making shift to real time
› Don’t rely on static rules
• Static rules are inaccurate over long periods
• Require less rule maintenance, lower cost
› Don’t rely on training data
• Often it is not even readily available
› Reduce EFM transparency to fraudsters
• No fixed limits, etc.
Recommendation: Use Machine Learning

18. 18© 2017 Forrester Research, Inc. Reproduction Prohibited
What you know
Passwords
What you have
One Time Password Tokens, Text
messages, Context
Who you are
Legacy biometrics: fingerprint,
facial print
What you do
Behavioral biometrics and
voice biometrics
Recommendation: Use Behavioral Biometrics

19. 19© 2017 Forrester Research, Inc. Reproduction Prohibited
› User & devices behavior profiles should be fed
into ML models to detect anomalies
› Risk factors can be derived from device activities
fingerprinting
› How we can derive risk insights from device
access patterns
Tune your models and expectations appropriately

20. 20© 2017 Forrester Research, Inc. Reproduction Prohibited
› Inconvenience users only when necessary: new device,
new location, uncharacteristic profile, bigger distance
from archetype
› Across all channels: online web, mobile app, call center,
branch, POS, etc.
› Include online web, mobile web and mobile apps.
› Monitor and look at device sensor data, touch/swipe,
mouse movements, typing, etc.
› Terminate session if there is an anomaly
Use passive/behavioral authentication

21. 21© 2017 Forrester Research, Inc. Reproduction Prohibited
› Social engineering is going to play a greater role in fraud
and money laundering, the role of training employees to
detect fraud is going to be greater
› Unsupervised learning gains ground
› More vertical specific modeling
› Cryptocurrency support
› Blockchain used in AML and EFM
› Real time model adaption and selection
› Monitoring of suspicious behavior at account creation,
login and updates
› Provide a non-intrusive way to detect fraudulent activity
w/o actually having to buy new sensors
Forrester’s Predictions

22. 22© 2017 Guardian Analytics. All Rights Reserved© 2017 Forrester Research, Inc. Reproduction Prohibited
Move from
Signatures and
Rules to
Behavioral
Profiles

23. forrester.com
Thank you
Andras Cser
+1-617-613-6365
acser@forrester.com

24. AI/Machine Learning &
Behavioral Analytics
to Combat Commerce Fraud
Eric Tran-Le
Vice President Product Management

25. “
SOURCE: Dell SecureWorks
On the Black Market a Social Security
Number is ~ $30, a Visa or MasterCard
Credentials is $4, a Bank Account
Number is ~ $300, a Full Identity
(Healthcare data/documents is $1200-
$1300)…
Pre Equifax

26. “
SOURCE: http://www.foxbusiness.com/markets/2017/09/12/equifax-hack-how-
much-your-stolen-info-is-worth-on-black-market.html
A stolen credit card is worth $1 in the black
market…this number multiplies 5x with each
added associated piece of
information…Unlike normal hack, the
Equifax hack gave thieves access to an
entire correlated set of data points for
each victim”
Post Equifax

27. 27© 2017 Guardian Analytics. All Rights Reserved
Guardian Analytics Fraud Detection Solutions
Malware
Social Engineering
Phishing
Vishing,SMishing
Email Compromise
Online Fraud Offline
Transactions
• Wire fraud
o Fax
o Email
o Call Center
o Online Chat
• Check Fraud
Online
Transactions
• Wire fraud
• ACH
• Bill Pay
• External
Transfers
Payment Fraud
• Detect Online Suspicious
Activities
• Detect Device Suspicious
Patterns
• Avoid Chargebacks By Averting
Fraudulent Transactions
SENTINEL Commercial
Accounts
Retail
Accounts
• Analyze All Online Banking
Activities From Login to Logout
• Prioritize Alerts Based on Risk
Score
• Reduce Fraud Losses & Risk
Fraud Cockpit
Omni-Channel Visual Analytics
Online Mobile ACH Wire Supplier AML
Omni-Channel Risk Engine
Enterprise API Integrated Risk Database

