This document discusses intelligence driven fraud prevention strategies. It notes that fraud prevention has become more complex due to evolving threats from cybercriminals. An intelligence driven approach uses visibility, analytics, and risk-based authentication to balance security, user experience, and organizational risk tolerance. The approach analyzes user behavior and device data across channels to detect anomalies and take targeted action.
Unleash Your Potential - Namagunga Girls Coding Club
Intelligence-Driven Fraud Prevention
1. INTELLIGENCE DRIVEN FRAUD PREVENTION
RSA Whitepaper
OVERVIEW
If you were in business 15 years ago, the term “cybercrime” was just hitting the
mainstream and cyber criminals were transitioning from showing off technical skills to
using those skills to disrupt and steal from individuals and businesses. As threats from
cyber criminals became more pervasive and sophisticated, so did businesses’ attempts
to minimize damage from these threats. What began as the IT annoyance of protecting
email and web sites from spam has transformed into battle against a global fraud-as-a-service
business that is an expert at targeting company financial, product, and staff
information, as well as consumer banking, healthcare and ecommerce transactions.
Today cybercrime is big business with statistics to prove it:
• Card-Not-Present fraud will account for $2.9 billion in fraud losses to U.S. businesses
this year and is expected to more than double by 2018 (Aite Group)
• In 2013, one in every seven payment cards in the U.S. was exposed to a data breach
(Discover)
• One million high risk and malicious android apps were detected in 2013 (Trend
Micro)
• This year data breaches have affected high-profile retailers, high tech companies,
financial institutions, universities, healthcare providers and even the IRS
• In the first half of 2014, phishing alone resulted in $2.2 billion in losses to global
companies (RSA Anti-Fraud Command Center)
• A targeted cybercrime attack costs an average of $214,000 per incident (Ponemon
Institute)
• Global losses from Corporate Account Takeover was $523M in 2013 and estimated to
reach nearly $800M in 2016 (Aite Group)
• A DDoS attack can cost a retailer $3.4 million in losses for 1 hour of downtime on
Cyber Monday, not to mention the reputational losses associated with brand damage
and reduced consumer confidence (Ponemon Institute)
Add the need to deal with evolving new technologies like smart devices, cloud services,
big data, and social networking sites and it’s clear that most fraud prevention models
weren’t built to handle this constantly shifting landscape.
2. Intelligence Driven Fraud Prevention
CONTENTS
Overview..................................................................................................................... 1
Defining the “New Normal”.......................................................................................... 3
See More, Understand Better, Act Faster...................................................................... 3
The Balance Challenge................................................................................................ 4
Risky Business: Risk-based Authentication.................................................................. 5
Putting Intelligence into Action.................................................................................... 5
Stepping Up to the Step-up Authentication Plate..........................................................6
Running with the Big Data............................................................................................6
Conclusion.................................................................................................................. 7
Intelligence Driven Fraud Prevention Solutions from RSA.............................................. 7
RSA® FRAUDACTION™ SERVICE..................................................................................8
RSA Web Threat Detection........................................................................................9
RSA Adaptive Authentication and Transaction Monitoring.........................................9
RSA Adaptive Authentication for eCommerce.......................................................... 10
page 2
3. Intelligence Driven Fraud Prevention
DEFINING THE “NEW NORMAL”
Fraud detection, prevention and mitigation are of vital importance to companies trying
to protect their digital assets because the impact of breaches can extend far beyond the
immediate financial loss into crippling long-term privacy, intellectual property, company
reputation, and customer losses.
Customers are demanding anytime, anywhere access to products, services, and
information through new digital channels. Integrating these channels has created new
security problems as consumer-facing web sites are becoming the cybercriminal’s first
step to launching broader enterprise attacks. The widespread adoption of Bring Your
Own Device (BYOD) in the workplace adds to the security problem by increasing access
points for attacks, blazing new trails for cyber criminals to target employees and
partners on their personal devices so they can compromise their identities and infiltrate
the enterprise.
