trusteer community day at think - march 18 2018 - final · • delivering an exceptional and secure...

IBM TrusteerADVANCED FRAUD PROTECTION USER GROUP

March 18, 2018

Welcome!

3 IBM Security

Agenda

Time Duration (min.)

Topic Speaker

10:15 15 Welcome and Introductions Jason Keenaghan

10:30 20 Trusteer Client Case Studies Shira Shacham

10:50 90 Roundtable: Emerging Challenges in Fraud• Recent Fraud Trends and Threat Landscape• Delivering an Exceptional and Secure User

Experience• Building a Risk Ecosystem• Open Banking and Protecting the API Channel

Nir Stern

12:20 10 Closing and Next Steps Jason Keenaghan

12:30 *** End of Session ***

4 IBM Security

Get to know the IBM Trusteer team in attendance

IBM CONFIDENTIAL

OFFERINGMANAGEMENT

ENGINEERING& SECURITY

CLIENTTEAM

PRODUCTMARKETING

JasonKeenaghan

GalFrishman

NickWetton

EileenTurner

NirStern

DoronBen-Ari

NicolasMeyerhoffer

ValerieBradford

SaritKozokin

ShiraShacham

KateReed

ShakedVax

RobRendell

AyeletAvni

FrankMendicino

MaximShifrin

MeirAsiskovich

5 IBM Security

LEADin strategic domains

IBM Security Strategy

SUPPORTthe CISO agenda Cloud Mobile and

Internet of ThingsComplianceMandates

SkillsShortage

AdvancedThreats

Cloud CollaborationCognitive

ACCELERATEwith key innovation

6 IBM Security

IBM Security Immune System

QRadar Incident ForensicsQRadar Network InsightsManaged Network SecuritySecure SD-WAN

X-Force Exchange | Malware AnalysisX-Force IRIS

Guardium | Multi-cloud Encryption | Key ManagerCritical Data Protection Services

Identity Governance and AccessCloud IdentityzSecureIdentity Management Services

MaaS360Mobile Device Management

TrusteerFinancial Malware and Threat Research

AppScanApplication Security on CloudX-Force RedSDLC Consulting

QRadar | Watson | Resilient | i2Security Operations Consulting

X-Force Command CentersX-Force IRIS

BigFixManagedDetection & Response

App ExchangeHybrid Cloud Security Services

ProductsServices

7 IBM Security

IBM Trusteer: The digital trust platform fueled by machine learning and AI

Servicing over 500 of leading organizations worldwide. Processing over 40 billion application accesses and over 1 billion user sessions every month.

Trusteer Pinpoint Platform

Trusteer Intelligence Cloud

Mobile SDK

Real-time Activity Risk Assessment (e.g. login, payment)

New Account Fraud

Detect(Malware / ATO)

Global Fraud DB

Rapport

IBM Safer Payments

(Omni-channel fraud protetion)

Trusteer Client Case Studies

9 IBM Security

Who we are?

10 IBM Security

Customers Case Studies - LATAM Bank

• A large bank in LATAM, a subsidiary of aglobal bank.

• Has Rapport (incl. phishing),Pinpoint and Mobile SDK

• PPCD for the business segment wasdeployed at the end of 2017, where theconfirmed fraud attempts number grew froma few each month to 68 in January2018.

• During 2017, they took down almost

3000 fake bankwebpages.

254

137

63

182

227248

147

322

502

410

284

334

523

3 2 3 1 1 1 3 2 10 4 7 268

Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17 Jan-18

11 IBM Security

T1 Bank in NA• PPD covers the Bank’s commercial application.

• During our 3 years there, we were able to help the bank against Dyre, Trickbotand most recently targeted spear phishing attacks.

• We are working with the bank on adjustments to our policies based on specific transaction types and the risk per each transaction type.

• Past 6 months data-

detection rates of 90% alert rate of 0.03%

Customers Case Studies

12 IBM Security

UK T1 bank• PPD platform deployed in 8 applications, on Retail, Commercial and Business

• In 2017 - Fraud trends have shifted to commercial and business mostly

• Main attack vectors are Malware redirection, RAT and sophisticated social engineering schemes.

• PPD stopped all losses from redirection attacks- Trickbot, Gozi and Dridex.

• Detection rates are ~ 65%, with alert rates below 0.05%. Most missed frauds are due to the legitimate user being manipulated to perform the

transaction. Transactional data is not shared with PPD today.

• Recently behavioral biometrics features were enabled and have further reduced alert rates (in around 40%)


13 IBM Security

T1 Bank in France• PPD Platform protects several applications on the retail and commercial side including

Mobile protection and policy manager.

• Before implementing PPD Platform, the bank reported ~ 200 weekly fraud cases.

• Along side PPD the bank made some policy changes in their internal control, based on PPD risk assessment and was able to reduce loss significantly.

