Date post: | 22-Nov-2014 |
Category: |
Economy & Finance |
Upload: | european-merchant-services |
View: | 401 times |
Download: | 0 times |
Online fraud is still a big problem and as long as the number of online shoppers continues to grow, so will the
number of fraud cases. According to the European Central Bank there were 7.9 million cases of fraud with a value
of 1.16 billion euros in 2011 of which 56% took place in e-commerce.
European Merchant Services organizes the EMS RISK EVENT annually for retailers who are active in e-commerce
and multichannel. It is an excellent opportunity to increase your knowledge in the field of online fraud, risk
management and advanced fraud prevention and detection tools. We help you to stay ahead of online fraudsters
and to protect your online business by sharing the knowledge and experience of our fraud and risk experts, our
customers and our partners.
Do you want to attend next year’s EMS RISK EVENT?
Please contact the EMS Marketing Department at T +31 20 660 3054 or send an email to
[email protected]. For more information visit www.emscard.com/riskevent
Follow us on:
PID#
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
PCI Forensic Investigations
Presented by Ben Van Erck
EMEA RISK team
4Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
4
PROPRIETARY STATEMENT
© 2013 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services
are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries.
All other trademarks and service marks are the property of their respective owners.
This document and any attached materials are the sole property
of Verizon and are not to be used by you other than to evaluate Verizon’s
service.
This document and any attached materials are not to be disseminated,
distributed, or otherwise conveyed throughout your organization to
employees without a need for this information or to any third parties
without the express written permission of Verizon.
5Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
5
INTRODUCTION
6Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
6
RISK Team: More than an acronym
RESEARCH
INVESTIGATIONS
SOLUTIONS
KNOWLEDGE
7Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
7
OUR TEAM•Diverse investigator backgrounds
•Licensed private investigators
•Truly global coverage — 24x7
-Investigators based in 16 countries
-Forensic labs and evidence storage facilities
in America, Europe, and Asia-Pacific
•No subcontractors
•Global PFI Firm
OUR SERVICES•IT investigative support (on-demand)
•Guaranteed response (retainer-based)
•eDiscovery and litigation support
•PCI forensic investigations
•Electronic data recovery/destruction
•Incident response training
•Mock-incident exercises
•Corporate IR program development
VERIZON RISK TEAM HAS INVESTIGATED 8 OUT OF 10
OF THE WORLD’S LARGEST DATA BREACHES
(http://www.idtheftcenter.com/)
RISK TEAM OVERVIEW
8Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
8
DATA BREACHES
9Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
9
10Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
10
The DBIR analyzes forensic evidence to
uncover how sensitive data is stolen from
organizations, who’s doing it, why they’re
doing it, and what can be done to prevent it.
11Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
11
VARIED MOTIVATIONS VARIED TACTICS
• Aim is to maximize disruption
and embarrass victims from
both public and private sector.
• Use very basic methods and are
opportunistic.
• Rely on sheer numbers.
• Motivated by financial gain, so
will take any data that might
have financial value.
• More calculated and complex in
how they chose their targets.
• Criminals are now trading
information for cash.
• Often state-sponsored.
• Driven to get exactly what they
want, from intellectual property
to insider information.
• Often state-sponsored, use most
sophisticated tools to commit
most targeted attacks.
• Tend to be relentless.
WHO ARE THE ATTACKERS?
12Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
12
THIS YEAR’S BIGGEST THREATS?
SAME AS LAST YEAR’S.
WHAT TO WORRY ABOUT
• Very few surprises, mostly variations on theme.
• 75% of breaches were driven by financial motives.
• 95% of espionage relied on
plain old phishing.
• Well-established threats
shouldn’t be ignored.
13Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
13
• The weak links haven’t changed much:
–Desktops 25%
–File servers 22%
–Laptops 22%
• Unapproved hardware accounts
for 43% of misuse cases.
WHAT DO ATTACKERS TARGET?STILL THE TRADITIONAL ASSETS.
WHAT TO WORRY ABOUT
14Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Difficulty of initial compromise
14
15Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
15
• In 84% of cases, initial compromise took hours or less.
WHAT TO WORRY ABOUT
QUICK TO COMPROMISE
16Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
16
SLOW TO DISCOVERY
• 66% of breaches went undiscovered for months…
… Or even years.
QUICK TO COMPROMISE
WHAT TO WORRY ABOUT
17Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Discovery methods
17
RECOMMENDATIONS
19Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
19
ADDITIONAL INFORMATION
• Download DBIR – www.verizonenterprise.com/dbir
• Learn about VERIS - www.veriscommunity.net and http://github.com/vz-risk/veris
• Explore the VERIS Community Database:
http://public.tableausoftware.com/views/vcdb/Overview and learn more about this
data http://veriscommunity.net/doku.php?id=public
• Ask a question – [email protected]
• Read our blog - http://www.verizonenterprise.com/security/blog/
• Follow on Twitter - @vzdbir and hashtag #dbir
20Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
20
PCI FORENSIC INVESTIGATIONS
21Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
21
WHAT ARE WE TRYING TO ACHIEVE?
GOALS OF A PFI INVESTIGATION
1) Mobilize and respond to the potential security breach and assist in efforts to mitigate
further damage;
2) Investigate the security breach and identify, to the extent possible, the source of the
security breach;
3) Ascertain, to the extent possible, any compromised cardholder data and provide at-
risk information to the respective owners to minimize any impact to the consumer
and customer;
4) Identify, to the extent possible, any other details of evidentiary value relative to the
security breach; and,
5) Transition, if and only as directed by the customer, any evidence and findings to law
enforcement.
22Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
22
WHAT IS EXPECTED OF YOU?
VICTIM RESPONSIBILITIES
1) Retaining evidence of compromise;
2) Hire a PFI; (list of approved PFI’s on PCI SSC website)
3) Cooperate with the PFI, acquirer, and/or Participating Payment Brand;
4) Allowing the PFI to drive the PFI Investigation;
5) Participating in discussions with affected Participating Payment Brands and the PFI;
6) Resolving any security weaknesses identified;
7) Notifying acquirers and Participating Payment Brands; and,
8) Notifying and working with law enforcement as applicable.
23Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
23
KEY DEADLINES
VICTIM RESPONSIBILITIES
Notification of the brands involved:
- “Immediately”
After notification that PFI is required:
-Identify PFI within five (5) business days;
-Ensure that the PFI is engaged within ten (10) business days; and
-The PFI must be onsite within five (5) business.
Reporting:
-Preliminary Incident Response Report - five (5) business days;
-Final Incident Report - ten (10) business days;
-PIN Security Requirements Report - ten (10) business days;
-Monthly Status Reports
24Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
24
DBIR: www.verizon.com/enterprise/databreach
VERIS: www.veriscommunity.net/