I’m Stanley Kubrick! Trust me. Or: How every action on every device tells a story

Transcript

1. I’m Stanley Kubrick! Trust me. Or: How every action on

   every device tells a story Amir Moghimi Co-founder and CTO @ CrossClassify.com

2. Byron Bay data breach victim told to pay Adidas, National

   Basketball Association $US1.2m by US courts "The charges were cybersquatting, trademark infringement, IP infringement, things I don't know anything about." ABC North Coast / 25 July 2023

3. Technology and law "It's really a sign of the times

   and technology being in advance of the law," retired magistrate and dean of law at Southern Cross University, David Heilpern, said. “Australia has passed legislation to introduce massive new privacy penalties – maximum penalties can now reach the greater of A$50m, three times the benefit of a contravention, or (where the benefit can't be determined) 30% of domestic turnover.” Ms Luke said hackers took control of her PayPal account, in a credential stuffing attack that affected 35,000 PayPal customers in December. Over the course of two days her PayPal account was used to make hundreds of fraudulent transactions.

4. * Australian Institute of Criminology In a survey run by

   AIC, 47% of respondents in 2023, experienced at least one cybercrime in the 12 months prior to the survey. 20% of cybercrimes was identity crime and misuse *

5. How many of you work in: Financial Services Healthcare and

   Insurance Any other highly regulated industry

6. How many systems do you need to protect your customer

   data? In financial services, more than 10 But apparently, it’s still not enough

7. Because fraud is dynamic and evolutionary Fraud patterns change As

   soon as you put in some fraud detection rules, fraudsters find a new way around it. It is a typical cat and mouse game.

8. In a startup, or a new initiative in an enterprise

9. 8 to 50% Each additional field you add in a

   form, your conversion rate may drop anywhere from 8 to 50 percent.

10. Identity fraud Let’s talk about the most common and critical

    types of fraud

11. What is Account Opening fraud (AO)? The act of creating

    an online account or profile by using: 1. False or synthetic information (KYC helps) 2. Someone else’s information (KYC struggles)

12. Why AO fraud happens Abuse free trials or other promotions

    Need a money mule Use victim’s reputation to gain some advantage Commit an illegal act with false or victim’s identity

13. What is Account Takeover fraud (ATO)? Unauthorized access to a

    legitimate user's account (aka account compromise), in order to: 1. Take advantage of the services and assets 2. Find other holes in the system for further attacks

14. Where to start? Use a data-driven approach!

15. A modern data-driven fraud detection framework Behaviour analysis Suspicious relationship

    detection Offline: Training Online: Test Online requests Fraud detection model Anomaly detection Scoring to make decisions Data gathering (device / network / behaviour)

16. A typical flow of interactions among actors

17. How to operate it in the day-to-day business Sign-up /

    Login Real user or a fraudster performs an action Your fraud detection system uses AI/ML methods to score the action, and approve/block the action The business team makes a final decision to approve or block the action
18. None
19. None

20. Main challenges in building such a system 1. Data quality

    and volume 2. Balancing false positives and false negatives 3. Changing fraud patterns 4. Making interpretable decisions 5. Real-time processing 6. Integration with existing systems 7. Privacy and compliance 8. Resource and budget constraints

21. Let me know if you’d like to give us feedback

    on our new website