Thursday, November 16, 2006

apwg: Brad Keller

An opening talk was presented by Brad Keller, the eCommerce Business Risk Manager of Wachovia.  He made some good points about internet fraud.

He claims we need to use multiple approaches
and multiple tools to make phishing and other electronic fraud unprofitable.  This point was followed up with the claim we need to shift the focus from "identifying a provider's site to clients" to "identifying the clients to a provider".  It may be a better solution to make sure clients are valid instead of trying to prevent theft of their identity.

Mr. Keller also emphasized that much of the fraud his institution sees is not direct fraud: not just phishing, then using the data.  Keyloggers and other crimeware capture various credentials, which are then circulated on the black market.

A wealth of information can be extracted from a client's transaction and browsing habits, as well as from their IP and computer information.  This can be used to help profile people and identify anomolies (such as transactions that are minutes apart, but on different continents).

All in all, he has been frequently surprised by what phishers seem to do --- it's possible that phishers don't clear cookies, suggesting it may be time to start profiling phishers themselves, instead of just relying on profiling of their sites and emails.

Things to research: Smishing, Phish Phood (not ice cream), Client Metrics, Access Anomaly Detection

No comments: