This document discusses EMV and the future of payments. It summarizes that EMV was designed to facilitate offline transactions and minimize card-present fraud over time. While EMV adoption in the US allows for chip and signature transactions, chip and PIN transactions are more secure. The document also notes that fraud has significantly decreased in the UK since EMV adoption. However, fraudsters will likely shift tactics to target card-not-present and other attacks. Looking ahead, online payments and mobile wallets present new opportunities for criminals, highlighting the need for continued security improvements.
Faster payments mean higher risk for fraud, especially through Business Email Compromise (BEC). Learn how to prevent fraudulent Wire transfers from identification to intervention.
Cryptocurrency Scams | How Do You Protect Yourself?Money 2Conf
Learn about the different types of cryptocurrency scams and frauds and join the Money 2.0 Conference as it reviews the entire landscape in this presentation. In the end, you’ll know how you can keep yourself safe from fake spammers while investing in cryptocurrencies.
How the explosion of BYOD and the IoT are fueling Shadow IT & Shadow Data and the growing security risks we all face. We can't protect what we don't know
Protect your confidential information while improving servicesCloudMask inc.
Over the last few decades, the financial sector has outgrown banks, as financial engineering, digital money and regulatory changes have evolved. Assets managed by financial firms (equity and various types of debt) are larger, as corporate debt has surpassed federal, state and local government’s debt. The US banks’ share of assets under management (AUM) accordingly declined from 58% in 1907 to 27% in 2008, while pension, mutual funds and non-depository firms (e.g., private equity and hedge funds) have grown substantially.
Small- and medium-sized businesses (SMBs) are the prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. Think about burglars that go after houses where they know no one is home. With more cybercrime automation and the rise of hacking kits, the cost and time it takes to launch a successful attack have decreased, increasing the amount of cyber-attacks executed.
The evolution of state monitoring systems Earle G. HallUIFuture
Зразки роботи європейського регулятора грального бізнесу, питання державної системи механізмів контролю ринку та грошових потоків від гравця до сплачених податків, регулювання діяльності казино в Європі тощо.
Faster payments mean higher risk for fraud, especially through Business Email Compromise (BEC). Learn how to prevent fraudulent Wire transfers from identification to intervention.
Cryptocurrency Scams | How Do You Protect Yourself?Money 2Conf
Learn about the different types of cryptocurrency scams and frauds and join the Money 2.0 Conference as it reviews the entire landscape in this presentation. In the end, you’ll know how you can keep yourself safe from fake spammers while investing in cryptocurrencies.
How the explosion of BYOD and the IoT are fueling Shadow IT & Shadow Data and the growing security risks we all face. We can't protect what we don't know
Protect your confidential information while improving servicesCloudMask inc.
Over the last few decades, the financial sector has outgrown banks, as financial engineering, digital money and regulatory changes have evolved. Assets managed by financial firms (equity and various types of debt) are larger, as corporate debt has surpassed federal, state and local government’s debt. The US banks’ share of assets under management (AUM) accordingly declined from 58% in 1907 to 27% in 2008, while pension, mutual funds and non-depository firms (e.g., private equity and hedge funds) have grown substantially.
Small- and medium-sized businesses (SMBs) are the prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. Think about burglars that go after houses where they know no one is home. With more cybercrime automation and the rise of hacking kits, the cost and time it takes to launch a successful attack have decreased, increasing the amount of cyber-attacks executed.
The evolution of state monitoring systems Earle G. HallUIFuture
Зразки роботи європейського регулятора грального бізнесу, питання державної системи механізмів контролю ринку та грошових потоків від гравця до сплачених податків, регулювання діяльності казино в Європі тощо.
Five mobile security challenges facing the enterpriseNowSecure
Mobile devices have permeated our personal lives, and increasingly impact all types of enterprise. The information security industry is just beginning to catch up to the dramatic impact of mobile. Since inception, NowSecure has focused entirely on mobile. Content Marketing Manager Sam Bakken shares insights into 5 key challenges facing mobile enterprise.
Eight Months of EMV: Early Fraud Shifts and TrajectoryTransUnion
The United States has finally joined the rest of the G-20 countries in upgrading to the EMV standard, though the path has certainly been a rocky one. At the same time that EMV gradually works its way into the fabric of U.S. payments, financial fraud continues to increase. Account takeover (ATO), card-not-present (CNP) fraud, and application fraud are all rapidly rising, fueled by reams of data breaches that have given criminals vast stores of consumer data. Lessons learned from countries that preceded the United States in upgrading to EMV indicate that as the U.S. migration progresses, dwindling counterfeit card opportunity will further magnify the increases in other forms of fraud.
