Best Practices to Prevent Internet Fraud Presented by: Ori Eisen Founder & Chief Innovation Officer.

Slides:



Advertisements
Similar presentations
Welcome Cyber Defense Bootcamp for High School Teacher
Advertisements

Copyright © Houghton Mifflin Company. All rights reserved.Lecture Outlines, 8–1 “If you know neither yourself nor your enemy, you will succumb in every.
Network Security Policy Why do I need a network security policy? Dr. Charles T. Wunker.
Rob Smets A user centred approach IPv6 deployment monitoring.
© 2014 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Competitive Dynamics.
Configuring Home Network With OpenDNS
Global Forum V on Fighting Corruption and Safeguarding Integrity (GF V) 2-5 April, 07 Strengthening actions for effective implementation of anti-corruption.
Computer Maintenance & Safety Spring Internet Safety Keeping your computer safe What is a computer virus? A computer program that can copy itself.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Forces that Have Brought the world to it’s knees over the centuries.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Computer and Society Olayele Adelakun (Ph.D) Assistant Professor CTI Office: Room 735 CTI 7th Floor Phone: Fax:
Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
MIS 2211 The Internet from a Technology Perspective A network of networks Comprised of hundreds of thousands of networks (nodes) throughout the world Very.
Internet Scams and Money- Making Models. A way You can be scammed online.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
Basic Computer Cleanup Larry James ResNet Manager.
Herradura, Costa Rica WELCOMES YOU TO. Reminders The 5 Laws that determine all of Life’s Outcomes Look for your transfer information RSPA Certification.
Computer Importance in Children Hundreds of schools in America are still not capable of supplying computer access to students. Was ZapMe a solution?
Implementation - Deployment Methods of deployment –User PC –Network shared (workstation install) –Terminal server –Web Deployment (ActiveX) (Note: this.
Software Firewalls © N. Ganesan, Ph.D.. Module Objectives Explore the features of a software firewall such as Zone Alarm Pro.
World Future Society Washington, DC Executive Office of the President of the United States: The Need for New Capabilities Lessons From Singapore and the.
1 Tradedoubler & Mobile Mobile web & app tracking technical overview.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself and not the enemy, for every victory.
Viruses Reality and Myth. Virus – True or False Computer viruses happen naturally. FALSE.
By William Cook.  How the internet works  How companies pay their bills  How to privately browse the internet.
Use data-driven app marketing to get your app to rank #1 in the App Store and increase ROI.
Mobile IP Device Strategies Ian Moraes, Movius Interactive Corporation.
How to Install Malwarebytes Anti- Malware Software Khushbu Shah ENG 393 May 4 th, 2010.
ColdFusion Security Michael Smith President TeraTech, Inc ColdFusion, Database & VB custom development
Lecture 31 Risk Management. Introduction Information security departments are created primarily to manage IT risk Managing risk is one of the key responsibilities.
Week 1 – Beginners Content McAfee & Big Fish Games CoderDojo.
AN INDIVIDUAL PROJECT FOCUSED ON A SMALL SCHOOL Integrating ICT Sustainability.
JMU GenCyber Boot Camp Summer, Welcome Cyber Defense Boot camp for High School Teachers Cyber Defense Lab (ISAT/CS Room 140) Department of Computer.
Mobile Apps vs. Mobile Sites Which is Becoming King In The War?
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
4 Questions and Two Words for Entrepreneurs David Friedman Member, TechCoastAngels Oct
Transition Career Exploration Workshop Job Search.
INFRASTRUCTURE SELF-ASSESSMENT (ISA) For public and private stakeholders Chad Fullmer Critical Infrastructure Protection (CIP) Office: (907)
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
A centre of expertise in digital information managementwww.ukoln.ac.uk UKOLN is supported by: This work is licensed under a Attribution- NonCommercial-ShareAlike.
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Competitive Dynamics In the Marketplace EMBA Class of 2017.
WEBINAR Fight Fraud And Offer A Better Customer Experience With Voice Biometrics May 18, Call in at 1:55 p.m. Eastern time Andras Cser, Vice President,
In case, you are confronting obstacles while accessing , then it’s better to contact a technician rather than wasting time. Experts are a group of.
JMU GenCyber Boot Camp Summer, 2016
Facebook privacy policy
Combating Identity Fraud In A Virtual World
Unit 1: Marketing Competitor analysis 05/02/2018.
Risk management «Once we know our weaknesses, they cease to do us any harm.» G.C. Lichtenberg.
Know Your Enemy 1 Peter 5:5-9.
Columbus State University
Steven Hartman State Information Security Officer State of Nebraska
How To Fix AOL Desktop Update Error AOL Helpline Number
Project 1 – Twitter Slang Term Extraction
Web Penetration Testing and Ethical Hacking Capture the Flag
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Edvinas Pranculis MM, CISA, CISM
Game Planning If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory.
Benchmarking for Quality Review
Presentation transcript:

