November 18, 2014 - Hyatt Regency Dallas
ISMG's Fraud Summit is a one-day event focused exclusively
on the top fraud trends impacting organizations and the
mitigation strategies to overcome those challenges.
Managing Partner, Duane Morris LLP
Chief Analytics and Science Officer, ID Analytics
Special Agent, FBI
Vice President - Editorial, ISMG
Executive Editor, BankInfoSecurity & CUInfoSecurity
Regulatory Counsel, Consumer Bankers Association
Manager, Breach Response Services, LifeLock
Senior Industry Analyst, Fraud & Security, Javelin Strategy and Research
SVP, Enterprise Fraud Prevention Officer, Bank of the West
Partner, Faruki Ireland & Cox P.L.L.
President and CEO, Association of Certified Fraud Examiners
Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center
Program Director, Trusteer Global Product Marketing, IBM Security
Senior Director, Breach Response Services, LifeLock
Assistant United States Attorney, Northern District of Texas
8:00 am - 9:00 am
Registration & Breakfast
In June of this year, the "Ronald Reagan" batch of credit cards (potentially those stolen from P.F. Chang's) joined the "Barbarossa" batch from Target in becoming publicly available for purchase. They were featured on the popular Rescator card shop (stolen card data marketplace), which offers advanced features like money-back guarantees, pricing tiers and cardholder zip code grouping. This is indicative of the broad, deep and sophisticated underground "Fraud as a Service" network currently in operation. In this in-depth update session, we will learn:
- How is this underground economy structured?
- How is the "Deep Web" being utilized for fraud?
- What threat intelligence can we gather from it?
Presenter: George Tubin - Program Director, Trusteer Global Product Marketing, IBM Security.
See the startling results of meticulous analysis of hundreds of real-life insider attacks and learn about new technologies that are able to detect the anomalous behavior patterns often before fraud occurs.
The analysis results clearly indicate that, contrary to the majority of headlines, stealthy insiders pose a huge fraud risk to organizations, flying far under the radar for extended periods of time. These insiders are often senior, trusted staff with privileged access to accounts and valuable data. Alternately, innocent employees become pawns when they fall victim to social engineering or targeted attacks that lead to fraud. The following questions will be answered:
- How can I predict and/or detect an internal attack?
- What is the ratio of internal to external fraud attacks and their associated value?
- What types of attacks do internal actors carry out and why?
Mobile Fraud - What The Secret Service Has Discovered
Mobile banking is growing out of its infancy and expected to soon be the dominant banking and payments channel. But with the vast array of endpoints and software being utilized, multiple new threat vectors are being introduced. In this session, we'll see these issues from a truly unique perspective, that of a Secret Service agent who specializes in picking apart exactly how techniques such as rogue apps, mobile malware and SMiShing are employed and are evolving. See the results of intense analysis and investigation and how best to mitigate the risk while still being able to benefit from the flexibility and convenience of mobile banking and payments.
Presenter: Jeffrey Shaffer - Senior Special Agent, US Secret Service
Part 1: Fraud and Tomorrow's Breach Targets
For as long as data can be compromised and misused, businesses that store or transmit data will be at risk of compromise. Yet those industries and segments that are common targets today are implementing solutions, such as data obfuscation and advanced authentication, which will dramatically reduce their risk profile over the next few years. This changing security dynamic will force a shift in the behavior of opportunistic cybercriminals, resulting in new industries being targeted and new fraud schemes leveraging stolen data. Understanding how specific technologies and regulations will affect the availability of data sought by cybercriminals is critical for predicting which businesses will be at risk of data breaches and will suffer from the resulting fraud over the next 12, 24 and 36 months.
In this in-depth session we will learn:
- How current security initiatives and regulations will affect cybercriminals' choice of breach targets;
- Which industries or specific industry segments should prepare for increased attention from cybercriminals;
- Which solutions different industries can rely on to insulate themselves from future breach attempts;
- How businesses can prepare for the inevitable fraud implications of future third-party breaches.
Part 2: The Breach Threat and the Six Step Response Strategy
What is more difficult: guaranteeing your organization is impervious to a data breach or building an elevator to space? Is the breach really inevitable? Where are the "soft" fraud targets and how should an organization best respond? The absolute worst time to define your response strategy to a breach is immediately after you have been breached. In this session we'll discuss all this, plus outline a proven six-step response strategy to proactively craft an effective risk-based response.
Hyatt Regency Dallas
300 Reunion Boulevard
Dallas, TX 75207
Discover one of the city's most iconic downtown luxury hotels, sophisticated enough to please the most discerning business traveler. Take advantage of the downtown Dallas location. This landmark hotel is attached to the Reunion Tower, and adjacent to the historic district, West End, entertainment district, sports arenas, shopping meccas, business headquarters and Dallas Convention Center.
The ISMG Fraud Summits are made possible through the support of their sponsors