This document discusses card-not-present fraud and the digital crime scene. It provides an overview of EMV certification for retailers, noting that the process can take 6 months or longer for many. While retailers wait for certification, they face liability if a chip card is used at a magnetic stripe reader. The document then shifts to discussing developing a crime scene mindset when investigating digital crimes. Key elements of a digital crime scene like device fingerprints, email addresses, and payment types are examined. Methods like reverse engineering fraud analysis and linking virtual evidence are presented as ways to understand the digital crime scene and connect evidence to bad actors.

1. 6/28/2017
1
The Digital Crime Scene: Card-Not-
Present Fraud
Skip Myers, Director, Loss Prevention/Risk
Strategy, Micro Center/Micro Electronics, Inc. and
Beth Provenzano, VP, Government Relations,
National Retail Federation
EMV Status Update
Beth Provenzano - NRF

2. 6/28/2017
2
What is EMV?
• EMV stands for Europay Mastercard Visa and is the proprietary chip
technology banks are issuing on credit and debit cards.
• Deadlines, deadlines – The important date of October 1, 2015
• Retailers must go through several steps to be certified as EMV compliant,
including installing new hardware, new software, and testing.
• Many retailers are still waiting in the queue to be certified.
Setting the Scene
Time Spent Waiting for EMV Certification
20.0%
17.1%
2.9%
60.0%
1-2 months
3-4 months
5-6 months
6 months or
longer
EMV certification is a lengthy process for surveyed retailers. The majority
(60%) say it’s taken them half a year or longer.
EMV Data*
*Not representative of entire retail industry. Findings are directional. Results are based on 59 completes.

3. 6/28/2017
3
• While retailers wait, they face a liability shift if a
chip card is presented at a mag-strip reader.
• And, even if they have adopted the technology,
retailers have seen an explosive growth in card
not present fraud as well as suspicious behavior
with chip cards in store.
Impact of the Liability Shift
• At NRF, we are telling retail’s story about the EMV
transition and fraud issues to policymakers.
• The LP community provides a unique perspective
on the transition, implementation, and fraud
experience.
Getting Washington Involved

4. 6/28/2017
4
The Digital Crime
Scene
Skip Myers
Ruin a Bad Guys Day Productions
4 things you will leave this session with:
1. Developing a Crime Scene Mindset
2. Understanding the Breadcrumbs
3. Practical Application of Virtual Evidence
4. Understanding Your Data?

5. 6/28/2017
5
Crime Scene Investigation
The Digital Crime Scene ?

6. 6/28/2017
6
A Digital Crime is a Human Crime….Committed On-Line
- Skip Myers
Digital Crime Scene Investigation
Digital Crime Scene Method
1
2
3
4
5
Mindset & Process
Virtual Evidence
Scenario Planning
Reverse Engineering
Continuous Monitoring
On-Line Transaction

7. 6/28/2017
7
1
2
3
4
5
GEO Location
Email Address
Device Fingerprint
Payment Type
Ship To Address
Elements of a Digital Crime Scene
The Eyes of a Criminal
Are You Listening?

8. 6/28/2017
8
Reverse Engineer Fraud Analysis
Crime Scene Mindset
Root Cause Analysis
Internal Variables
External Variables
Process Analysis
Reverse Engineer Fraud: a method of determining the likely sequence of events
before, during, and after a fraud event through observation and evaluation of
processes and evidence. – Skip Myers
Linking Evidence & Bad Guys

9. 6/28/2017
9
Linking Virtual Evidence
1
2
3
4
5
Device Fingerprint
Email Address
GEO Location
Payment Type
Ship To Address
On-Line Transaction
Fraudster 1:
Device ID: 431167
Device Type: Tablet
Browser: Bing
Flash Version: 9.2
Brower Language:
Russian
Device Location: Kiev
OS: Windows 10
IP Address: Dallas, Texas
Device ID: 431167
Email: kiev4ever@gmail.com
Credit Card: Visa
Device ID: 431167
Email: smirnoff@gmail.com
Credit Card: Visa
Device ID: 431167
Email: thebear@gmail.com
Credit Card: AmEx
Device ID: 431167
Email: smirnoff@gmail.com
Credit Card: MasterCard
Bill To: 123 Main St.
Bill To: 456 Pine Ln.
Bill To: 789 Oak Ave.
Bill To: 101 10th Ave.
Bill To: 987 Delk Rd.
Bill To: 16 Park Place
Ship To: Boris Smirnoff
1313 Mockingbird Ln.
Suite 14
Acme Self Storage
1313 Mockingbird Ln.
CNP Fraud Link Analysis

10. 6/28/2017
10
Crime Scene Investigation
Revisiting the Crime Scene
Digital Crime Scene - Takeaways
1
2
3
4
5
Mindset & Process
Virtual Evidence
Scenario Planning
Reverse Engineering
Continuous Monitoring
On-Line Transaction

11. 6/28/2017
11
g{tÇ~ lÉâ