Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims

Black Hat USA 2018

Presented by: Clare Gollnick, Cathal Smyth
Date: Thursday August 09, 2018
Time: 09:00 - 09:25
Location: Tradewinds EF

Right now, combatting credit card fraud is mostly a reactionary process. Issuers wait until transactions occur that either appear fraudulent according to rules-based analytic engines or are reported by customers, and only then, do they intervene to prevent further fraud. But by then, it's often too late - losses through merchandise theft, investigation cost, reissuance, etc., have already occurred, and those losses have piled up into over \$10B of stolen funds each year being pumped into the online criminal ecosystem.

There is a better way. By using intelligence gathered from online sources such as the dark web combined with transactional data, we demonstrate predictive analytics that can not only identify who the next fraud victims will be, but also where card data is being stolen from, all before any fraudulent transactions have occurred.

Payment card fraud is the slush fund that underlies most global criminal threats, from organized crime to political meddling, in large part because of antiquated, reactive techniques and a dearth of innovative techniques to more proactively combat it. Our approach represents a paradigm shift in fighting payment card fraud; by using dark web market intelligence combined with transaction data to predict both fraudulent charges and points of compromise, we can intervene before any loss occurs, stopping payment card fraud dead in its tracks and eliminating a major source of funding for the global criminal ecosystem.

Clare Gollnick

Clare Gollnick is the CTO and chief data scientist at Terbium Labs, an information security startup based in Baltimore, Maryland. As a statistician and engineer, Clare designs the algorithms that direct Terbium's automated crawl of the dark web and leads the crawler engineering team. Previously, Clare was a neuroscientist. Her academic publications focus on information processing within neural networks and validation of new statistical methods. Clare holds a PhD in biomedical engineering from Georgia Tech and a BS in bioengineering from the University of California, Berkeley.

Cathal Smyth

Cathal Smyth is a machine learning researcher at Vanguard, a cybersecurity research lab within the Royal Bank of Canada (RBC). Cathal's research interests involve applying state-of-the-art AI methods to areas within cybersecurity, such as malicious code detection, as well as exploring security vulnerabilities within AI models themselves. Previously Cathal worked at Borealis AI, a general AI research group within RBC. There he worked on projects involving fraud detection, behavior prediction and fundamental research in deep learning. Cathal is a physicist. His published research focused on the role of quantum mechanics in photosynthesis, and on developing new measures of delocalization in noisy systems. Cathal obtained his PhD in physics at the University of Toronto, his BSc at the National University of Ireland, Maynooth, and held at a post-doctoral fellowship at the Fields Institute in Toronto.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats