using big data to detect & reduce fraud, 9th april 2014welcome & introductions using big...
TRANSCRIPT
Welcome & Introductions
Using Big Data to Detect & Reduce Fraud, 9th April 2014
On the Internet…
Mission statement: To provide expert advice and consultancy for fraud detection & prevention and to be recognised as industry experts
• Key offerings
– Operational & strategic reviews, gap analysis – Vendor neutral advice & vendor engagement – Specification & delivery support – Investigations – Project management – Training & awareness
• Experience cross-sector in multiple geographies
Fraud Consulting Ltd
©Fraud Consulting 2013 3
Our team members engage, contribute and collaborate with like-minded bodies, associations and thought leaders
Participation with Anti-Fraud Associations & Forums
Introductions
• When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.
Chatham House Rule
• What is your experience level with regards to fraud, cybercrime & big data?
• What are you goals?
©Fraud Consulting 2013 7
Quick Questions
Agenda
• 09:00 Introductions
• 09:10 Key Factors Surrounding Cybercrime & Fraud
• 10:30 Coffee & Networking Break
• 10:45 Tools & Technology
• 12:15 Lunch
• 13:15 Compliance, Regulation & the Law
• 14:45 Coffee & Networking Break
• 15:00 Operational Challenges
• 16:30 Workshop Close
Key Factors Surrounding Cybercrime & Fraud
Using Big Data to Detect & Reduce Fraud, 9th April 2014
• Some Definitions
• True Costs
• Current Trends
• Defining threats & risks for your organisation
Topics
• Some Definitions
• True Costs
• Current Trends
• Defining threats & risks for your organisation
Topics
• Workshop Objectives
• What does “Big Data” mean to you?
• What does Fraud mean to you?
Discussion
• Put simply: “The obtaining of services or facilities that you are not entitled to.”
• Cybercrime and fraud have become highly interrelated
– Anonymous nature of the internet
– Changes in the way we live and work
What is Fraud
The Fraud Triangle
Fraud
Pressure
(Motive)
• Exercise: What types of cybercrime are you familiar with?
Some Terms & Definitions
Some Terms & Definitions
Malware
Phishing
Back door
Man in the middle
Hacking
Domain Hijacking
Typo-squatting
SMiShing
Spoofing
Tabnapping
Trojans
SIM box
VoIP
Vishing
Spamming
Randsomware
Snarfing
DoA / DoS attack
Social engineering
Internal & staff
Pharming
Boiler room
Data leaking
Cyber bulling
Scareware
Pod slurping
Tapping
SQL Injection
Money Laundering
The basic money laundering process has three steps:
1. Placement 2. Layering 3. Integration In recent years there has been a steady increase in regulation around Anti-Money Laundering, however the open and anonymous nature of the internet provides many challenges
Bribery & Corruption
• EU Anti-Corruption report: – Costs: €120b a year?
– Urban development and construction are sectors where corruption
vulnerabilities are usually high across the EU. They are identified in the report as being particularly susceptible to corruption in some Member States where many corruption cases have been investigated and prosecuted in recent years.
– The Report calls for stronger integrity standards in the area of public procurement and suggests improvements in control mechanisms in a number of Member States.
– http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/organized-crime-and-human-trafficking/corruption/anti-corruption-report/index_en.htm
Defining Cybercrime
• What are the drivers & motivations? – To make a gain or profit
– Political statements / Hacktivism
– Terrorism
– Espionage, spying
– Governments, cyberwarfare
• The term “cyber” for many is scary and worrying. In reality our use of technology is a facilitator for age old crimes and risks.
• Tendency to focus on the technical elements and forget the human factors
• Some Definitions
• True Costs
• Current Trends
• Defining threats & risks for your organisation
Topics
Fraud in the UK: A £52b Problem?
“Identified Fraud” “Hidden Fraud”
Stats, Stats, Stats
• UK: Action Fraud received 58,662 cyber-enabled frauds and 9,898 computer misuse crime reports from the period March 2012 to February 2013
• $114 Billion cost worldwide (Norton)
• Cybercrime may reach$100 Billion annually (CSIS)
While useful, use industry stats with caution!
What is Fraud Costing You?
• Goods, Lost revenue
• Staff / time, Intellectual property Direct costs
• Reputational Damage
• Goodwill Indirect Costs
• Sanctions, Fines
• Legal, Compensation Regulatory
• Hardware, Software
• Staff, Investigations Cost of controls
Are you making the right measures? What are your KPIs?