• PPD Platform detection rate is ~95% with alert rate as low as 0.01%

• Fraud attempts are now are as low as ~30 fraud cases per week. Main attack vector is Phishing


Roundtable: Emerging Challenges in Fraud

Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation 15

Open Discussion

1. Recent Fraud Trends and Threat landscape

2. Providing exceptional user-experience securely

3. Building a Risk Eco-System

4. Open Banking


Recent Fraud Trends and Threat landscape

Global Trends in the Market

17Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation

• Fraud is shifting:

• From mass attacks based on complex technology (i.e. malwares)

• To targeted attacks, very focused, and using combination of technology (Malwares, RATs) & social engineering.

• We also see shift from retail to business, to increase profitability

• For business applications – fraud is still a big issue in many cases

• For retail – experience is the key.

• Focus on behavioral analysis and behavioral biometrics

• Focus on smooth user experience and friendly authentication methods

• Mobile becomes the dominant channel

• Customers shift to mobile

• So does the fraudsters (many times in combination with web)

• While security is an agile space, mobile Apps by nature adopt very slowly

Example use-case

Malware installed

Steals credentials

Overlay attack

Attempts account takeover

Multi-Channel fraud journey

IBM Confidential - Shared Under NDA

Social Engineering Use-Cases Examples

IBM Confidential - Shared Under NDA

• Use Case #1: Fraudster calls customer claiming to be from Mobile Provider and claims

that there is a virus on the device. Informs customer that they can clean device for a small sum and also

requests RAT. Customer accepts RAT request, starts to complete the small payment. Fraudster takes over device, amending the payment sum.

• Use Case #2: Pure social engineering. The customer is convinced by the Fraudsters ruse and completes the whole

payment journey themselves.

• Use Case #3: Smishing driven MO. Customer receives a text which looks legitimate informing them they have

made a payment, and to call the number to report fraud. The customer does so and is told their account is compromised and the

fraudster then either convinces them to move the money, or follows a similar script to use case 1.

Mobile/WEB Features

ATO Detection

RAT Detection

Behavior Biometrics

Overlay attack detection

SMS stealing

Emulator Detection

Mobile/WEB Features

ATO Detection

Behavior Biometrics

Mobile/WEB Features

ATO Detection

Smishing Detection

Behavior Biometrics

Phone Number Intelligence

Global Trends in the Market


• Open banking (PSD2) may be a game changer in various aspects

• Limited visibility to users interaction

• New attacks, new threats, increase in frauds for retail again (?)

• Mixture of banking & ecommerce transactions – great risk potential

• New competition for bank from Fintech start-ups.

• Fraud is expanding to new verticals

• Health, insurance, investment banking, airlines, etc…

• Fraudsters expand to target cryptocurrency platforms…

Major Attack Vectors on Crypto Currency


• Fraudster goal: monetary gain through

• Direct theft: wallet grabbing, asset theft, credential hijacking, transaction alteration

• Attacks on Exchanges, CC Burses and platforms

• Coin-wide attacks

• World wide prevalence

• Major players:

• Dridex - steals cryptocurrency wallets.

• Trickbot –

• Recent Blog by IBM X-Force, on TrickBot’s expansion to attack CryptoCurrecny platform to perform payee alteration

• Recently added coinbase.com

• The malware monitors the victim’s browsing habits and injects a fake login page whenever the user visits coinbase.com.

• HawkEye - Added Bitcoin wallet stealing to its arsenal.

• Cerber - The actors have resorted to stealing the coins from the wallet before encrypting the system.

• OSX/Miner-D - Steals Bitcoins and mines a system.

Scale of attacksCompany Country Industry Date Type Value

CoinDash Israel Financial Markets

17-Jul-17 Initial Coin Offering

>7M US$

Bithumb Republic of Korea

Financial Markets

29-Jun-17 Direct PC hacking

1M US$

CoinPouch USA Financial Markets

9-Nov-17 Wallet app service breach

~22M US$

Tether Hong Kong Financial Markets

21-Nov-17 Direct wallet hacking

31M US$

NiceHash Slovenia Financial Markets

6-Dec-17 Direct wallet hacking

~70M US$

Youbit Republic of Korea

Financial Markets

19-Dec-17 Direct wallet hacking

~60M US$


Providing Exceptional User Experience Securely

Support Business Growth – Expedite Digital Transformation


Build trust with the user while keeping focus on user experience

Lead a secure digital transformation, while preserving an exceptional customer experience

Business Growth

Expedite Digital Transformation

Build trust with the user while keeping focus on user experience

Digital Identity Analytics

The digital world has created heightened user expectations


Users want seamless mobile, online and cross-channel access

Convenience brings opportunities for new threats & risks

Threat mitigation can impact customer experience

Which contradicts with security mitigation factors

The digital world has created heightened user expectations


Device Spoofing

Users want seamless mobile, online and cross-channel access

Ineffective threat mitigation

Phishing Attacks

MitB

Social Engineering

SMS stealers& Overlay

Advanced Threats

Digital Identity Analytics

Account Registration

Existing account Login/Transaction

High Risk or fraud indication

Establish Sustain Recover

Digital transformation is changing the banking game

Digital experience & Open eco-system• Accelerate digital

functionality from any channel

• Seamlessly verify users in onboarding process to help reduce abandonment

• Increase new account creations with potential shorter lifetime of accounts

Evolving Threat Landscape• Rising identity fraud • Shift to open banking/ (API)

new opportunity for fraud • Personal data is readily

available

Compliance & Regulation• Faster Payments• PSD2• FFIEC

New Account Registration – Risk assessment Steps

KYC/AMLIdentity verification Is this person exist?