With a proliferation of new devices, an increasingly mobile consumer and tighter cross-channel
integration, disconnected approaches to securing a company’s assets simply
cannot provide a comprehensive solution to a fraud problem that is growing at an
exponential pace. Within this landscape, there can be no division between consumer
and enterprise security strategies. Organizations must aggressively rethink traditional
notions about what constitutes a threat and how to intelligently defend against it.
SEE MORE, UNDERSTAND BETTER, ACT FASTER
This new normal creates unprecedented challenges for organizations that now need to
secure their own digital assets while at the same time trying to secure external cloud
and mobile based applications that aren’t under their control. Extending the scope of
security measures is a business necessity, given cybercrime losses estimated in the
hundreds of billions of dollars for financial fraud, the time and expense required to fix
the damage, and the cost associated with downtime. A Ponemon Institute study
estimates that for a retailer, the average cost of one hour of downtime is close to
$500,000 in lost sales. And the cost is even higher when you factor in reputation and
brand damage and the lingering consumer perception that your site might not be safe.
Intelligence is defined as the ability to learn, understand, and deal with new or trying
situations. The ability to adapt to and continually acquire new knowledge and skills in
the face of change makes an Intelligence Driven Fraud Prevention Strategy a non-negotiable
in today’s world.
Intelligence Driven Fraud Prevention provides a layered security model to protect the
identities and assets of your customer across multiple channels while providing three
essential attributes that enable you to balance risk, costs, and end user convenience.
First, Intelligence Driven Fraud Prevention provides immediate external visibility and
context into cybercrime threats across all online digital channels. Second, this
increased visibility extends your analysis capabilities so you can detect anomalies that
indicate threats based on your unique risk profile and immediately assess which threats
are most damaging. Finally, an Intelligence Driven Fraud Prevention strategy designates
the right corrective action to mitigate the specific threat at hand, quickly, and
efficiently.
page 3
4. Intelligence Driven Fraud Prevention
Diagram 1
A defining element of Intelligence Driven Fraud Prevention is the knowledge that cyber
criminals don’t behave the same way that normal site users do; they move faster,
navigate differently and leave more than one device trail behind.
Consistently identifying and tracking the interactions that occur across the entire online
user lifecycle – from the beginning of a web session, through login and transactions –
creates typical behavior and device profiles for your organization. By collecting
available data and information on what is happening in your environment, you can
build a reliable baseline to quickly and effectively discover anomalies and spot
advanced attacks. Intelligence Driven Fraud Prevention then instantly analyzes mobile
and web traffic in large volumes, delivering a wealth of information for analysis and
action against your organization’s baseline.
Beyond your enterprise, tracking cybercrime developments that are global, cross
industry, cross channel, and cross device requires a model that can access shared
cybercrime intelligence across organizations and their customers. Today’s leading
Intelligence Driven Fraud Prevention solutions allow a broader look into threats by
tapping into cross-organization, cross-industry fraud profiles from a worldwide network
that can share and disseminate information on cybercrime activities, enabling faster
response times and limiting risk.
THE BALANCE CHALLENGE
Identifying fraud detection, prevention and mitigation as a top business priority is only
half of the battle. Today’s users demand fast, easy access to accounts, products, and
services in their digital channels and do not want their experience interrupted. Any
successful Intelligence Driven Fraud Prevention strategy must balance an organization’s
security requirements with the need for convenient user access and an exceptional user
experience.
The key to achieving this balance is a layered security approach capable of
distinguishing who is a customer and who is a criminal. Gaining broader visibility into
digital channels opens up the opportunity for extended analysis of the behavior of
humans and devices, allowing fraud patterns to be quickly detected so only high risk
activities are interrupted and the normal user’s security experience remains
transparent. This provides a blueprint to align security controls with an organization’s
page 4
Visibility
Manage
Risk
Action Analytics
5. Intelligence Driven Fraud Prevention
risk tolerance while enabling genuine end users to easily access the services that they
want via digital channels. The analysis that powers Intelligence Driven Fraud Prevention
is multi-faceted and spans user behavior, device fingerprints, known fraudulent
entities, and threats from the underground, enabling organizations to quickly identify
customers vs. criminals.