• Some Definitions
• True Costs
• Current Trends
• Defining threats & risks for your organisation
Topics
Trends: Internet Growth
Source: United Nations / International Telecommunications Union
©Fraud Consulting 2013
Trends: Internet Growth
Source: United Nations / International Telecommunications Union
0
50
100
150
200
250
300
350
400
450
500
Brazil China India Iran Mexico Nigeria Pakistan Philippines Russia USA
2007-2010 New Additions (m)
2010 Total Internet Users (m)
Trends: “Hacktavism”
Trends: Malware
Trends: Data Breaches
Trends: Data Breaches
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Trends: Criminal Underground Economy
34 Quatrro Confidential
Trends: How We Work Today
• Bring Your Own Device
• Cloud computing
• Remote working
• Device diversity: Laptop, smartphone, tablet…
Case Study: Identity Theft
Identity Thief
Prospective Customer
Broker / Agent
Existing Customer
Trusted 3rd Party
Member of Staff (Willing or
Forced)
Hacker
Confidence Trickster
Impersonation (Living or
Deceased)
Opportunist
Methods
Dumpster Diving
Redirections (eg Post)
Public Data Records
Data Theft,
Hacking
Internet / Social
Networks
Phishing, Pharming
Cold Calling,
Grooming
Inside Information
/ Access
Infiltration
Malware
Purchasing
Synthetic Identity
Identity Fraudster
Harvest / Acquire Data
Corporate Identity Theft
Obtain Goods / Services
Contact Customers
Extortion Fake Invoice /
Hijack VAT / Tax
Fraud
Personal Identity Theft
Credit / Debit Card Fraud
Account Takeover
Impersonation Application
Fraud Mail
Redirection
An Example Theft
Cybercriminals
• “Professional” Industry
• Global & co-ordinated
• Well funded
• Excellent marketing and distribution of tools, techniques
and data
• Non-competitive
• Share / Sell Data
• Not constrained by bureaucracy
Key Players in Criminal Underground
Hackers/Malware & Exploit Creators
Identify weaknesses and exploits and create malware or hack in to payments systems and other systems to acquire data
Malware Distributors & Phishers
Distribute malware through phishing, smishing, drive-by downloads, watering hole attacks and other social engineering schemes
C&C/VPN/Bulletproof Hosting
Provide the tools to maintain anonymity and reduce chance of being shut down
Money Mules Perform the money movement – cash out at ATMs, accepting electronic transfers
Mule Recruiters Provide a pool of money mules acquired through work from home schemes, social engineering or compromised accounts
Skimmers Build or buy and place skimming devices to collect track data and PINs
Marketplace Operators Provide online stores for skimming devices, fraud services, malware and personal information
Criminal Underground Economy Example
44
Quatrro Confidential
Criminal Underground Economy Example
Criminal Underground Economy Example
Quatrro Confidential 47
Criminal Underground Economy Example
• Some Definitions
• True Costs
• Current Trends
• Defining threats & risks for your organisation
Topics
• What fraud issues have you experienced?
• What fraud typologies are applicable to your organisation? – Eg Phishing, hacking, money laundering, first party
fraud
• What are the possible fraud risks for your organisation? – Website offline due to attack, customer identity
stolen, staff collusion
Defining threats & risks for your organisation
Key Factors Surrounding Cybercrime & Fraud
Using Big Data to Detect & Reduce Fraud, 9th April 2014
Tools & Technology
Using Big Data to Detect & Reduce Fraud, 9th April 2014
• Challenges
• Type of tools for “Big Data”
• Big Data Approaches for Fraud Detection
• Data Sources
Topics
• Challenges
• Type of tools for “Big Data”
• Big Data Approaches for Fraud Detection
• Data Sources
Topics
Challenges
• Moore's law is the observation that, over the history of computing hardware, the number of transistors on integrated circuits doubles approximately every two years.
