Presentation on theme: "NOT FOR UNAUTHORISED DISTRIBUTION www.Alt3.co.uk 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details www.alt3.co.uk."— Presentation transcript:
NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THEFT: 2014 – and beyond. The wholesale organised theft and use of credit card details Alt3 understanding future risks and opportunities
NOT FOR UNAUTHORISED DISTRIBUTION 2 BACKGROUND Pre-2012: mostly small scale theft of credit card details widespread increasing large scale organised crime involvement more value than drugs and arms trade increasing sophistication “cat and mouse” between security and theft increasing sophistication of security some sectors / countries lacking sophistication of security
NOT FOR UNAUTHORISED DISTRIBUTION 3 BACKGROUND : small scale, widespread theft continues notable prevalence of theft by large scale organised crime overall value of theft increasing major input into other areas of organised crime increasing incursions into big business and high profile IP increasing scrutiny from police and security services greater sophistication of card / data security some countries continuing to lag behind - therefore targets
NOT FOR UNAUTHORISED DISTRIBUTION 4 MAIN TARGET 2014: United States Sector:retail Volumes:millions of individual card details - data How:till payment systems Value:$hundreds of millions Route:malware Reason:a lack of sophisticated security and a lack of data standards (PCI DSS) making “whole” data easy to recognise and steal UPSIDE: US companies have a statutory obligation to “go public” as soon as they discover a data breach
NOT FOR UNAUTHORISED DISTRIBUTION 5 EUROPE 2014 – obscuring data... The growth of Near Field Communication (NFC): “contactless” technology that does not leave the CVV or the card holders name The widespread use of chip and pin The widespread use of data standards including separating key data fields Increasing bank and credit card company alerts and exchange of information FUTURE: increasing smartphone contactless enablement increasing following the US lead in reporting data breaches
NOT FOR UNAUTHORISED DISTRIBUTION 6 THE FUTURE New security measures: do not eliminate fraud makes it more difficult to obtain “whole” card data and more difficult to obtain “bulk” data – therefore less value and less attractive to organised crime European Regulators will be able to bestow fines up to 5% of the WORLDWIDE revenue of companies that lose data. some companies investigating “insurance” to help pay for potential fines. increasing strict data standards and identification / security around the data pathways the new targeting of the core data of financial companies and data repositories new security measures required around core data
NOT FOR UNAUTHORISED DISTRIBUTION 7 WHAT NEEDS TO BE DONE Retailers need to: be more aware of the entire payment lifecycle analyse in detail the data pathways and determine / mitigate the inherent weaknesses including technology weakness, internet transactions AND cross border data movement determine future weaknesses and assess technology / process to mitigate share security information / advances with others in the same position – there is no point “re-inventing the wheel”. Shared security means greater security encourage greater responsibility from customers greater targeting of organised crime by national / international security services
NOT FOR UNAUTHORISED DISTRIBUTION 8 WHAT NEEDS TO BE UNDERSTOOD Bad things don’t just happen to someone else. Security is important. Don’t be the next victim and lose hard won customer confidence.
NOT FOR UNAUTHORISED DISTRIBUTION 9 Thank you. If you don't understand the risks, how can you prepare? Can you afford to let the issues be blurred?