1 28-apr-15 © intellinx ltd. all rights reserved.intellinx ltd. all rights reserved yonel stifel...

1Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Yonel Stifel Carja,

CEO, Co-Founder

MESTE S.A.

2Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Leading provider of enterprise fraud detecting & preventing prevention solution and information leakage

Company established in January 2005 after successful sale of Saratec to Software AG in Germany

Over 90 customers worldwide

A worldwide chain of local partners

About IntellinxAbout Intellinx

3Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Between Intellinx Customers………..

Banking & Finance Insurance Government Healthcare and Retail

4Apr 18, 2023

Between Intellinx Customers in Chile..………

5Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

…Except for Authorized User Access

LAN

Application Server Database Server Mainframe

Web Server FTP Server Mail Server

DMZ

Internal User Internal User Internal User

WEB

Firewall

VPN Gateway

Remote User

Every Element is Secured…

Existing Security Solutions

6Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

7Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Data Capture

Network sniffing: transactions, screens, intra-application messages, database access

Log files and databases

Reference Data

Forensic Audit Trail

“Google like” search on captured data, e.g. Who accessed a specific customer account in a specific timeframe?

Captured data is encrypted and digitally signed - potentially admissible in court when needed

Analytics

Dynamic Profiling and scoring of various entities

Customizable business rules

Real-time alerts

New rules may be applied after-the-fact

Investigation Workbench and Case Management

Manage Cases, Alerts and Incidents

Flexible Reporting

Control parameters of rules, profiles and scoring

Intellinx – Enterprise Fraud Prevention

8Apr 18, 2023

Detection Methods

Peer group anomaliesHomogeneous peer groups

Historic behavior patterns anomaliesProfiling of user, account, customer or other entities

Excessive links between a user and certain accounts/ customersIn Call center links are normally random

Specific suspicious scenariosAddress change followed by re-issuing a credit card

Correlate HR information with user activitySimilar address to customer and employee

Correlate user activity with known external fraud casesExcessive access of a user to external fraud of credit cards before fraud occurred

Application Honey PotsOpen higher permissions to suspicious users and monitor closely their activity

9Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Dynamic Profiling

Dynamic definition of profiles for any entity:End-Users AccountsCustomersAny other Entity

Time Dimension: Hour, Day, Week, Month

Sample Behavior Attributes:Working hoursNumber of transactions per dayTotal amounts of transfers per dayTotal amounts of deposits per dayNumber of dormant accounts accessed per dayNumber of changes to dormant accounts per dayNumber of account address changes per dayNumber of beneficiary changes per dayNumber of VIP queries per day

Number of changes to account statement mailing frequency per weekNumber of credit limit changes per day

10Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Rule Libraries

Over 150 predefined rules for detecting internal fraudBanking

Insurance

Information Security

Developed by experts in internal fraud detection (ex-KPMG)

Based on accumulated experience of Intellinx customers

Established on a generic business model - can be configured to specific organization’s business processes and applications

Banking: Account Takeover, Unauthorized Customer Limits Bypass, Money Transfer Redirection, Shell Accounts

Insurance:Customer Management, Policies Management, Claims Processing, Agents

11Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Agent-less network traffic sniffing

No Impact on performance

Highly scalable architecture

Very short installation process (several hours), with no risk to normal IT operations

Recordings stored in extremely condensed format

Recording data is encrypted and digitally signed – potentially admissible in court when needed

The Intellinx Technology

Monitored Platforms:

IBM Mainframe: 3270, MQ, LU0, LU6.2

IBM System i: 5250, MPTN

Web: HTTP/ HTTPS

Client/Server: TCP/IP, MQ Series, MSMQ, SMB

Telnet, VT100, SSH

Oracle (SQLNET), DB/2 (DRDA), MS SQL(TDS)

SWIFT, FIX, ISO8583 (ATM), others

12Apr 18, 2023

Monitored Environment

Mainframe

Network Switch Existing Data Sources

• Databases

• Reference

• Log Files

Web Server

Client/ Server

AS 400

External Users eBusiness customers

Internal Users

Database Server

•Business User•Privileged IT User

tables

IntellinxFunctions Search Engine

Investigation Center &Case Manager

Data Collector & Consolidator

Visual Audit Trail Analyzed Data

Analytic Engine

Intellinx – General Architecture

IntellinxUsers

•Visual replay

•Google like search

•Reports

•Google like search

•Alerts•Cases•Profiles

Auditors Compliance Officers Fraud Investigators

13Apr 18, 2023

Scalability

Enterprise Operational Environment

Internal Web Server

NetworkSwitch

MessageQueue

ApplicationServer

Mainframe

ApplicationServer

ApplicationServer

Intellinx Sensor

Intellinx Sensor

Intellinx Sensor

Intellinx Sensor

Intellinx Analyzer

Intellinx BacklogDatabase

Intellinx Distributed Environment

USA UK Hong Kong

HTTP Traffic Client/Server Traffic

TerminalEmulationTraffic

MQTraffic

API Data

14Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

15Apr 18, 2023

Insider Fraud Examples

16Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

How can we Automatically detect the Red Flags and

avoid false alerts?

Stealing from Dormant Accounts

17Apr 18, 2023

18Apr 18, 2023

19Apr 18, 2023

20Apr 18, 2023

21Apr 18, 2023

22Apr 18, 2023

23Apr 18, 2023

24Apr 18, 2023

25Apr 18, 2023

26Apr 18, 2023

27Apr 18, 2023

28Apr 18, 2023

29Apr 18, 2023

30Apr 18, 2023

31Apr 18, 2023

32Apr 18, 2023

33Apr 18, 2023

34Apr 18, 2023

35Apr 18, 2023

36Apr 18, 2023

37Apr 18, 2023

38Apr 18, 2023

39Apr 18, 2023

40Apr 18, 2023

41Apr 18, 2023

42Apr 18, 2023

43Apr 18, 2023

44Apr 18, 2023

45Apr 18, 2023

46Apr 18, 2023

47Apr 18, 2023

48Apr 18, 2023

49Apr 18, 2023

50Apr 18, 2023

51Apr 18, 2023

52Apr 18, 2023

53Apr 18, 2023

54Apr 18, 2023

55Apr 18, 2023

56Apr 18, 2023

57Apr 18, 2023

58Apr 18, 2023

Internal fraud examples:Credit Card Back Office Detection Rules

Customer ManagementAddress change and card re-issue in x days (e.g. 5 days)Change in customer's mailing status (mailing stopped or redirected)More than x blocked accounts unblocked in one day

Data TheftVIP account browsingOther employee account browsingMore than x accounts viewed in 1 day total credit limit more than $YUser following same customer for a period of time

Credit ManagementCredit limit change after working hoursCredit limit increase by X% or moreCredit limit increase for more than $XMore than one credit limit increase in one month for the same accountNew credit card that will not be sent to customer (but collected from company)Change in credit card bank account to employee's bank accountPostponing of credit card billing dateCard re-issue requested within 10 days of an address change

Employee's AccountsMerchant bank account similar to employee bank accountNew loan to employee's credit card or bank accountChange in employee's account by the employee

59Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Insiders Case #2: The Deterrence Factor of Real-time AlertsA Credit Card Company Case Study

Security officers start calling on suspects

First employee is laid off

Rule implemented

1 2 3 4 5 6 7 8 9 10

100

Weeks

Ale

rt#

pe

r W

ee

k

80

60

40

20

0

Alerts on Celebrity Accounts Snooping

60Apr 18, 2023

Proactive Detection

Intellinx Rules for Detecting “Borrowing” Co-Workers Credentials

Same User-ID logged-in twice from different IPs at the same time

Several User-IDs logged-in consecutively from the same IP

User logged-in without scanning his badge earlier through the physical entry system

Abnormal after working hours activity

61Apr 18, 2023

Information Leakage Demo

Sensitive information pertaining to account number 5180774 has been leaked to an external source sometime between April 16th and 23rd of 2006.

Who Accessed the Sensitive

Information?

62Apr 18, 2023

63Apr 18, 2023

Profiling of Call Center Agents

Mainframe – Sensitive

Web Application

Call Center Representative

sCustomer Information

Call-Center

64Apr 18, 2023

65Apr 18, 2023

There has been indication that Mainframe program TRAN023 has been performing strange database activity which cannot be explained by reviewing its source code.