28. 28© 2017 Guardian Analytics. All Rights Reserved
Guardian Analytics Fraud Detection Solutions
Online Supplier Portal Fraud Detection
Guardian Analytics Sentinel™ is the most advanced fraud protection based on
machine learning & behavioral analytics for enterprise B2B web portals
SENTINEL
Real-time User
Behavior Risk
Scoring
Real-time Risk
Insights From
Device Access
Patterns
Account Creation,
Login & Updates
Activities Monitoring
Guardian Analytics API
Guardian Analytics
Policy Workflows
BUYER
SUPPLIER
PORTAL
SUPPLIER
INVOICE
BUYER
ACCOUNTS
PAYABLE
BUYER
PAYMENT
PLATFORM

29. 29© 2017 Guardian Analytics. All Rights Reserved
Detecting Account Take Over Scheme with Behavioral
Analytics
Machine Learning & Behavioral Analytics
Enter
Amount to
be Wired
Enter Wired
Routing
Number
Submit
Wire
RequestLogin
Point of Compromise
Normal
User
Behavior
Fraudster
Behavior
Disable
Security
Alerts
Enter New
Phone # of
Email Address
for
Confirmation
Enter
Unusual
Amount to
be Wired
Enter Wired
Routing
Number
Submit
Wire
Request
Ex: Bank Account Holder
One Example of Account Takeover Scheme
Behavioral Analytics
Fraud Detection
• Baseline User Behavioral to
Build a Profile of Normal
Profile
• Suspicious Behavior
Deviating Too Far From the
Norm Are Single Out
• Provide Context for All
Anomalous Activity (prior
activity, specific details,…)
FailedLogin
FailedLogin
Login

30. 30© 2017 Guardian Analytics. All Rights Reserved
What is the Difference With Rule-Based?
Machine Learning Behavioral Analytics
Rule-Based
Machine
Learning
Static Upper Bound
Static Lower Bound
Alerts
Alerts No Alert
Alerts
Alerts
Transactions Volume Velocity
Transactions IP Velocity
Transactions Risk Scoring
User Behavior Scoring
Device Access Patterns Scoring
Detected
Shipping-Billing Mismatch
Transactions IP Velocity
Bad IP Addresses Blocking
Address Verification

31. 31© 2017 Guardian Analytics. All Rights Reserved
Avoiding a Linear Growth of Fraud Resources
# of Daily
Fraud
Detected
# of Fraud Analysts
Required Fraud Resources
Daily Fraud Alerts
Conventional Rule-Based
Fraud Detection System
Fraud Desk Resources
Risk Exposure
Risk Avoidance
Fraud Alerts Efficiency Ratio Stays
Constant Which Means The More
Fraud Alerts The More Fraud
Analysts Needed

32. 32© 2017 Guardian Analytics. All Rights Reserved
Managing More Fraud Alerts With Same Fraud
Resources
# of Daily
Fraud
Detected
Daily Fraud Alerts
Machine Learning & Behavior Analytics
Fraud Detection System
Fraud Detection Efficiency
Ratio
Fraud Alerts Efficiency Ratio
Increases With # of Fraud Alerts
Which Means The Fraud Team
Becomes More Efficient Over Time
Required Fraud Resources
Models Accuracy
and False Positives
or Negatives
# of Fraud Analysts
Risk Avoidance

33. 33© 2017 Guardian Analytics. All Rights Reserved
What If You Don’t Have a Fraud Management
Team?
FraudDESK Managed Services Will Protect You

34. 34© 2017 Guardian Analytics. All Rights Reserved
Financial
institutions
Commercial & retail
account holders
Banking
activities
450 40M 5B
Accomplishments at a Glance

35. 35© 2017 Guardian Analytics. All Rights Reserved
Q&A
Please add your questions to the
questions module on your control panel.

36. 36© 2017 Guardian Analytics. All Rights Reserved
Contact Us
success@guardiananalytics.com
www.linkedin.com/company/guardiananalytics
www.youtube.com/user/GuardianAnalytics
@GuardAnalytics