combating cybercrime with behavior analysis

Combating Cybercrime with

Behavior Analysis

Who Am I?

•  Christopher Bailey, Chief Technology Officer at NuCaptcha

•  NuCaptcha specializes in adaptive authentication

2

The High Cost of Cybercrime

“CyberSource estimates total revenue loss in North America due to online fraud is $3.4 billion—a $700 million increase over 2010.”

2012 Online Fraud Report; CyberSource

3

Behavior Analysis Defends Against Cybercrime

4

Behavior Analysis is Effective

“Forrester Research reports one North American retailer reduced fraud losses from a peak of $2 million in 2001 to $180,000 in 2010 after implementing third-party behavior management services and advanced fraud-detection rules.”

Forrester Research Case Study: “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates”

5

Behavior Analysis Overview

6

Challenges

“In our business, catching the bad guys can be really difficult. Since there’s nothing being shipped, we’ve got to stop them up front. Our real challenge is trying to find them fast and reject the order outright.”

New Era Tickets, Vice President of Client Services Steve Geib

7

Part 1: Data Analysis

8

“To improve fraud detection and combat fraud, focus on gathering as much data as possible on every transaction, no matter how trivial it may seem.”

CyberSource 2012 Report on Online Crime

Collect Lots of Data!

9

Three Types of Analysis

•  Inter-user analysis

•  Intra-user analysis

•  Extra-user analysis

10

Inter-user Analysis

11

Intra-user Analysis

12

Extra-user Analysis

13

Combining Signals

14

Data Analysis Review

•  Build behavior baselines

•  Detect anomalies and outliers

•  Signal a risk

15

Part 2: Security Response

16

Response Selection

•  Rule based systems –  If X then

•  Point based systems –  If points > Y then – Points ~= Level of Risk

17

Keep it Flexible

“Anomalies such as shipping 10 computers to a single home address can also be a sign of potential fraud. Recognizing this activity requires flexible rule sets that can recognize not just static strings but also regular expressions or wildcards.”

Forrester Research Case Study: “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates”

18

Response Types

•  Absolute

•  Deferred

•  Secondary Authentication

19

Deferred Responses

20

Response Costs

•  Every response has a potential benefit

•  Every response has a potential cost

21

Security Response Review

•  Be Flexible

•  Keep it Simple

•  Know the Costs

22

Part 3: Auditing

23

Auditing in Three Steps

•  Monitor Accuracy

•  Investigate Changes

•  Update the Model

24

Respond to Changes

“The hardest thing about fraud is it’s so dynamic… what we’re chasing today is not what we’ll be chasing six months from now.”

Laura Lively, ShopNBC’s Credit Investigation Manager

25

Auditing Review

•  Verify responses are: – Appropriate – Effective

•  Audit Process: – Monitor –  Investigate – Update

26

BAS in Three Parts Review

27

In Summary

•  Cybercrime is costly to businesses

•  BAS helps fight cybercrime

•  BAS is a three step process

28

Questions? Click on the questions tab on your screen, type in your question, name

and e-mail address; then hit submit.

29