SlideShare a Scribd company logo

Defending Netflix from Abuse

Jason Chan
Jason Chan

1. Jason Chan is the Engineering Director of Cloud Security at Netflix, which has over 86 million members streaming over 125 million hours of content per day across 190 countries. 2. Netflix faces abuse in the form of account takeovers and free trial fraud, where adversaries try to obtain accounts without paying in order to resell them or use them as bait. 3. Netflix employs various controls including device fingerprinting, payments validation, account behavior analysis, and credential checking to detect and disable fraudulent accounts within the free trial period to reduce opportunities for abuse.

Technology
1 of 43
Engineering Director, Cloud Security Jason Chan Defending Netflix from Abuse
> 86 million members > 190 countries > 125 million hours of streaming per day ~35% of US Internet traffic at peak Netflix Statistics
Some Abuse-Related Background
Simplifiers • No user-generated content • No ads on service • Limited member-to-member interactions • No directly extractable value Abuse @ Netflix • Use value of accounts • Account fungibility • Device ecosystem • Language diversity • Payments complexity • Usage patterns Complicators
“What is the Netflix password?”
• Consumer friendly • 30 day free trial • Easy to cancel • Excellent consumer experience can create potential for abuse Netflix Service
• Who will convert from free trial to paid? • Financial projections • How will members behave? • Content planning • User experience, product enhancements Key Questions Driving Anti-Abuse
1. Obtain Netflix accounts (without paying) 2. Monetize • Primarily via resale • Secondarily as bait/lure Adversary Actions Goals • Free trial fraud (fake accounts) • Account takeover (ATO) Methods
Free Trial Fraud
• Payments is a primary abuse differentiator (vs. free services) • Payment method is required @ signup • Global payments infrastructure and operations is complex • Loopholes and unexpected failure modes occur regularly • Adversaries search for and exploit these failures • So, fake account management is largely a payments fraud problem Free Trial Fraud
Free Trial Fraud: Control Approach Initial Assessment (Client to Site) • VPN/proxy analysis • Device fingerprinting • Global merchant data analysis • Internal threat intel analysis Signup (Payment Validation) • Method of payment checks • Business rules (e.g. trial eligibility) • Risk-dependent auth Post-Signup (Activity Analysis) • BIN anomalies • CS contacts • Account behaviors (e.g. cross-border streaming)
• Detect and disable within 30 days post signup (free trial period) • Continue to shrink the detect-to-disable period • Keep data clean • Reduce adversary opportunity to monetize Free Trial Fraud – Control Objectives
Account Takeover
• 3rd party breaches (password reuse) • Phishing • Malware • “Friendly” compromise ATO – Traditional Causes
Obtain Credentials Use Publish Sell Change Unable to Access Unusual Activity Password Reset Compromise Member Impact Resolution Self Resolution Contact CS Cancel Account Detection, Action, & Measurement ATO Lifecycle
• Account validators and traffic analysis • Detect “credential stuffing” • Credential dumps (pastebin, 3rd party) • Customer service contacts • Predictive model Detecting Account Takeover
• To better identify ATO population, we began with cred dumps • Hypothesis – Members in cred dumps who contact CS exhibit acute signs of compromise • Built classifier to segregate these accounts, and ranked features of impacted accounts • Apply to broader member population • Additional revisions and models created to fine tune Modeling ATO
Abuse Monetization and Markets
General Internet
Video
Social
Auctions and Forums
Typical Outcomes for Resale “Customers”
Disrupting Monetization
• Discovery and takedowns • scumblr and partners • Complicated by language • Collaboration • e.g. eBay LVIS (Licensing Verification and Information System) and VeRO (Verified Rights Owner) • e.g. ThreatExchange (WIP) Monetization Controls
Darkweb
• Monitor and analyze • Cost • Resellers • Overall supply • Controlled purchases • Analyze origins • Upstream intel Darkweb “Controls”
Questions? chan@netflix.com

Recommended

How to identify credit card fraud
How to identify credit card fraudHow to identify credit card fraud
How to identify credit card fraud
Henley Walls
 
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
PROIDEA
 
Accepting Online Credit Card Payments Review
Accepting Online Credit Card Payments ReviewAccepting Online Credit Card Payments Review
Accepting Online Credit Card Payments Review
eCorner Pty Ltd
 
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliancee-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
Varun Mittal
 
Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...
ZTech Proje
 
Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018
Softjourn, Inc.
 
