Speaker:
Art Coviello, former CEO, RSA Security; Venture Partner, Rally Ventures

Fraud is a pervasive and insidious attack on all. Financial service organizations, retailers, insurers, healthcare providers, governments - they all bear the burden. What can be done to more effectively reduce this scourge?

In this session, Art Coviello, former CEO of RSA Security, draws on his decades of security leadership experience to discuss:

• Why fraud is worse than it looks - and it looks bad;
• How consumers ultimately are stuck with the cost as well as the inconvenience;
• A call for better technology - and for better cross-border collaboration between enterprises and law enforcement.

Speaker:
Sam Elliott, Director of Security Product Management, Bomgar

In 2017, there was an explosion of ransomware. Now in 2018, we see an equally explosive increase in covert cryptocurrency mining installations. Both of these fraud techniques are able to be perpetrated because of lax controls around privileged access. Traditional approaches to privileged access and identity management often leave organizations exposed because their focus is too narrow. This session highlights the four pitfalls of privilege, including:

• The most common challenges that organizations face;
• How they can overcome them and stop inviting cybercrime into their organizations.

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

The digital transformation is well underway, with new market entrants and established players deploying new digital services that enable digital-first consumers to open new accounts and access services. With the volume of personal information publicly available in social networks and in the cyber underground, cybercriminals can bypass traditional identity verification and authentication methods based on utilizing static data points.

In this session, Shaked Vax from IBM Trusteer reviews:

• The challenges involved in assessing new digital identities;
• How to transparently assess users digital identity assurance, without impacting the customer experience;
• A holistic approach to fraud and identity with artificial intelligence and global visibility to help address these challenges for organizations.

Speaker:
Arbor Networks,

Accidentally careless employees are the biggest cause of incidents involving data loss, responsible for almost 25 percent of all breaches.

Given that employees are the first line of defense against socially engineered schemes, such as account takeover, new account fraud and other crimes, doesn't it make sense to train your end users to support your security efforts - not just hinder them?

This session offers insights on:

• Why many end user training efforts fall flat;
• Effective new ways to utilize technology to train employees;
• Use cases for how to turn the adversarial end user relationship into a "friend user" partnership.

Speaker:
Kevin Donovan, Vice President of Sales for the Americas, BioCatch

The Equifax breach, which affected more than 143 million individuals, proves breaches are not trending downward.

A lot has been said about the ways that criminals use stolen data. In this session, BioCatch discusses the current state of account openings online and what fraudsters are doing to circumvent security measures. Leveraging its global experience working with leading banks, credit card issuers and e-commerce sites, BioCatch provides key insights and real-world examples into how behavioral biometrics are used to detect stolen or synthetic identities to stop new account fraud at its source. This session also demonstrates the value of technology in reducing false declines and improving the user experience when filling out online applications.

Speaker:
Jim Cunha, Senior Vice President of Bank Administration, Federal Reserve Bank of Boston

Maintaining strong payments security practices is a continuously moving target given the ever-evolving payments ecosystem and dynamic nature of the threat environment. The commitment to improve security is a priority throughout the payments industry as evidenced by the ongoing collaboration across these issues. This session covers:

• Efforts to support the payment industry, such as the Federal Reserve's payment fraud study;
• Initiatives designed to tackle tough issues, such as data protection, payment identity management and cybersecurity.

Speakers:
Shirley Inscoe, Senior Analyst, Aite Group
Troy Leach, Chief Technology Officer, PCI Security Standards Council

Since the U.S. adoption of EMV chip-and-signature for payment card security, incidents of card-present fraud have been reduced. But there has been a corresponding (and predicted) rise in card-not-present fraud, as well as check fraud and new real-time fraud, resulting from new forms of payments.

This session addresses:

• The evolution of payments fraud and the newest schemes;
• Innovations in payment technologies and security;
• Payment security trends and standards to watch.

Speakers:
Alexis Castellani, Senior Vice President - Cyber Fraud Prevention, Citi
Kevin M. McCleary, Assistant to the Special Agent in Charge, Criminal Investigative Division, US Secret Service
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

"Know your customer" is a familiar refrain in banking circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation-states, cybercrime gangs or lone actors. In this session, a panel of law enforcement officials and internal fraud investigators offer their insights on:

• Today's most prevalent fraud schemes - and why they are successful;
• Traits of the threat actors most commonly perpetrating these schemes;
• Lessons learned from actual fraud investigations - and how you can put these to work to improve your own defenses.

Speaker:
Dan Hoffman, Global Director of Solutions Architects, Agari

Business email compromise attacks that impersonate executives and business partners to trick employees are the biggest cyber threat organizations face today. This is not news. But what may come as a surprise is that the vast majority of BEC attacks are preventable. This session reviews why email spoofing works, the role social media plays in social engineering, current BEC trends and attack methods, and advances in technology that are being used to identify and block BEC attacks before they hit the inbox.