RISKY BUSINESS: RISK-BASED AUTHENTICATION
An Intelligence Driven Fraud Prevention strategy encompasses the ability to see
everything, across the entire online consumer lifecycle from pre-login to the transaction
to post-login. Most fraud prevention methods rely solely on a rules-based approach,
which helps determine if the activity is a threat, but is only effective for known bad
activities and does not help predict and prevent future attacks.
Fraudsters are constantly changing their approach, and customers change their online
behavior, which limits the ability of traditional fraud strategies to detect evolving
threats and their impact. An Intelligence Driven Fraud Prevention strategy provides a
comprehensive framework to combine both rules- and risk-based assessments,
equipping enterprises to rapidly adapt risk policies and adjust fraud detection
countermeasures based on evolving threats. Generating a unique risk score – derived
from an in-depth assessment of factors such as device profiling, behavior profiling, and
data from diverse sources both internal and external – allows frictionless authentication
so actions can be taken that directly align with the detected threat level.
The ability to use policy management in a hybrid approach translates risk policies into
decisions and actions to allow tailored risk tolerances. By specifically defining risk
scores, it becomes easier to determine which transactions can be reviewed at a later
time and which should be prompted for additional authentication or denied where the
likelihood of fraud is high. This advanced ability to gauge risks is also faster and fully
transparent to the user, preserving the customer experience.
PUTTING INTELLIGENCE INTO ACTION
Once a business gains visibility into the type and frequency of fraudulent behaviors
occurring, Intelligence Driven Fraud Prevention delivers a comprehensive portfolio of
implementation options targeted toward specific threats. Prevention, detection, and
mitigation should be actionable, whether online or mobile, and regardless of whether
you’re facing man-in-the-browser Trojans, malicious software, DDoS attacks, site
scraping or mobile session hijacking, among other threats. Intelligence Driven Fraud
Prevention’s layered approach allows the use of different security controls at different
points in the user lifecycle based on organizational risk tolerance, policy and user
segmentation, avoiding inconveniencing legitimate users or harming the user
experience challenges.
page 5
6. Intelligence Driven Fraud Prevention
Cybercrime Evolves – So Must Your Response
In the
wild
Diagram 2
Transaction Logout
STEPPING UP TO THE STEP-UP AUTHENTICATION PLATE
Intelligence Driven Fraud Prevention solutions are designed to optimize prevention,
detection, and mitigation of fraud and need to work seamlessly across a variety of
devices and provide expanded choices for integration with new and existing services
and technologies. This is particularly important in the area of step-up authentication,
where risk tolerance can help determine which authentication is appropriate, i.e., OTP,
out-of-band, SMS, phone call, challenge questions.
If infrastructure requires support for both online and mobile transactions, fraud
prevention solutions must recognize which device is being used and act accordingly by
comparing the rules and risk engine tailored to either the web or mobile channel. In
addition, correlating cross-channel activity for login and transactions allows certain
activities to be flagged as high risk. For example, if a customer makes a transaction on
their laptop and shortly after make another transaction from a mobile device in another
country, the transaction would be flagged and appropriate action taken.
A multifactor authentication model provides user access to diverse connection points
such as web portals, mobile apps and browsers, virtual private networks (VPNs), and
web access management applications. Linking a rules- and risk-based model for
authentication with a series of technologies for cross-channel protection supports an
organization’s unique needs for secure access without compromising user experience.
Complementing technologies should be fully integrated within an Intelligence Driven
Fraud prevention strategy and target key company priorities including risk tolerance,
policy alignment, device and behavior profiling, and case management.
RUNNING WITH THE BIG DATA
To stay ahead of ongoing threats, Intelligence Driven Fraud Prevention enhances
monitoring performance and enables quicker decisions by incorporating the power of
Big Data cybercrime analytics. Big Data tools enable fraud and information security
teams to ingest more and varied data without being limited by data formats. Most
companies have thousands of event data record sources created by devices when any
event occurs. These records are vital for detecting suspicious behavior, uncovering
page 6
• Password Cracking/Guessing
• Parameter Injection
• New Account Registration Fraud
• Advanced Malware
• Promotion Abuse
• Man in the Middle/Browser
• Account Takeover
• New Account Registration Fraud
• Unauthorized Account Activity
• Fraudulent Money Movement
• Phishing
• Site Scraping
• Vulnerability Probing
• Layer 7 DDoS Attacks
Begin
Session
Login
Web Threat Landscape
7. Intelligence Driven Fraud Prevention
threats and vulnerabilities, preventing security incidents, and backing up forensic
analyses. Leveraging Big Data adds another dimension to fraud prevention with better
risk predictions and a unique and important ability to put fraud risk in an overall
business context.
CONCLUSION
Preventing, detecting, and mitigating fraud will be a relentless and enduring challenge.
An Intelligence Driven Fraud Prevention strategy delivers efficiencies and savings by
prioritizing the most pressing risks, merging data sets and tools and minimizing
standalone product implementations. Using intelligence to streamline fraud prevention
efforts and manage digital risks frees resources to focus on high-value activities and
business growth and reduces losses from fraud, undetected breaches, and other
evolving threats. With Intelligence Driven Fraud Prevention, your organization will be
well positioned to address the ever-changing threats of today and anticipate and get
ahead of the threats of tomorrow.
INTELLIGENCE DRIVEN FRAUD PREVENTION SOLUTIONS FROM RSA
Adaptive
Authentication
Adaptive Authentication
for eCommerce
Transaction
Monitoring
FraudAction Web Threat Detection
Diagram 3
With RSA Fraud and Risk Intelligence Solutions you can proactively gain visibility into
the latest threats with global collective intelligence, helping you mitigate cyber attacks.
You can secure interactions and transactions across the entire user online lifecycle –
whether on web, e-commerce or mobile channels – by continuously monitoring and
analyzing online behavior. This will allow you to put appropriate security controls in
place based on your organization’s risk tolerance, policies, regulations, and user
segmentation. This intelligent fraud approach is the key to balancing your
organization’s risk, cost, and end-user convenience needs while dramatically reducing
fraud losses, minimizing the chances of reputational damage and financial
consequences from cyber-attacks.
Using RSA Fraud and Risk Intelligence solutions, you will be armed to gain visibility into
shared intelligence on emerging attacks and threats, analyze interactions and
transactions to quickly detect anomalies indicative of threats, and take corrective
action based on custom-defined threat levels.
page 7
RSA Fraud & Risk Intelligence
In the wild Begin
Session
Login Transaction Logout
8. Intelligence Driven Fraud Prevention
RSA® FRAUDACTION™ SERVICE
In the online user lifecycle, in the wild or uncontained threats in the general population
affect customers’ credentials, account ids, credit card information and even health
records. RSA’s FraudAction Service helps to stop fraud before it happens, reducing
cyber attacks, identity theft, and account takeover.
The RSA® FraudAction™ service offers helps you gain complete fraud protection against
phishing, pharming, Trojan attacks as well as rogue mobile apps. Additionally, you can
gain deeper insight into emerging threats with intelligence reports that provide visibility
into the cybercrime underground. Offered as an outsourced, managed service,
FraudAction enables you to minimize resource investment while deploying a solution
quickly.
FraudAction uses the industry’s broadest multi-language forensic and investigation
capabilities with over 100 languages supported and 187 countries. At the core of the
FraudAction service is RSA’s Anti-Fraud Command Center (AFCC ) where an experienced
team of fraud analysts work 24x7 to identify and shut down sites and other
communication resources hosting phishing and Trojan attacks, and conduct forensic
work to recover compromised credentials. Average shut down of a phishing attack is 5
hours and we monitor over 6 billion URLs on a daily basis.
