• Live Chat
ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Fraud Summit: New York

March 28, 2018 - New York Marriott Marquis

View Sessions

WELCOME / Letter from the Editor

Tom Field

Tom Field

Senior Vice President - Editorial, ISMG

It is no secret that threats are all around us, competing for an opportunity to take advantage of a weak spot in our defenses. Whether it is our personal mobile banking information, the PIN number for our ATM card, our business email credentials or our identity as a whole – there is an ever-present group of threat actors in pursuit.

We have designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and many others by tackling real-world
problems and offering solutions that attendees can take back to their offices
and put to use.

Details

New York Marriott Marquis

March 28, 2018

$595

View Sessions

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Art Coviello

former CEO, RSA Security; Venture Partner, Rally Ventures

Jim Cunha

Senior Vice President of Bank Administration, Federal Reserve Bank of Boston

Randy Trzeciak

Insider Threat Research Team Technical Lead, CERT

David Houlding

Principal Healthcare Program Manager, Microsoft

Troy Leach

Chief Technology Officer, PCI Security Standards Council

Sam Kassoumeh

COO and Co-Founder, SecurityScorecard

Tom Field

SVP - Editorial, ISMG

Keith Carlson

General Manager, Payments and Fraud Prevention, Amazon Web Services

SPEAKERS / Featured Speakers For Our New York Fraud Summit

Art Coviello

former CEO, RSA Security; Venture Partner, Rally Ventures

Keith Carlson

General Manager, Payments and Fraud Prevention, Amazon Web Services

Jim Cunha

Senior Vice President of Bank Administration, Federal Reserve Bank of Boston

Troy Leach

Chief Technology Officer, PCI Security Standards Council

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

David Houlding

Principal Healthcare Program Manager, Microsoft

Kevin M. McCleary

Assistant to the Special Agent in Charge, Criminal Investigative Division, US Secret Service

Shirley Inscoe

Senior Analyst, Aite Group

Sam Kassoumeh

COO and Co-Founder, SecurityScorecard

Kevin Donovan

Vice President of Sales for the Americas, BioCatch

Sam Elliott

Director of Security Product Management, Bomgar

John Petrie

Global CISO, NTT Security

Shaked Vax

Trusteer Products Strategist, IBM Security

Tom Field

Senior Vice President, Editorial, ISMG

Dan Hoffman

Global Director of Solutions Architects, Agari

Chris Eng

Vice President of Research, Veracode

Dan Woods

VP of Attack Forensics, Shape Security

Evan O'Regan

Global Director, Product Management, Authentication & Fraud, Entrust Datacard

Alexis Castellani

Senior Vice President - Cyber Fraud Prevention, Citi

Meet Our Speakers

Fighting Against Malicious Bot Attacks

Franklyn Jones of Cequence Describes the Growing Problem

New Account Fraud’s ‘Perfect Storm’

Aite's Julie Conroy Unveils New Findings on Banking Fraud

Why Security Pros Need a Framework for Change

Dora Gomez of Association of Certified Fraud Examiners on Setting Priorities

FBI’s Palmore on Leadership and Diversity

(Former) Cyber Investigator on the Need to Diversify Skills in Cyber Workforce

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times

  • Wednesday, March 28th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:45 am
9:00 am - 9:45 am

Fighting Fraud: The Fault Is Not In Our Stars

Speaker:
Art Coviello, former CEO, RSA Security; Venture Partner, Rally Ventures

Fraud is a pervasive and insidious attack on all. Financial service organizations, retailers, insurers, healthcare providers, governments - they all bear the burden. What can be done to more effectively reduce this scourge?

In this session, Art Coviello, former CEO of RSA Security, draws on his decades of security leadership experience to discuss:

  • Why fraud is worse than it looks - and it looks bad;
  • How consumers ultimately are stuck with the cost as well as the inconvenience;
  • A call for better technology - and for better cross-border collaboration between enterprises and law enforcement.
9:50 am -
10:20 am
9:50 am - 10:20 am Track A

The Four Pitfalls of Privilege: How You Are Encouraging Cybercrime

Speaker:
Sam Elliott, Director of Security Product Management, Bomgar

In 2017, there was an explosion of ransomware. Now in 2018, we see an equally explosive increase in covert cryptocurrency mining installations. Both of these fraud techniques are able to be perpetrated because of lax controls around privileged access. Traditional approaches to privileged access and identity management often leave organizations exposed because their focus is too narrow. This session highlights the four pitfalls of privilege, including:

