RSA E-Commerce Fraud Trends 2013

E-COMMERCE FRAUD
TRENDS 2013
Wednesday, Feb. 20th
9:00 AM/EST
Limor S Kessem
Technical Lead, U.S./Canada Toll-Free
1-866-289-3291 PIN: 8272
FraudAction Knowledge Delivery
International Toll
Richard Booth Dial 001-503-295-8000, then
Senior Fraud Technology Consultant enter 866-289-3291 and PIN:
8272

Or listen via your computer
speakers:
Under the Voice & Video tab
select “Join Audio”

© Copyright 2012 EMC Corporation. All rights reserved. 1

Agenda
 Statistics
 Where it all stems from?
 How is fraud committed?
 How can we protect
ourselves?


Global e-commerce 2013

Expected to
total almost
$1 trillion
worldwide in
2013.


Europeans shopping online: Top 10

90%
80%
70%
60%
50%
40%
30%
20%
10%
0%

Source: EuroStat


Ecommerce is everywhere…
Consumers are using their
smartphones to bridge the gap
between brick-and-mortar stores and
ecommerce

eBay Mobile
13,161,000 unique
PayPal
shoppers in 1 month
+5m active new
1:04:02 hrs
accounts in 4Q2012,
Fastest rate in 8
years!


Losses to e-commerce fraud
Cybercrime costs UK
retailers over £200
million a year (British Retail
Consortium).

Total fraud losses on UK
cards totaled £185 million
between January and June
2012 Payment fraud losses
are only 0.5% of all fraud
losses in the UK
(The UK Cards Association)

Losses incurred on Irish-issued
payment cards show losses of
€25.7 million recorded in 2011


Intelligence
= Power


Intelligence = Power


The Underground?

The
Underground
World of
Fraud


The Fraud Underground


Fraudsters Botmasters
Blackhats
Hacktivists


Malware Infrastructure Data vendors
Stolen Data Con artists and
Con artists
programmers Services thieves
and thieves
Vendors


E-commerce fraud – The supply chain

 Con artists – devise ploys
– Create and deploy social engineering schemes
which include: ecommerce phishing and spam
tactics designed to harvest credentials.
 Data trafficking
– Buy, sell and trade in credentials, account
information, card numbers, victim contact details,
PII, credit reports



 Mule herders
– Recruit and command money mules
– Recruit and command item drop mules
 Cashout services
– Offer a variety of options to fraudsters
looking for exchange possibilities and
monetization schemes


 Forgery service providers
– Create fake documentation – from
statements to ID cards, driving licenses and
passports.
– Provide cloned cards that are a replica of the
real plastic card
 Dark shoppers
– Offer purchasing services
– In-store pick-up
– E-commerce fraud tutorials


The flow of
events


The planning phase
 Step #1 – Plan, buy a card… or 100
This happens in deep-web venues


E-commerce fraud – Flow of events

Buy data COB Reship Monetize

Time

Verify Shop Resell
validity


A market…
Deep (web) conversations

Before… IRC Today… Organized
boards


The planning phase


Where are these details purchased?


What feeds the stolen data supply?
Classic phishing – aimed at
 Phishing attacks
ecommerce merchants
SMShing
 Trojan logs
 Hacked payment processors
Trojan
 Hacked online retailers
injections
 Big breaches that expose financial data for
that ask
victim card
 Data traffickers who have “warehouses” of
details
information
Trojan plugins designed to grab and parse
CC data


Verify card validity: CC Checking

 Check via phone merchants
 Check via online merchants
 Check via adapted checking services
 Check inside the CC shops
 Check via rogue merchant infrastructures


Obtain additional details

 Get online access to the card’s account
 Attempt to guess/reset the VBV/MSC
Password if need be
 Call the bank as needed


Get an item-drop mule (reshipping)
 The fraud underground has a number of
options to offer thieves:
– Accomplices
– Dark shopper services
– In-store pick up of ordered goods
– Pick your own item drop mule
– A full-service turnkey solution: from buy to
monetize


Reshipping mules: Pick one
 The herder recruits people to work
 Each new “employee” is added to the list
 The mule can be picked out online
 Each mule is available for a number of
shipments according to the herder’s rules




Time

Verify Shop Resell
validity


The COB – Change of Billing
 Goal: change the billing address on the acct
 “Enrolls” – attempt to access the card online
 Add a shipping address/mailing address
 Look for details on the victim
 Add a mobile number and email address
 Non-native speakers contract underground
services to help them achieve the goal


What is ‘Carding’
 The fraudulent use of payment cards is
dubbed ‘Carding’
 Fraudsters are after easy-to-card merchants
 They usually avoid secure, large merchants
 Prey on smaller shops and tell their friends
about them
 Usually card high-value electronics and
popular goods


