SlideShare una empresa de Scribd logo

Securing Internet Payment Systems

D
Domenico Catalano

Securing Internet Payment Systems

EmpresarialesEconomía y finanzas
1 de 24
Descargar para leer sin conexión
Securing Internet Payment Systems Domenico Catalano Principal Sales Consultant
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
Agenda •  Trends in online Payments •  Cybercrime •  ECB & Security Measures •  Oracle Approach •  Layered Access Security •  Oracle Experience – BT MFR use case •  Q&A
Trends in online Payments
Payments through the Internet •  Making a remote payment card transaction through the Internet •  Online-banking based credit transfer or direct debits •  Payments through e-payment providers 2014 2009 190 Million online shoppers 141 Million online shoppers EUR 483 per capita EUR 601 per capita Source: Forrester Research Towards an integrated European market for card, internet and mobile payments
Cybercrime Threat to the Financial Sector Account Takeovers Telecommunication Network Disruption Insider Access Third Party Payment Processor Breaches Supply Chain Infiltration Securities and Market Trading Exploitation ATM Skimming and Point of Sale Schemes Mobile Banking Exploitation Compromised records by industry group Source: Verizon – 2011 Data Breach Investigation FBI — Cyber Security: Threats to the Financial Sector
Security Measures
ECB Recommendation Security of Internet Payments Merchant's Holder Web Site •  General control and security Purchase environment. •  Specific control and security measures for Internet Payment Payments. •  Customer awareness, education and communication. Authorization Issuer Acquirer Recommendations for the Security of Internet Payments - ECB
ECB Recommendation Specific control and security Measures for Internet Payments •  Initial customer identification, information •  Strong customer authentication •  Enrolment for and provision of strong authentication tools •  Log-in attempts, session time-out, validity of authentication •  Transaction monitoring and authorization •  Protection of sensitive payment data Recommendations for the Security of Internet Payments - ECB
Oracle Approach
Oracle Approach General Control and Security Environment
The Identity Platform
Comprehensive Database Security
Layered Access Security
Evolution of Web Access Security Layered Access Security Role Based Access Control Multi-factor Authentication Single Sign On “PSPs with no or only weak authentication procedureshas authorisedevent of a disputed transaction, provide proof that the customer cannot, in the the transaction.” – ECB, Recommendation for the Security of Internet Payments
Oracle Adaptive Access Manager Trust, But Verify John Smith Password Device Location Data Verify ID Protected Resources Sources Security Layers Authentication is valid but is this really John Smith? Is anything suspicious about John’s access request? Can John answer a challenge if the risk is high?
Context-Aware Risk Analysis ü  Analyzes risk in Real-Time Pattern Detection ü  Profiles Behaviors •  Dynamic behavioral profiling in real-time •  In the last month has Joe used this ü  Recognizes Patterns device for less than 3% of his access requests? •  In the last three months have less than ü  Detects Anomalies 1% of all users accessed from the country? ü  Takes Preventative Actions Predictive Analysis Static Scenarios •  Indicates probability a situation would •  Specific scenarios that always equate to occur risk •  Is the probability less than 5% that an •  If a device appears to be traveling faster access request would have this the jet speed between logins the risk is combination of data values? increased.
Risk-Based Identity Verification If the risk is very high: Deny access and alert HIGH the security team If the risk is high: Send a one-time MED- password to users HIGH mobile phone RISK If the risk is medium: Ask a challenge MED- LOW Hacking for Fame question If the risk is low: Do nothing LOW RESPONSE ALLOW DENY
Data Relationships First Class Entities Transaction Data Rule A [ User, Device, IP, Etc. ] [ Dollar Amount ] [ If a purchase HTTP [ Item Quantities ] originates from a Address country not matching [ Item Numbers ] [ Street Number ] the country in the billing SQL [ Coupon Code ] address then create an [ Street Name ] [ Shipping Priority ] alert. ] [ Apt. Number ] Files Entity Instances [ City ] [ State ] Rule B JMS [ Shipping Address ] [ ZIP Code ] [ If an item has been Credit Card [ Country ] purchased more than [ First Name ] twice in the last week WS [ Last Name ] [ Billing Address ] from a single device, [ Middle Initial ] each using a different credit card then create [ Number ] an alert. ] [ Security Code ] [ Credit Card ] [ Expiration ]
Become Context Aware Prevent and Detect Anomalous Behavior Reducing Surface Area of Attacks 89% Preventable Breaches ROI Payback period Total benefits Total costs Net benefits 106% 12.1 months $6,007,641 ($2,912,513) $3,095,129 Source: “Adaptive Access Management: An ROI Study” a commissioned study conducted by IDC on behalf of Oracle, 2010
Oracle Experience BT Managed Fraud Reduction
BT Managed Fraud Reduction (MFR) •  BT MFR is an automated fraud screening service developed by BT based on Oracle technologies. •  BT MFR assesses the risk of each e- Commerce transaction. •  BT MFR makes a risk assessment based on the behavior of the user. •  BT MFR is complementary to existing fraud checks performed as part of payment authorization. •  BT MFR is a real time service.
BT MFR: Architecture and Extensibility Payments Processor/Merchant Payments Processor/Merchant Aggregated response Oracle Service Bus OSB determines call routing OAAM Ethoca BTMA CLI GB Group URU Fraud Rules Fraud Strong Calling Line Business Engine Intelligence Authentication ID Verification Identification Data Quova Optional Services Future Services Location Detection
www.oracle.com/Identity www.facebook.com/OracleIDM www.twitter.com/OracleIDM blogs.oracle.com/OracleIDM

