Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats Facing Industry –

Published byMarisa Abate Modified over 6 years ago

Similar presentations

Presentation on theme: "Threats Facing Industry –"— Presentation transcript:

1 Threats Facing Industry –
and other TLAs DT Fraud Conference 11th April 2018 Andrew Churchill Lead Author, British Standard in Digital Identification & Authentication

2 TFI TLA TPP TTP TFA TRA TSC

3 TSC – why should we care?! Treasury Select Committee
Holding HM Treasury & our regulators to account Parliamentarians’ perspective Hence driven by MPs mailbox Brought us the Payment Systems Regulator

4 TSC call for evidence Treasury Select Committee
Call for evidence April 2018 Consumers & Economic Crime Regulatory landscape, including weaknesses Scale and nature of economic crime faced by consumers, including emerging trends Response of HMT/associated bodies Effectiveness of financial institutions Potential for technology & innovation to combat economic crime Security of consumer data Anti-money laundering, counter-terrorist financing, sanctions regimes

5 Collateral damage – UK impact of US EMV migration

6 Type 2016 2017 % Total 768.8 731.8 Debit/Credit 618.1 566 CNP 432.2 409.4 Ecom 310.3 310.2 MOTO 122 99.1 Lost 96.3 92.5 Not received 12.5 10.1 0.808 Counterfeit 36.9 24.2 ID 40 29.9 0.7475 Face-to-face 62.8 61.8 ATM 43.1 37.2 UK 417.9 406.6 Overseas 200.2 158.4 Remote Banking 137 156.1 Internet bank 101.8 121.4 Telephone banking 29.6 28.4 Mobile banking fraud 5.7 6.3 Cheque 13.7 9.8 Authorised push payment 236

7 Payment Systems Regulator’s forward plan
Consumer protection Authorised Push Payment (APP) scams £236 million 40,000+ cases Circa £5,000 average loss £61 million reimbursed £175 million not-reimbursed

8 Authorised Push Payment scams – Current MO
‘Social Engineering’ ‘CEO fraud’ – hardly new Requires (minimal) research Manual approach Business victims

9 Authorised Push Payment scams – Expected MO - TPPs
‘Social Engineering’ by proxy Trusted Third Party – hardly new Established cryptographic term Third Party Providers - new PSD2 move to benefit consumers PSD2 move to benefit criminal Fully automated approach possible Consumer victims

10 Assume Compromise – Assume Data Exposed

11 IoT - Interconnectivity of Everything Malware Pandemics and the Compromise of Everything

12 Distributed Trust in an IoT world - not just buying too much milk!

13 This morning’s latest trends – yet again Malware but also Ransomware to target CNI - Wannacry

14 TPPs and TFAs at TSC "There is going to be a very interesting trade-off between innovation to increase competition and security. As a regulator, security is going to have to play a big role in this. If we went over to something that appeared very good from the point of view of competition but opened the system up [to threats] that would be a mistake.“ … "The more complex your systems are arguably the more weaknesses and points of entry there may inevitably be.“ Andrew Bailey, CEO, Financial Conduct Authority Treasury Select Committee, 8/11/16

15 Two Factor Authentication
Handling TFAs Two Factor Authentication ‘Strong Authentication’ - Mandates multi-factor authentication, but now brings in some interesting caveats, as one or both of these factors: 1) must be mutually independent, i.e. the breach of one does not compromise the other(s); 2) should be non-reusable and non-replicable (except for inherence); 3) designed in such a way as to protect the confidentiality of the authentication data; 4) not capable of being surreptitiously stolen via the internet.

16 Handling Dynamic TFAs ‘For remote transactions, such as online payments, the security requirements go even further, requiring a dynamic link to the amount of the transaction and the account of the payee, to further protect the user by minimising the risks in case of mistakes or fraudulent attacks.’ What Techniques Fit?

17 What Techniques Fit?! Could use CAP reader to digitally sign every transaction!

18 Handling TFAs – emerging standards
Payment Systems Regulator’s Strategy Forum Solution 4: Guidelines for Identity Verification, Authentication and Risk Assessment 5.75. We will align with current industry initiatives (e.g. Mobile Identity Authentication Standard (MIDAS) or Electronic Identification and Signature (eIDAS)) during the initial design phase.

19 Avoiding TFAs – TRA Transaction Risk Analysis
Transaction Risk Analysis - limitations Below tiered fraud basis points ‘no malware’ Different consumer experience But still need to be able to use SCA Which requires enrolment to have been done to standards applicable for SCA So, if SCA designed correctly, why would you need to revert to TRA?

20 TSC call for evidence Treasury Select Committee
Call for evidence April 2018 Consumers & Economic Crime Regulatory landscape, including weaknesses Scale and nature of economic crime faced by consumers, including emerging trends Response of HMT/associated bodies Effectiveness of financial institutions Potential for technology & innovation to combat economic crime Security of consumer data Anti-money laundering, counter-terrorist financing, sanctions regimes

Download ppt "Threats Facing Industry –"

Similar presentations

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
© 2014 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.

© 2014 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
1 CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group 2010 Alaska Credit Union League Annual Meeting.

1 CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group 2010 Alaska Credit Union League Annual Meeting.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
11 – E-Commerce 1. What is Electronic Commerce? 2. What is a contract? 3. Elements of an enforceable contract 4. Standard terms of a contract 5. Form and.

11 – E-Commerce 1. What is Electronic Commerce? 2. What is a contract? 3. Elements of an enforceable contract 4. Standard terms of a contract 5. Form and.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
© 2014 CustomerXPs Software Pvt Ltd | www.customerxps.com | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.

© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )

Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.

Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.
Controlling Fraud Risk Exposure and Loss Sherri Goodman Director of Fraud Operations September 22, 2005.

Controlling Fraud Risk Exposure and Loss Sherri Goodman Director of Fraud Operations September 22, 2005.
Internet Banking Key Issues Internet Banking Working Group May 14, 1998.

Internet Banking Key Issues Internet Banking Working Group May 14, 1998.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Biometrics Applications - III October 26, 2005.

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Biometrics Applications - III October 26, 2005.
The Digital Agenda for Payment Services

The Digital Agenda for Payment Services
U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.

U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.

Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.

Similar presentations

Ads by Google