Bsides San Francisco 2010
What to know when responding to a data breach. How to work with Visa, MasterCard, merchant bank, processor, your lawyer and the forensic investigator (QIRA)
The Red Flag Rule requires all “financial institutions” and creditors to implement an Identity Theft Prevention Program
to detect, prevent and mitigate identify theft for covered accounts. Coverage has also been extended to Hospitals and other
Health Care organizations because of the extreme negative effect it can have on a person’s medical history.
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
Reviewing cases ranging in size from your neighborhood bar to the massive TJX case, an ex-QIRA will discuss the dirty inside secrets of the card associations and QSA's. Reviewing lessons learned from dozens of past forensic cases, this presentation will highlight how to prepare for a PCI mandated forensics investigation including; what steps should be taken to limit fines and fees, how to ensure you have proper legal representation, how to limit the scope of the investigation, and what questions to ask before deciding on who will conduct the forensic investigation.
Excellent Presentation done by Chris West, CDGcommerce owner. In this presentation Chris will educate you on how to better protect your business against fraudulent transactions using AVS scrubbing, VbV/MSC, among several others tools provided by CDGcommerce.
www.cdgcommerce.com
No business wants to face a data breach, but you should be prepared should it happen. Here are 5 steps to protect your organization after a data breach.
Portabl - The state of open banking, regulations, and the intersection of SSI...SSIMeetup
Complying with Know Your Customer and Anti Money Laundering regulations is hugely complicated and expensive for financial institutions, and burdensome for their customers. Nate Soffio, Co-Founder and CEO of Portabl, believes that the solution lies in secure, interoperable data - enabled by verifiable credentials. In this webinar, he explains why it is such a thorny problem, how open banking needs to evolve to more of a “tap to prove” model as organizations increasingly need continuous identity assurance, and why despite describing the task as “playing SSI on ‘hard mode’”, he believes building a “compound startup” is the best way to get the job done.
The Red Flag Rule requires all “financial institutions” and creditors to implement an Identity Theft Prevention Program
to detect, prevent and mitigate identify theft for covered accounts. Coverage has also been extended to Hospitals and other
Health Care organizations because of the extreme negative effect it can have on a person’s medical history.
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
Reviewing cases ranging in size from your neighborhood bar to the massive TJX case, an ex-QIRA will discuss the dirty inside secrets of the card associations and QSA's. Reviewing lessons learned from dozens of past forensic cases, this presentation will highlight how to prepare for a PCI mandated forensics investigation including; what steps should be taken to limit fines and fees, how to ensure you have proper legal representation, how to limit the scope of the investigation, and what questions to ask before deciding on who will conduct the forensic investigation.
Excellent Presentation done by Chris West, CDGcommerce owner. In this presentation Chris will educate you on how to better protect your business against fraudulent transactions using AVS scrubbing, VbV/MSC, among several others tools provided by CDGcommerce.
www.cdgcommerce.com
No business wants to face a data breach, but you should be prepared should it happen. Here are 5 steps to protect your organization after a data breach.
Portabl - The state of open banking, regulations, and the intersection of SSI...SSIMeetup
Complying with Know Your Customer and Anti Money Laundering regulations is hugely complicated and expensive for financial institutions, and burdensome for their customers. Nate Soffio, Co-Founder and CEO of Portabl, believes that the solution lies in secure, interoperable data - enabled by verifiable credentials. In this webinar, he explains why it is such a thorny problem, how open banking needs to evolve to more of a “tap to prove” model as organizations increasingly need continuous identity assurance, and why despite describing the task as “playing SSI on ‘hard mode’”, he believes building a “compound startup” is the best way to get the job done.
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudFraudBusters
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
White-Collar Crime Fighter Newsletter Subscribe Now at No Cost!
FraudResourceNet has made the premier Anti-Fraud newsletter, White-Collar Crime Fighter freely available to all. All this is required is to complete the registration form with your work email address!
The widely read newsletter, White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Every two months you'll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies to put to work immediately to protect your organization.
