trusteer community day at think - march 18 2018 - final · • delivering an exceptional and secure...
TRANSCRIPT
IBM TrusteerADVANCED FRAUD PROTECTION USER GROUP
March 18, 2018
Welcome!
3 IBM Security
Agenda
Time Duration (min.)
Topic Speaker
10:15 15 Welcome and Introductions Jason Keenaghan
10:30 20 Trusteer Client Case Studies Shira Shacham
10:50 90 Roundtable: Emerging Challenges in Fraud• Recent Fraud Trends and Threat Landscape• Delivering an Exceptional and Secure User
Experience• Building a Risk Ecosystem• Open Banking and Protecting the API Channel
Nir Stern
12:20 10 Closing and Next Steps Jason Keenaghan
12:30 *** End of Session ***
4 IBM Security
Get to know the IBM Trusteer team in attendance
IBM CONFIDENTIAL
OFFERINGMANAGEMENT
ENGINEERING& SECURITY
CLIENTTEAM
PRODUCTMARKETING
JasonKeenaghan
GalFrishman
NickWetton
EileenTurner
NirStern
DoronBen-Ari
NicolasMeyerhoffer
ValerieBradford
SaritKozokin
ShiraShacham
KateReed
ShakedVax
RobRendell
AyeletAvni
FrankMendicino
MaximShifrin
MeirAsiskovich
5 IBM Security
LEADin strategic domains
IBM Security Strategy
SUPPORTthe CISO agenda Cloud Mobile and
Internet of ThingsComplianceMandates
SkillsShortage
AdvancedThreats
Cloud CollaborationCognitive
ACCELERATEwith key innovation
6 IBM Security
IBM Security Immune System
QRadar Incident ForensicsQRadar Network InsightsManaged Network SecuritySecure SD-WAN
X-Force Exchange | Malware AnalysisX-Force IRIS
Guardium | Multi-cloud Encryption | Key ManagerCritical Data Protection Services
Identity Governance and AccessCloud IdentityzSecureIdentity Management Services
MaaS360Mobile Device Management
TrusteerFinancial Malware and Threat Research
AppScanApplication Security on CloudX-Force RedSDLC Consulting
QRadar | Watson | Resilient | i2Security Operations Consulting
X-Force Command CentersX-Force IRIS
BigFixManagedDetection & Response
App ExchangeHybrid Cloud Security Services
ProductsServices
7 IBM Security
IBM Trusteer: The digital trust platform fueled by machine learning and AI
Servicing over 500 of leading organizations worldwide. Processing over 40 billion application accesses and over 1 billion user sessions every month.
Trusteer Pinpoint Platform
Trusteer Intelligence Cloud
Mobile SDK
Real-time Activity Risk Assessment (e.g. login, payment)
New Account Fraud
Detect(Malware / ATO)
Global Fraud DB
Rapport
IBM Safer Payments
(Omni-channel fraud protetion)
Trusteer Client Case Studies
9 IBM Security
Who we are?
10 IBM Security
Customers Case Studies - LATAM Bank
• A large bank in LATAM, a subsidiary of aglobal bank.
• Has Rapport (incl. phishing),Pinpoint and Mobile SDK
• PPCD for the business segment wasdeployed at the end of 2017, where theconfirmed fraud attempts number grew froma few each month to 68 in January2018.
• During 2017, they took down almost
3000 fake bankwebpages.
254
137
63
182
227248
147
322
502
410
284
334
523
3 2 3 1 1 1 3 2 10 4 7 268
Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17 Jan-18
11 IBM Security
T1 Bank in NA• PPD covers the Bank’s commercial application.
• During our 3 years there, we were able to help the bank against Dyre, Trickbotand most recently targeted spear phishing attacks.
• We are working with the bank on adjustments to our policies based on specific transaction types and the risk per each transaction type.
