Fraud Summit

New York

October 21, 2014 - Hilton Meadowlands

ISMG's Fraud Summit is a one-day event focused exclusively
on the top fraud trends impacting organizations and the
mitigation strategies to overcome those challenges.
SPEAKERS
Matt Anthony

Matt Anthony
Vice President of Marketing, Pindrop Security

David Balcar

David Balcar
Sr. Systems Engineer, Fraud Prevention, Kaspersky Lab

Joseph Bizzarro

Joseph Bizzarro
Inspector, U.S. Postal Inspection Service

Todd T. Brungard

Todd T. Brungard
Vice President & BSA Officer, Peapack-Gladstone Bank

Eric Chabrow

Eric Chabrow
Executive Editor, GovInfoSecurity & InfoRiskToday

Jeffrey Dant

Jeffrey Dant
Special Agent, U.S. Secret Service

David Duncan

David Duncan
Chief Marketing Officer, Webroot

Alisdair Faulkner

Alisdair Faulkner
Chief Products Officer, ThreatMetrix

Tom Field

Tom Field
Vice President - Editorial, ISMG

Ian Howells

Ian Howells
CMO, Argyle Data

Lance James

Lance James
Head of Cyber Intelligence, Deloitte & Touche

Bryan Jardine

Bryan Jardine
Product Manager, Easy Solutions

Tracy Kitten

Tracy Kitten
Executive Editor, BankInfoSecurity & CUInfoSecurity

Brian McHenry

Brian McHenry
Security Solutions Architect, F5 Networks

Dan Mitchell

Dan Mitchell
Attorney for Fraud Victim PATCO Construction

Anant Nambiar

Anant Nambiar
VP and General Manager, Global Fraud and Security Solutions, FICO

Eduardo Perez

Eduardo Perez
Senior Vice President, North America Risk Services, Visa Inc.

Thomas Rand-Nash

Thomas Rand-Nash
Director of Operations and Strategy, Brighterion

Nathalie Reinelt

Nathalie Reinelt
Analyst, Aite Group

Bob Russo

Bob Russo
Transitioning General Manager, PCI Security Standards Council

Volkmar Scharf-Katz

Volkmar Scharf-Katz
Former Chief IP Networks Partner, R&D and Head of Service Platform, Vodafone

Eric Thompson

Eric Thompson
IT Threat Strategist, RSA

Randy Trzeciak

Randy Trzeciak
Insider Threat Research Team Technical Lead, CERT

Vipul Vyas

Vipul Vyas
Vice President of Client Solutions, Verint

Tim Webb

Tim Webb
Senior VP Fraud Management, Citizens Financial Group

SCHEDULE
8:00 am - 9:00 am

Registration & Breakfast

9:00 am - 9:30 am

Payment Card Fraud and the Merchant Challenge

Payment card fraud remains a top challenge for merchants and financial institutions alike. The latest wrinkle: Breached retailers such as Target and Home Depot, whose compromises led to wholesale card fraud. Card issuers absorb increasing losses linked to debit and credit fraud, yet they have little control over the third-party points of compromise. What are the latest payment card security controls to protect card data - and where are the security gaps that are allowing the fraudsters to penetrate the defenses? Join Bob Russo of the PCI Security Standards Council, the organization that develops technical standards and resources for securing payment card data, for a frank conversation on:

  • The current state of payment security;
  • Updates on the latest PCI standards and solutions;
  • How merchants and banking institutions can leverage these resources as part of a layered approach to minimize risk to card data and reduce PCI DSS scope.

Panelists: Tom Field - Vice President - Editorial, ISMG; Bob Russo - Transitioning General Manager, PCI Security Standards Council;

9:30 am - 10:00 am

2014 Faces of Fraud

As the Target and Home Depot incidents prove: Retail point-of-sale breaches are on the rise, creating greater payment card fraud headaches for banking institutions. How does the impact of these crimes compare to that of account takeover, check fraud, insider crimes and the emerging realms of virtual and mobile payments?

Receive insights from BankInfoSecurity's latest "Faces of Fraud" survey, as well as expert analysis of:

  • Today's most predominant and damaging fraud incidents impacting banking institutions and their customers;
  • New anti-fraud investments institutions are making to thwart the fraudsters and satisfy the demands of regulatory agencies.