When it comes to fraud, knowledge of the countless schemes, how they work and red flags to look for will help keep you, your organization and your clients safe.
At FraudResourceNet we understand this and take great pride in providing our FREE White Collar Crime Fighter newsletter -- filled with exclusive articles and tips to provide the knowledge you need.
Make sure you stay informed. Sign up for White Collar Crime Fighter newsletter and we’ll keep you up-to-date on special promos, training opportunities, and other news and offers from FraudResourceNet!
Signing up is easy and FREE. If you have not already subscribed to our newsletter, please sign up to get started!
Sign up for the White Collar Crime Fighter Newsletter (a $99 value ... now completely FREE)
Parcus Group presentation to Pacific Islands Telecom Association (PITA) AGM & Conference 2016 on telecom revenue assurance, methodologies and considerations including steps on detection, correction and prevention.
#IBMInsight session presentation "Mitigate Risk, Combat Fraud and Financial Crimes"
The Issue of fraud, challenges, fighting fraud as an enterprise endeavor, IBM Smarter counter fraud framework and IBM Counter Fraud business services
More at ibm.biz/BdEPRH
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...Case IQ
Case management is an integral component of any institution’s overall compliance program, let alone those with suspicious activity report (“SAR”) filing responsibilities. However, misconduct is often reported through multiple channels such as whistleblower complaints, HR, and even through a company’s legal department. If misconduct requires SAR filing, input from HR, and advice from legal, but comes in through possibly siloed teams, how can a company feel confident that they are accurately capturing and consistently dispositioning these cases?
The answer boils down to an often-overlooked area – case management systems.
Join financial crime compliance advisory and training specialist Michael Schidlow, as he explains best and worst practices in the field, gives tips on what case management tools should always and shouldn’t ever do, and describes how to utilize metrics from those systems to get an accurate snapshot of their company’s risk profile.
Using Data Analytics to Conduct a Forensic AuditFraudBusters
Webinar series from FraudResourceNet LLC on Preventing and Detecting Fraud Using Data Analytics. Recordings of these Webinars are available for purchase from our Website fraudresourcenet.com
This Webinar focused on fraud detection using data analytic software (Excel, ACL, IDEA)
FraudResourceNet (FRN) is the only searchable portal of practical, expert fraud prevention, detection and audit information on the Web.
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union. http://www.nafcu.org/affinion
The financing of the international trade of goods — and the underwriting thereof — implicate a many-staged process of manufacture, storage, movement, delivery, inspection, and vending. The parties involved are many. The documentation of rights and responsibilities used to fill a small library of paper, and now involves paper, electronic communication, and some digital information transfer. Many points of delay and potential contention persist. Can blockchain clean this up? What other technological developments are reshaping trade finance?
Part of the webinar series: Blockchain Basics 2022
See more at https://www.financialpoise.com/webinars/
Data Breach Response: Before and After the BreachFinancial Poise
You’ve received the dreaded call that your company has just suffered a data breach – what do you do next? Who do you call for help? What notification obligations do you have?
With proper preparation, you can mitigate the damage caused by this unfortunate event and put your business in a position to recover. Your company may have already implemented its information security program and identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must call up your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients, customers, or the public of the breach. This webinar will help prepare you to take action when the worst happens.
Part of the webinar series: Cybersecurity & Data Privacy 2021
See more at https://www.financialpoise.com/webinars/
The tool riskometer will fetch the data from interbank consortium and comes up with an aggregated score related to that party. Score aggregation will happen with any virtual party id. With this information FIs (financial institution) will come to know if the party is risk or not. This feature will prevent the in future crime that party is trying to commit.
The trillions of dollars moving through the ACH banking channel is attracting the attention of fraudsters. Learn how cyber criminals insert new ACH batches and modify existing files to complete fraudulent payments.
Also, learn how financial institutions can use originator and recipient behavior to quickly detect fraudulent ACH payments without tedious, manual reviews of long ACH reports.
In this issue you can learn about...