Graphs for Finance - A technological background
Graphs for Finance - A technological backgroundGraphs for Finance - A technological background
Graphs for Finance - A technological background
Neo4j
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
 

Recommended

How to identify credit card fraud
How to identify credit card fraudHow to identify credit card fraud
How to identify credit card fraud
Henley Walls
 
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
PROIDEA
 
Accepting Online Credit Card Payments Review
Accepting Online Credit Card Payments ReviewAccepting Online Credit Card Payments Review
Accepting Online Credit Card Payments Review
eCorner Pty Ltd
 
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliancee-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
Varun Mittal
 
Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...
ZTech Proje
 
Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018
Softjourn, Inc.
 
Graphs for Finance - A technological background
Graphs for Finance - A technological backgroundGraphs for Finance - A technological background
Graphs for Finance - A technological background
Neo4j
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
Jason Chan
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
Jason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
Jason Chan
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud SecurityJason Chan
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
 
Culture
CultureCulture
Culture
Reed Hastings
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and Flexbox
Rachel Andrew
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
 
Analyze System and Code Interactions
Analyze System and Code InteractionsAnalyze System and Code Interactions
Analyze System and Code Interactions
Qualcomm Developer Network
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalaspyker
 
Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the Blockchain
Karen Hsu
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
gppcpa
 

More Related Content

Viewers also liked

The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
Jason Chan
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
Jason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
Jason Chan
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud SecurityJason Chan
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
 
Culture
CultureCulture
Culture
Reed Hastings
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and Flexbox
Rachel Andrew
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
 
Analyze System and Code Interactions
Analyze System and Code InteractionsAnalyze System and Code Interactions
Analyze System and Code Interactions
Qualcomm Developer Network
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalaspyker
 

Viewers also liked (20)

The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application Security
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
 
Culture
CultureCulture
Culture
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and Flexbox
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
 
Analyze System and Code Interactions
Analyze System and Code InteractionsAnalyze System and Code Interactions
Analyze System and Code Interactions
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
 

Similar to Defending Netflix from Abuse

Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the Blockchain
Karen Hsu
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
gppcpa
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
Sam Bowne
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conference
gppcpa
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
DigitalKYC_Modules.pdf
DigitalKYC_Modules.pdfDigitalKYC_Modules.pdf
DigitalKYC_Modules.pdf
FinTech Belgium
 
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersHow Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
Brian Griffith
 
4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business
Keita Broadwater
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
dotco
 
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Neo4j
 
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Emagia
 
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
ALG Systems (АЛЖ Системс)
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
Hitachi ID Systems, Inc.
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and development
Anubha Rastogi
 
ppt on e crime management system
ppt on e crime management systemppt on e crime management system
ppt on e crime management system
Krishna Kinkar Jha
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stack
David Taylor
 
Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017
Chanchal Chatterjee
 
Using Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASFUsing Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASF
Downey Law Group LLC
 
Innovations in AP for Community Association Management
Innovations in AP for Community Association ManagementInnovations in AP for Community Association Management
Innovations in AP for Community Association Management
Andrea Drennen
 

Similar to Defending Netflix from Abuse (20)

Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the Blockchain
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conference
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
DigitalKYC_Modules.pdf
DigitalKYC_Modules.pdfDigitalKYC_Modules.pdf
DigitalKYC_Modules.pdf
 
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersHow Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
 