• Past 6 months data-
detection rates of 90% alert rate of 0.03%
Customers Case Studies
12 IBM Security
UK T1 bank• PPD platform deployed in 8 applications, on Retail, Commercial and Business
• In 2017 - Fraud trends have shifted to commercial and business mostly
• Main attack vectors are Malware redirection, RAT and sophisticated social engineering schemes.
• PPD stopped all losses from redirection attacks- Trickbot, Gozi and Dridex.
• Detection rates are ~ 65%, with alert rates below 0.05%. Most missed frauds are due to the legitimate user being manipulated to perform the
transaction. Transactional data is not shared with PPD today.
• Recently behavioral biometrics features were enabled and have further reduced alert rates (in around 40%)
Customers Case Studies
13 IBM Security
T1 Bank in France• PPD Platform protects several applications on the retail and commercial side including
Mobile protection and policy manager.
• Before implementing PPD Platform, the bank reported ~ 200 weekly fraud cases.
• Along side PPD the bank made some policy changes in their internal control, based on PPD risk assessment and was able to reduce loss significantly.
• PPD Platform detection rate is ~95% with alert rate as low as 0.01%
• Fraud attempts are now are as low as ~30 fraud cases per week. Main attack vector is Phishing
Customers Case Studies
Roundtable: Emerging Challenges in Fraud
Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation 15
Open Discussion
1. Recent Fraud Trends and Threat landscape
2. Providing exceptional user-experience securely
3. Building a Risk Eco-System
4. Open Banking
Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation 16
Recent Fraud Trends and Threat landscape
Global Trends in the Market
17Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
• Fraud is shifting:
• From mass attacks based on complex technology (i.e. malwares)
• To targeted attacks, very focused, and using combination of technology (Malwares, RATs) & social engineering.
• We also see shift from retail to business, to increase profitability
• For business applications – fraud is still a big issue in many cases
• For retail – experience is the key.
• Focus on behavioral analysis and behavioral biometrics
• Focus on smooth user experience and friendly authentication methods
• Mobile becomes the dominant channel
• Customers shift to mobile
• So does the fraudsters (many times in combination with web)
• While security is an agile space, mobile Apps by nature adopt very slowly
Example use-case
Malware installed
Steals credentials
Overlay attack
Attempts account takeover
Multi-Channel fraud journey
IBM Confidential - Shared Under NDA
Social Engineering Use-Cases Examples
IBM Confidential - Shared Under NDA
• Use Case #1: Fraudster calls customer claiming to be from Mobile Provider and claims
that there is a virus on the device. Informs customer that they can clean device for a small sum and also
requests RAT. Customer accepts RAT request, starts to complete the small payment. Fraudster takes over device, amending the payment sum.
• Use Case #2: Pure social engineering. The customer is convinced by the Fraudsters ruse and completes the whole
payment journey themselves.
• Use Case #3: Smishing driven MO. Customer receives a text which looks legitimate informing them they have
made a payment, and to call the number to report fraud. The customer does so and is told their account is compromised and the
fraudster then either convinces them to move the money, or follows a similar script to use case 1.
Mobile/WEB Features
ATO Detection
RAT Detection
Behavior Biometrics
Overlay attack detection
SMS stealing
Emulator Detection
Mobile/WEB Features
ATO Detection
Behavior Biometrics
Mobile/WEB Features
ATO Detection
Smishing Detection
Behavior Biometrics
Phone Number Intelligence
Global Trends in the Market
21Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
• Open banking (PSD2) may be a game changer in various aspects
• Limited visibility to users interaction
• New attacks, new threats, increase in frauds for retail again (?)
• Mixture of banking & ecommerce transactions – great risk potential
• New competition for bank from Fintech start-ups.
• Fraud is expanding to new verticals
• Health, insurance, investment banking, airlines, etc…
• Fraudsters expand to target cryptocurrency platforms…
Major Attack Vectors on Crypto Currency
22Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
• Fraudster goal: monetary gain through
• Direct theft: wallet grabbing, asset theft, credential hijacking, transaction alteration
• Attacks on Exchanges, CC Burses and platforms
• Coin-wide attacks
• World wide prevalence
• Major players:
• Dridex - steals cryptocurrency wallets.