Panelists: Tom Field - Vice President - Editorial, ISMG; Tim Webb - Senior VP Fraud Management, Citizens Financial Group; Bryan Jardine - Product Manager, Easy Solutions;

10:10 am - 11:10 am

Call Center Fraud: The Latest Scams and Strategies

Contact centers increasingly are the key "soft" targets for fraudsters who impersonate legitimate customers to alter or obtain information. This information is then used to facilitate direct and cross-channel fraud, which can be very difficult to tie back to the call-center entry point. How do fraudsters conduct these attacks, and how can financial institutions fight back with voice biometrics and other technology solutions? Learn:

  • How can I protect my call centers from attack?
  • The social engineering techniques fraudsters use to deceive call-center staff;
  • How this information leads to direct or cross-channel fraud - and why it's so tough to track;

Panelists: Todd T. Brungard - Vice President & BSA Officer, Peapack-Gladstone Bank; Matt Anthony - Vice President of Marketing, Pindrop Security;

Threat Intelligence & the Underground Eco-System

Part 1 - Fraud Ecosystem

In June this year, the "Ronald Reagan" batch of credit cards (potentially those stolen from P.F. Chang's) joined the "Barbarossa" batch from Target in becoming publicly available for purchase. These cards were featured on the popular Rescator card shop (stolen card data marketplace), which offers advanced features like money-back guarantees, pricing tiers and cardholder zip code grouping. This is indicative of the broad, deep and sophisticated underground "Fraud as a Service" network currently in operation. In this in-depth update session, we will learn:

  • How is this underground economy structured?
  • How is the 'Deep Web' being utilized for fraud?
  • What Threat Intelligence can we gather from it?

Part 2 - Threat Intelligence

Collecting security- and fraud-related data from multiple sources can often just result in creating a very large pool of unrelated facts. But begin to add context to that data and you now have information. Triangulate multiple pieces of information together and you can create intelligence, indicative of a real and active threat. This session will answer questions such as:

  • How can I create Actionable Intelligence from data feeds?
  • How will emerging threat information exchange specifications such as TAXII/STIX effect our ability to collect and share standardized threat information with the broader community.
  • How do I best select and combine internal context and event information with the various open source and commercial external threat intelligence feeds available?

Presenter: Eric Thompson - IT Threat Strategist, RSA;

11:10 am - 11:30 am

Break

11:30 am - 12:30 pm

Insider Fraud Detection - The Appliance of Science and Artificial Intelligence

See the startling results of meticulous analysis of hundreds of real-life insider attacks and learn about new technologies that are able to detect the anomalous behavior patterns often before fraud occurs.

The analysis results clearly indicate that, contrary to the majority of headlines, stealthy insiders pose a huge fraud risk to organizations, flying far under the radar for extended periods of time. These insiders are often senior, trusted staff with privileged access to accounts and valuable data. Alternately, innocent employees become pawns when they fall victim to social engineering or targeted attacks that lead to fraud. The following questions will be answered:

  • How can I predict and/or detect an internal attack?
  • What is the ratio of internal to external fraud attacks and their associated value?
  • What types of attacks do internal actors carry out and why?

Panelists: Thomas Rand-Nash - Director of Operations and Strategy, Brighterion; Randy Trzeciak - Insider Threat Research Team Technical Lead, CERT;

Adversarial Machine Learning for Fraud Detection: How Can Organizations Benefit from the Pioneering Work of the NSA and Facebook?

How is technology evolving to analyze multiple and massive streams of data in real time to detect fraudulent activity? The NSA has pioneered data collection techniques at a staggering scale, potentially monitoring all activity for an entire country. Facebook has pioneered adversarial machine learning fraud detection into an "immune system" that can carry out tens of billions of checks per day to find patterns where the fraudsters are purposefully trying not to create any. We will discuss how the combination and augmentation of these technologies with deep packet inspection enables organizations to deploy them. We will also learn how such a solution could:

  • Analyze sparsely populated data sets that may have millions of distinct features;
  • Learn what a negative pattern is where none existed before;
  • Perform this analysis in real time and at a massive scale.