• The worlds technological per-capita capacity to store information has roughly doubled every 40 months. (Wikipedia)
• In 2012 2.5 quintillion bytes of data were created (2.5 x 1018) daily (Wikipedia, IBM)
Challenges: Moore's Law
Quatrro Confidential 56
Challenges: Layered Security
Layered Security
People
Process Tech
Challenges: Layered Security
Onboarding & CDD
Customer Authentication
Transaction Monitoring
Behavior Monitoring Session Monitoring
Incident Analysis
Insider Monitoring
Risk Assessment
• Fraud patterns can be difficult to model
• Take care not to make false correlations
• Evaluate the data quality
Challenges: Modelling Fraud
Challenges: Modelling Fraud
http://wp-abtesting.com/correlation-vs-causality-and-why-this-matters-in-conversion-optimization/
Challenges: Modelling Fraud
http://blogs.scientificamerican.com/the-curious-wavefunction/2012/11/20/chocolate-consumption-and-nobel-prizes-a-bizarre-juxtaposition-if-there-ever-was-one/
• Data retention – Physical storage – Backups
• Searching data / algorithms. Say we have a 100 fold increase in data – Linear algorithm: Takes 100 times longer – O(N^2) algorithm: Takes 10,000 times longer
• Moore’s law doesn’t help when it comes to an explosion of data volume! We have to be smart in our strategies
Challenges: Cost of Data
Challenges: Turning Data into Intelligence
• Evaluate the data, turn data into information
• Understand how to query the information, what is the underlying data telling us?
• Convert information into intelligence
• Challenges
• Type of tools for “Big Data”
• Big Data Approaches for Fraud Detection
• Data Sources
Topics
• Many organisations have enterprise data warehouses (EDWs) and using business intelligence (BI) tools, however…
• Big Data is about predictive analytics and making the most from data. This may include: – Advanced statistical algorithms – Data mining – Machine learning algorithms
• Many of these techniques are not new, but big data has
breathed new life into the possibilities – More data can mean more and better predictive models.
Types of Tools
• Data quality, cleansing, ETL (extract, transform, load)
• Tools for structured data
• Tools for unstructured data
Types of Tools
• Analytical Tools – Discover, evaluate, optimise
• Operational Tools – Deploy models against live data, events, transactions
• Are you making the most out of off the shelf tools and existing solutions?...
Types of Tools
PivotChart: Time Analysis
0
5
10
15
20
25
30
35
40
00:00 01:01 02:19 04:11 05:46 06:46 07:46 08:46 09:46 10:46 11:46 12:46 13:46 14:46 15:46 16:46 17:46 18:46 19:46 20:46 21:46 22:46 23:46
Count of AD ID Sum of Is Fraud 60 per. Mov. Avg. (Count of AD ID)
©Fraud Consulting 2013
• Challenges
• Type of tools for “Big Data”
• Big Data Approaches for Fraud Detection
• Data Sources
Topics
• Data Matching – Rules based
– Fuzzy logic
– Machine learning
• Data Modelling – Mining
– Statistical modelling
– Scorecards
– AI, Neural Networks
Approaches
Approaches: Identity & Authentication
We are in authentication hell! Online Identity Schemes
• NSTIC
• Open Identity Exchange
• Global Trust Centre
• Paypal access
• Unipass / Identrust
• “Digital Passports” – Verified / validated claims
– Akin to a physical passport
©Fraud Consulting 2013 71
Approaches: Identity & Authentication
Biometrics: Voice, facial recognition, Iris, fingerprints…
Approaches: Identity & Authentication
Social Media Analysis
• User Activity
• Device Activity
• Network Traffic
Approaches: Monitoring
Approaches: Monitoring
Fine Grained IP-Geolocation
Approaches: Monitoring
Device Reputation 76
Approaches: Data Visualisation
Face to Face Frauds Online Frauds
Source: CIFAS, June 2012
Approaches: Data Visualisation
Approaches: Data Visualisation
Approaches: Data Visualisation
• Challenges
• Type of tools for “Big Data”
• Big Data Approaches for Fraud Detection
• Data Sources
Topics
• Data sources
– What do you use currently?
– What sources are you considering?
• What are your experiences with big data tools
– Challenges?
– Success stories?
Discussion
• Beware of Buzzwords
● Business Intelligence
● Threat Intelligence
● Open Source Intelligence
● CyberIntelligence
● Data Fusion
Tools & Technology
• Beware Single Source Analysis
● Even in a technical analysis, there should be multiple sources of data
● When all analysis is based on ONE THING it stands the highest possibility of being wrong.
Tools & Technology
Tools & Technology
Using Big Data to Detect & Reduce Fraud, 9th April 2014
Compliance, Regulation & The Law
Using Big Data to Detect & Reduce Fraud, 9th April 2014
• Key Areas of Law
• Evolving Areas of Regulation
• PCI-DSS v3.0
• ISO27001
Topics
• Key Areas of Law
• Evolving Areas of Regulation
• PCI-DSS v3.0
• ISO27001
Topics
• Is big data a big gain? Is it just yet more fool’s gold from a security perspective?
• Data in isolation may not necessarily be initially identified as sensitive but what about when data sets are processed and combined?
Key Areas of Law
Exercise: What are the key areas of law to consider for big data and fraud risk management?
Key Areas of Law
• Data Protection Act 1998
• Fraud Act 2006
• The Proceeds of Crime Act 2002 (POCA) – The Money Laundering Regulations 2003, 2007
• Bribery Act 2010
• Human Rights Act 1998
• The Police and Criminal Evidence Act 1984
• The Public Interest Disclosure Act 1998
• The Regulation of Investigatory Powers Act 2000
Key Areas of Law
• Key Areas of Law
• Evolving Areas of Regulation
• PCI-DSS v3.0
• ISO27001
Topics
“Consider the risks for sharing data, but also consider consequences for NOT sharing data…”
Deciding to Share Data
Iain Bourne, ICO Group Manager, Policy & Delivery speaking in July 2012
Make the most of available data and look for connections • Schemes for sharing data
– Verification: Companies House, UKBA, Criminal Records Bureau, HMRC
– Sector specific: Insurance Fraud Bureau, TUFF (Telecoms UK Fraud Forum)…
– Cross sector: CIFAS, Credit Bureau (consumer and business)
• National Fraud Authority
– Action Fraud (national fraud reporting centre) – National Fraud Intelligence Bureau – Working groups, looking at barriers to data sharing and possible
resolutions
Deciding to Share Data
• Not a directive but a single regulation in the EU – Harmonization at European level…but with challenges
• Applies to companies based outside of the EU if personal
data is handled abroad by companies that are active in the EU and offer services to EU citizens
• Right to be forgotten
• Controllers responsibilities – Policies & procedures – Staff Training
Changes to Data Protection in the EU
• Data processing impact assessment – Does data present any risk to individuals
• Security – Both processor and controllers must put security
measures in place
• Data Breach Notification – Within 24 hours of noticing the breach
• Data Protection Officers
Changes to Data Protection in the EU
Cyber-security “kitemark”
• Other areas for consideration
– Sector specific regulators (eg FCA, PRA)
– 4th EU Money Laundering Directive (4MLD)
Evolving Areas of Regulation
• Key Areas of Law
• Evolving Areas of Regulation
• PCI-DSS v3.0
• ISO27001
Topics
• Although PCI-DSS is defined specifically for payments security, the principles can be applied more generally
• New Guidance papers from the Council – 2011-13
– Tokenization
– Wireless
– Virtualization – Cloud
– Mobile
PCI-DSS v3.0
1. Build & Maintain a Secure Network
2. Protect Sensitive Data
3. Maintain a Vulnerability Management Programme
4. Implement Strong Access
Control Measures
5. Regularly Monitor & Test
Networks
6. Maintain an Information
Security Policy
PCI-DSS Core Principles
PCI-DSS Core Principles
• Risk based approach
• PCI DSS Controls can be categorized as follows – Technical Controls – Policies & Procedures – User Awareness & Training
• Some controls are inherently requiring recurring tasks,
– Quarterly Scans – Log Analysis – Yearly training
• Know where the data comes from, where it might transit through, where it may be stored/copied, where it ends up
PCI-DSS Core Principles
• The drivers for change in v3.0
– Lack of Education & Awareness
– Weak Passwords, weak authentication
– Third Party Security Challenges
– Malware Issues
– Inconsistency in Assessments & QA
PCI-DSS Core Principles
• Key Areas of Law
• Evolving Areas of Regulation
• PCI-DSS v3.0
• ISO27001
Topics
• Best practise for an ISMS (Information Security Management System)
• Domains: 1. Security policy - management direction 2. Organization of information security - governance of
information security 3. Asset management - inventory and classification of
information assets 4. Human resources security - security aspects for employees
joining, moving and leaving an organization 5. Physical and environmental security - protection of the
computer facilities
ISO 27001
• Domains: 6. Communications and operations management - management
of technical security controls in systems and networks 7. Access control - restriction of access rights to networks,
systems, applications, functions and data 8. Information systems acquisition, development and
maintenance - building security into applications 9. Information security incident management - anticipating and
responding appropriately to information security breaches 10. Business continuity management - protecting, maintaining
and recovering business-critical processes and systems 11. Compliance - ensuring conformance with information security
policies, standards, laws and regulations
ISO 27001
Plan
Do
Check
Act
ISO 27001: PDCA Cycle
• Plan – Establish the policy, the ISMS objectives, processes and procedures related to
risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization.
