SESSION ID: LAB1-T11 Identity War Games: A Learning Lab on Account Opening Fraud Uri Rivner Erin Englund Chief Cyber Officer​ BioCatch LinkedIn: Uri Rivner Senior Threat Analyst​ BioCatch LinkedIn: Erin Englund #RSAC Welcome to the Battle of Identity War Games We’ve heard the experts talk about fighting fraud… Now it’s your turn to practice! Principles of our War Games: • You are the fraud team • You’ll need to make quick decisions about identity • You do have access to a LOT of data • PII presented is NOT real Presenter’s Company Logo – replace or delete on master slide 2 #RSAC You’ll need to leverage multiple signals to succeed What You Know KYC Data Residences & Licenses Credit History What you Have Device IP Location Phone What You Do Social Media Reputation Email Reputation Open Source Analysis What You Are Familiarity with Data Familiarity with Process High User Expertise (User Data) (User Resources) (Digital Footprint) (User Behavior) Presenter’s Company Logo – replace or delete on master slide 3 #RSAC Just to get us started Individual votes What’s your verdict? Good or Bad? #RSAC Top 5 Credit Card Issuer First name pasted 3 sec into session Session timeline Presenter’s Company Logo – replace or delete on master slide Confirmed as fraud #RSAC What’s your verdict? Good or Bad? Top 5 Credit Card Issuer High ground speed (UK to Ukraine in 1:15 hours) KYC Checks – 100% match User clicked on F12 to open the Developer Tools Presenter’s Company Logo – replace or delete on master slide Confirmed as fraud #RSAC A Training Scenario Practice Round! Rules of Engagement Each table is a fraud team Your objective is to reach the quickest correct decision An initial summary is provided followed by data points, one by one Discuss the details of the case within your team Following each data point, I will ask for your team’s decision Each team member can have one of the following votes: – FRAUD! – GENUINE! – Inconclusive… We want more DATA! Presenter’s Company Logo – replace or delete on master slide #RSAC Training Scenario Based on a true story, with modifications to fit the Battle of Identity War Games You’re the fraud team of a large credit card issuer. There’s a new application under review: All the KYC checks passed: Name, DOB, SSN Main risk factor: email provided is less than 10 days old This triggered a step-up authentication: User asked to photo their Driver’s License – which passed Presenter’s Company Logo – replace or delete on master slide #RSAC Data Point #1 Address provided is not a valid address 511 Spruce Ave does not exist But 51 Spruce Ave is valid address, record shows user has been there for 7 years. Typo? Presenter’s Company Logo – replace or delete on master slide #RSAC Data Point #2 Social Media Footprint for Alan LinkedIn: Yes, 60 connections, works in Boston area Facebook: Yes, 97 friends, lives in Cambridge Email connected to both accounts: Alan.Bishop@gmail.com abishop3454@gmail.com is a few days old Presenter’s Company Logo – replace or delete on master slide #RSAC Data Point #3 Phone is a prepaid mobile The phone number doesn’t match the specific address It’s not on record for this person despite being registered for 6 years Presenter’s Company Logo – replace or delete on master slide #RSAC What’s your verdict? Good or Bad? Confirmed as Fraud • Fraudster found Alan’s driver license on the steps of 51 Spruce Ave in Cambridge and used it to apply for a credit card Presenter’s Company Logo – replace or delete on master slide #RSAC Enough Chit Chat! Time for the REAL ACTION We have 3 Identity War Games scenarios In each scenario, you can ask for up to 5 data points Your goal is to get to the quickest correct decision for each scenario READY? Presenter’s Company Logo – replace or delete on master slide #RSAC #RSAC War Games Scenario 1 Call the Dead Guy Scenario #1 A big hotel chain issues a credit card There is a specific application that the model recommends declining: Model score is 96 out of 100 Main risk factor: SSN is suspicious This triggered a call to the user’s land line on record. Result: no answer Presenter’s Company Logo – replace or delete on master slide #RSAC Data Point #1 Device and Phone Reputation Device ID does not match criminal activity IP spoofing / Virtual Machine not detected Provided phone first seen 2 years ago Presenter’s Company Logo – replace or delete on master slide #RSAC Data Point #2