  • The most common challenges that organizations face;
  • How they can overcome them and stop inviting cybercrime into their organizations.
9:50 am - 10:20 am Track B

Fighting Cybercrime and Identity Fraud in the Digital Age

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

The digital transformation is well underway, with new market entrants and established players deploying new digital services that enable digital-first consumers to open new accounts and access services. With the volume of personal information publicly available in social networks and in the cyber underground, cybercriminals can bypass traditional identity verification and authentication methods based on utilizing static data points.

In this session, Shaked Vax from IBM Trusteer reviews:

  • The challenges involved in assessing new digital identities;
  • How to transparently assess users digital identity assurance, without impacting the customer experience;
  • A holistic approach to fraud and identity with artificial intelligence and global visibility to help address these challenges for organizations.
10:25 am -
10:55 am
10:25 am - 10:55 am Track A

Awareness Discussion: How to Turn Your End User Into Your Friend User and Reduce Your Biggest Risk Vector

Speaker:
Arbor Networks,

Accidentally careless employees are the biggest cause of incidents involving data loss, responsible for almost 25 percent of all breaches.

Given that employees are the first line of defense against socially engineered schemes, such as account takeover, new account fraud and other crimes, doesn't it make sense to train your end users to support your security efforts - not just hinder them?

This session offers insights on:

  • Why many end user training efforts fall flat;
  • Effective new ways to utilize technology to train employees;
  • Use cases for how to turn the adversarial end user relationship into a "friend user" partnership.
10:25 am - 10:55 am Track B

Preventing New Account Fraud with Behavioral Biometrics

Speaker:
Kevin Donovan, Vice President of Sales for the Americas, BioCatch

The Equifax breach, which affected more than 143 million individuals, proves breaches are not trending downward.

A lot has been said about the ways that criminals use stolen data. In this session, BioCatch discusses the current state of account openings online and what fraudsters are doing to circumvent security measures. Leveraging its global experience working with leading banks, credit card issuers and e-commerce sites, BioCatch provides key insights and real-world examples into how behavioral biometrics are used to detect stolen or synthetic identities to stop new account fraud at its source. This session also demonstrates the value of technology in reducing false declines and improving the user experience when filling out online applications.

10:55 am -
11:10 am
10:55 am - 11:10 am

Exhibition & Networking Break

11:10 am -
11:50 am
11:10 am - 11:50 am

The State of Payment Fraud and the Path to Reduce it

Speaker:
Jim Cunha, Senior Vice President of Bank Administration, Federal Reserve Bank of Boston

Maintaining strong payments security practices is a continuously moving target given the ever-evolving payments ecosystem and dynamic nature of the threat environment. The commitment to improve security is a priority throughout the payments industry as evidenced by the ongoing collaboration across these issues. This session covers:

  • Efforts to support the payment industry, such as the Federal Reserve's payment fraud study;
  • Initiatives designed to tackle tough issues, such as data protection, payment identity management and cybersecurity.
11:55 am -
12:30 pm
11:55 am - 12:30 pm Track A

Technology Spotlight

Hear from some of the most trusted names in fraud prevention and detection.  Find out what’s new and how to combat the multi-faceted fraud threats that have become commonplace in business today.

11:55 am - 12:30 pm Track B

Executive Forums

These forums are invitation-only small group discussions led by distinguished thought leaders and are targeted to the interest/specialties of their participants.

12:30 pm -
1:15 pm
12:30 pm - 1:15 pm

Lunch

1:15 pm -
2:00 pm
1:15 pm - 2:00 pm Track A

Payments: The Evolution of Fraud and Security

Speakers:
Shirley Inscoe, Senior Analyst, Aite Group
Troy Leach, Chief Technology Officer, PCI Security Standards Council

Since the U.S. adoption of EMV chip-and-signature for payment card security, incidents of card-present fraud have been reduced. But there has been a corresponding (and predicted) rise in card-not-present fraud, as well as check fraud and new real-time fraud, resulting from new forms of payments.