CAAT_Outa_Bag
CAAT_Outa_BagCAAT_Outa_Bag
CAAT_Outa_Bag
 
4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
 
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
 
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and development
 
ppt on e crime management system
ppt on e crime management systemppt on e crime management system
ppt on e crime management system
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stack
 
Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017
 
Using Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASFUsing Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASF
 
Innovations in AP for Community Association Management
Innovations in AP for Community Association ManagementInnovations in AP for Community Association Management
Innovations in AP for Community Association Management
 

Recently uploaded

ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 

Recently uploaded (20)

ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

Defending Netflix from Abuse

  • 1. Engineering Director, Cloud Security Jason Chan Defending Netflix from Abuse
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. > 86 million members > 190 countries > 125 million hours of streaming per day ~35% of US Internet traffic at peak Netflix Statistics
  • 7.
  • 9. Simplifiers • No user-generated content • No ads on service • Limited member-to-member interactions • No directly extractable value Abuse @ Netflix • Use value of accounts • Account fungibility • Device ecosystem • Language diversity • Payments complexity • Usage patterns Complicators
  • 10. “What is the Netflix password?”
  • 11. • Consumer friendly • 30 day free trial • Easy to cancel • Excellent consumer experience can create potential for abuse Netflix Service
  • 12. • Who will convert from free trial to paid? • Financial projections • How will members behave? • Content planning • User experience, product enhancements Key Questions Driving Anti-Abuse
  • 13. 1. Obtain Netflix accounts (without paying) 2. Monetize • Primarily via resale • Secondarily as bait/lure Adversary Actions Goals • Free trial fraud (fake accounts) • Account takeover (ATO) Methods
  • 15. • Payments is a primary abuse differentiator (vs. free services) • Payment method is required @ signup • Global payments infrastructure and operations is complex • Loopholes and unexpected failure modes occur regularly • Adversaries search for and exploit these failures • So, fake account management is largely a payments fraud problem Free Trial Fraud
  • 16. Free Trial Fraud: Control Approach Initial Assessment (Client to Site) • VPN/proxy analysis • Device fingerprinting • Global merchant data analysis • Internal threat intel analysis Signup (Payment Validation) • Method of payment checks • Business rules (e.g. trial eligibility) • Risk-dependent auth Post-Signup (Activity Analysis) • BIN anomalies • CS contacts • Account behaviors (e.g. cross-border streaming)
  • 17. • Detect and disable within 30 days post signup (free trial period) • Continue to shrink the detect-to-disable period • Keep data clean • Reduce adversary opportunity to monetize Free Trial Fraud – Control Objectives
  • 19. • 3rd party breaches (password reuse) • Phishing • Malware • “Friendly” compromise ATO – Traditional Causes
  • 20. Obtain Credentials Use Publish Sell Change Unable to Access Unusual Activity Password Reset Compromise Member Impact Resolution Self Resolution Contact CS Cancel Account Detection, Action, & Measurement ATO Lifecycle
  • 21. • Account validators and traffic analysis • Detect “credential stuffing” • Credential dumps (pastebin, 3rd party) • Customer service contacts • Predictive model Detecting Account Takeover
  • 22. • To better identify ATO population, we began with cred dumps • Hypothesis – Members in cred dumps who contact CS exhibit acute signs of compromise • Built classifier to segregate these accounts, and ranked features of impacted accounts • Apply to broader member population • Additional revisions and models created to fine tune Modeling ATO
  • 25. Video
  • 26.
  • 27.
  • 29.
  • 30.
  • 31.
  • 33.
  • 34.
  • 35. Typical Outcomes for Resale “Customers”
  • 36.
  • 37.
  • 39. • Discovery and takedowns • scumblr and partners • Complicated by language • Collaboration • e.g. eBay LVIS (Licensing Verification and Information System) and VeRO (Verified Rights Owner) • e.g. ThreatExchange (WIP) Monetization Controls
  • 41.
  • 42. • Monitor and analyze • Cost • Resellers • Overall supply • Controlled purchases • Analyze origins • Upstream intel Darkweb “Controls”