Best Practices to Prevent Internet Fraud Presented by: Ori Eisen Founder & Chief Innovation Officer

P.C. Vey, Published by the New Yorker, January 16th, 2006 Start with a laugh…

APRIL 23, 2008 The Art of War – Know Your Enemy If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. - Sun Tzu On the Art of War, about 530 BCE

APRIL 23, 2008 Let’s Play Tag Pros and Cons of Different CDIs –Tag (Flash, Cache, Cookie, etc.) –Tag-less (HTTP headers, Java script, etc.) IP Address is NOT a CDI!!! –Much like your clothes are not part of your DNA

APRIL 23, 2008 Tag You’re Not It VMWare Disable Cookies Uninstall Flash Mobile Devices Do Not Support Flash Anti-virus and anti-Malware delete tags regularly 100% Right or 100% Wrong Good for detecting good people Not good for detecting the medium to highly sophisticated fraudsters

APRIL 23, 2008 Fraud Is NOT a Game of Tag No problemBenefits VMWare Disable Cookies Uninstall Flash Anti-Virus and anti- malware delete tags regularly Mobile devices do not support 100% right or 100% wrong – more right than wrong Good for detecting good people…AND detecting ALL levels of medium to high sophistication of fraudsters

APRIL 23, 2008 Analysis Strategy –Determine how Device ID can augment current fraud systems –Analysis to focus on detecting more fraud $ 1.Record Device Ids for all fraud orders for first 20 days of pilot 2.Match ids against orders in last 10 days 3.Measure following metrics Total fraud $ matched per day Total unblocked $ matched per day % of total fraud $ covered Total orders covered per day False positive rate Analysis Strategy –Determine how Device ID can augment current fraud systems –Analysis to focus on detecting more fraud $ 1.Record Device Ids for all fraud orders for first 20 days of pilot 2.Match ids against orders in last 10 days 3.Measure following metrics Total fraud $ matched per day Total unblocked $ matched per day % of total fraud $ covered Total orders covered per day False positive rate Apple Pilot

APRIL 23, 2008 Results

APRIL 23, 2008 “From that analysis [of the pilot], my conclusion is that tagging is useful for recognizing good guys, but not for stopping fraud. The good fraudsters defeat the tags. The ones that don't are easily caught through more basic tools (e.g., AVS, CVV2, velocities, etc.).” David Moriarty, Ph.D., Apple, Inc. “From that analysis [of the pilot], my conclusion is that tagging is useful for recognizing good guys, but not for stopping fraud. The good fraudsters defeat the tags. The ones that don't are easily caught through more basic tools (e.g., AVS, CVV2, velocities, etc.).” David Moriarty, Ph.D., Apple, Inc. A Customer’s View

APRIL 23, 2008 What Others Say About Us? “A solution that looks beyond HTTP parameters to fingerprint a PC… is now only available from The 41st Parameter. We recommend this option as the strongest clientless CDI option available on the market today.” –After The Cookies Crumble: Alternatives for Client Device Identification (17 February 2007)

APRIL 23, 2008 The First 40 Parameters ABCDEF Order IDOrder TimestampBilling Billing Zip CodeBrowser IP Browser IP Country /13/11 12:17 States /13/11 3:52 States /13/11 4:38 States /14/11 1:30 States /16/11 4:31 States /16/11 5:20 States /16/11 9:15 States /18/11 3:29 States /19/11 12:43 States /20/11 7:34 States /20/11 9:19 States /20/11 11:03 States Order Information and Web Logs Is This Fraud?

APRIL 23, 2008 Still Not Sure? HIJKL Browser Timestamp Browser Time Zone Browser LanguagePCPrint Time Diff (TDL) Seconds 10/11/07 5:17 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /11/07 8:52 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /11/07 9:38 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /13/07 6:30 AM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /15/07 9:31 AM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /15/07 10:20 AM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /15/07 2:15 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /17/07 8:29 AM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /17/07 5:43 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /19/07 12:33 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /19/07 2:19 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD /19/07 4:03 PM3ru-ru7B02A8AC99067CC1168E412B6AA0BF138E76CD How About Now?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.