This session addresses:

  • The evolution of payments fraud and the newest schemes;
  • Innovations in payment technologies and security;
  • Payment security trends and standards to watch.
1:15 pm - 2:00 pm Track B

Know Your Attacker: Lessons Learned from Fraud investigations

Speakers:
Alexis Castellani, Senior Vice President - Cyber Fraud Prevention, Citi
Kevin M. McCleary, Assistant to the Special Agent in Charge, Criminal Investigative Division, US Secret Service
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

"Know your customer" is a familiar refrain in banking circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation-states, cybercrime gangs or lone actors. In this session, a panel of law enforcement officials and internal fraud investigators offer their insights on:

  • Today's most prevalent fraud schemes - and why they are successful;
  • Traits of the threat actors most commonly perpetrating these schemes;
  • Lessons learned from actual fraud investigations - and how you can put these to work to improve your own defenses.
2:05 pm -
2:35 pm
2:05 pm - 2:35 pm Track A

Email Fraud - An Inside Look at the Fraudsters' Strategies and Tactics

Speaker:
Dan Hoffman, Global Director of Solutions Architects, Agari

Business email compromise attacks that impersonate executives and business partners to trick employees are the biggest cyber threat organizations face today. This is not news. But what may come as a surprise is that the vast majority of BEC attacks are preventable. This session reviews why email spoofing works, the role social media plays in social engineering, current BEC trends and attack methods, and advances in technology that are being used to identify and block BEC attacks before they hit the inbox.

2:05 pm - 2:35 pm Track B

How Open Source Components Increase Speed - and Fraud Risk

Speaker:
Chris Eng, Vice President of Research, Veracode

Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk that could lead to fraud. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most possible victims by breaching a single vulnerability, which could lead to later incidents of fraud. To reduce these risks, development and security teams need strategies for tackling the challenge of securing their applications from vulnerabilities in third-party and open source components.

What you will learn from this session:

  • Why development teams use components and how components ultimately create greater fraud risk
  • How to reduce risk through strategies including component inventories and developer education
  • How software composition analysis technologies can help you keep track of your component use and be ready when a vulnerability hits the news
2:40 pm -
3:10 pm
2:40 pm - 3:10 pm Track A

Blockchain as a Tool for Fraud Prevention

Speaker:
David Houlding, Principal Healthcare Program Manager, Microsoft

Financial fraud can be notoriously hard to detect and easy to cover up. But is blockchain technology, with its distributed digital ledger, a new tool to help organizations reduce risk and prevent fraud?

This sessions describes:

  • Blockchain and its uses beyond digital currencies;
  • The value of blockchain to reduce financial transaction time, risk and fraud among multiple parties with a trusted, decentralized digital ledger;
  • Lessons from organizations that already are using blockchain technology as a tool to prevent fraud.
2:40 pm - 3:10 pm Track B

How to Start Up an Insider Threat Program to Reduce Fraud

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

When it comes to fraud prevention, many organizations overlook the insider threat - both the malicious actor who intends to commit fraud as well as the accidental insider who makes a mistake or is taken advantage of by an external entity. The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud.

In this session, the center's director offers:

  • The latest research on insider fraud;
  • The growing role of the accidental insider in fraud schemes;
  • How to start up an insider fraud detection program within your organization.
3:10 pm -
3:25 pm
3:10 pm - 3:25 pm

Networking Break

3:25 pm -
3:55 pm
3:25 pm - 3:55 pm Track A

An Attacker's Perspective: How and Why They Target Your Sites

Speaker:
Dan Woods, VP of Attack Forensics, Shape Security

Every day, financial institutions face an onslaught of automated attacks on their web and mobile applications by all types of fraudsters. Some test millions of stolen credentials on login applications to commit account takeover; others create thousands of accounts on account registration applications to validate stolen credit cards. In this session, Dan Woods, a former FBI special agent, describes how attackers target institutions and the ways they monetize their attacks.

