Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working with the banking sector to prevent and detect criminal money flows on the Internet Dave O’Reilly, Chief Technologist, FTR Solutions Co-funded by.

Published byMelinda Reed Modified over 8 years ago

Similar presentations

Presentation on theme: "Working with the banking sector to prevent and detect criminal money flows on the Internet Dave O’Reilly, Chief Technologist, FTR Solutions Co-funded by."— Presentation transcript:

1 Working with the banking sector to prevent and detect criminal money flows on the Internet Dave O’Reilly, Chief Technologist, FTR Solutions Co-funded by the Justice Programme of the European Union 2014-2020

2 Introduction The mission of FTR Solutions is to increase the security of financial services. Established by Dave O’Reilly in 2012. Anti-fraud/security technology evaluation and selection. Online banking (authentication/authorisation solutions), mobile banking solutions, ATMs (skimming, card trapping, malware solutions). Also expertise in IT/information security and data protection.

3 WORKING WITH FINANCIAL INSTITUTIONS

4 Working with Financial Institutions Who? –Different public institutions will engage with financial institutions in different ways. Some examples: Crime prevention or investigation Intelligence gathering Compliance reporting or investigation “Working with financial institutions to prevent and detect criminal money flows on the Internet”

5 Working with Financial Institutions Who? –Different financial institutions will require different types of engagement. Some examples: Banks Card schemes Payment service providers Foreign financial institutions “Working with financial institutions to prevent and detect criminal money flows on the Internet”

6 Working with Financial Institutions “Working with financial institutions to prevent and detect criminal money flows on the Internet” AwarenessPreventionDetectionResponse Public-private information sharing and analysis. Awareness campaigns for financial institutions. Public-public, public-private and private- private cooperation and information exchange Joint public awareness campaigns. Regulatory and supervisory measures. Appropriate legal framework. Reporting requirements. Analysis for criminal money on the Internet red flags. Specialised high-tech crime units. Appropriate legal framework. Specialised high-tech crime units. Public-public, public-private and private- private response coordination.

7 UNDERSTANDING THE PROBLEM: CRIMINAL MONEY FLOWS ON THE INTERNET

8 Criminal Money Tools and Infrastructure Predicate Offences Laundering Typologies

9 Example Predicate Offences Identity Theft Payment Card Fraud Online Banking Attacks, Misuse and Account Take- Over Confidence Fraud, Including Advance- Fee Fraud and Auction Fraud Investment Fraud, Including Stock Market Manipulation Pyramid and Other Multi-Level Marketing Schemes Child Abuse Materials Sale of Counterfeit Pharmaceuticals Violation of Copyrights and Related Rights Online Extortion

10 Laundering Typologies Money Remittance Providers Wire Transfers Bank Account Take- Over Cash Withdrawals Internet Payment Services Money MulesInternational Transfers Digital/Electronic Currency Purchase Through the Internet Shell CompaniesPrepaid Cards Online Gaming and Online Trading Platforms Third Party Funding (including straw men and nominees) Exploitation of non- face-to-face nature of new payment method (NPM) accounts Complicit NPM Providers or Their Employees

11 Tools and Infrastructure Identity Theft Card Fraud Banking Attacks ConfidenceFraud InvestmentFraud MLM Schemes Child Abuse CounterfeitPharmaceuticals CopyrightInfringement OnlineExtortion Botnets ✔✔✔✔✔✔✔ Malware ✔✔✔✔ Spam ✔✔✔✔ Proxies ✔✔✔✔✔✔✔✔✔✔ Bulletproof Hosting ✔✔✔✔✔✔ Undergroun d Economy ✔✔✔✔ Other ✔✔✔✔✔✔✔✔✔✔

12 CASE STUDY: BANKING MALWARE

13 What is Malware? Malware = “Malicious Software” Many types of malware: viruses, worms, trojans, spyware, adware, rootkits, ransomware. In 2015 over 140 million new types of malware identified, with almost 500 million different types of malware identified in total. –Source: https://www.av-test.org/en/statistics/malware/https://www.av-test.org/en/statistics/malware/ In 2015 Kaspersky alone registered almost 2 million attempted malware infections that aimed to steal money via online access to bank accounts. –Source: https://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky- security-bulletin-2015-overall-statistics-for-2015/

14 What is Malware? Once infected, PCs can be used by fraudsters to perform a variety of tasks. For example: –Send spam –Attack other computers –Monitor user activity –Steal credentials –Install further malware –Pop up ads –Hold customer files for ransom

15 Banking Malware The category of malware specifically designed to target customer’s online banking activity. Principally used to steal customer’s money. However, theft of the customer’s credentials may also allow of transfer funds through the customer’s account.