Speaker:
Chris Eng, Vice President of Research, Veracode

Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk that could lead to fraud. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most possible victims by breaching a single vulnerability, which could lead to later incidents of fraud. To reduce these risks, development and security teams need strategies for tackling the challenge of securing their applications from vulnerabilities in third-party and open source components.

What you will learn from this session:

• Why development teams use components and how components ultimately create greater fraud risk
• How to reduce risk through strategies including component inventories and developer education
• How software composition analysis technologies can help you keep track of your component use and be ready when a vulnerability hits the news

Speaker:
David Houlding, Principal Healthcare Program Manager, Microsoft

Financial fraud can be notoriously hard to detect and easy to cover up. But is blockchain technology, with its distributed digital ledger, a new tool to help organizations reduce risk and prevent fraud?

This sessions describes:

• Blockchain and its uses beyond digital currencies;
• The value of blockchain to reduce financial transaction time, risk and fraud among multiple parties with a trusted, decentralized digital ledger;
• Lessons from organizations that already are using blockchain technology as a tool to prevent fraud.

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

When it comes to fraud prevention, many organizations overlook the insider threat - both the malicious actor who intends to commit fraud as well as the accidental insider who makes a mistake or is taken advantage of by an external entity. The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud.

In this session, the center's director offers:

• The latest research on insider fraud;
• The growing role of the accidental insider in fraud schemes;
• How to start up an insider fraud detection program within your organization.

Speaker:
Dan Woods, VP of Attack Forensics, Shape Security

Every day, financial institutions face an onslaught of automated attacks on their web and mobile applications by all types of fraudsters. Some test millions of stolen credentials on login applications to commit account takeover; others create thousands of accounts on account registration applications to validate stolen credit cards. In this session, Dan Woods, a former FBI special agent, describes how attackers target institutions and the ways they monetize their attacks.

This session offers insights on gaining a better understand of attackers' motivations and tactics, including how they:

• Move from targeting web applications to targeting mobile APIs;
• Exploit human click farms to advance credential stuffing attacks;
• Tunnel through aggregators to avoid detection.

Speaker:
John Petrie, Global CISO, NTT Security

Fraud resulting from cyber theft continues to plague organizations as attackers use more aggressive means of gaining access to critical data more frequently. From the CEO's cellphone to it partners and vendors (and their children), everyone is a target. Business leaders need to understand the implications of choosing a security framework to better protect their organizations related to cost and resource allocation. In this discussion, we will provide an overview on the ISO and NIST models, identify several core cybersecurity program criteria, and walk attendees through the critical first step of self-assessment.

Session Objectives:

• Discuss the changing landscape of cybersecurity and expanded scope of vulnerabilities affecting organizations;
• Provide an overview of the often confusing ISO and NIST models to better define compliance needs;
• Conduct an interactive group discussion about the real impacts of moving to a new security standard;
• Provide recommendations for automation, tools and implementation strategies.

Speaker:
Sam Kassoumeh, COO and Co-Founder, SecurityScorecard

Most organizations today have a complex and huge supplier/partner ecosystem. Many different vendors supply many different products and services. And yet most enterprise third-party security programs still rely on manual, point-in-time, largely subjective assessments to evaluate and manage the security risk of their third parties.

At a time when regulators are shining a bright light on third party programs - how do you prove you are doing enough?

In this session, Sam Kassoumeh of SecurityScorecard shares:

• Data on the state of cybersecurity in the financial industry;
• How the IoT landscape has made risk management even more complex;
• Insights on how shifting to an ecosystem risk model can enable more proactive risk management approach.

Speaker:
Evan O'Regan, Associate Partner - IAM Practice - Canada, IBM Cloud and Cognitive Software

By exploring the answers to a series of novel questions (e.g. what do mobile payments and driverless cars have in common?), this talk will illustrate new approaches to preventing and stopping fraud by first illustrating the paradoxes of applying traditional approaches to a variety of new and emerging use cases (cloud, mobile, consumer, payments, and wearables). The discussion will identify:

• How to avoid hidden pitfalls that open the door to sophisticated fraud attacks;
• Methods to pragmatically achieve the improbable combination of frictionless access and strong security;
• How the next generation of fraud-aware digital identities can be leveraged to transform the business.

Speaker:
Keith Carlson, General Manager, Payments and Fraud Prevention, Amazon Web Services

In the era of big data, machine learning and cloud computing, how do you know what to invest in to keep customers happy and to stay ahead of increasingly sophisticated fraud attacks? In this session, the general manager of payments and fraud prevention at Amazon Web Services - one of the fastest growing technology companies ever - discusses the present and future of fraud prevention, addressing:

• The key people and technology investment decisions that you will grapple with over the next few years as you think about improving the effectiveness of your fraud prevention;
• Skill sets you will need to hire, retain or develop to effectively operate next-generation agile fraud systems;
• New key performance indicators that you should be thinking about to ensure your fraud-prevention systems are future-proofed and able to handle the unexpected without impacting your customers.