Fraud Summit

Dallas

November 18, 2014 - Hyatt Regency Dallas

ISMG's Fraud Summit is a one-day event focused exclusively
on the top fraud trends impacting organizations and the
mitigation strategies to overcome those challenges.
SPEAKERS
Joseph Burton

Joseph Burton
Managing Partner, Duane Morris LLP

Stephen Coggeshall

Stephen Coggeshall
Chief Analytics and Science Officer, ID Analytics

Tom Field

Tom Field
Vice President - Editorial, ISMG

Tracy Kitten

Tracy Kitten
Executive Editor, BankInfoSecurity & CUInfoSecurity

Kate Larson

Kate Larson
Regulatory Counsel, Consumer Bankers Association

Domenic Paci

Domenic Paci
Manager, Breach Response Services, LifeLock

Al Pascual

Al Pascual
Senior Industry Analyst, Fraud & Security, Javelin Strategy and Research

David Pollino

David Pollino
SVP, Enterprise Fraud Prevention Officer, Bank of the West

Ronald Raether

Ronald Raether
Partner, Faruki Ireland & Cox P.L.L.

James Ratley

James Ratley
President and CEO, Association of Certified Fraud Examiners

Dennis Simmons

Dennis Simmons
CEO, SWACHA

Michael Theis

Michael Theis
Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

George Tubin

George Tubin
Program Director, Trusteer Global Product Marketing, IBM Security

Eric Warbasse

Eric Warbasse
Senior Director, Breach Response Services, LifeLock

Paul Yanowitch

Paul Yanowitch
Assistant United States Attorney, Northern District of Texas

SCHEDULE
8:00 am - 9:00 am

Registration & Breakfast

9:00 am - 9:30 am

2014 Faces of Fraud

As the Target and Home Depot incidents prove: Retail point-of-sale breaches are on the rise, creating greater payment card fraud headaches for banking institutions. How does the impact of these crimes compare to that of account takeover, check fraud, insider crimes and the emerging realms of virtual and mobile payments?

Receive insights from BankInfoSecurity's latest "Faces of Fraud" survey, as well as expert analysis of:

  • Today's most predominant and damaging fraud incidents impacting banking institutions and their customers;
  • New anti-fraud investments institutions are making to thwart the fraudsters and satisfy the demands of regulatory agencies.
  • Panelists: Tom Field - Vice President - Editorial, ISMG; Kate Larson - Regulatory Counsel, Consumer Bankers Association; David Pollino - SVP, Enterprise Fraud Prevention Officer, Bank of the West;

9:30 am - 10:00 am

Keynote: The State of Fraud Today

This session will set the stage for the rest of the day, describing how in the last few years we have seen an explosion of technological innovations which have brought many opportunities for commercial growth and consumer convenience. This growth has, however, come at a price. This almost unchecked pace of change has brought with it new vulnerabilities and opportunities for criminals to become even more innovative and successful in perpetrating fraud.

Presenter: Stephen Coggeshall - Chief Analytics and Science Officer, ID Analytics;

10:05 am - 10:50 am

Consumer Fraud Awareness: What's Working, What's Not & What's Next?

With social engineering, phishing and a host of other attacks on the rise, the consumer remains the most vulnerable link in the fraud chain. Banks and financial institutions are helping to lead the way in education, supported by organizations like the FFIEC which recently issued new guidance on security awareness for banking customers. Leading fraud expert and author David Pollino, named a Top 10 Influencer by BankInfoSecurity, discusses:

  • The latest developments in fraud prevention education and awareness;
  • Best practices in social engineering assessments;
  • Balancing the fine line between education and fear mongering.

Presenter: David Pollino - SVP, Enterprise Fraud Prevention Officer, Bank of the West;

The Fraud Ecosystem and the Deep Web

In June of this year, the "Ronald Reagan" batch of credit cards (potentially those stolen from P.F. Chang's) joined the "Barbarossa" batch from Target in becoming publicly available for purchase. They were featured on the popular Rescator card shop (stolen card data marketplace), which offers advanced features like money-back guarantees, pricing tiers and cardholder zip code grouping. This is indicative of the broad, deep and sophisticated underground "Fraud as a Service" network currently in operation. In this in-depth update session, we will learn:

  • How is this underground economy structured?
  • How is the "Deep Web" being utilized for fraud?
  • What threat intelligence can we gather from it?