Panelists: Volkmar Scharf-Katz - Former Chief IP Networks Partner, R&D and Head of Service Platform, Vodafone; Ian Howells - CMO, Argyle Data;

12:30 pm - 1:30 pm

Luncheon

1:30 pm - 2:30 pm

Attacking Payment Card Fraud Where It Is Most Vulnerable: Voice Biometrics In the Call Center and The Shifting Legal Landscape

Part 1 - Voice Biometrics in the Call Center

See how the detailed analysis of millions of voice-based transactions has produced a "signal in the noise." From large-scale analysis, clear patterns emerge of how stolen payment card information is actually qualified, updated and adapted for monetization. This process is most often carried out by social engineering at the call center. In a large, real-world deployment, voice biometrics learned these patterns and drastically reduced losses.

The session will focus on a case study of global card issuers who have tried a unique application of voice biometrics through their call center to mitigate fallout from breaches. The session will answer questions such as:

  • What does the fraud cycle look like following a data breach, i.e., the path from breach to wholesale distribution of stolen identities in "card shops" into the hands of professional fraudsters?
  • How is the call center an important touch point in the fraud lifecycle, including online or counterfeit fraud?
  • What are the attack vectors and patterns over time of fraudsters following a breach? The session will provide detailed measurements on fraudster behavior at global financial institutions.
  • How is voice biometrics in the call center able to recognize compromised accounts early in the fraud cycle? Can that preempt fraud losses and customer exposure?

Part 2 - Choice Escrow and the Shifting Legal Landscape

It has been three years since the FFIEC issued updated guidance aimed in part at curtailing incidents of corporate account takeover. Yet, banking/security leaders today say their current anti-fraud investments have done little to reduce fraud incidents or losses. And high-profile cases such as the Choice Escrow case continue to dominate the news and influence new legal decisions. What are the current legal trends regarding account takeover, what do the latest court rulings say about the distinct roles and responsibilities of the bank and the customer when it comes to fraud prevention?

Panelists: Vipul Vyas - Vice President of Client Solutions, Verint; Dan Mitchell - Attorney for Fraud Victim PATCO Construction;

Payment Card Fraud: The Present and the Future

Payment card fraud remains a top challenge for financial institutions. The latest wrinkle: Breached retailers such as Target and Home Depot, whose compromises led to wholesale card fraud. Card issuers absorb increasing losses linked to debit and credit fraud, yet they have little control over the third-party points of compromise. Hear how institutions are fighting back with behavioral analytics, merchant/customer education campaigns and detection technologies that trace fraud back to the point of compromise. And take a look at the future, post-EMV, and see what new waves of payment card fraud merchants and banking institutions can expect to see.

Panelists: Tim Webb - Senior VP Fraud Management, Citizens Financial Group; Brian McHenry - Security Solutions Architect, F5 Networks;

2:40 pm - 3:50 pm

Mobile Fraud: Understanding the Unknown and Reaping the Rewards of Mobile Banking

Mobile banking is growing out of its infancy and experts predict it will soon be the dominant banking and payments channel. With the vast array of endpoints being utilized, and multiple threat vectors being introduced, how are the threats of rogue mobile apps, mobile malware and SMiShing evolving? What vectors are unknown and how do we prepare for them? What are the risks inherent in mobile payments? This session reviews these emerging mobile malware threats, their impact on banking institutions and the latest technology solutions to help mitigate the risks.

Presenter: David Duncan - Chief Marketing Officer, Webroot;

Visualization of Big Data Analytics

Traditionally, big data, analytics and visualization tools have been used after the fact to analyze fraud and security breaches. In this session, we will demonstrate the proactive use of these technologies to help prevent these attacks from occurring in the first place.

Leveraging findings from massive scale, real-life global network activity and transaction monitoring, we will discuss:

  • How big data analytic modeling can be used to visualize the scope of both device and online persona threats;
  • How to generate sophisticated transaction risk assessments by analyzing the context and patterns of prior visitor behavior;
  • How to create indicators of cyber fraud activity by detecting malware infections, VPN and proxy masking, MitB and phishing detection and bot detection.

Presenter: Alisdair Faulkner - Chief Products Officer, ThreatMetrix;

Fraud Management: Real Time Fraud Analytics to Reduce Friction and Improve the Customer Experience

Real-time, customer-centric fraud prevention starts with transforming fraud management into an area of competitive advantage. Innovations in analytics and the ability to respond in real-time are now allowing financial services organizations to effectively address various fraud issues across their products and, at the same time, deliver services to customers on the terms they demand - which should be both frictionless and non-invasive. This session will highlight the current trends in fraud management as well as insights on groundbreaking analytic technologies - multi-layered self-calibrating analytics and adaptive analytics - that are changing the way fraud systems decode your customers' behavior in real-time so you can reduce false positives and respond as your customers expect.