• Trickbot –
• Recent Blog by IBM X-Force, on TrickBot’s expansion to attack CryptoCurrecny platform to perform payee alteration
• Recently added coinbase.com
• The malware monitors the victim’s browsing habits and injects a fake login page whenever the user visits coinbase.com.
• HawkEye - Added Bitcoin wallet stealing to its arsenal.
• Cerber - The actors have resorted to stealing the coins from the wallet before encrypting the system.
• OSX/Miner-D - Steals Bitcoins and mines a system.
Scale of attacksCompany Country Industry Date Type Value
CoinDash Israel Financial Markets
17-Jul-17 Initial Coin Offering
>7M US$
Bithumb Republic of Korea
Financial Markets
29-Jun-17 Direct PC hacking
1M US$
CoinPouch USA Financial Markets
9-Nov-17 Wallet app service breach
~22M US$
Tether Hong Kong Financial Markets
21-Nov-17 Direct wallet hacking
31M US$
NiceHash Slovenia Financial Markets
6-Dec-17 Direct wallet hacking
~70M US$
Youbit Republic of Korea
Financial Markets
19-Dec-17 Direct wallet hacking
~60M US$
Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation 24
Providing Exceptional User Experience Securely
Support Business Growth – Expedite Digital Transformation
25Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
Build trust with the user while keeping focus on user experience
Lead a secure digital transformation, while preserving an exceptional customer experience
Business Growth
Expedite Digital Transformation
Build trust with the user while keeping focus on user experience
Digital Identity Analytics
The digital world has created heightened user expectations
26Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
Users want seamless mobile, online and cross-channel access
Convenience brings opportunities for new threats & risks
Threat mitigation can impact customer experience
Which contradicts with security mitigation factors
The digital world has created heightened user expectations
27Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
Device Spoofing
Users want seamless mobile, online and cross-channel access
Ineffective threat mitigation
Phishing Attacks
MitB
Social Engineering
SMS stealers& Overlay
Advanced Threats
Digital Identity Analytics
Account Registration
Existing account Login/Transaction
High Risk or fraud indication
Establish Sustain Recover
Digital transformation is changing the banking game
Digital experience & Open eco-system• Accelerate digital
functionality from any channel
• Seamlessly verify users in onboarding process to help reduce abandonment
• Increase new account creations with potential shorter lifetime of accounts
Evolving Threat Landscape• Rising identity fraud • Shift to open banking/ (API)
new opportunity for fraud • Personal data is readily
available
Compliance & Regulation• Faster Payments• PSD2• FFIEC
New Account Registration – Risk assessment Steps
KYC/AMLIdentity verification Is this person exist?
Identity assuranceAre you who you say you
are?
Identity riskCan we trust you?
CreditCredit score & worthiness
Transparently differentiate true users from fraudsters
• Enabling seamless digital onboarding process in real-time
• Deliver holistic view across digital channels with Pinpoint Detect integration
• Build your own policy with Policy Manager, exposing new account intelligence
• Help reduce risk and fraud losses
• Help reduce abandonment in the account creation process and sales processes
• Reduce the need to use expensive channels such as call center or branches
• Flexibility in tuning the user experience vs. risk
Transparent risk assessment in real-time for new account creation
Open Discussion
32Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
• How do you measure the user satisfaction from your digital channels? • Do your organization measure the security impact on user experience and
satisfaction?• Are there any clear goals / objectives on that to the fraud / security teams?
• What step-up auth. Mechanism are used today? • What percentage of activities are being 2FA?• Do you have goals to reduce these?• How do you measure their effectiveness?
• Digital registration process –• Which products are available digitally?• What are the processes to support them?• what are the challenges?
Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation 33
Building a Risk Eco-System
Building a Risk Eco-System
34Think 2018 / Mar 19, 2018 / © 2018 IBM Corporation
ANALYZERisk Indicators from multiple
sources – business & technical
UNDERSTANDKnown & unknown users,
browsers, devices
EVALUATEBehavioral patterns and
identify anomalies
SECUREMulti-channel access from
web, mobile, API, more
App Exchange
GATHERThreat intelligence & adapt
protections continuously
Consume:
3rd Party Identity & Device
Intelligence
Provide:
Dynamic Trust Scoring and
Authentication
Secure End-to-End Digital Customer Journey
Banking Insurance Communications Travel Retail
Expand Value through additional dataStreamline time-to-value
Trusteer Intelligence Eco-SystemIntelligence sources Marketplace
Enrich Trusteer offering value through streamlined capabilities of threats research, risks, data-elements to its Policy Manager.
This model shall expand to multiple vendors quicker
Use Case:
– Client buys 3rd party data sources directly,
– Trusteer streamlines integration into Pinpoint Detect Policy manager
– Client writes rules to use data sources
Prepackaged Intelligence and logic
• Provide packages of use-case specific crime-logic based on external data sources that enhances detection
• Use Case: Clients add 3rd party data source to Trusteer
contract (i.e. buy-through IBM) Trusteer Pinpoint team expand detection
policies using new intelligence source Client can customize polices in Policy
Manager*
* Not all 3rd party raw data elements will be available in Policy manager
Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation 36
PSD2 & Open Banking
PSD2 – Customer point of view
37
Today PSD2
Bank A
Kate(Customer)
Bank B Credit CardProvider
Third Party Aggregation
Bank A Bank B Credit CardProvider
Kate(Customer)
Kate (Customer) experience:
Kate can access all of her ‘payment’ accounts at once
Kate can view her account information and transactions in one place
Kate is not going to be charged a fee for access
Kate is enjoying faster and smoother buying experience
Kate is assured that her transactions are more secure, but yet frictionless
Open Banking: Two main use cases
• Third Party Provider (TPP)• Account Information Service Providers (AISP)
Kate
Customer ChannelAccount
Data AccessAPI Channel
Payment InitiatorMerchant
2. Payment
2. PaymentBank
Kate
Customer ChannelAccount
Data AccessAPI Channel
Aggregator
Bank
1. Account Information
1. Account Information
PSPPISP
TPPAISP
• Payment Service Providers (PSP)• Payment Initiation Service Provider (PISP)
Both scenarios can be realized with three simple steps
• On-boarding third party provider Integration with API management system Integration with Social Identity providers Strong Authentication
• User account enrolment and consent Risk assessment Consent management Strong Customer Authentication (SCA) for elevated risk
• Application / API Access or Payment Omni-channel fraud protection Multiple enforcement points Strong Customer Authentication (SCA) for elevated risk
1
2
3
40 IBM Security
Bring simple and strong verification to online services
Strike a balance between usability and security with multi-factor authentication
IBM Verify
41 IBM Security
Identify the difference between customers and fraudsters
Adaptive fraud protection using machine learning and advanced analytics
IBM Trusteer
• Cognitive phishing detection and protection
• Automated malicious pattern recognition
• Behavioral biometrics
42 IBM Security
Look Across Payment and Interaction Channels to Build a Complete Picture of a Customer’s Identity & Behavior
Omni-ChannelView InteractionChannelsCashCheck/DepositWire,ACH,Sepa,etcNPP,RTP,UKFP,etcDebitCardCreditCard…ProfileChangeProductChangePeopleChangeInquiry…
IVR
ATM
BranchPaym
entTypes
Non
-Financia
l Online(PC
)Mob
ileApp
CallC
enter
Picture ofCustomerBehavior
The full picture of the customer behavior across all payment
types and interaction channels
IBM Confidential
Closing and Next Steps
44 IBM Security
Continue the engagement this week at IBM Think