INTELLIGENCE DRIVEN FRAUD PREVENTION

Transcription

1 INTELLIGENCE DRIVEN FRAUD PREVENTION OVERVIEW If you were in business 15 years ago, the term cybercrime was just hitting the mainstream and cyber criminals were transitioning from showing off technical skills to using those skills to disrupt and steal from individuals and businesses. As threats from cyber criminals became more pervasive and sophisticated, so did businesses attempts to minimize damage from these threats. What began as the IT annoyance of protecting and web sites from spam has transformed into battle against a global fraud-as-aservice business that is an expert at targeting company financial, product, and staff information, as well as consumer banking, healthcare and ecommerce transactions. Today cybercrime is big business with statistics to prove it: Card-Not-Present fraud will account for $2.9 billion in fraud losses to U.S. businesses this year and is expected to more than double by 2018 (Aite Group) In 2013, one in every seven payment cards in the U.S. was exposed to a data breach (Discover) One million high risk and malicious android apps were detected in 2013 (Trend Micro) This year data breaches have affected high-profile retailers, high tech companies, financial institutions, universities, healthcare providers and even the IRS In the first half of 2014, phishing alone resulted in $2.2 billion in losses to global companies (RSA Anti-Fraud Command Center) A targeted cybercrime attack costs an average of $214,000 per incident (Ponemon Institute) Global losses from Corporate Account Takeover was $523M in 2013 and estimated to reach nearly $800M in 2016 (Aite Group) A DDoS attack can cost a retailer $3.4 million in losses for 1 hour of downtime on Cyber Monday, not to mention the reputational losses associated with brand damage and reduced consumer confidence (Ponemon Institute) Add the need to deal with evolving new technologies like smart devices, cloud services, big data, and social networking sites and it s clear that most fraud prevention models weren t built to handle this constantly shifting landscape. RSA Whitepaper

2 CONTENTS Overview... 1 Defining the New Normal... 3 See More, Understand Better, Act Faster... 3 The Balance Challenge... 4 Risky Business: Risk-based Authentication... 5 Putting Intelligence into Action... 5 Stepping Up to the Step-up Authentication Plate... 6 Running with the Big Data...6 Conclusion... 7 Intelligence Driven Fraud Prevention Solutions from RSA... 7 RSA FRAUDACTION SERVICE...8 RSA Web Threat Detection... 9 RSA Adaptive Authentication and Transaction Monitoring... 9 RSA Adaptive Authentication for ecommerce page 2

3 DEFINING THE NEW NORMAL Fraud detection, prevention and mitigation are of vital importance to companies trying to protect their digital assets because the impact of breaches can extend far beyond the immediate financial loss into crippling long-term privacy, intellectual property, company reputation, and customer losses. Customers are demanding anytime, anywhere access to products, services, and information through new digital channels. Integrating these channels has created new security problems as consumer-facing web sites are becoming the cybercriminal s first step to launching broader enterprise attacks. The widespread adoption of Bring Your Own Device (BYOD) in the workplace adds to the security problem by increasing access points for attacks, blazing new trails for cyber criminals to target employees and partners on their personal devices so they can compromise their identities and infiltrate the enterprise. With a proliferation of new devices, an increasingly mobile consumer and tighter crosschannel integration, disconnected approaches to securing a company s assets simply cannot provide a comprehensive solution to a fraud problem that is growing at an exponential pace. Within this landscape, there can be no division between consumer and enterprise security strategies. Organizations must aggressively rethink traditional notions about what constitutes a threat and how to intelligently defend against it. SEE MORE, UNDERSTAND BETTER, ACT FASTER This new normal creates unprecedented challenges for organizations that now need to secure their own digital assets while at the same time trying to secure external cloud and mobile based applications that aren t under their control. Extending the scope of security measures is a business necessity, given cybercrime losses estimated in the hundreds of billions of dollars for financial fraud, the time and expense required to fix the damage, and the cost associated with downtime. A Ponemon Institute study estimates that for a retailer, the average cost of one hour of downtime is close to $500,000 in lost sales. And the cost is even higher when you factor in reputation and brand damage and the lingering consumer perception that your site might not be safe. Intelligence is defined as the ability to learn, understand, and deal with new or trying situations. The ability to adapt to and continually acquire new knowledge and skills in the face of change makes an Intelligence Driven Fraud Prevention Strategy a nonnegotiable in today s world. Intelligence Driven Fraud Prevention provides a layered security model to protect the identities and assets of your customer across multiple channels while providing three essential attributes that enable you to balance risk, costs, and end user convenience. First, Intelligence Driven Fraud Prevention provides immediate external visibility and context into cybercrime threats across all online digital channels. Second, this increased visibility extends your analysis capabilities so you can detect anomalies that indicate threats based on your unique risk profile and immediately assess which threats are most damaging. Finally, an Intelligence Driven Fraud Prevention strategy designates the right corrective action to mitigate the specific threat at hand, quickly, and efficiently. page 3