• Do – Implement and exploit the ISMS policy, controls, processes and procedures.
• Check – Assess and, if applicable, measure the performances of the processes against
the policy, objectives and practical experience and report results to management for review.
• Act – Undertake corrective and preventive actions, on the basis of the results of the
ISMS internal audit and management review, or other relevant information to continually improve the said system.
ISO 27001: PDCA Cycle
• Combatting a tick box culture
• What experiences do we have here?
A Tick in the Box Exercise?
Compliance, Regulation & The Law
Using Big Data to Detect & Reduce Fraud, 9th April 2014
Operational Challenges
Using Big Data to Detect & Reduce Fraud, 9th April 2014
• Getting Management Buy In
• Risk Assessments & Heatmaps
• Implementing a Solution
• Monitoring
Topics
• Getting Management Buy In
• Risk Assessments & Heatmaps
• Implementing a Solution
• Monitoring
Topics
Getting Management Buy In: Communication Problems
Getting Management Buy In: Are We Working Effectively Across Silos?
Infosec
Counter Fraud &
AML
Compliance
Audit
– Key objectives.
– Tone from the top.
– Individual responsibilities.
– Frameworks – Risks, threats.
– Corporate Needs, objectives and culture.
Getting Management Buy In: Responsibilities and Frameworks
Getting Management Buy In: Who’s Responsibility?
Issue Team / Department
Internal Audit
Credit Risk
Marketing
Operational Risk
Human Resources
Business Development
Compliance /
Governance
Information Technology
Accounts / Finance
Procurement, Supply Chain
Staff
Online Channel
Cyber / Hacking
Invoicing
Intellectual Property
Credit / Debit Payments
Recoveries
Money Laundering
©Fraud Consulting 2013 • 118
• Which policies include fraud? – HR, IT, Risk, Compliance
• Do you have a dedicated fraud policy?
• When where the policies last reviewed?
• Are your policies simply a ‘tick in the box’?
Getting Management Buy In: Policies
©Fraud Consulting 2013 119
• The skills gap, who’s responsible?
• Corporate needs and objectives.
• Corporate responsibility - setting standards, training and monitoring staff.
• Individual responsibility – compliance with policy, taking the initiative.
• Effective Prevention – recognising issues, taking action.
• Identifying and developing staff from within or buying in expertise?
• Training or consultancy?
Getting Management Buy In: Skills and Training
Costs: Considerations
• Goods, Lost revenue
• Staff / time, Intellectual property Direct costs
• Reputational Damage
• Goodwill Indirect Costs
• Sanctions, Fines
• Legal, Compensation Regulatory
• Hardware, Software, Data
• Staff, Investigations Cost of controls
• Getting Management Buy In
• Risk Assessments & Heatmaps
• Implementing a change project
• Monitoring
Topics
“We didn’t have a feasibility study because we were going to do it anyway”
Un-named official from the Driver and Vehicle Licensing Centre, Swansea, C 1980.
Risk Assessments & Heatmaps
Prospecting
Customer Acquisition
Customer Management
Collections
The Account Lifecycle
©Fraud Consulting 2013 124
The Account Lifecycle
Prospecting
Customer Acquisition
Customer Management
Collections
Q. Have we considered possible risks and mitigated them?
• Possible fraud risks
– New product / campaign; are we appealing to fraudsters?
– Marketing
– Sales incentives
– Branch / Broker behaviour
– IT and data security
– Ready to handle a peak in processing volume?