The action phase: Go shopping
 Step #2 – Theft
Happens in e-commerce sites


Dark shopper services




Time

Verify Shop Resell
validity


Item drop and reship
 Step #3 – Ship the goods –
Happens at item drop addresses


The mule…
 The mule receives the goods at home
 The mule prints and re-tickets the item
 The mule will reship the item(s)
 The fraudster will receive it – or…
 The mule herder will receive and sell the
item, then share the loot
 In-store pick up mules will go to the shop
and then reship…




Time

Verify Shop Resell
validity


Monetize
 Step #4 – Monetize –
Happens between accomplices online/on the
streets


Fighting
Fraud


Protecting cardholders - Prevention
 Banks can tighten security around COBs
 Fraudsters fail when VBV/MSC codes cannot
be reset or bypassed, blacklisting BINs
 Fraudsters will steer clear of secure
platforms that provide them no added
information (enrollment phase security)
 Identity verification over the phone
 Card-cloning criminals fail when last 4 digits
of the card must match their plastic


Fighting back!


Cardholder education is key
 Fraudsters will try to enroll cards – they can
be stopped!
– Encourage customers to register their cards to
the online service and be sure to review them
regularly.
 Fraudsters dread the premature discovery of
a pending fraudulent delivery/transaction
– Encourage customers to use the alerting
services you offer (email, SMS)


Informed customers help prevent fraud
 Inform customers about phishing for card
information
 Inform customers about shopping via mobile
devices and through apps
– Mobile devices can be just as easily targeted by
phishing and rogue shopping apps as the PC
– Warn customers about downloading shopping
and banking apps from third party websites


Cardholders have the power

 … to avoid phishing scams by never divulging
financial information online
 … to call their bank when they are unsure of
the source of a suspicious email
 … to control the shipping process of orders
they placed


Cardholders have the power
 … to monitor their card when they hand it to
a shop attendant
 … to only buy from well-known, reputable
merchants
 …to choose to receive alerts when purchases
are processed on their cards
 … to regularly review their accounts,
especially during the holidays


Deception is only deception


Managing
Fraud Risk


Threats Occur Across the Entire User
Session
InfoSec
Pre-Authentication Threats

Fraud
Post-Authentication Threats

Beginning of Login Transaction
Web Session and Logout

Account Takeover
Parameter Injection
Site Scraping Man In The Browser
High Risk Checkout
Vulnerability Probing
Password Guessing Unauthorized Account
New Account
DDOS Attacks Registration Fraud Activity Fraudulent Money
Movement
Phishing Attacks
Access From High Risk Country Man In The Middle
Promotion Abuse

RSA FraudAction Services
• Anti-Phishing Service
Detect and shut down phishing
sites
• Anti-Trojan Service
Detect and shut down malware
targeting customers
• Anti Rogue App Service -
Detect and shut down rogue
mobile apps
• FraudAction Intelligence
Reports about fraud activities,
trends in the underground


SilverTail Web Session Intelligence
Criminals Behave Differently Than
Customers

Velocity
Page Sequence
Origin
Contextual Information

© Copyright 2012 EMC Corporation. All rights reserved.
Anomalous Behavior Detection 49

RSA Adaptive Authentication
 Transparent real-time fraud detection
and authentication without sacrificing
user experience
 Monitor and authenticate both login
and post login activities
 Risk based self-learning engine which
rapidly adjusts policies and controls to
predict and protect against future
attacks
 Collaborative real-time cross-
institution fraud intelligence sharing


RSA Adaptive
Behavior Device Fraud
Authentication

937
271
Policy
Mgr. Authenticate Continue
Risk Engine

Activity details

Knowledge
Challenge
Out-of-

Others
band
Feedback
Step-up Authentication

Feedback
Case Mgmt


RSA Adaptive Authentication for eCommerce
• Balance risk, cost and convenience with no
enrollment
• Transparent real-time fraud detection with minimal
impact to card holders user experience
• Risk based system that learns from past behavior and
rapidly adjusts to predict and protect against future
attacks
• Collaborative real-time cross-institution sharing of
fraud-connected data via RSA eFraudNetwork
• Worldwide availability to issuing banks as centrally
hosted service


RSA Adaptive Authentication for eCommerce

Transparent • Low risk transparently authenticated - no cardholder engagement
Auth
Mandatory • Risky transactions challenged via KBA, OTP SMS, Data Elements
Auth
Decline • Highest risk transactions are declined


RSA’s Layered Protection for Fraud Prevention


Q&A


RSA E-Commerce Fraud Trends 2013

RSA E-Commerce Fraud Trends 2013

More Related Content

What's hot

Viewers also liked

Similar to RSA E-Commerce Fraud Trends 2013

More from EMC

Recently uploaded

RSA E-Commerce Fraud Trends 2013