Skip navigation
All Places > Products > RSA Fraud & Risk Intelligence Suite > Blog

(Authored by Steve Schlarman, Portfolio Strategist, RSA)

 

It was Mark’s big shot.  He finally had a meeting with Sharon, the CIO.  Her schedule was so busy it was legendary and for her to spend time with a risk analyst was a clear indicator she recognized the new challenges facing their company.  Although he only had 15 minutes, Mark was prepared - notepad at the ready, brimming with nervous energy.   After some brief chit-chat he got down to business – ready to drill into a conversation about their company’s biggest obstacles; the most impactful concerns; the top of mind issues; the coup de grace that could spell disaster for the organization.  He took a deep breath and went to his big money question… ‘So, what keeps you up at night? What are you worried about?’ 

 

Sharon beamed.  She spun around to her white board and spewed a litany of projects fueling their company’s digital transformation – an IoT project, the SalesForce.com implementation, a massive VMWare migration and their hybrid cloud, the new employee work-at-home program, the impending customer mobile portal…

While that question got Sharon started, let’s think about this a bit differently.

 

With all the benefits the new digital world offers, there are a host of risks that must be managed.   The major areas of risk remain the ‘usual suspects’ such as security, compliance, resiliency, inherited risks from third parties and operational risk. However, digital business amplifies uncertainty for organizations today.  For example:

  • Digital business, by its very nature, increases the threat of cyber incidents and risks around your intellectual property and customer data.
  • The expanded connectivity and expectations of the ‘always on’ business stresses the importance of resiliency.
  • Business has evolved into an ecosystem of internal and external services and processes leading to a complex web of ‘inherited’ risks.
  • The disappearing perimeter and digital workforce is challenging how organizations engage their customers and employees.

 

Factors such as these are why digital initiatives are forcing organizations to rethink and increasingly integrate their risk and security strategies. 

 

The objective for today’s risk professional is not just about defending against the bad.  Just like Mark discussing the parade of initiatives with Sharon that clearly impact their company’s future, you must be ready to help usher in a new age of digital operations.  Merely riding the buzzword wave - IoT, social media, big data analytics, augmented reality… - is not enough. 

 

You must look at opportunities to enable innovation in your business while building trust with your customers and throughout your enterprise.  Your business must be comfortable with embracing risk and aggressively pursuing market opportunities offered by new technology.  To do that, risk associated with the use of emerging or disruptive technology in transforming traditional business processes needs to be identified and assessed in the context of fueling innovation.   You also must keep focus on the negative side of risk.  Your business today demands an open, yet controlled, blend of traditional and emerging business tactics.  You must help manage the ongoing risk as these transformed business operations are absorbed into the organization fully, i.e. the new model becomes the normal model of doing business.

 

Risk is, by definition, uncertainty.  Everyone is concerned about uncertainty in today’s world.  However, if we go back to the simple equation (risk = likelihood * impact), risk should be something we can dissect, understand, and maybe even calculate.   While you are helping your organization embrace the advantages (positive risk) of technologies like IoT, data analytics, machine learning and other emerging digital enablers, the volatile, hyperconnected nature of digital business amplifies the negative side of risk.  It is anxiety about the unknown that leads us into that executive conversation, but it shouldn’t lead to worry.

 

Worry is about fear.  Your executives shouldn’t be afraid in today’s world.   They should have informed concerns.  And you – as the security or risk person in the room – should be feeding insights to raise their visibility of the likelihood of events and diminish their distress on the negative impacts.  Risk is part of riding the waves of business opportunities.

 

Risk is not something you should WORRY about…  it is something you should ACT on.

***********

To learn more about digital risk management, click on our new Solutions Banners located in the right-hand column of each RSA product page: Third Party RiskCloud TransformationDynamic Workforce, and Cyber Attack Risk.

Dear All

I am happy to share that RSA Fraud & Risk Intelligence "20 on Fraud" webinar series is back in 2019.