How to Beat Ransomware & Other Cyber Attacks
2017 Benefits Trends & Considerations
The Invisible Business Tax: Tangible Personal Property
How to Drive Success in a Women in Business Program
Strategies to Embrace the Millennial Workforce
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudFraudBusters
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
White-Collar Crime Fighter Newsletter Subscribe Now at No Cost!
FraudResourceNet has made the premier Anti-Fraud newsletter, White-Collar Crime Fighter freely available to all. All this is required is to complete the registration form with your work email address!
The widely read newsletter, White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Every two months you'll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies to put to work immediately to protect your organization.
When it comes to fraud, knowledge of the countless schemes, how they work and red flags to look for will help keep you, your organization and your clients safe.
At FraudResourceNet we understand this and take great pride in providing our FREE White Collar Crime Fighter newsletter -- filled with exclusive articles and tips to provide the knowledge you need.
Make sure you stay informed. Sign up for White Collar Crime Fighter newsletter and we’ll keep you up-to-date on special promos, training opportunities, and other news and offers from FraudResourceNet!
Signing up is easy and FREE. If you have not already subscribed to our newsletter, please sign up to get started!
Sign up for the White Collar Crime Fighter Newsletter (a $99 value ... now completely FREE)
Parcus Group presentation to Pacific Islands Telecom Association (PITA) AGM & Conference 2016 on telecom revenue assurance, methodologies and considerations including steps on detection, correction and prevention.
#IBMInsight session presentation "Mitigate Risk, Combat Fraud and Financial Crimes"
The Issue of fraud, challenges, fighting fraud as an enterprise endeavor, IBM Smarter counter fraud framework and IBM Counter Fraud business services
More at ibm.biz/BdEPRH
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...Case IQ
Case management is an integral component of any institution’s overall compliance program, let alone those with suspicious activity report (“SAR”) filing responsibilities. However, misconduct is often reported through multiple channels such as whistleblower complaints, HR, and even through a company’s legal department. If misconduct requires SAR filing, input from HR, and advice from legal, but comes in through possibly siloed teams, how can a company feel confident that they are accurately capturing and consistently dispositioning these cases?
The answer boils down to an often-overlooked area – case management systems.
Join financial crime compliance advisory and training specialist Michael Schidlow, as he explains best and worst practices in the field, gives tips on what case management tools should always and shouldn’t ever do, and describes how to utilize metrics from those systems to get an accurate snapshot of their company’s risk profile.
Using Data Analytics to Conduct a Forensic AuditFraudBusters
Webinar series from FraudResourceNet LLC on Preventing and Detecting Fraud Using Data Analytics. Recordings of these Webinars are available for purchase from our Website fraudresourcenet.com
This Webinar focused on fraud detection using data analytic software (Excel, ACL, IDEA)
FraudResourceNet (FRN) is the only searchable portal of practical, expert fraud prevention, detection and audit information on the Web.
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union. http://www.nafcu.org/affinion
The financing of the international trade of goods — and the underwriting thereof — implicate a many-staged process of manufacture, storage, movement, delivery, inspection, and vending. The parties involved are many. The documentation of rights and responsibilities used to fill a small library of paper, and now involves paper, electronic communication, and some digital information transfer. Many points of delay and potential contention persist. Can blockchain clean this up? What other technological developments are reshaping trade finance?
Part of the webinar series: Blockchain Basics 2022
See more at https://www.financialpoise.com/webinars/
Data Breach Response: Before and After the BreachFinancial Poise
You’ve received the dreaded call that your company has just suffered a data breach – what do you do next? Who do you call for help? What notification obligations do you have?
With proper preparation, you can mitigate the damage caused by this unfortunate event and put your business in a position to recover. Your company may have already implemented its information security program and identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must call up your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients, customers, or the public of the breach. This webinar will help prepare you to take action when the worst happens.
Part of the webinar series: Cybersecurity & Data Privacy 2021
See more at https://www.financialpoise.com/webinars/
The tool riskometer will fetch the data from interbank consortium and comes up with an aggregated score related to that party. Score aggregation will happen with any virtual party id. With this information FIs (financial institution) will come to know if the party is risk or not. This feature will prevent the in future crime that party is trying to commit.