This on-demand webinar, based on fresh research from Aite Group, explores the current state of the U.S. EMV migration, and the associated account takeover, CNP fraud, and application fraud trends. The research will help executives benchmark EMV’s progress and better understand the rapidly shifting fraud landscape.
Although the EMV migration deadline has long come and gone, there are still several industry players who have yet to implement it. In this recorded webinar, Ingenico Group’s Allen Friedman, Ingenico Mobile Solutions' Andrew Molloy and AZ Payments Group's Rick Oglesby discuss:
- Current state of EMV migration in the U.S.
- 7 Ways Businesses can make EMV migration easier for merchants
Watch the recorded webinar - https://event.webcasts.com/viewer/event.jsp?ei=1106146
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...Ingenico Group
Ingenico Group's latest webinar - PCI at the POS / What’s New, What’s Next and What Merchants Can Do to Simplify Compliance, provided attendees a clear understanding of the Payments Compliance Industry Data Security Standard (PCI DSS) and its latest updates. Our resident security expert, Dr. Rob Martin, and our Director of Strategic Accounts, Nate Potter, were co-hosts.
The recent batch of mega retailers that have been compromised, including Target, Neiman Marcus and Michaels, has revealed just how vulnerable payment systems are. Even with sophisticated tools, strong security policies, updated regulatory requirements such as PCI v3 and other measures to mitigate these attacks, hackers are still able to compromise the systems by taking advantage of inherent vulnerabilities in payment systems.
In this webcast, payment systems expert Slava Gomzin, author of Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions, will show us how retailers such as Target were compromised, what went wrong, failures in PCI to address all vulnerabilities and how these types of breaches can be prevented in the future.
Webcast participants will also receive a free sample chapter of Slava’s book on “Payment Application Architecture,” which provides a detailed overview of how payment systems work, protocols and their weaknesses.
The current presentation is based on different Cyber Security Threats for 2017 published in Internet. All threats are explained at a high level but at the end of this presentation all references URL are present if you want to investigate deeply any threat.
Piers Fawkes and Scott Lachut of PSFK give an overview of their Future of Retail 2017 report as they share the emerging trends that are shaping the new digital shopper experience in a post-omnichannel retail environment. Explore the social, technological and physical forces influencing consumer behavior and driving next gen shopping experiences. And find inspiration from fresh strategies that will allow e-commerce platforms and brands to exist in a new retail paradigm. Presentation from Retail's Digital Summit 2016.
The Modern Retail Guide to EPOS 2016 brings readers a fantastic wealth of best-practice advice, with practical information on how to get the best from their retail technology. Topics covered include EPOS, payment processing, chip & pin, tablet POS – plus much more.
In the ever changing world, marketing strategies are changing fast. A new domain of marketing, digital marketing emerged with the rise of the internet and social media. New trends in digital marketing in the upcoming year can modify the face of marketing.
The National Retail Federation outlines which data security points matter most to retailers.
For the past decade, NRF has called on Congress to pass a federal data breach notification law that would cover all entities that receive, handle and maintain sensitive personal information. NRF believes a national standard would provide retailers a practical framework to handle consumer notification and must preempt the 47 disparate state data breach notification laws retailers now comply with.
To learn moe visit: https://nrf.com/datasecurity
Who is the next target proactive approaches to data securityUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
Five mobile security challenges facing the enterpriseNowSecure
Mobile devices have permeated our personal lives, and increasingly impact all types of enterprise. The information security industry is just beginning to catch up to the dramatic impact of mobile. Since inception, NowSecure has focused entirely on mobile. Content Marketing Manager Sam Bakken shares insights into 5 key challenges facing mobile enterprise.
Eight Months of EMV: Early Fraud Shifts and TrajectoryTransUnion
The United States has finally joined the rest of the G-20 countries in upgrading to the EMV standard, though the path has certainly been a rocky one. At the same time that EMV gradually works its way into the fabric of U.S. payments, financial fraud continues to increase. Account takeover (ATO), card-not-present (CNP) fraud, and application fraud are all rapidly rising, fueled by reams of data breaches that have given criminals vast stores of consumer data. Lessons learned from countries that preceded the United States in upgrading to EMV indicate that as the U.S. migration progresses, dwindling counterfeit card opportunity will further magnify the increases in other forms of fraud.