"20 on Fraud" webinar series objective is to make sure customers are aware of the latest and greatest product releases and how to best leverage their investment in RSA Fraud & Risk Intelligence Suite.

this blog post will be updated with links to the next webinar registration page as well as links to the recording of the webinars so you can keep up to date.

 

Join us to make the most out of your RSA Fraud & Risk Intelligence Suite implementation.

 

This is not an April Fools’ Day joke – RSA Charge registration fees go up from $595 to $995 on April 2. Trust us, you will not want to miss this year’s Charge event. REGISTER TODAY!

 

RSA Charge 2019 will provide you a place to discover game-changing business-driven security solutions to meet today’s greatest business challenges. Attendees will explore best practices and have opportunities to problem-solve and discuss ideas for product and service innovation to increase productivity. From customer case studies to training as well as one-on-one consultations and motivating keynotes, this year’s conference has something for everyone!

 

RSA Charge 2019 will deliver a host of new content and exciting opportunities through:

Customer-led case studies and hands-on workshops to share trends and issues specific to your industry

Thought-provoking keynote presentations that provides insights on RSA’s products, solutions and customer successes

Partner Expo highlights solutions that are driving high-impact business benefits using RSA’s solutions

Unparalleled Networking invites you to exchange ideas with your peers and RSA experts and save – early bird rates are $595 and available through April 1, 2019, then the regular registration price kicks in at $995. The RSA Charge 2019 website should be your go-to destination for all ‘Charge’ information - Call for Speakers, Agendas at a Glance, Full Agendas and speakers, Keynotes, and so much more.

 

RSA Charge 2019 will be in Orlando from September 16-19, 2019 @ Walt Disney World Dolphin & Swan Hotel, Orlando. 

 

REGISTER before April 2, save $400 and check out the RSA Charge 2019 website for continual updates like the one below:

 

Just Added: Looking for pre-conference training? Due to RSA Charge starting on a Monday and being on the Disney grounds, RSA has decided not to offer any pre-conference training this year but instead offer a whole RSA University track dedicated to your favorite training topics at no extra cost. That’s right, no additional cost!

 

There will also be RSAU representatives, onsite to talk shop and answer any and all of your questions, just another reason to attend RSA Charge 2019. We look forward to seeing you all in Orlando.

RSA CHARGE 2019 CALL FOR SPEAKERS OPEN FOR SUBMISSIONS

It's official - time to get your creative juices flowing as the RSA Charge 2019 'Call for Speakers' (C4S) is now open and awaiting your submissions!

 

As you are aware, the RSA Charge events represent all RSA products and an increasing number of customers across solutions attend this one-of-a-kind event each year. The RSA 2019 Charge promises to be the biggest event in our history of RSA Charge and RSA Summit conferences. 

 

The RSA Charge event is successful in no small part because of the stellar customer submissions we receive each year. We invite you to submit your presentation brief(s) for consideration. (That's right, you may submit more than one submission brief!)

 

This year for the first time the '8' Tracks for RSA Charge 2019 are identical across all products and represent all RSA solutions. We are pleased to present them to you:

 

Transforming Your Cyber Risk Strategy - Cyber-attacks are at the top of the list of risks for many companies today.  Tell us how you are approaching reducing this risk utilizing RSA products.

 

Beyond the Checkbox: Modernizing Your Compliance Program - The regulatory landscape is always shifting.  How are you keeping up and what steps are you taking towards a sustainable, agile compliance program?

 

Aligning Third Party Risk for the Digital Transformation - Inherited risk from your business partners is a top of mind issue.  Third party risk must be attacked from multiple angles.  Share your strategy.

 

Managing Operational Risk for Impact - Enterprise risk, operational risk, all things risk management.  Share your experience and strategy on how you identify, assess and treat risk across your business operations.

 

View from Above: Securing the Cloud - From security visibility to managing organizational mandates, what is your risk and security strategy to answer the "go to cloud" call.

 

Under the RSA Hood: Managing Risk in the Dynamic Workforce - The workforce has become a dynamic variable for many organizations - from remote users to BYOD to contractors and seasonal workers.  How are you addressing this shift?