The trillions of dollars moving through the ACH banking channel is attracting the attention of fraudsters. Learn how cyber criminals insert new ACH batches and modify existing files to complete fraudulent payments.
Also, learn how financial institutions can use originator and recipient behavior to quickly detect fraudulent ACH payments without tedious, manual reviews of long ACH reports.
In this issue you can learn about...
How to Beat Ransomware & Other Cyber Attacks
2017 Benefits Trends & Considerations
The Invisible Business Tax: Tangible Personal Property
How to Drive Success in a Women in Business Program
Strategies to Embrace the Millennial Workforce
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
3. What is a QIRA?
Qualified Incident Response Assessor
4. What is a QIRA?
Qualified Incident Response Assessor
They are the special investigation units of the Payment Card
Industry who have PCI knowledge and forensic examination
skills (supposedly)
5. david.barnett@orbitz.com or
David Barnett david.barnett@blue-lava.net
Sr. Security Architect, Orbitz WorldWide
also - Sr. Consultant, Blue-Lava - Financial crimes forensic/fraud
Ex Forensics Investigator for a QSA (QIRA)
Consultant/Educator for US Secret Service, DHS, FBI, and DoD.
Participant HoneyNet Project
Copyright 2010
6. Why this talk
Conversations with David Taylor
from PCI Knowledge Base.
Provided a wealth of data from
interviews and anonymous
questionnaires.
Dave passed away suddenly from a
heart attack on Oct 27, 2009.
Breach war stories have been done
ad-nausea, poorly most of the time
12. Lessons from 100+ CC investigations
Find the right lawyer
Pick your forensics investigator*
Know how to work with your merchant bank and the card
associations
Ensure your software/hardware vendors, VARs, subcontractors,
etc. take responsibility for their work
Prepare for the QIRA onsite investigation
*note - forensic (QIRA) vs. other forensic entities
14. In the beginning:
US Secret Service and Card Association saw individual breaches
not the wider common attack trends
Investigated them as isolated breaches
Remediated as isolated cases
No or little breach trending
17. The fundamental ways data breaches occur -
Theft or Loss of Physical Equipment: such as laptop computers or
memory storage devices.
Illegal access to the systems or information: A data breach can occur
through unlawful access to PII data by technological means such as
hacking into existing computer systems.
Insiders: A data breach can be committed by current employees, ex-
employees
18. A credit card breach = PCI
forensics onsite
Who is allowed to perform forensics
Only Qualified Incident Response Assessors
Master list at http://usa.visa.com/merchants/risk_management/
cisp_if_compromised.html
The list has changed over the last few years - Last BIG update
January 11, 2010 (only 3 companies when I was in the thick of it)
The process of who can be one and who can’t makes no sense at
all - though looks to be improving
19. How are merchants notified?
or
“Why are they picking on me?”
Almost all notification is due to the merchant ID being identified
by one of the card brands as a Common Point of Purchase,
typically referred to as (CPP) or Point of Compromise (POC)
This is the one method of how a merchant or processor can be
identified as the breach point in a payment card fraud /
compromise
20. In this case, the similarity is a single business where all of the stolen credit cards
had been used before the cards had been involved in fraudulent activity. This
could potentially be the sign of an employee skimming card numbers, or a breach
in a database. There are always going to be coincidences involving data on a
large scale, but because of the scale, itʼs very difficult to end up with false positive
fraud once a margin of error is established.
21. Card issuers may request that MasterCard initiate an
investigation of a merchant for possible CPP activity at any time.