Presenter: George Tubin - Program Director, Trusteer Global Product Marketing, IBM Security;

10:50 am - 11:20 am

Break & Exhibit Browsing

11:20 am - 12:20 pm

Policy Driven Security - Deploy Only Those Security Technologies and Controls That You Need

Ripped from today's headlines in which company after company is reporting breaches of their information security, this session will provide a fresh perspective on some tried and true information security practices. While companies rush to spend dollars on improved technologies and contracting with third parties to build bigger fortresses around their data, many of them fail to address information security at the fundamental level through sound data governance and the implementation of layered security. Information security technology is only as good as the people using that technology and the policies under which such technology is implemented.

Returning to the Fraud Summit, attorney Ron Raether will speak on the importance of an enterprise-wide data governance policy, to include real-world examples of policy driving technology selection and implementation. Ron will also discuss the importance of security in depth and how such data governance should serve as but one of many layers in an enterprise-wide information security plan, tying these concepts into various regulatory regimes.

Presenter: Ronald Raether - Partner, Faruki Ireland & Cox P.L.L.;

Insider Fraud Detection - The Appliance of Science

See the startling results of meticulous analysis of hundreds of real-life insider attacks and learn about new technologies that are able to detect the anomalous behavior patterns often before fraud occurs.

The analysis results clearly indicate that, contrary to the majority of headlines, stealthy insiders pose a huge fraud risk to organizations, flying far under the radar for extended periods of time. These insiders are often senior, trusted staff with privileged access to accounts and valuable data. Alternately, innocent employees become pawns when they fall victim to social engineering or targeted attacks that lead to fraud. The following questions will be answered:

  • How can I predict and/or detect an internal attack?
  • What is the ratio of internal to external fraud attacks and their associated value?
  • What types of attacks do internal actors carry out and why?

Panelists: Michael Theis - Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center; James Ratley - President and CEO, Association of Certified Fraud Examiners;

12:20 pm - 1:20 pm

Lunch & Exhibit Browsing

1:20 pm - 1:30 pm

Technology Spotlight: Identity Theft Protection Using Advanced Analytics

See how LifeLock's threat detection, proactive identity alerts and comprehensive remediation services help provide peace of mind for consumers and enterprises amid the growing threat of identity theft. This technology presentation will demonstrate how leveraging unique data, science and patented technology from their ID Analytics subsidiary offers identity theft protection that goes significantly beyond credit monitoring

Presenter: Domenic Paci - Manager, Breach Response Services, LifeLock;

1:30 pm - 2:30 pm

2014's Top 10 Fraud Stories: What Lessons Can We Learn, and What Can We Expect in the Year Ahead?

Over the last year, the financial-services industry has seen card breach after card breach, heating the debate between merchants and banks about who should pay for the losses and recovery expenses that inevitably come in their wake. During this review of the year's top stories and anticipated trends for 2015, we will discuss how that debate has pushed governing bodies, banks and retailers to look ahead to new technologies such as EMV, and has increased the opportunities for deployment of mobile payments solutions like Apple Pay.

Let's also not forget the host of other fraudulent schemes, such as online attacks linked to ransomware and emerging ATM malware, which also have affected how we view financial security. In this interactive review of the year, we'll answer such questions as:

  • Why POS malware continues to be so successful?
  • How PCI is and is not becoming a more "viable" payments security standard?
  • Can we point a finger at retailers for poor security, when banks, such as Chase, are getting breached, too?

Panelists: Tracy Kitten - Executive Editor, BankInfoSecurity & CUInfoSecurity; Al Pascual - Senior Industry Analyst, Fraud & Security, Javelin Strategy and Research;

Mobile Fraud - What The Secret Service Has Discovered

Mobile banking is growing out of its infancy and expected to soon be the dominant banking and payments channel. But with the vast array of endpoints and software being utilized, multiple new threat vectors are being introduced. In this session, we'll see these issues from a truly unique perspective, that of a Secret Service agent who specializes in picking apart exactly how techniques such as rogue apps, mobile malware and SMiShing are employed and are evolving. See the results of intense analysis and investigation and how best to mitigate the risk while still being able to benefit from the flexibility and convenience of mobile banking and payments.

