ECOMMERCE AND MERCHANT FRAUD PREVENTION

Transcription

1 ECOMMERCE AND MERCHANT FRAUD PREVENTION

2 Copyright 2012 EMC Corporation. All rights reserved. 2 Several major trends are having significant impact on security Mobile Cloud Big Data Social Media Networked Value Chains Disruption Sophisticated Fraud Infrastructure Transformation End point diversity Perimeter virtualization Business Transformation Digital activity increase Networked users and partners Threat Landscape Transformation Disruptive Attacks Malicious Software Cross-channel

3 What about ecommerce trends? Business Transformation: 2014 expects 15.5% growth in US ecommerce retail 1 By 2018, ecomm will be ~11% of all US retail 2 Threat Landscape: Rate of fraud is increasing (0.6% to 0.8% orders) 3 Examples: Stolen cards, business logic abuse, price scraping, account takeover, etc. ecommerce/merchant Control Landscape: With traditional controls, 25% of all orders reviewed 3 Fraud staffing and budget levels are staying fixed 3 Sources: 1) 2) Forrester US ecommerce Forecast: 2013 To 2018: 3) CyberSource 2013 Online Fraud Report: 3

4 Or in other words ecommerce (2013) ecommerce (2018) Reviews Reviews And budget to handle this holds steady This transformation requires security controls that are risk-based, contextual, and agile 4

5 Copyright 2012 EMC Corporation. All rights reserved. 5 Intelligence-Driven Security Model Risk-based, contextual, and agile Risk Intelligence thorough understanding of risk to prioritize activity Advanced Analytics provide context and visibility to detect threats Adaptive Controls adjusted dynamically based on risk and threat level Information Sharing actionable intel from trusted sources

6 Introduction to Session Intelligence 6

7 Introduction to Session Intelligence 7

8 Introduction to Session Intelligence Focusing on the normal reveals patterns 8

9 Introduction to Session Intelligence This is behavioral analytics Focusing on the normal reveals patterns making anomalies quickly stand out 9

10 Copyright 2012 EMC Corporation. All rights reserved. 10 Real World Examples

11 What is Business Logic Abuse? Definition: Functioning as Designed Example: New Marketing Campaign Select a loss leader to attract net new customers Business Logic: Limit the promotion to two items per customer LTV of new customer > cost of promotion Result: SUCCESS Sales exceed forecast Or is it???? 76 users 47 IP addresses 1 Device ID Exhausted inventory in record time 75% of sales mapped to 30 devices (18% to 1) Mapped sales back to overseas reseller 11

12 Copyright 2011 EMC Corporation. All rights reserved. 12 Refinement and Persistence PC retailer Coupon Code Logic Price floor Logic Some affinity partners allowed coupon stacking Base price: $1,375-50% off: $687-15% off: $584 - $100 off: $484 Price floors minimize the damage. Right? They were testing the fences for weaknesses, systematically. They remember. Investigation some SKUs did not trigger price floor logic High volume of referrer ids pointed to Chinese chat forum detailing process: e.g., which partners, coupon codes, timing, etc. Modified rules and saw updates on chat site with new workarounds e.g., freight forwarders, leverage chat agent, etc.

13 Real world examples Session intelligence adding value to traditional controls in ecommerce Threat Traditional Controls Session Intelligence Business logic abuse Price scraping Account takeover Stolen cards Not detected, business reporting Not detected Device identification, authentication, high risk activity Shipping address, amount, high risk SKUs, compromised card list, VxV Click-speed, velocity and behavioral patterns Click-speed, velocity and behavioral patterns Behavioral patterns, velocity Total session time, behavioral patterns (deliberate) 13

14 The future view ecommerce (2013) ecommerce (2018) Reviews Reviews 62% of merchants see behavioral analytics as having a high or very high impact on managing ecomm fraud going forward Source: Card-Not-Present Fraud in a Post-EMV Environment, Aite Group

15 THANK YOU

16 RSA Web Threat Detection Architecture Websites Security Firewall Network Device 3 rd Party Apps and Tools Page Requests POST/GET Arguments HTTP Headers UserId Cookie IP Scoring Analytics Engine Send API Syslog Incident Databases Create Report Web Session Traffic Capture, Decrypt, Parse HTTP (requests & response) Rule Engine *To make full use of WTD, the Web Session Intelligence & Alerts must be actionable 3 rd Party Systems 16