Recomendados

Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...IBM Danmark
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightParitosh Sharma
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souzaguest8a3b501b
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity fraudsEddy Cormon
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsDaveEdwards12
 
טכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעטכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעIsrael Export Institute_מכון היצוא
 
CSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserCSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserguestb1956e
 
Man-In-The-Browser attacks
Man-In-The-Browser attacksMan-In-The-Browser attacks
Man-In-The-Browser attacksMário Almeida
 

Recomendados

Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...IBM Danmark
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightParitosh Sharma
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souzaguest8a3b501b
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity fraudsEddy Cormon
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsDaveEdwards12
 
טכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעטכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעIsrael Export Institute_מכון היצוא
 
CSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserCSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserguestb1956e
 
Man-In-The-Browser attacks
Man-In-The-Browser attacksMan-In-The-Browser attacks
Man-In-The-Browser attacksMário Almeida
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12jucaab
 
Dubai 1
Dubai 1Dubai 1
Dubai 1mmavis
 
2012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt22012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt2Комсс Файквэе
 
Jon ppoint
Jon ppointJon ppoint
Jon ppointCheryl White
 
Sxsw ppt voice-1
Sxsw ppt voice-1Sxsw ppt voice-1
Sxsw ppt voice-1Dan Miller
 
ACH Payments - Banking Fraud
ACH Payments - Banking FraudACH Payments - Banking Fraud
ACH Payments - Banking FraudGuardian Analytics
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionSymantec
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
TheGRID
TheGRIDTheGRID
TheGRIDe-Lock Corporation
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsDR.P.S.JAGADEESH KUMAR
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 
Jips v07 no1_paper17
Jips v07 no1_paper17Jips v07 no1_paper17
Jips v07 no1_paper17Hai Nguyen
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...NAFCU Services Corporation
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionShane Rice
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance Raleigh ISSA
 

Más contenido relacionado

La actualidad más candente

OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12jucaab
 
Dubai 1
Dubai 1Dubai 1
Dubai 1mmavis
 
2012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt22012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt2Комсс Файквэе
 
Sxsw ppt voice-1
Sxsw ppt voice-1Sxsw ppt voice-1
Sxsw ppt voice-1Dan Miller
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionSymantec
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsDR.P.S.JAGADEESH KUMAR
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 
Jips v07 no1_paper17
Jips v07 no1_paper17Jips v07 no1_paper17
Jips v07 no1_paper17Hai Nguyen
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...NAFCU Services Corporation
 

La actualidad más candente (19)

OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12
 
Dubai 1
Dubai 1Dubai 1
Dubai 1
 
2012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt22012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt2
 
Jon ppoint
Jon ppointJon ppoint
Jon ppoint
 
Sxsw ppt voice-1
Sxsw ppt voice-1Sxsw ppt voice-1
Sxsw ppt voice-1
 
ACH Payments - Banking Fraud
ACH Payments - Banking FraudACH Payments - Banking Fraud
ACH Payments - Banking Fraud
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authentication
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holt
 
TheGRID
TheGRIDTheGRID
TheGRID
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking Applications
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
 
Jips v07 no1_paper17
Jips v07 no1_paper17Jips v07 no1_paper17
Jips v07 no1_paper17
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard Mobile
 
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...
Turning Your Website into a Cross-selling Machine (Credit Union Conference Pr...
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services
 

Similar a Securing Internet Payment Systems

Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionShane Rice
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance Raleigh ISSA
 
Datos personales y riesgos digitales
Datos personales y riesgos digitalesDatos personales y riesgos digitales
Datos personales y riesgos digitalesJuan Carlos Carrillo
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
RSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event AnalysisRSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event AnalysisRaffael Marty
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutionsfrontone
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceMarcel Winandy
 
Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonEduserv
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber CafeAmy Lenzo
 
Why do THEY want your digital devices?
Why do THEY want your digital devices?Why do THEY want your digital devices?
Why do THEY want your digital devices?ESET
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Combating Constantly Evolving Advanced Threats – Solution Architecture
Combating Constantly Evolving Advanced Threats – Solution ArchitectureCombating Constantly Evolving Advanced Threats – Solution Architecture
Combating Constantly Evolving Advanced Threats – Solution ArchitectureIBM Sverige
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 

Similar a Securing Internet Payment Systems (20)

Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance
 
Datos personales y riesgos digitales
Datos personales y riesgos digitalesDatos personales y riesgos digitales
Datos personales y riesgos digitales
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
RSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event AnalysisRSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event Analysis
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
 
Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan Richardson
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber Cafe
 
Why do THEY want your digital devices?
Why do THEY want your digital devices?Why do THEY want your digital devices?
Why do THEY want your digital devices?
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
Combating Constantly Evolving Advanced Threats – Solution Architecture
Combating Constantly Evolving Advanced Threats – Solution ArchitectureCombating Constantly Evolving Advanced Threats – Solution Architecture
Combating Constantly Evolving Advanced Threats – Solution Architecture
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 
Taveau cartes2012 speaker
Taveau cartes2012 speakerTaveau cartes2012 speaker
Taveau cartes2012 speaker
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 

Más de Domenico Catalano

Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAProtecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMADomenico Catalano
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationDomenico Catalano
 
User-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformUser-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformDomenico Catalano
 
Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...
Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...
Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...Domenico Catalano
 

Más de Domenico Catalano (7)

Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAProtecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMA
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenario
 
Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
 
User-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformUser-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management Platform
 
Uma sec council_june_22_v4
Uma sec council_june_22_v4Uma sec council_june_22_v4
Uma sec council_june_22_v4
 
Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...
Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...
Exploring Visualization Techniques to Enhance Privacy Control UX for User-Man...
 
UMA Trusted Claims
UMA Trusted ClaimsUMA Trusted Claims
UMA Trusted Claims
 

Último

Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdflaloo_007
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannaBusinessPlans
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAITim Wilson
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfDerekIwanaka1
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...NadhimTaha
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingNauman Safdar
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxCynthia Clay
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030tarushabhavsar
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Omaninstagramfab782445
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsShree Krishna Exports
 

Último (20)

Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdf
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna Exports
 

Securing Internet Payment Systems

  • 1. Securing Internet Payment Systems Domenico Catalano Principal Sales Consultant
  • 2. This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
  • 3. Agenda •  Trends in online Payments •  Cybercrime •  ECB & Security Measures •  Oracle Approach •  Layered Access Security •  Oracle Experience – BT MFR use case •  Q&A
  • 4. Trends in online Payments
  • 5. Payments through the Internet •  Making a remote payment card transaction through the Internet •  Online-banking based credit transfer or direct debits •  Payments through e-payment providers 2014 2009 190 Million online shoppers 141 Million online shoppers EUR 483 per capita EUR 601 per capita Source: Forrester Research Towards an integrated European market for card, internet and mobile payments
  • 6. Cybercrime Threat to the Financial Sector Account Takeovers Telecommunication Network Disruption Insider Access Third Party Payment Processor Breaches Supply Chain Infiltration Securities and Market Trading Exploitation ATM Skimming and Point of Sale Schemes Mobile Banking Exploitation Compromised records by industry group Source: Verizon – 2011 Data Breach Investigation FBI — Cyber Security: Threats to the Financial Sector
  • 8. ECB Recommendation Security of Internet Payments Merchant's Holder Web Site •  General control and security Purchase environment. •  Specific control and security measures for Internet Payment Payments. •  Customer awareness, education and communication. Authorization Issuer Acquirer Recommendations for the Security of Internet Payments - ECB
  • 9. ECB Recommendation Specific control and security Measures for Internet Payments •  Initial customer identification, information •  Strong customer authentication •  Enrolment for and provision of strong authentication tools •  Log-in attempts, session time-out, validity of authentication •  Transaction monitoring and authorization •  Protection of sensitive payment data Recommendations for the Security of Internet Payments - ECB
  • 11. Oracle Approach General Control and Security Environment
  • 15. Evolution of Web Access Security Layered Access Security Role Based Access Control Multi-factor Authentication Single Sign On “PSPs with no or only weak authentication procedureshas authorisedevent of a disputed transaction, provide proof that the customer cannot, in the the transaction.” – ECB, Recommendation for the Security of Internet Payments
  • 16. Oracle Adaptive Access Manager Trust, But Verify John Smith Password Device Location Data Verify ID Protected Resources Sources Security Layers Authentication is valid but is this really John Smith? Is anything suspicious about John’s access request? Can John answer a challenge if the risk is high?
  • 17. Context-Aware Risk Analysis ü  Analyzes risk in Real-Time Pattern Detection ü  Profiles Behaviors •  Dynamic behavioral profiling in real-time •  In the last month has Joe used this ü  Recognizes Patterns device for less than 3% of his access requests? •  In the last three months have less than ü  Detects Anomalies 1% of all users accessed from the country? ü  Takes Preventative Actions Predictive Analysis Static Scenarios •  Indicates probability a situation would •  Specific scenarios that always equate to occur risk •  Is the probability less than 5% that an •  If a device appears to be traveling faster access request would have this the jet speed between logins the risk is combination of data values? increased.
  • 18. Risk-Based Identity Verification If the risk is very high: Deny access and alert HIGH the security team If the risk is high: Send a one-time MED- password to users HIGH mobile phone RISK If the risk is medium: Ask a challenge MED- LOW Hacking for Fame question If the risk is low: Do nothing LOW RESPONSE ALLOW DENY
  • 19. Data Relationships First Class Entities Transaction Data Rule A [ User, Device, IP, Etc. ] [ Dollar Amount ] [ If a purchase HTTP [ Item Quantities ] originates from a Address country not matching [ Item Numbers ] [ Street Number ] the country in the billing SQL [ Coupon Code ] address then create an [ Street Name ] [ Shipping Priority ] alert. ] [ Apt. Number ] Files Entity Instances [ City ] [ State ] Rule B JMS [ Shipping Address ] [ ZIP Code ] [ If an item has been Credit Card [ Country ] purchased more than [ First Name ] twice in the last week WS [ Last Name ] [ Billing Address ] from a single device, [ Middle Initial ] each using a different credit card then create [ Number ] an alert. ] [ Security Code ] [ Credit Card ] [ Expiration ]
  • 20. Become Context Aware Prevent and Detect Anomalous Behavior Reducing Surface Area of Attacks 89% Preventable Breaches ROI Payback period Total benefits Total costs Net benefits 106% 12.1 months $6,007,641 ($2,912,513) $3,095,129 Source: “Adaptive Access Management: An ROI Study” a commissioned study conducted by IDC on behalf of Oracle, 2010
  • 21. Oracle Experience BT Managed Fraud Reduction
  • 22. BT Managed Fraud Reduction (MFR) •  BT MFR is an automated fraud screening service developed by BT based on Oracle technologies. •  BT MFR assesses the risk of each e- Commerce transaction. •  BT MFR makes a risk assessment based on the behavior of the user. •  BT MFR is complementary to existing fraud checks performed as part of payment authorization. •  BT MFR is a real time service.
  • 23. BT MFR: Architecture and Extensibility Payments Processor/Merchant Payments Processor/Merchant Aggregated response Oracle Service Bus OSB determines call routing OAAM Ethoca BTMA CLI GB Group URU Fraud Rules Fraud Strong Calling Line Business Engine Intelligence Authentication ID Verification Identification Data Quova Optional Services Future Services Location Detection