Internal Sabotage

What's Wrong with this Program?

66Apr 18, 2023

67Apr 18, 2023

External Fraud Examples

68Apr 18, 2023

ATM Rules

Two ATM/Credit Cards transactions on physical POS that are geographically distant, within a short period of time

Two ATM failed pins events that are in geographically distant locations, within a short period of time

ATM/cc transaction out of profile, based on amount, day of month, day of week, time of day, geography

Many consecutive transactions on a specific ATM in out of profile time of day, frequency of transactions

Small amount ATM transaction that is out of profile

Many "cancelled" ATM transactions on the same ATM within a short period of time

ATM transaction type that is out of profile (irregular "balance check" for example)

69Apr 18, 2023

Regulatory Compliance

70Apr 18, 2023

PCI - Requirement 10Automated audit trails for reconstructing:

• All individual user accesses to cardholder data

• All actions taken by any individual with root or administrative privileges

Privacy Regulations – HIPAA, GLBA, EU Directive 95/46Detailed logging: Who? Did What? To which data? When? Where from? How?

Read access included in the audit trail

Sarbanes-Oxley / Basel IIAdd effective controls to sensitive processes that affect the financial reports

Add Compensating controls for:• Tracking privileged users activity

• Ensuring segregation of duties

• Monitoring Change Management

FACTA Identity Theft Red FlagsReal-time alerts on identity theft indicators

Intellinx for Regulatory Compliance

71Apr 18, 2023

Intellinx for Compliance with AML and KYC

Capture account and customer activity across multiple channels:Online activity of employees in the corporate applications

Back office processes

Customer activity in Internet Banking applications

ATM activity transmitted in ISO8583 protocol

Inter banking activity transmitted in FIX, SWIFT and other protocols.

Comprehensive profiling at the account, customer and branch level

Real-time and off-line alerts

Investigation workbench and case management

Flexible reporting

72Apr 18, 2023

AML rules

73Apr 18, 2023

74Apr 18, 2023

75Apr 18, 2023

77Apr 18, 2023

78Apr 18, 2023

79Apr 18, 2023

80Apr 18, 2023

81Apr 18, 2023

82Apr 18, 2023

83Apr 18, 2023

84Apr 18, 2023

87Apr 18, 2023

88Apr 18, 2023

Protecting Employees and Customers Privacy

Intellinx does not record any activity that runs on the employee's workstation but only access to the business applications

Only authorized users are allowed to access the Intellinx system.

The system can be configured to monitor specific applications or users only, while other information is filtered out and dropped.

Specific fields and screens which contain highly sensitive data can be masked so the auditor using Intellinx cannot view them.

Every access to the Intellinx system and every action performed within the system is logged allowing detailed audit of which user performed which action.

Fields identifying a user identity (e.g. user-id or terminal-id) can be hidden by the system when a visual replay is performed.

89Apr 18, 2023

What Customers Say about Intellinx

Equifax, Tony Spinelli, Chief Security and Compliance Officer

“Information security is a cornerstone of our business and, as a company, we are committed to placing the highest standards on data protection.”

“Intellinx enables us to enhance our security monitoring capability by providing a reporting platform that allows our fraud investigators to visually replay screen data of both current and historical transactions and receive real-time alerts on suspicious events.”

State of Delaware, Ms. Peggy Bell, Executive Director, Delaware Criminal Justice Information System (DELJIS):

“The Intellinx results have been bigger than even we expected:

Overwhelmingly jaw dropping successful

The logging system performed fantastically better than expected

Turn around time with Intellinx system was fabulous

Breach investigation time decreased by more than 90%

Potential threats to officer and public safety are reduced.”

90Apr 18, 2023

Summary

Keep end-users accountable by -

A visual forensic audit trail including user queries

Become proactive in enterprise fraud by -

User profiling based on true user behavior analysis

Real-time Alerts

Conduct after-the-fact investigations by

Applying new rules to pre-recorded data

Comply with key requirements of government regulations

Exceptional out-of-the-box value – Full recording and cross-platform search

► No Agents ► No Overhead ► No Risk

The Intellinx Unique Business Value

91Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

yonel@meste.cl

www.meste.cl

56-2-3431659

www.intellinx-sw.com