Acquiring banks have 5 business days to acknowledge a request
from MasterCard for a CPP investigation and 30 calendar days to
complete the investigation. Failure to respond may result in fines
or assessments. $$$$
Only MasterCard, not a member bank, may designate a
merchant location as a CPP and request that an acquiring bank
conduct a CPP investigation. MasterCard will identify a merchant
location as a CPP from one or more of the following sources:
Information received from law enforcement and investigative authorities
Card issuers in accordance with the established criteria
MasterCard systems, databases, and any other source deemed to be
reliable
23. It is important to move swiftly
1. Follow your completed Data Breach Incident Response Plan
2. Document all ongoing events, all people involved, and all discoveries
into a timeline for evidentiary use. The following is a list of actions that
are going to need to be taken when a breach occurs:
24. Visa Fraud Investigations CISP Team has their own agenda,
though they state the following:
1 Works with the compromised entity to obtain all potentially
compromised account numbers.
2 Disseminates "at risk" account numbers (or data) to the issuing
banks.
3 Begins monitoring the activity on the affected accounts.
4 Works with the appropriate law enforcement on the entity’s behalf.
5 Provides guidelines to the compromised entity to assist them in
responding to the incident.
6 Works with the entity to identify security deficiencies.
7 Facilitates forensic investigation in a timely manner.
8 Ensures the entity takes corrective action to minimize the risk of
future loss or theft of account information.
9 Works with the entity to verify PCI DSS compliance in an expedited
timeframe.
25. Account Data Compromise Recovery
(ADCR) process:
Visa validates whether validated compromise meets ADCR
criteria (full track, 10,000+ US accounts, incremental magnetic
stripe counterfeit fraud on accounts)
Visa calculates and advises the acquirer of its potential ADCR
financial liability
If at the end of the issuer fraud reporting window Visa calculates
actual fraud and operating expense liability due to each
participating and impacted issuer Visa notifies acquirers and
issuers of their respective liability and reimbursement
26. From Breach to Fraud - Typical Timeline
Date of Transaction at Entity Date of Transaction at Entity
for Earliest Account for LatestAccount
Compromised Compromised
DATE THE BREACH
WAS DISCOVERED:
PERIOD of Compromised # of Accounts Likely off this chart,
BEGIN Transactions List of Accounts END most breaches are not
Time period of entity's transaction data Dates of Transactions discovered until late -
due to poor monitoring/
logging
Period of Breach End date of
Breach
Time Period of penetration
PERIOD of Compromised Transactions
Start Date of Breach DELAY END
Time period when entity's transaction data is exploited
PCI Assessments are only Date of earliest Date of latest
valid for a "point in time: fraudulent Transaction fraudulent Transaction
Breaches occur over
extended periods.
Inactive Inactive
Pre-Breach Stage Sustained Breach Exploitation-Only Stage
Stage Stage
27. Compromised Account Management
System (CAMS):
Merchant discovers account compromise and notifies it
acquiring bank
Compromised (or suspected) accounts are uploaded into CAMS
for monitoring
Visa investigates to determine if an account compromise has
occurred and sends CAMS alerts to affected issuers to notify
them of compromised accounts
Affected issuers monitor, block or close compromised accounts
28. Post notification, know what
your expected to do, what you
need to do, and the difference
29. Visa mandated steps in event of a suspected
payment card data breach
Immediately contain and limit exposure
Alert all necessary parties immediately
Provide all compromised accounts to your merchant bank within
10 days
Provide an Incident Response Report within 3 days to your
merchant bank
30. What your expected to do by the
card associations
The development of an Incident Response Plan is mandated by
the PCI DSS in Requirement 12.9:
12.9.1: Create an incident response plan
12.9.2: Test the plan at least annually
12.9.3: Designate specific personnel to be available on a 24/7 basis to respond to
incidents
12.9.4: Provide appropriate training to staff with security breach response responsibilities
12.9.5: Include alerts from IDS, IP and file integrity monitoring systems
12.9.6: Develop processes to modify and evolve the IR plan according to lessons learned.
31. Focus areas during the forensic investigation
Determine the type of cardholder information at risk
Determine the how many cardholder information is /was at risk
Perform incident validation and assessment
Check for sensitive authorization data - Track data, CVV2 and PIN block
storage
Review payment gateway, VisaNet endpoint security and risk
Preserve all electronic evidence
Perform an internal and external vulnerability scan
Was the merchant PCI compliant at the time of the breach
32. Be sure to contact -
Your internal information security group and incident response
team.