This session offers insights on gaining a better understand of attackers' motivations and tactics, including how they:

  • Move from targeting web applications to targeting mobile APIs;
  • Exploit human click farms to advance credential stuffing attacks;
  • Tunnel through aggregators to avoid detection.
3:25 pm - 3:55 pm Track B

Preventing Fraud with the Right Security Framework - An MSSPs Role

Speaker:
John Petrie, Global CISO, NTT Security

Fraud resulting from cyber theft continues to plague organizations as attackers use more aggressive means of gaining access to critical data more frequently. From the CEO's cellphone to it partners and vendors (and their children), everyone is a target. Business leaders need to understand the implications of choosing a security framework to better protect their organizations related to cost and resource allocation. In this discussion, we will provide an overview on the ISO and NIST models, identify several core cybersecurity program criteria, and walk attendees through the critical first step of self-assessment.

Session Objectives:

  • Discuss the changing landscape of cybersecurity and expanded scope of vulnerabilities affecting organizations;
  • Provide an overview of the often confusing ISO and NIST models to better define compliance needs;
  • Conduct an interactive group discussion about the real impacts of moving to a new security standard;
  • Provide recommendations for automation, tools and implementation strategies.
4:00 pm -
4:30 pm
4:00 pm - 4:30 pm Track A

Applying Ecosystem Risk Management to Reduce Fraud

Speaker:
Sam Kassoumeh, COO and Co-Founder, SecurityScorecard

Most organizations today have a complex and huge supplier/partner ecosystem. Many different vendors supply many different products and services. And yet most enterprise third-party security programs still rely on manual, point-in-time, largely subjective assessments to evaluate and manage the security risk of their third parties.

At a time when regulators are shining a bright light on third party programs - how do you prove you are doing enough?

In this session, Sam Kassoumeh of SecurityScorecard shares:

  • Data on the state of cybersecurity in the financial industry;
  • How the IoT landscape has made risk management even more complex;
  • Insights on how shifting to an ecosystem risk model can enable more proactive risk management approach.
4:00 pm - 4:30 pm Track B

Taking the 'Fraud' Out of Authentication: Fraud-Aware Identities

Speaker:
Evan O'Regan, Global Director, Product Management, Authentication & Fraud, Entrust Datacard

By exploring the answers to a series of novel questions (e.g. what do mobile payments and driverless cars have in common?), this talk will illustrate new approaches to preventing and stopping fraud by first illustrating the paradoxes of applying traditional approaches to a variety of new and emerging use cases (cloud, mobile, consumer, payments, and wearables). The discussion will identify:

  • How to avoid hidden pitfalls that open the door to sophisticated fraud attacks;
  • Methods to pragmatically achieve the improbable combination of frictionless access and strong security;
  • How the next generation of fraud-aware digital identities can be leveraged to transform the business.
4:35 pm -
5:15 pm
4:35 pm - 5:15 pm

Strategic Investments to Stay Ahead of Fraudsters

Speaker:
Keith Carlson, General Manager, Payments and Fraud Prevention, Amazon Web Services

In the era of big data, machine learning and cloud computing, how do you know what to invest in to keep customers happy and to stay ahead of increasingly sophisticated fraud attacks? In this session, the general manager of payments and fraud prevention at Amazon Web Services - one of the fastest growing technology companies ever - discusses the present and future of fraud prevention, addressing:

  • The key people and technology investment decisions that you will grapple with over the next few years as you think about improving the effectiveness of your fraud prevention;
  • Skill sets you will need to hire, retain or develop to effectively operate next-generation agile fraud systems;
  • New key performance indicators that you should be thinking about to ensure your fraud-prevention systems are future-proofed and able to handle the unexpected without impacting your customers.
5:15 pm -
5:30 pm
5:15 pm - 5:30 pm

Closing Remarks

5:30 pm -
6:30 pm
5:30 pm - 6:30 pm

Cocktails and Networking

Sponsored By 

SPONSORS / Supporting Organizations

Agari
Arbor Networks
Biocatch
Bomgar
IBM
NTTSecurity
Security Scorecard
Shape Security
Veracode
Cylance
Entrust Datacard
eSentire

LOCATION / Venue & Address

New York Marriott Marquis

1535 Broadway
New York, New York 10036

For information on joining our hotel room block, click here

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismgcorp.com

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

  • BankInfoSecurity
  • CUInfoSecurity
  • GovInfoSecurity
  • HealthcareInfoSecurity
  • InfoRiskToday
  • CareersInfoSecurity
  • DataBreachToday
Home | Summits | Press Releases | Sponsorship
© 2019 Information Security Media Group, Corp.