This on-demand webinar, based on fresh research from Aite Group, explores the current state of the U.S. EMV migration, and the associated account takeover, CNP fraud, and application fraud trends. The research will help executives benchmark EMV’s progress and better understand the rapidly shifting fraud landscape.
Although the EMV migration deadline has long come and gone, there are still several industry players who have yet to implement it. In this recorded webinar, Ingenico Group’s Allen Friedman, Ingenico Mobile Solutions' Andrew Molloy and AZ Payments Group's Rick Oglesby discuss:
- Current state of EMV migration in the U.S.
- 7 Ways Businesses can make EMV migration easier for merchants
Watch the recorded webinar - https://event.webcasts.com/viewer/event.jsp?ei=1106146
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...Ingenico Group
Ingenico Group's latest webinar - PCI at the POS / What’s New, What’s Next and What Merchants Can Do to Simplify Compliance, provided attendees a clear understanding of the Payments Compliance Industry Data Security Standard (PCI DSS) and its latest updates. Our resident security expert, Dr. Rob Martin, and our Director of Strategic Accounts, Nate Potter, were co-hosts.
The recent batch of mega retailers that have been compromised, including Target, Neiman Marcus and Michaels, has revealed just how vulnerable payment systems are. Even with sophisticated tools, strong security policies, updated regulatory requirements such as PCI v3 and other measures to mitigate these attacks, hackers are still able to compromise the systems by taking advantage of inherent vulnerabilities in payment systems.
In this webcast, payment systems expert Slava Gomzin, author of Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions, will show us how retailers such as Target were compromised, what went wrong, failures in PCI to address all vulnerabilities and how these types of breaches can be prevented in the future.
Webcast participants will also receive a free sample chapter of Slava’s book on “Payment Application Architecture,” which provides a detailed overview of how payment systems work, protocols and their weaknesses.
The current presentation is based on different Cyber Security Threats for 2017 published in Internet. All threats are explained at a high level but at the end of this presentation all references URL are present if you want to investigate deeply any threat.
Piers Fawkes and Scott Lachut of PSFK give an overview of their Future of Retail 2017 report as they share the emerging trends that are shaping the new digital shopper experience in a post-omnichannel retail environment. Explore the social, technological and physical forces influencing consumer behavior and driving next gen shopping experiences. And find inspiration from fresh strategies that will allow e-commerce platforms and brands to exist in a new retail paradigm. Presentation from Retail's Digital Summit 2016.
The Modern Retail Guide to EPOS 2016 brings readers a fantastic wealth of best-practice advice, with practical information on how to get the best from their retail technology. Topics covered include EPOS, payment processing, chip & pin, tablet POS – plus much more.
In the ever changing world, marketing strategies are changing fast. A new domain of marketing, digital marketing emerged with the rise of the internet and social media. New trends in digital marketing in the upcoming year can modify the face of marketing.
The National Retail Federation outlines which data security points matter most to retailers.
For the past decade, NRF has called on Congress to pass a federal data breach notification law that would cover all entities that receive, handle and maintain sensitive personal information. NRF believes a national standard would provide retailers a practical framework to handle consumer notification and must preempt the 47 disparate state data breach notification laws retailers now comply with.
To learn moe visit: https://nrf.com/datasecurity
Who is the next target proactive approaches to data securityUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
90% of data that exist today was created in the past 2 years. This massive amount of data allows organizations to take a
more qualitative approach to business and customer
service, but also makes them vulnerable to a continually
increasing number of threats.
As more and more data is received by companies every second it is vital for them to protect their customers at the highest level. Even the biggest tech giants did not avoid the failure: Google, Facebook
But there is another field that receives tremendous amounts of very private information - hotels
Let's discover how Marriott has overcame one of the biggest data 'leakages' in the history
Or it hasn't?
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
The International Journal of Engineering and Science (The IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Similar to NTXISSACSC3 - EMV and the Future of Payments by Branden Williams (20)
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
5. @NTXISSA #NTXISSACSC3
According to the National Association
of Federal Credit Unions, what was the
average amount spent by member
institutions on merchant data breaches
in 2014?
