NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft...
-
Upload
barbra-merritt -
Category
Documents
-
view
215 -
download
1
Transcript of NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft...
![Page 1: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/1.jpg)
1
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.ukCYBER THEFT:
2014 – and beyond. The wholesale organised theft and use of credit card details
www.alt3.co.uk
Alt3understanding future risks and opportunities
![Page 2: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/2.jpg)
2
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
BACKGROUND
Pre-2012: mostly small scale theft of credit card details
widespread
increasing large scale organised crime involvement
more value than drugs and arms trade
increasing sophistication
“cat and mouse” between security and theft
increasing sophistication of security
some sectors / countries lacking sophistication of security
![Page 3: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/3.jpg)
3
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
BACKGROUND
2012 - 2014: small scale, widespread theft continues
notable prevalence of theft by large scale organised crime
overall value of theft increasing
major input into other areas of organised crime
increasing incursions into big business and high profile IP
increasing scrutiny from police and security services
greater sophistication of card / data security
some countries continuing to lag behind - therefore targets
![Page 4: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/4.jpg)
4
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
MAIN TARGET
2014: United States
Sector: retail
Volumes: millions of individual card details - data
How: till payment systems
Value: $hundreds of millions
Route: malware
Reason: a lack of sophisticated security and a lack of data standards (PCI DSS) making “whole” data easy to recognise and steal
UPSIDE: US companies have a statutory obligation to “go public” as soon as they discover a data breach
![Page 5: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/5.jpg)
5
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
EUROPE 2014 – obscuring data ...
The growth of Near Field Communication (NFC): “contactless” technology that does not leave the CVV or the card holders name
The widespread use of chip and pin
The widespread use of data standards including separating key data fields
Increasing bank and credit card company alerts and exchange of information
FUTURE: increasing smartphone contactless enablement
increasing following the US lead in reporting data breaches
![Page 6: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/6.jpg)
6
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
THE FUTURE
New security measures:
do not eliminate fraud
makes it more difficult to obtain “whole” card data and more difficult to obtain “bulk” data – therefore less value and less attractive to organised crime
European Regulators will be able to bestow fines up to 5% of the WORLDWIDE revenue of companies that lose data.
some companies investigating “insurance” to help pay for potential fines.
increasing strict data standards and identification / security around the data pathways
the new targeting of the core data of financial companies and data repositories
new security measures required around core data
![Page 7: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/7.jpg)
7
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
WHAT NEEDS TO BE DONE
Retailers need to:
be more aware of the entire payment lifecycle
analyse in detail the data pathways and determine / mitigate the inherent weaknesses including technology weakness, internet transactions AND cross border data movement
determine future weaknesses and assess technology / process to mitigate
share security information / advances with others in the same position – there is no point “re-inventing the wheel”. Shared security means greater security
encourage greater responsibility from customers
greater targeting of organised crime by national / international security services
![Page 8: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/8.jpg)
8
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
WHAT NEEDS TO BE UNDERSTOOD
Bad things don’t just happen to someone else.
Security is important.
Don’t be the next victim and lose hard won customer confidence.
![Page 9: NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details .](https://reader036.fdocuments.in/reader036/viewer/2022082816/56649cc55503460f9498f281/html5/thumbnails/9.jpg)
9
NOT FOR UNAUTHORISED DISTRIBUTION
www.Alt3.co.uk
Thank you.
If you don't understand the risks, how can you prepare? Can you afford to let the issues be blurred?