Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Predicting Fraud Rather than Detecting ItRyan Wilk

ryan.wilk@nudatasecurity.com(385) 242-5561

NuData Security

1

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

DisclaimerThe views and opinions expressed during this conference are those of the speakers and do not necessarily reflect the views and opinions held by the Information Systems Security Association (ISSA), the Silicon Valley ISSA, the San Francisco ISSA or the San Francisco Bay Area InfraGard Members Alliance (IMA). Neither ISSA, InfraGard, nor any of its chapters warrants the accuracy, timeliness or completeness of the information presented. Nothing in this conference should be construed as professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other expert assistance is required, the services of a competent professional should be sought.

2

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Predicting Fraud Rather than Detecting It

The Challenges I Faced Building an In-House system.

3

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

IntroductionRyan Wilk Director, Customer Success at

NuData Security

4

Managed StubHub’s Transactional eCommerce Trust & Safety Group

Founded the Universal Parks & Resorts eCommerce Fraud & Risk Department

Previous

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Predicting Rather than Detecting

1. Rethinking Risk2. Creating a Monster3. Success (and Railings)4. How Risk in the Market is Changing

5

Ryan WilkOctober, 2014 – The Confluence of Many Challenges

Rethinking Risk

6

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Learning the Ecosystem

What is StubHubStubHub’s Unique RiskWhat do you do when fraud occurs

7

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

When fraud occurs: Cancel the ticket? The seller has lost a ticket The buyer has lost a ticket StubHub loses twice

8

StubHub Process

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

The ATO ProblemContaining the issueNumber 1 project at StubHubFull development team dedicatedSolved in four months

9

Ryan WilkOctober, 2014 – The Confluence of Many Challenges

Creating a Monster

10

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Assessing ATO

The account isn’t fraudulentThe current user is fraudulentThe ideal system knows the

intention of the userRecognising the good user

11

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Optimizing In House ToolsAddress Verification Service (AVS) Credit Card Verification Code (CVV2, CVC)Device fingerprintingRules engines

12

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

‘The Monster’ We used a piecemealed group of vendor tools to record

things such as:Device IDIP Address – GeolocationPersonally Identifiable InformationVelocity

Paired or grouped indicatorsRecorded data at key events

13

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Key EventsLoginAdd-to CartChange Address

+ 44 other event flowsData around 47 events generates a LOT of data.

14

Ryan WilkOctober, 2014 – The Confluence of Many Challenges

Measuring SuccessHow did we do?

15

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Measuring SuccessChannels:

Mobile / DesktopPayment method

ChargebacksFraud ratesFalse positives

By the rules engineBy fraud analysts

16

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Our Results

OPEX OptimizationReview Time ReductionQueue Volume ReductionReduced Customer Insult

17

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

Retrospect47 flows was excessiveThe rules used were most

effective when looking for the good user, not the bad

Expensive solutionThere are quicker ways that

provide more ROI in a shorter time

18

Ryan WilkOctober, 2014 – The Confluence of Many Challenges

Changes in the Industry

19

Ryan WilkOctober, 2014 – The Confluence of Many Challenges October, 2014 – The Confluence of Many Challenges

How the fraud prevention market is changingPrediction is beating detectionSeeking good users who are now behaving differently

more effective than seeking bad general traitsBehavior is being used as an uplift to passwordsVendor solutions are more entwined – its easierDiscreet vendors, they are more tightly integrated

20

Ryan WilkOctober, 2014 – The Confluence of Many Challenges 21

Disclaimer

The views and opinions expressed during this conference are those of the speakers and do not necessarily reflect the views and opinions held by the Information Systems Security Association (ISSA), the Silicon Valley ISSA, the San Francisco ISSA or the San Francisco Bay Area InfraGard Members Alliance (IMA). Neither ISSA, InfraGard, nor any of its chapters warrants the accuracy, timeliness or completeness of the information presented. Nothing in this conference should be construed as professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other expert assistance is required, the services of a competent professional should be sought.

Thank you

Ryan WilkRyan.wilk@nudatasecurity.com

(385) 242-5561NuData Security