Identity assuranceAre you who you say you

are?

Identity riskCan we trust you?

CreditCredit score & worthiness

Transparently differentiate true users from fraudsters

• Enabling seamless digital onboarding process in real-time

• Deliver holistic view across digital channels with Pinpoint Detect integration

• Build your own policy with Policy Manager, exposing new account intelligence

• Help reduce risk and fraud losses

• Help reduce abandonment in the account creation process and sales processes

• Reduce the need to use expensive channels such as call center or branches

• Flexibility in tuning the user experience vs. risk

Transparent risk assessment in real-time for new account creation

Open Discussion


• How do you measure the user satisfaction from your digital channels? • Do your organization measure the security impact on user experience and

satisfaction?• Are there any clear goals / objectives on that to the fraud / security teams?

• What step-up auth. Mechanism are used today? • What percentage of activities are being 2FA?• Do you have goals to reduce these?• How do you measure their effectiveness?

• Digital registration process –• Which products are available digitally?• What are the processes to support them?• what are the challenges?


Building a Risk Eco-System

Building a Risk Eco-System


ANALYZERisk Indicators from multiple

sources – business & technical

UNDERSTANDKnown & unknown users,

browsers, devices

EVALUATEBehavioral patterns and

identify anomalies

SECUREMulti-channel access from

web, mobile, API, more

App Exchange

GATHERThreat intelligence & adapt

protections continuously

Consume:

3rd Party Identity & Device

Intelligence

Provide:

Dynamic Trust Scoring and

Authentication

Secure End-to-End Digital Customer Journey

Banking Insurance Communications Travel Retail

Expand Value through additional dataStreamline time-to-value

Trusteer Intelligence Eco-SystemIntelligence sources Marketplace

Enrich Trusteer offering value through streamlined capabilities of threats research, risks, data-elements to its Policy Manager.

This model shall expand to multiple vendors quicker

Use Case:

– Client buys 3rd party data sources directly,

– Trusteer streamlines integration into Pinpoint Detect Policy manager

– Client writes rules to use data sources

Prepackaged Intelligence and logic

• Provide packages of use-case specific crime-logic based on external data sources that enhances detection

• Use Case: Clients add 3rd party data source to Trusteer

contract (i.e. buy-through IBM) Trusteer Pinpoint team expand detection

policies using new intelligence source Client can customize polices in Policy

Manager*

* Not all 3rd party raw data elements will be available in Policy manager


PSD2 & Open Banking

PSD2 – Customer point of view

37

Today PSD2

Bank A

Kate(Customer)

Bank B Credit CardProvider

Third Party Aggregation

Bank A Bank B Credit CardProvider

Kate(Customer)

Kate (Customer) experience:

Kate can access all of her ‘payment’ accounts at once

Kate can view her account information and transactions in one place

Kate is not going to be charged a fee for access

Kate is enjoying faster and smoother buying experience

Kate is assured that her transactions are more secure, but yet frictionless

Open Banking: Two main use cases

• Third Party Provider (TPP)• Account Information Service Providers (AISP)

Kate

Customer ChannelAccount

Data AccessAPI Channel

Payment InitiatorMerchant

2. Payment

2. PaymentBank

Kate

Customer ChannelAccount

Data AccessAPI Channel

Aggregator

Bank

1. Account Information

1. Account Information

PSPPISP

TPPAISP

• Payment Service Providers (PSP)• Payment Initiation Service Provider (PISP)

Both scenarios can be realized with three simple steps

• On-boarding third party provider Integration with API management system Integration with Social Identity providers Strong Authentication

• User account enrolment and consent Risk assessment Consent management Strong Customer Authentication (SCA) for elevated risk

• Application / API Access or Payment Omni-channel fraud protection Multiple enforcement points Strong Customer Authentication (SCA) for elevated risk

1

2

3

40 IBM Security

Bring simple and strong verification to online services

Strike a balance between usability and security with multi-factor authentication

IBM Verify

41 IBM Security

Identify the difference between customers and fraudsters

Adaptive fraud protection using machine learning and advanced analytics

IBM Trusteer

• Cognitive phishing detection and protection

• Automated malicious pattern recognition

• Behavioral biometrics

42 IBM Security

Look Across Payment and Interaction Channels to Build a Complete Picture of a Customer’s Identity & Behavior

Omni-ChannelView InteractionChannelsCashCheck/DepositWire,ACH,Sepa,etcNPP,RTP,UKFP,etcDebitCardCreditCard…ProfileChangeProductChangePeopleChangeInquiry…

IVR

ATM

BranchPaym

entTypes

Non

-Financia

l Online(PC

)Mob

ileApp

CallC

enter

Picture ofCustomerBehavior

The full picture of the customer behavior across all payment

types and interaction channels

IBM Confidential

Closing and Next Steps

44 IBM Security

Continue the engagement this week at IBM Think

trusteer community day at think - march 18 2018 - final · • delivering an exceptional and secure...

Documents