PHISHING DETECTION AND SHUTDOWN
The RSA FraudAction Service detects and stops phishing attacks targeting your
organization. Once a suspicious URL is confirmed to be a threat, you are immediately
notified and can monitor the latest threat status in real-time via the FraudAction
Dashboard.
TROJAN ANALYSIS
The RSA FraudAction Service detects and mitigates damages caused to you by Trojan
attacks. You can quickly identify, respond, and minimize malware threats by blocking
end-user access to the attack’s online resources.
DEFENSE AGAINST ROGUE APPS
RSA FraudAction Service helps you reduce fraud losses by taking action against
malicious or unauthorized ‘rogue’ mobile apps. The service monitors all major app
stores, detects apps targeting your organization’s customer base and shuts down
unauthorized apps – reducing threats to your reputation and potential financial losses
due to mobile app fraud. You retain complete control over apps representing your
organization – only apps issued and/or authorized by your organization are available in
the app markets. Continuous monitoring of apps stores also helps you stay ahead of
potential threats, and be aware as soon as an unauthorized app surfaces.
FRAUDACTION INTELLIGENCE
RSA FraudAction Service is your eyes and ears into the fraud underground – providing
insight into specific attacks focused on your organization, fraud industry trends as well
as in-depth investigations into fraud methods, operations, services, and other issues
within the fraudster community.
page 8
9. Intelligence Driven Fraud Prevention
RSA Web Threat Detection
Threats take place across the entire user lifecycle from pre-login to login and post logon
transactions. When a user first enters your website, in the pre-login part of the online
user lifecycle, many precursors to fraud activities occur such as DDoS attacks, site
scraping, and HTML injection of site fields signaling that the potential for fraud is high
and generating an intelligent alert for any business logic abuse. RSA Web Threat
Detection identifies these anomalies for quick remediation.
• RSA Web Threat Detection identifies all types of anomalous behavior in real time –
Providing total visibility into web sessions to lead to an actionable information to stop
threats quickly.
• RSA Web Threat Detection provides behavioral profiles to identify anomalous behavior
– Click stream data is captured and analyzed in real time, dynamically creating
behavioral profiles. Behaviors that don’t conform to profiles are flagged as suspicious
and RSA Web Threat Detection rules engine provides different levels of response for
different types of threats.
• Web session intelligence identifies broad spectrum of attacks – Targeted rules detect,
alert, and communicate malicious events in real time including, DDoS, password
guessing, site probing, mobile session hijacking, Man-in-the-middle, credit card
fraud, HTML injection, Account Takeover, and wire transfer fraud.
RSA Adaptive Authentication and Transaction Monitoring
Account takeover and unauthorized account activity occur at the login and transaction
points of the online user lifecycle. RSA’s Adaptive Authentication brings together
information about behaviors, devices, and people to mitigate high risk transactions
without compromising the user experience.
RSA Adaptive Authentication is a comprehensive platform for cross-channel protection
using a risk and rules based approach coupled with options for additional identity
assurance for high risk transactions.
• Dual rule- and risk-based approach – the RSA Risk engine uses over 100 indicators to
evaluate risk in real time and reflects device and behavioral profiling, eFraudNetwork
data and integrates with RSA’s policy management application.
• Translate risk policies into actions – the RSA Policy Manager can adjust risk scores to
target later review, prompt step-up authentication, or deny transactions with a high
likelihood of fraud.
• Device and behavior profiling – profiling analyzes typical behaviors and compares
them to the current actions of the user or device. Device -analyzed parameters include
operating system and browser version and behavior profile parameters include
frequency, time of day, and attempted activity.
• Step-up Authentication for high risk transactions – Provides a variety of additional
procedures to validate a user’s identity including out-of-band authentication,
challenge questions, and knowledge-based authentication.
page 9