©Fraud Consulting 2013 125
The Account Lifecycle
Prospecting
Customer Acquisition
Customer Management
Collections
Q. Is the prospect genuine? Is this a fraud risk? • Application fraud
– False data – Stolen identity – KYC – 3rd party (broker, solicitor,
valuer) – Hidden adverse
• ID&V – False passport / license etc – False proof of address – False proof of income
©Fraud Consulting 2013 126
The Account Lifecycle
Prospecting
Customer Acquisition
Customer Management
Collections
Q. Is this the genuine customer? Any suspicious behaviour? • Transactional fraud
– Unusual behaviour – CnP, 3d secure – Skimming – Fraudulent chargebacks
• Changes in details (eg address) • AML screening • Limit management, cross-sell /
upsell – Bust out fraud
• Customer contact – Authentication, verification
©Fraud Consulting 2013 127
The Account Lifecycle
Prospecting
Customer Acquisition
Customer Management
Collections
Q. Bad debt or fraud? • Can’t pay vs. won’t pay • Goneaways
Q. Could the fraud been spotted earlier? • Hindsight reviews • Learn from missed
frauds/mistakes – would adjustments to other controls and processes in the account lifecycle help to prevent reoccurrence?
• What are the new trends / issues?
©Fraud Consulting 2013 128
Prospecting
Customer Acquisition
Customer Management
Collections
A Holistic Strategy
©Fraud Consulting 2013 129
A Holistic Strategy
• Audit / Threat Risk Assessments – Understand overall assets,
policies, processes, procedures
– Consider & rank crime typologies
– Identify gaps / weaknesses
– KPI’s and measures
Penetration Testing
Web Application
Testing
User Access Control
Social Engineering
Backdoor Testing
Network Architecture
Update / Patch
Management
Physical Security
Confidential Data
Encryption
Backup
Incident Response Planning
Heatmaps
Impact
Lik
elih
ood
Heatmaps
Effort
Impact
Quick Wins
Perhaps / Background
Low Priority
Strategic Projects / Perhaps
This morning we defined some risks. Plot these risks onto a heatmap…
Exercise: Heatmaps
• Getting Management Buy In
• Risk Assessments & Heatmaps
• Implementing a Solution
• Monitoring
Topics
Implementing a Solution
Implementing a Solution
• Maintain and regularly review and update a risk log
• Consider using “heat maps” to aid prioritisation
• Measures – Are your KPIs appropriate?
• Identify candidate data, candidate vendor solutions
• Initial data analysis – does the data work for us? Initial Analysis
• Define scope, detailed requirements
• Changes to existing processes, systems
• Impact Analysis!! Specification
• Integrate into processes, systems
• Validate against requirements Implement
• Training, user acceptance
• Monitoring Test
Implementing a Solution
• Getting Management Buy In
• Risk Assessments & Heatmaps
• Implementing a Solution
• Monitoring
Topics
Understand Data
Prepare Data
Model
Evaluate
Deploy
Monitor
Monitoring
• What are your KPI’s & measures for fraud?
• How are the measures communicated to the business?
• Are you sharing success stories?
Monitoring
©Fraud Consulting 2013 140
• How effectively are staff being trained on fraud issues? – “Tick in the box” exercise?
• Are those using the data and solutions sufficiently trained?
• Are you communicating activities on fraud to the wider business?
Training, Training, Training
©Fraud Consulting 2013 141
Operational Challenges
Using Big Data to Detect & Reduce Fraud, 9th April 2014
Using Big Data to Detect & Reduce Fraud, 9th April 2014
Closing Thoughts
• Intelligence is rarely “perfect”
• For Intelligence to have value it must be: accurate enough and early enough that leaders can act on it
• Intelligence that is 100% accurate is usually called HISTORY
Closing Thoughts
• What fraud issues have you experienced?
• What fraud typologies are applicable to your organisation? – Eg Phishing, hacking, money laundering, first party
fraud
• What are the possible fraud risks for your organisation? – Website offline due to attack, customer identity
stolen, staff collusion
Defining threats & risks for your organisation
Challenges: Turning Data into Intelligence
• Evaluate the data, turn data into information
• Understand how to query the information, what is the underlying data telling us?
• Convert information into intelligence
Understand Data
Prepare Data
Model
Evaluate
Deploy
Monitor
Monitoring Big Data Solutions
V.
Closing Thought
©Fraud Consulting 2013 148
Remember the Human Issues!
Keep human factors in mind… there is always a person
behind cybercrime. Technology is only a facilitator
#TheFraudTube Fraud & Cybercrime Forum
CSCSS
Fraud Advisory Panel
RANT Forums
Information Sources
Thank You!
©Fraud Consulting 2013 150
Email: [email protected] Telephone: +44 (0)20 3239 4714 Skype: fraud.consulting LinkedIn: www.linkedin.com/in/antifraud Twitter: @FraudAssist @FraudConsulting Facebook: www.facebook.com/FraudConsulting
www.fraudconsulting.co.uk