Digital Identities, Social Engineering & Mule Networks Dr Stephen Topliss, Vice President Product Strategy April 3 rd 2019
Digital Identities
Building a Digital Identity Network Risk Based Authentication • Events are processed in real time to deliver fraud risk score back to the bank • ThreatMetrix rules match data across the entire Global Digital Network • Network is based on Privacy by Design – using Anonymization Techniques
What is a Digital Identity? Digital Identifier for a 2cc..750d transacting user Graph Visualization for manual Mobile Number review purposes 3092…8b7c Trust Score on the reputation of that Digital Identity Strong, repeated links (thick lines) to a small number of Digital Attributes establishes history and trust Displays association of multiple events from a single end user
Digital Identities Support… Fraud Reduction Digital Transformation Improved Customer Single Customer View Experience
Leveraging Digital Identity Intelligence in Banking Multiple Touch Points in an End to End Digital Customer Journey • Allows normal behavior and Trust to be established • Enables intervention when something suspicious occurs • Keeps a genuine customer safe from common MOs
Digital Identities – Account Take Over Fraud ID View Relationship View An example of credential stuffing - Several devices and identity data with weak correlations
Digital Identities - Payment Fraud Card Testing Reshippers An unusual number of Credit Cards with Use of multiple shipping addresses by a weak correlations to a single Digital Identity single Digital Identity
Social Engineering
Social Engineering and Remote Access Account Takeover 20 Good Logins Remote Desktop Remote Desktop Session Customer New Login Internal Existing Beneficiary Transfer Beneficiary First Time RAT Transfers from Customer is Transfer for Customer Savings to asked for 2FA Savings out to & Device Current - newly created Small payment Beneficiary sent - NO 2FA!! Customer is tricked via a scam into providing access to his/her computer by installing a remote access tool. Typical stories involve the bank or police calling to inform the customer of a compromise with their account…
Why is Social Engineering Fraud so hard to detect? Trust Profiling Remote Access • Scam transactions are carried • Fraudsters typically tackle older, • TeamViewer is very often out by trusted customers well off customers associated with scam attacks • They most often use their own • Scam attacks do not share many • Ability to detect these tools, and devices from trusted locations common traits with regular fraud valid usage • Is not identified by traditional • Is not identified by traditional • Turns out that the tool is not fraud models fraud models used as often as we think 3 rd Party fraud in the UK is declining, whilst authorized fraud is growing rapidly
Real Life Example – Mobile Remote Access
Social Engineering Model Strategy Customer Customer Customer Funds Transfer Funds Receipt Engagement Targeting Compromise Need to develop a multi-dimensional fraud strategy to identify and target… • The profile of your customer (Know Your Customer) • The fraud journey and ‘story’, including ancillary events (lending, change of credentials) • Manipulation of the control environment (RAT, credential phishing, online registration) • Payment event(s) • Recipient mule activity and onwards funds movement / cash-out
Mule Networks
What is a Mule? A money mule is a person who receives stolen money into their genuine account and then transfers out, often overseas. Without mule accounts, it would be much harder to commit (social engineering) fraud.
Mules – a growing problem 75% rise in the misuse of UK bank accounts by 18 to 24 year olds in last 12 months
Preying on the Vulnerable Financially Vulnerable Victims: Students are being recruited College B College A Chrome Safari Edge Internet Explorer Firefox Other Known Mule University 1 University 2 Bank A Bank 1 Bank 2
Why are Mule Networks so hard to detect? Trust Profiling Global Reach • Transactions are carried out by • There are many different mule • Mule networks typically span trusted customers profiles across different financial institutions and geographies • They most often use their own • Mule account behavior does not devices from trusted locations share many common traits with • Payment Networks tend to link regular fraud accounts but not Digital Identities
Account Takeover Example 9.14am $400 Payment Beneficiary 1 9.18am $400 Payment Beneficiary 2 9.23am $4,900 Payment Beneficiary 1 9.25am $4,900 Payment Beneficiary 2 9.29am $4,900 Payment Beneficiary 3 9.37am $9,900 Payment Beneficiary 4 Declined By Bank Customer 9.48am $15,500 Out in Cash via Card Payments (POS/ATM/CNP)
Mule Strategies – How to Tackle Them Network Analysis Mule Model Mule Device Watchlist Offline analysis of the links Offers a way to Identify new networks to between devices and productionize mule network investigate based on model accounts of known mules of known mule risk vectors investigations Real time alerts when mule Scores and refers on all devices create or log into logins other accounts Operating in real time
Digital Identities, Social Engineering & Mule Networks Dr Stephen Topliss, Vice President Product Strategy April 3 rd 2019
Recommend
More recommend