Presenter: Jeffrey Shaffer - Senior Special Agent, US Secret Service

2:40 pm - 3:40 pm

Fraud Investigations: How to Work Effectively with Law Enforcement and Government

Law enforcement agencies have gained incredible clarity into the perpetrators of fraud, their motives and methods as well as their victims, the cost to the industry and developing trends. But to effectively investigate and prosecute these crimes, public-sector organizations need to better understand the driving forces, priorities and procedures within the organizations they "protect." But equally as important is that the private-sector organizations reciprocate and understand the how, what and why of the law enforcement/public body process. This mutual understanding of each other's missions is pivotal to positive and impactful collaboration.

Join this panel of highly experienced experts, including a federal prosecutor, Secret Service and FBI agents and an attorney, to discuss how these relationships can be built and the positive impact that has on cooperation.

Panelists: Paul Yanowitch - Assistant United States Attorney, Northern District of Texas; Joseph Burton - Managing Partner, Duane Morris LLP;

Preparing For and Responding To Large Scale Data Breaches

Part 1: Fraud and Tomorrow's Breach Targets

For as long as data can be compromised and misused, businesses that store or transmit data will be at risk of compromise. Yet those industries and segments that are common targets today are implementing solutions, such as data obfuscation and advanced authentication, which will dramatically reduce their risk profile over the next few years. This changing security dynamic will force a shift in the behavior of opportunistic cybercriminals, resulting in new industries being targeted and new fraud schemes leveraging stolen data. Understanding how specific technologies and regulations will affect the availability of data sought by cybercriminals is critical for predicting which businesses will be at risk of data breaches and will suffer from the resulting fraud over the next 12, 24 and 36 months.

In this in-depth session we will learn:

  • How current security initiatives and regulations will affect cybercriminals' choice of breach targets;
  • Which industries or specific industry segments should prepare for increased attention from cybercriminals;
  • Which solutions different industries can rely on to insulate themselves from future breach attempts;
  • How businesses can prepare for the inevitable fraud implications of future third-party breaches.

Part 2: The Breach Threat and the Six Step Response Strategy

What is more difficult: guaranteeing your organization is impervious to a data breach or building an elevator to space? Is the breach really inevitable? Where are the "soft" fraud targets and how should an organization best respond? The absolute worst time to define your response strategy to a breach is immediately after you have been breached. In this session we'll discuss all this, plus outline a proven six-step response strategy to proactively craft an effective risk-based response.

Panelists: Eric Warbasse - Senior Director, Breach Response Services, LifeLock; Al Pascual - Senior Industry Analyst, Fraud & Security, Javelin Strategy and Research;

3:40 pm - 4:10 pm

Break & Exhibit Browsing

4:10 pm - 5:25 pm

The Future Of Payment Security: Where Do We Go From Here And Who Is Liable When We Get There?

Retail breaches are endemic in the U.S. primarily due to the lack of effective, in-person payment card security. As the rest of the world has embraced EMV, perhaps there is an opportunity for the U.S. to leapfrog even that significant level of security with technologies such as tokenization (as employed in the burgeoning Apple Pay) and Point-to-Point (P2P) encryption. Join this esteemed panel of industry leaders to discuss the current state of play, where we should be going, how to get there and the shifting liability landscape along the way.

Panelists: Paul Yanowitch - Assistant United States Attorney, Northern District of Texas; Kate Larson - Regulatory Counsel, Consumer Bankers Association; Joseph Burton - Managing Partner, Duane Morris LLP; Dennis Simmons - CEO, SWACHA;

5:30 pm - 6:30 pm

Networking & Cocktail Reception

VENUE
Hyatt Regency Dallas

300 Reunion Boulevard
Dallas, TX 75207

Discover one of the city's most iconic downtown luxury hotels, sophisticated enough to please the most discerning business traveler. Take advantage of the downtown Dallas location. This landmark hotel is attached to the Reunion Tower, and adjacent to the historic district, West End, entertainment district, sports arenas, shopping meccas, business headquarters and Dallas Convention Center.

TRAVEL & DIRECTIONS INFO >

SPONSORS

The ISMG Fraud Summit Series is made possible through the support of it's sponsors:

ThreatMetrix
Verint
SUPPORTING PARTNERS
ACT Canada Cyber Safety by Design HTCIA Informatica Security and Privacy ISC2 Marketing Partner ISSA Marketing Partner OWASP - Partner Fraud Summit San Francisco 2014
Save $100 with an early registration.
Register Now

Need to justify your attendance? Download our ROI guide that outlines the benefits.