7. @NTXISSA #NTXISSACSC3
The Results of a Data Breach Cause Significant
Impacts Across Business Operations
7
Reputational Risk Damage Negative Impact to Your Brand
AND
Investigation
of Breach
Fines/Liability
Loss of
Confidential
Business
Information
Remediation of
Breach
8. @NTXISSA #NTXISSACSC3
The Cost of a Data Breach is Staggering
•Since 2013, many major retailers experienced data breaches:
8
Reject cost-per-record estimates, just understand it’s expensive.
9. @NTXISSA #NTXISSACSC3
Four Key Cyber Assets Targeted by Criminals
9
POS
Environments
• 49% of POS
intrusions account
for 40% of all assets
targets.
• If a POS is
attacked, it is most
likely the business
will be US based.
Credit Cards
• 49% of breach
investigations
involved Personally
Identifiable
Information (PII)
and cardholder
data.
• Attackers shifted
focus back to
payment card from
non- payment card.
eCommerce
• Accounted for 42%
of all investigations
in 2014.
• 64% of retail
industry breaches
were eCommerce
• “Password1” was
still the most
commonly used
password.
Mobile Apps
• 95% of mobile
applications are
vulnerable.
• 35% of mobile
apps had critical
issues
• 45% of mobile apps
had high-risk
issues.
• 6: Median number
of vulnerabilities per
mobile app.
SOURCE: 2015 TrustWave Global Security Report.
10. @NTXISSA #NTXISSACSC3
POS Malware Poses an Insidious Threat
10
• POS malware is extremely
lucrative for criminals and
extraordinarily difficult to
detect.
• In 60% of cases, attackers are
able to compromise an
organization within minutes.
• POS breaches account for
nearly one-third of all types of
breaches.
Nine Main Types of Breaches
SOURCE: Verizon 2015 Data Breach Investigations Report.
11. @NTXISSA #NTXISSACSC3
Data Protection is Top of Mind for Today’s Executives
11
Preserve Stakeholder
Value
Avoid Costs Due to
Remediation and a
Negative Brand Image.
Secure POS Systems
Protect Your Customers’
Data During and After
the Transaction
Process.
End-to-End Protection
Minimal Operation and
Systems Impact.
Benefits of Data Protection
13. @NTXISSA #NTXISSACSC3
Really Guys? </Cartman>
Oxford University and the UK’s Centre for the Protection of the
National Infrastructure survey results:
“Concern for
cybersecurity was
significantly lower
among managers
inside the C-suite
than among
managers outside it.”
13
Winnefeld Jr, P. A. S., Kirchhoff, C., & Upton, D. M. (2015). Cybersecurity's human factor: Lessons from the pentagon. Harvard Business Review, 93(9), 87-95.
18. @NTXISSA #NTXISSACSC3
Targets will change
•Fraudsters will move away from magstripe to focus on card-
not-present, and other types of attacks to gain funds
•But attack mechanisms have not changed much
•Malware
•Vishing
•Large-scale hacks
•What EMV considers routing data, we consider
sensitive data:
•Vishers may not call to ask for PIN, but instead CVV2
•Some merchants may accept transactions without CVV2
18
19. @NTXISSA #NTXISSACSC3
What does this mean for online retail?
•Online merchants traditionally do not want to get in the way
of a transaction:
•First iteration of 3DSecure was awful
•Merchants hate it due to abandoned carts
•Rather take the risk on a transaction
•Think about how IT works today vs. ten
years ago…
19
21. @NTXISSA #NTXISSACSC3
Who should deploy EMV?
•Card present merchants with high chargeback rates
•Especially those that sell gift cards!
•Where will fraud shift in the CNP space?
•Digital Goods
•High value items
•Anything that can
be easily fenced
or converted to
cash
21
22. @NTXISSA #NTXISSACSC3
What’s Next?
•Pervasiveness of technology expands attack surface
•Where are payments moving?
•Mobile (expected to eclipse PCs for CNP transactions in 2015)
•Platforms with users explore financial exchange (Twitter, Facebook)
•What is attractive for criminals?
•Any of the e-wallet options such as Samsung Pay or Apple Pay
•Pre-paid cards (targets the under-banked)
•Weakly secured accounts
22
25. @NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3
The Collin College Engineering Department
Collin College Student Chapter of the North Texas ISSA
North Texas ISSA (Information Systems Security Association)
NTX ISSA Cyber Security Conference – October 2-3, 2015 25
Thank you