4 Visibility Manage Risk Action Analytics Diagram 1 A defining element of Intelligence Driven Fraud Prevention is the knowledge that cyber criminals don t behave the same way that normal site users do; they move faster, navigate differently and leave more than one device trail behind. Consistently identifying and tracking the interactions that occur across the entire online user lifecycle from the beginning of a web session, through login and transactions creates typical behavior and device profiles for your organization. By collecting available data and information on what is happening in your environment, you can build a reliable baseline to quickly and effectively discover anomalies and spot advanced attacks. Intelligence Driven Fraud Prevention then instantly analyzes mobile and web traffic in large volumes, delivering a wealth of information for analysis and action against your organization s baseline. Beyond your enterprise, tracking cybercrime developments that are global, cross industry, cross channel, and cross device requires a model that can access shared cybercrime intelligence across organizations and their customers. Today s leading Intelligence Driven Fraud Prevention solutions allow a broader look into threats by tapping into cross-organization, cross-industry fraud profiles from a worldwide network that can share and disseminate information on cybercrime activities, enabling faster response times and limiting risk. THE BALANCE CHALLENGE Identifying fraud detection, prevention and mitigation as a top business priority is only half of the battle. Today s users demand fast, easy access to accounts, products, and services in their digital channels and do not want their experience interrupted. Any successful Intelligence Driven Fraud Prevention strategy must balance an organization s security requirements with the need for convenient user access and an exceptional user experience. The key to achieving this balance is a layered security approach capable of distinguishing who is a customer and who is a criminal. Gaining broader visibility into digital channels opens up the opportunity for extended analysis of the behavior of humans and devices, allowing fraud patterns to be quickly detected so only high risk activities are interrupted and the normal user s security experience remains transparent. This provides a blueprint to align security controls with an organization s page 4

5 risk tolerance while enabling genuine end users to easily access the services that they want via digital channels. The analysis that powers Intelligence Driven Fraud Prevention is multi-faceted and spans user behavior, device fingerprints, known fraudulent entities, and threats from the underground, enabling organizations to quickly identify customers vs. criminals. RISKY BUSINESS: RISK-BASED AUTHENTICATION An Intelligence Driven Fraud Prevention strategy encompasses the ability to see everything, across the entire online consumer lifecycle from pre-login to the transaction to post-login. Most fraud prevention methods rely solely on a rules-based approach, which helps determine if the activity is a threat, but is only effective for known bad activities and does not help predict and prevent future attacks. Fraudsters are constantly changing their approach, and customers change their online behavior, which limits the ability of traditional fraud strategies to detect evolving threats and their impact. An Intelligence Driven Fraud Prevention strategy provides a comprehensive framework to combine both rules- and risk-based assessments, equipping enterprises to rapidly adapt risk policies and adjust fraud detection countermeasures based on evolving threats. Generating a unique risk score derived from an in-depth assessment of factors such as device profiling, behavior profiling, and data from diverse sources both internal and external allows frictionless authentication so actions can be taken that directly align with the detected threat level. The ability to use policy management in a hybrid approach translates risk policies into decisions and actions to allow tailored risk tolerances. By specifically defining risk scores, it becomes easier to determine which transactions can be reviewed at a later time and which should be prompted for additional authentication or denied where the likelihood of fraud is high. This advanced ability to gauge risks is also faster and fully transparent to the user, preserving the customer experience. PUTTING INTELLIGENCE INTO ACTION Once a business gains visibility into the type and frequency of fraudulent behaviors occurring, Intelligence Driven Fraud Prevention delivers a comprehensive portfolio of implementation options targeted toward specific threats. Prevention, detection, and mitigation should be actionable, whether online or mobile, and regardless of whether you re facing man-in-the-browser Trojans, malicious software, DDoS attacks, site scraping or mobile session hijacking, among other threats. Intelligence Driven Fraud Prevention s layered approach allows the use of different security controls at different points in the user lifecycle based on organizational risk tolerance, policy and user segmentation, avoiding inconveniencing legitimate users or harming the user experience challenges. page 5