16 Customer PC Online Bank C&C Server Mule Criminal How does it work? - Example

17 Criminal Money Flows Banking malware (and the corresponding account takeover) represents a challenge by facilitating both a predicate offence (theft of customer funds) and a laundering typology (layering transactions through compromised accounts). AwarenessPreventionDetectionResponse

18 Awareness FI Awareness –Information and intelligence sharing Customer Awareness –Customer education campaigns Public Sector Awareness –Involvement in information sharing initiatives –Public-private cooperation

19 Prevention Customer endpoint protection –Free anti-virus or other software Online banking technical controls –2 factor authentication Transaction controls –Do not allow setting up beneficiaries, particularly international beneficiaries, online

20 Detection Technical controls to detect deviations in customer transaction patterns. For example: –Logins from unusual locations –Unusual transaction patterns –Setting up of unusual beneficiaries

21 Response Public-private cooperation to target criminal infrastructure. –Robust command-and-control (C&C) infrastructure –Often has a limited impact on criminal operations. International investigations

22 Infected PCs “Front end” C&C Server “Back end” Web Server Database Server DNS Server Firewall Infrastructure

23 CASE STUDY: PAYMENT CARD FRAUD

24 Payment Card Fraud Any one of a number of techniques can be used to compromise a customer’s card details; ATM skimming and POS malware being two examples. Captured card details are then frequently traded or sold online using specific websites (carder forums, underground economy).

25 Criminal Money Flows How fraudsters monetise captured card data relates directly to multiple online laundering typologies. Specifically: –Purchases through the Internet –Cash withdrawals –Prepaid cards –Online gaming and online trading platforms –Internet payment services AwarenessPreventionDetectionResponse

26 Awareness FI Awareness –Information and intelligence sharing –Understanding of the criminal use of compromised card details –Understand the relationship between fraud and money laundering Customer Awareness –Customer education campaigns –In particular “cover your PIN” messaging Public Sector Awareness –Involvement in information sharing initiatives –Public-private cooperation

27 Prevention Anti-fraud countermeasures –Anti-skimming –Anti-card trapping –Anti-malware –PIN shields Appropriate information security measures PCI standards, including PCI DSS

28 Detection Technical controls to detect deviations in customer transaction patterns. For example: –Cash withdrawals from unexpected locations –Uncharacteristic purchases –Purchases of goods that are easily resold

29 Response Public-private cooperation to target criminal infrastructure. –Takedown of criminal websites, carding forums International investigations

30 CASE STUDY: ATTACK SIMULATION

31 Responding to Cyber Incidents In 2015, a survey of 1,000 IT Security professionals reported that: –70% of breaches are detected by a third party. –In 46% of cases it took more than four months to detect an incident (and a further three months to mitigate the risk). –73% of respondents believed that their company’s data was vulnerable to being hacked.

32 Case Study: Attack Simulation In 2010, a major cybercrime incident was simulated by Irish financial institutions to assess their readiness. The aim was to explore the impact of a major cybercrime incident on each institution but also on the wider banking sector and the Irish economy.

33 Case Study: Attack Simulation Attendees included all retail financial institutions, industry organisations, law enforcement and prosecutors. Attendees were asked to record their decisions while responding to the incident, which were then analysed and categorised by business function.

34 Case Study: Attack Simulation

35 Key Messages The threat of cyber attacks should not be ignored, even if you have not yet suffered from a cyber incident. A multidisciplinary approach is essential to adequately respond to cyber incidents.

36 Responding to Cyber Incidents Prevention, prevention, prevention: –Employee education –Public education (if applicable) –Security policies/procedures –Strong audit/compliance function –Penetration testing/simulated incidents

37 Responding to Cyber Incidents Detection and Response: –Investment in capability –Intelligence gathering and analysis –Response infrastructure –Evidence preservation –Simulated incidents/exercises

38 SUMMARY

39 Summary A structured approach is needed involving all stakeholders, encompassing awareness, prevention, detection and response. Public sector stakeholders have key roles to play: –Neutral third parties facilitating cooperation and information exchange between competitors –Representing societal interest in reduced levels of financial crime and money laundering –Investigative and prosecutorial expertise, guiding the activities of the private sector actors and leading to increased number of successful prosecutions.

40 Thank You! Any Questions? Dave O’Reilly Chief Technologist FTR Solutions +353 (87) 231 3257 dave.oreilly@ftrsolutions.co m

Download ppt "Working with the banking sector to prevent and detect criminal money flows on the Internet Dave O’Reilly, Chief Technologist, FTR Solutions Co-funded by."

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.

Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Unit 28- Website Development Assignment 1- THEORY P3

Unit 28- Website Development Assignment 1- THEORY P3
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent emails.

Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.

Similar presentations

Ads by Google