Your merchant bank.
Your local office of the United States Secret Service.
If you do not know the exact name and/or contact information
for your merchant bank, notify Visa Fraud Investigations and
Incident Management group immediately at (650) 432-2978.
33. Provide all compromised Visa, Interlink, and Plus accounts to
your merchant bank within 10 business days.
All potentially compromised accounts must be provided and
transmitted as instructed by your merchant bank and Visa Fraud
Investigations and Incident Management group.
Visa will distribute the compromised Visa account numbers to
Issuers and ensure the confidentiality of entity and non-public
information.
Within 3 business days of the reported compromise, provide an
Incident Report document to your merchant bank
35. ..and know them intimately
Merchant POS
Software/hardware Merchant Bank Card Association
Acquiring
Payment
Processor Bank
Gateway
36. Be Prepared to Answer the Following
Initial point of entry
Timeline of events
Intruder information
Data exfiltrated and exposed
Compromised accounts
Malware
Network architecture and application overview
Logging and monitoring
Investigative methods
Regulatory review
Encryption
Containment efforts
37. Per Visa - Identify and establish relationships
agreements with key vendors, including:
Outside IT security forensics experts who can investigate if, when
and how a breach occurred, and how to close and repair your
system.
“Visa requires its partners to use external experts for this function,
and doing so is critical to establishing credibility with the media,
customers, investors and other key audiences. Also, consider using
a different vendor from the one that may have done previous security
assessments “
38. Identify how the breach happened, contain the breach, and
implement a solution so it can not happen again
Notify appropriate people within the company
Notify External Agencies, within required time frames, such as:
›› Forensics Investigator
›› Law Enforcement
›› Affected vendors, suppliers
›› FTC
›› State Attorneys General (where applicable)
›› Consumers
39. Visa and MasterCard are not interested in
forensics, they are interested in risk mitigation.
Visa maintains relationships with their QSA’s for a reason
Tend to work with the same people throughout the PCI-DSS world, for
example, same people move from a QSA company to the PCI SSC (PCI
Security Standards Council)
Creates an echo chamber
Lack of knowledge of modern forensics
Place artificial pressure on investigators to got out a compromise time frame
Rather wind down a case on lax evidence than determine the true causal
effect of compromise and compromise patterns
Saw this all the time while a QIRA
40. Important breach issues
Breach Issues Action Items
Mandated Breach Notification Which States require notification
Media reporting Hire firm for media coverage and
Negative customer reaction creating early press releases
Cost associated with brand damage Early customer communications
and lost revenue
42. Fines; according to the card
associations
Stiff fines and penalties ranging from $10K-$500K per month for non-
compliance
$500K fine per credit card data compromise incident if not PCI
compliant
$100K fine if Visa is not immediately notified of as suspected data
breach
If track data or other sensitive data elements was compromised, the
merchant can be assessed the estimated cost of fraud under Visa’s
ADCR Program as well as cost of card re-issuance (est. $7-$20 per
card)
Potential termination of credit card processing privileges
43. Monthly Prohibited Data Fines for Merchant Data
Storage Violation Fines Compromise
Up to $600,000 for non-compliance
Months with PCI DSS requirements.
Months 1-3
Months 4-6 Issuer Recovery Cost of Fraud.
Months 7 and up Charges that occurred on all exposed
Merchant Level 1 cards from the compromised
$10,000 location.
$50,000
$100,000 The cost of the forensic investigation.
Merchant Level 2
$5,000 The cost to replace exposed credit
$25,000 cards.
