Digital Identities, Social Engineering & Mule Networks Dr - - PowerPoint PPT Presentation

Dr Stephen Topliss, Vice President Product Strategy April 3rd 2019

Digital Identities, Social Engineering & Mule Networks

Digital Identities

Building a Digital Identity Network

Risk Based Authentication

• Events are processed in real time to deliver fraud risk score back to the bank
• ThreatMetrix rules match data across the entire Global Digital Network
• Network is based on Privacy by Design – using Anonymization Techniques

Strong, repeated links (thick lines) to a small number of Digital Attributes establishes history and trust Displays association of multiple events from a single end user

Mobile Number 3092…8b7c

What is a Digital Identity?

2cc..750d Digital Identifier for a transacting user Graph Visualization for manual review purposes Trust Score on the reputation of that Digital Identity

Digital Identities Support…

Digital Transformation Single Customer View Fraud Reduction Improved Customer Experience

Leveraging Digital Identity Intelligence in Banking

Multiple Touch Points in an End to End Digital Customer Journey

• Allows normal behavior and Trust to be established
• Enables intervention when something suspicious occurs
• Keeps a genuine customer safe from common MOs

An example of credential stuffing - Several devices and identity data with weak correlations

Digital Identities – Account Take Over Fraud

Relationship View ID View

Digital Identities - Payment Fraud

Card Testing Reshippers

Use of multiple shipping addresses by a single Digital Identity An unusual number of Credit Cards with weak correlations to a single Digital Identity

Social Engineering

Social Engineering and Remote Access Account Takeover

Customer

First Time RAT for Customer & Device

20 Good Logins Remote Desktop Session

Login New Beneficiary

Customer is asked for 2FA

• Small payment

sent

Internal Transfer

Transfers from Savings to Current

Existing Beneficiary

Transfer Savings out to newly created Beneficiary

• NO 2FA!!

Remote Desktop Customer is tricked via a scam into providing access to his/her computer by installing a remote access tool. Typical stories involve the bank or police calling to inform the customer of a compromise with their account…

Why is Social Engineering Fraud so hard to detect?

Trust

• Scam transactions are carried
• ut by trusted customers
• They most often use their own

devices from trusted locations

• Is not identified by traditional

fraud models

Profiling

• Fraudsters typically tackle older,

well off customers

• Scam attacks do not share many

common traits with regular fraud

• Is not identified by traditional

fraud models

Remote Access

• TeamViewer is very often

associated with scam attacks

• Ability to detect these tools, and

valid usage

• Turns out that the tool is not

used as often as we think

3rd Party fraud in the UK is declining, whilst authorized fraud is growing rapidly

Real Life Example – Mobile Remote Access

Need to develop a multi-dimensional fraud strategy to identify and target…

• The profile of your customer (Know Your Customer)
• The fraud journey and ‘story’, including ancillary events (lending, change of

credentials)

• Manipulation of the control environment (RAT, credential phishing, online registration)
• Payment event(s)
• Recipient mule activity and onwards funds movement / cash-out

Customer Targeting Customer Engagement Customer Compromise Funds Transfer Funds Receipt

Social Engineering Model Strategy

Mule Networks

What is a Mule?

A money mule is a person who receives stolen money into their genuine account and then transfers out,

• ften overseas.

Without mule accounts, it would be much harder to commit (social engineering) fraud.

Mules – a growing problem

75% rise in the misuse of UK bank accounts by 18 to 24 year olds in last 12 months

Preying on the Vulnerable

Financially Vulnerable Victims: Students are being recruited

College A College B University 1 University 2

Chrome Safari Edge Internet Explorer Firefox Other Known Mule Bank A Bank 1 Bank 2

Why are Mule Networks so hard to detect?

Trust

• Transactions are carried out by

trusted customers

• They most often use their own

devices from trusted locations

Profiling

• There are many different mule

profiles

• Mule account behavior does not

share many common traits with regular fraud

Global Reach

• Mule networks typically span

across different financial institutions and geographies

• Payment Networks tend to link

accounts but not Digital Identities

Account Takeover Example

Customer

9.14am $400 Payment Beneficiary 1 9.18am $400 Payment Beneficiary 2 9.23am $4,900 Payment Beneficiary 1 9.25am $4,900 Payment Beneficiary 2 9.29am $4,900 Payment Beneficiary 3 9.37am $9,900 Payment Beneficiary 4

Declined By Bank

9.48am $15,500 Out in Cash via Card Payments (POS/ATM/CNP)

Mule Strategies – How to Tackle Them

Network Analysis

• Offline analysis of the links

between devices and accounts of known mules Mule Device Watchlist

• Offers a way to

productionize mule network investigations

• Real time alerts when mule

devices create or log into

• ther accounts

Mule Model

• Identify new networks to

investigate based on model

• f known mule risk vectors
• Scores and refers on all

logins

• Operating in real time

Dr Stephen Topliss, Vice President Product Strategy April 3rd 2019

Digital Identities, Social Engineering & Mule Networks