6 Cybercrime Evolves So Must Your Response In the wild Begin Session Login Transaction Logout Web Threat Landscape Phishing Site Scraping Vulnerability Probing Layer 7 DDoS Attacks Diagram 2 Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware Promotion Abuse Man in the Middle/Browser Account Takeover New Account Registration Fraud Unauthorized Account Activity Fraudulent Money Movement STEPPING UP TO THE STEP-UP AUTHENTICATION PLATE Intelligence Driven Fraud Prevention solutions are designed to optimize prevention, detection, and mitigation of fraud and need to work seamlessly across a variety of devices and provide expanded choices for integration with new and existing services and technologies. This is particularly important in the area of step-up authentication, where risk tolerance can help determine which authentication is appropriate, i.e., OTP, out-of-band, SMS, phone call, challenge questions. If infrastructure requires support for both online and mobile transactions, fraud prevention solutions must recognize which device is being used and act accordingly by comparing the rules and risk engine tailored to either the web or mobile channel. In addition, correlating cross-channel activity for login and transactions allows certain activities to be flagged as high risk. For example, if a customer makes a transaction on their laptop and shortly after make another transaction from a mobile device in another country, the transaction would be flagged and appropriate action taken. A multifactor authentication model provides user access to diverse connection points such as web portals, mobile apps and browsers, virtual private networks (VPNs), and web access management applications. Linking a rules- and risk-based model for authentication with a series of technologies for cross-channel protection supports an organization s unique needs for secure access without compromising user experience. Complementing technologies should be fully integrated within an Intelligence Driven Fraud prevention strategy and target key company priorities including risk tolerance, policy alignment, device and behavior profiling, and case management. RUNNING WITH THE BIG DATA To stay ahead of ongoing threats, Intelligence Driven Fraud Prevention enhances monitoring performance and enables quicker decisions by incorporating the power of Big Data cybercrime analytics. Big Data tools enable fraud and information security teams to ingest more and varied data without being limited by data formats. Most companies have thousands of event data record sources created by devices when any event occurs. These records are vital for detecting suspicious behavior, uncovering page 6

7 threats and vulnerabilities, preventing security incidents, and backing up forensic analyses. Leveraging Big Data adds another dimension to fraud prevention with better risk predictions and a unique and important ability to put fraud risk in an overall business context. CONCLUSION Preventing, detecting, and mitigating fraud will be a relentless and enduring challenge. An Intelligence Driven Fraud Prevention strategy delivers efficiencies and savings by prioritizing the most pressing risks, merging data sets and tools and minimizing standalone product implementations. Using intelligence to streamline fraud prevention efforts and manage digital risks frees resources to focus on high-value activities and business growth and reduces losses from fraud, undetected breaches, and other evolving threats. With Intelligence Driven Fraud Prevention, your organization will be well positioned to address the ever-changing threats of today and anticipate and get ahead of the threats of tomorrow. INTELLIGENCE DRIVEN FRAUD PREVENTION SOLUTIONS FROM RSA RSA Fraud & Risk Intelligence Adaptive Authentication Adaptive Authentication for ecommerce Transaction Monitoring FraudAction In the wild Begin Session Web Threat Detection Login Transaction Logout Diagram 3 With RSA Fraud and Risk Intelligence Solutions you can proactively gain visibility into the latest threats with global collective intelligence, helping you mitigate cyber attacks. You can secure interactions and transactions across the entire user online lifecycle whether on web, e-commerce or mobile channels by continuously monitoring and analyzing online behavior. This will allow you to put appropriate security controls in place based on your organization s risk tolerance, policies, regulations, and user segmentation. This intelligent fraud approach is the key to balancing your organization s risk, cost, and end-user convenience needs while dramatically reducing fraud losses, minimizing the chances of reputational damage and financial consequences from cyber-attacks. Using RSA Fraud and Risk Intelligence solutions, you will be armed to gain visibility into shared intelligence on emerging attacks and threats, analyze interactions and transactions to quickly detect anomalies indicative of threats, and take corrective action based on custom-defined threat levels. page 7