Join this session to gain insights on:

  • The role of big data in fraud management;
  • Reducing false positives and improving the customer experience;
  • How fraud alerts can drive customer loyalty.

Presenter: Anant Nambiar - VP and General Manager, Global Fraud and Security Solutions, FICO;

3:50 pm - 4:10 pm

Break

4:10 pm - 5:10 pm

Fraud Investigations: How to Work Effectively with Law Enforcement and Government

Public sector organizations need to better understand the driving forces, priorities and procedures within the organizations they "protect," but equally as important is that the private sector organizations reciprocate and understand the how, what and why of the law enforcement/public body process.

This mutual understanding of each other's missions is pivotal to positive and impactful collaboration. The session will examine a number of high-profile cases identifying best practices and a framework for how lasting relationships can be built, along with the positive impact on organizational and operational objectives.

Panelists: Joseph Bizzarro - Inspector, U.S. Postal Inspection Service; Jeffrey Dant - Special Agent, U.S. Secret Service;

Mobile Fraud - Leveraging Threat Intelligence in Mobile Banking and the Risks of Virtual Currencies

Part 1 - Leveraging Global Threat Intelligence to Secure Mobile Banking

To secure our growing dependence on mobile devices, it is critical that we keep a constant eye on the current threat landscape. Only by continuously monitoring and analyzing malicious activity can an appropriate defense be crafted. There are now more than 10 million malicious apps in circulation, and many of them are very effective at their fraudulent objectives. In this session, see how "knowing your enemy" can lead to effective detection and denial of those objectives.

Part 2 - Bitcoin and the Risks of Virtual Currencies

Online transactions come with a litany of risks, and in the case of traditional credit card payments, the merchants are saddled with all of them when fraudulent transactions come to light. Accepting Bitcoin offers one very important upside for merchants: no chargebacks. This is a big deal for online merchants that are constantly having to revise their risk-mitigation strategies to address their Achilles' heel - online fraud.

As a consumer, though, holding Bitcoins still comes with great risks, primarily because Bitcoin is an ill-defined, unregulated, uninsured, highly volatile cryptocurrency that few people understand well enough to use.

In this session, Aite's Nathalie Reinelt offers fresh insight into:

  • What Bitcoin is (and isn't);
  • How Bitcoin works;
  • The key risks, including the volatility of the virtual currency, why it's attractive to criminals, and the security risks for consumers.

A must-see briefing for security leaders who need to learn more about what some call the future of electronic payments.

Panelists: Nathalie Reinelt - Analyst, Aite Group; David Balcar - Sr. Systems Engineer, Fraud Prevention, Kaspersky Lab;

5:15 pm - 5:45 pm

Future of Payment Card Security

Recent large-scale data compromises have undoubtedly captured the attention of executives and policymakers alike. Beyond the financial consequences, one positive outcome has been a renewed focus by financial institutions and retailers to advance payment system security. From EMV to tokenization and encryption, the industry must make coordinated efforts to close more opportunities for criminals to erode trust in the payment system.

Presenter: Eduardo Perez - Senior Vice President, North America Risk Services, Visa Inc.;

5:45 pm - 6:00 pm

Closing Remarks

6:00 pm - 7:00 pm

Cocktail Reception

VENUE
Hilton Meadowlands

2 Meadowlands Plaza
East Rutherford, NJ 07073
, NY

The Hilton Meadowlands hotel near MetLife Stadium offers a convenient location minutes from New York City. This high-rise East Rutherford hotel provides easy access via complimentary shuttle service to public transportation and major highways, making it easy to reach New York City. Guests at this welcoming hotel near Secaucus, NJ, enjoy proximity to numerous shopping and dining options and the best sports and entertainment venues in New Jersey.

TRAVEL & DIRECTIONS INFO >

SPONSORS

The ISMG Fraud Summit Series is made possible through the support of it's sponsors:

ThreatMetrix
Verint
SUPPORTING PARTNERS
ACT Canada Cyber Safety by Design HTCIA Informatica Security and Privacy ISC2 Marketing Partner ISSA Marketing Partner OWASP - Partner Fraud Summit San Francisco 2014
Register today to reserve your seat.
Register Now

Need to justify your attendance? Download our ROI guide that outlines the benefits.