$50,000
44. In reality, fines have been handed
down with no consistency
Large discrepancies in the per incident cost between large level 1 merchants and level 4
merchants
An average fine for a single food services merchant (a local bar) was $350k not
including:
lawyers costs
Forensics assessment, incident investigation and containment
Upgrading non-compliant POS software & IT and security remediation and
enhancements
Identity protection for impacted individuals (~$30 per person)
Cost associated with onsite validation for 1 year - now a Level 1 merchant
Class action lawsuits and liability in the event that privacy data was compromised
45. The Heartland Data Breach
Aftermath
"Visa sent customized settlement information packets to the
affected financial institutions on January 14, 2010. In order to
accept the settlement, a financial institution was required to
affirmatively complete and return the settlement paperwork to
Visa by January 29, 2010," said the statement from lawyers
representing some of the impacted banks. "The offers--at least
those reviewed by class counsel--appeared to be less than 10
cents on the dollar for most financial institutions and some at
less than 1 cent on the dollar."
47. Make sure you know a qualified
lawyer and call them
immediately
A good lawyer can make all the difference in the penalty
phase
48. Interview your lawyer
Does the lawyer have:
dedicated Internet law department?
In house forensics professional?
Know what PCI is?
Worked with and know key individuals at Visa/MasterCard, the
banks, processors, etc.
How many digital crimes cases have they handled?
49. Merchant Bank
Know your merchant bank’s Point of Contact for fraud /PCI
Call them. Get to know this person. Take them for a beer.
They will be involved early in the process, up until the very end.
They typically know their counter parts at the card associations
But wait, do you have a processor who isn’t your merchant bank?
Better find out and give them a call too!
Ensure these people are your advocate.
51. Where does the responsibility
lay?
Customer
Software/
Implementation Hardware
Developer
VAR OEM
52. Large Merchants
Per incident costs typically lower than level 3 or 4 merchants
IT staff
Leverage with manufacturers
Media/Marketing Dept. to control the message
53. The “favorites” game
Several instances of medium to large size breaches which
remain off all breach lists and in the media
Good legal representation early in the process
Tend to lay blame of the software/hardware vendors
Card Associations deathly afraid of Full Disclosure
These and other issues have lead to many complaints of the ADCR
process
http://Datalossdb.org unofficial master record-keeper of
breaches
56. News Update
In an interesting development, a handful of issuing banks
impacted by the Heartland breach have filed a class action
lawsuit against two acquiring banks related to Heartland
Payment Systems. According to this article, the issuing
banks are unhappy with Heartland's proposed settlement with
Visa. This appears and to be an attempted end-run around
the proposed $60 million settlement with Visa. It also may
demonstrate that issuing banks are not satisfied with the
dispute resolution mechanisms under the Visa Operating
Regulations (the Account Data Compromise Recovery process
estimated the loss at $140 million, yet the settlement was
for only $60 million), and their ability to be made whole
under those mechanisms.
From 01/21/2010 www.infolawgroup.com
57. Breach Trends
Just as merchants shop for PCI assessors (QSA’s) merchants
shop for QIRA’s
This tends to skew a specific company’s analysis
59. Trend Analysis
Trend numbers from each company by themselves should not
be taken all that seriously
Some basic trends can be seen when viewed outside the
confines of these companies
www.datalossdb.org is a good overall source for breach data
but ... several breach cases I worked on and am aware of are
not on their list
60. Definite trends can be seen when
viewed outside the confines of
each of the forensics company
61. Next up ..... banks
(February 16, 2010) A Michigan-based manufacturing
firm is suing its bank after online crooks
depleted the company's account by $560,000 via a
series of unauthorized wire transfers last year.
The lawsuit is one of several that have been filed
over the past few months involving banks and
customers victimized by online theft. In this
case, the theft occurred after an employee at EMI
supplied the crooks with the company's online
banking credentials in response to a phishing e-
mail that purported to come from the bank.
Editor's Notes
mom and pop restaurant, bar, coffee shop, bed and breakfast
multiple franchise sites all over the country during a typical breach timeframe
The large news breaking type
Why are
This behavior is typical with larger level 1 merchants whereas, level 4 merchants often just go bankrupt.
The merchant POC for fraud typically is in the PCI group
If a POS is retaining track data, who removes the old data, upgrades the software,
New software/hardware
The aftermath of this incident is still in flux
The issue still exists
The aftermath of this incident is still in flux
The issue still exists
Heard of the practice of shopping for QSA’s?