8 RSA FRAUDACTION SERVICE In the online user lifecycle, in the wild or uncontained threats in the general population affect customers credentials, account ids, credit card information and even health records. RSA s FraudAction Service helps to stop fraud before it happens, reducing cyber attacks, identity theft, and account takeover. The RSA FraudAction service offers helps you gain complete fraud protection against phishing, pharming, Trojan attacks as well as rogue mobile apps. Additionally, you can gain deeper insight into emerging threats with intelligence reports that provide visibility into the cybercrime underground. Offered as an outsourced, managed service, FraudAction enables you to minimize resource investment while deploying a solution quickly. FraudAction uses the industry s broadest multi-language forensic and investigation capabilities with over 100 languages supported and 187 countries. At the core of the FraudAction service is RSA s Anti-Fraud Command Center (AFCC ) where an experienced team of fraud analysts work 24x7 to identify and shut down sites and other communication resources hosting phishing and Trojan attacks, and conduct forensic work to recover compromised credentials. Average shut down of a phishing attack is 5 hours and we monitor over 6 billion URLs on a daily basis. PHISHING DETECTION AND SHUTDOWN The RSA FraudAction Service detects and stops phishing attacks targeting your organization. Once a suspicious URL is confirmed to be a threat, you are immediately notified and can monitor the latest threat status in real-time via the FraudAction Dashboard. TROJAN ANALYSIS The RSA FraudAction Service detects and mitigates damages caused to you by Trojan attacks. You can quickly identify, respond, and minimize malware threats by blocking end-user access to the attack s online resources. DEFENSE AGAINST ROGUE APPS RSA FraudAction Service helps you reduce fraud losses by taking action against malicious or unauthorized rogue mobile apps. The service monitors all major app stores, detects apps targeting your organization s customer base and shuts down unauthorized apps reducing threats to your reputation and potential financial losses due to mobile app fraud. You retain complete control over apps representing your organization only apps issued and/or authorized by your organization are available in the app markets. Continuous monitoring of apps stores also helps you stay ahead of potential threats, and be aware as soon as an unauthorized app surfaces. FRAUDACTION INTELLIGENCE RSA FraudAction Service is your eyes and ears into the fraud underground providing insight into specific attacks focused on your organization, fraud industry trends as well as in-depth investigations into fraud methods, operations, services, and other issues within the fraudster community. page 8

9 RSA Web Threat Detection Threats take place across the entire user lifecycle from pre-login to login and post logon transactions. When a user first enters your website, in the pre-login part of the online user lifecycle, many precursors to fraud activities occur such as DDoS attacks, site scraping, and HTML injection of site fields signaling that the potential for fraud is high and generating an intelligent alert for any business logic abuse. RSA Web Threat Detection identifies these anomalies for quick remediation. RSA Web Threat Detection identifies all types of anomalous behavior in real time Providing total visibility into web sessions to lead to an actionable information to stop threats quickly. RSA Web Threat Detection provides behavioral profiles to identify anomalous behavior Click stream data is captured and analyzed in real time, dynamically creating behavioral profiles. Behaviors that don t conform to profiles are flagged as suspicious and RSA Web Threat Detection rules engine provides different levels of response for different types of threats. Web session intelligence identifies broad spectrum of attacks Targeted rules detect, alert, and communicate malicious events in real time including, DDoS, password guessing, site probing, mobile session hijacking, Man-in-the-middle, credit card fraud, HTML injection, Account Takeover, and wire transfer fraud. RSA Adaptive Authentication and Transaction Monitoring Account takeover and unauthorized account activity occur at the login and transaction points of the online user lifecycle. RSA s Adaptive Authentication brings together information about behaviors, devices, and people to mitigate high risk transactions without compromising the user experience. RSA Adaptive Authentication is a comprehensive platform for cross-channel protection using a risk and rules based approach coupled with options for additional identity assurance for high risk transactions. Dual rule- and risk-based approach the RSA Risk engine uses over 100 indicators to evaluate risk in real time and reflects device and behavioral profiling, efraudnetwork data and integrates with RSA s policy management application. Translate risk policies into actions the RSA Policy Manager can adjust risk scores to target later review, prompt step-up authentication, or deny transactions with a high likelihood of fraud. Device and behavior profiling profiling analyzes typical behaviors and compares them to the current actions of the user or device. Device -analyzed parameters include operating system and browser version and behavior profile parameters include frequency, time of day, and attempted activity. Step-up Authentication for high risk transactions Provides a variety of additional procedures to validate a user s identity including out-of-band authentication, challenge questions, and knowledge-based authentication. page 9

10 Intelligence Driven Identity and Access Management RSA Adaptive Authentication for ecommerce RSA Adaptive Authentication for ecommerce provides the framework for building cardholder protection and fraud management in the online shopping environment. Based on the 3DSecure protocol and infrastructure, it enables merchants and issuers to provide a consistent, secure online shopping experience for cardholders while mitigating the risk of charge back losses. Used today by more cardholders than any other solution on the market, RSA Adaptive Authentication for ecommerce employs an architecture approved by Visa, MasterCard, and American Express. Adaptive Authentication for ecommerce provides issuers a single solution to manage their growing fraud losses while creating the shopping experience merchants require to avoid transaction abandonment. ABOUT RSA RSA s Intelligence Driven Security solutions help organizations reduce the risks of operating in a digital world. Through visibility, analysis, and action, RSA solutions give customers the ability to detect, investigate and respond to advanced threats; confirm and manage identities; and ultimately, prevent IP theft, fraud and cybercrime. For more information on RSA, please visit EMC 2, EMC, the EMC logo, RSA, Archer, FraudAction, NetWitness and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other products or services mentioned are trademarks of their respective companies. Copyright 2014 EMC Corporation. All rights reserved. H13704