 

Business Resiliency for the 'Always On' Enterprise - The world expects connectivity.  When the lights are off, the business suffers.  Tell us how you are ensuring your business is 'always on' - business continuity, recovery, crisis management and the resilient infrastructure.

 

Performance Optimization: RSA Product Learning Lab - Share your technical insights of how you use RSA products to meet your business objectives.  Extra points for cool 'insider' tips and tricks.

 

We know you have great stories to share with your peers, best practices, teachings, and how-to's. We hope you consider submitting a brief and thank you in advance for your consideration. More information can be found on the RSA Charge 2019 website (scroll to bottom of page) including the RSA Charge 2019 Call for Speakers Submission Form. Submission should be sent to: rsa.events@rsa.com.

 

Call for Speakers 'closes' April 26. 

 

RSA Adaptive Authentication (On-Premise) has an aggregator module to leverage the Account Aggregator services which is used by many banks that involves compiling information from different accounts, which may include bank accounts, credit card accounts, investment accounts, and other consumer or business accounts, into a single place.

 

Join us on Friday for a webinar to cover the fundamentals of setting up the Aggregator module in your environment, as well as some troubleshooting tips to make sure you are able to take advantage of this valuable source service.

RSA Adaptive Authentication (On-Premise) takes advantage of the eFraudNetwork (EFN),

the industry’s first and largest global network of confirmed fraud, to identify indicators linked to known and attempted fraud.

 

Join us on Friday for a webinar to cover the fundamentals of setting up the EFN in your environment, as well as some troubleshooting tips to make sure you are able to take advantage of this valuable source of fraud information today, and into the future.

 

 

Written by: Kevin Greaney

Since the inception of the World Wide Web,  retailers have been struggling in a continuous war against card-not-present (CNP) payment fraud. In accordance with card industry rules and guidelines, when the fraudulent purchases are disputed, the retailers almost always end up holding the bag.

Organizations spanning the payment ecosystem have attempted to help  retailers identify fraudulent transactions through the deployment of various technologies. One of the more effective technologies has been the use of multifactor authentication (MFA). Over the past several months, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has been working on a cybersecurity project involving multifactor authentication to help retailers reduce the risk of  fraudulent purchases.  

The entire Blog post is located at RSA and NIST Partner to Reduce E-Commerce Fraud Risk.

This blog was written by Michael O'Connor and the Video was produce by Sylvester (Sly) Gittens

Pooja Kapoor

FRIday Tech Huddles

Posted by Pooja Kapoor Employee Sep 7, 2018

The FRIday Tech Huddles are coming! The FRIday Tech Huddles are coming!

 

It is finally here….the RSA Fraud & Risk Intelligence (FRI) team is proud to present a series of Tech Huddles.

What’s a FRIday Tech Huddle? These are a series of webinars on various operational and maintenance focused topics that are provided free of charge to our customers.

 

Who can attend? Any FRI customer registered on RSA LINK (https://community.rsa.com) can attend these Webinars. All you have to do is login and voila!

 

When does it start? On 11 AM ET, September 14, 2018, RSA Adaptive Authentication Customer Support will present the first of its technical Free FRIday Tech Huddle (FFTH).

 

What is it about?  The FRIday Tech Huddle are live knowledge sharing sessions covering various features of different products in the FRI Suite. Hands-on biweekly webinars will be hosted by our extraordinary team of highly qualified Customer Support Technical Engineers and will also include troubleshooting steps for several common issues.

 

How does it help? Long journeys involve travelling time and expense, but our webinars will eliminate the need to travel and bring the Product knowledge at your doorstep via your laptop screen. Our webinars will take you on a journey to the world of fraud prevention.

 

How to find us? You can find the schedule on https://community.rsa.com/docs/DOC-96365 . If you or your team miss any of our FRIday Tech Huddle you will be able to find the replay on https://community.rsa.com/docs/DOC-96366

Yael Gour

Launching RSA Ideas

Posted by Yael Gour Employee Apr 3, 2018

For years RSA has been in business of providing best-in-class security  and Anti fraud products and services to you, our customers.  I am proud to be surrounded by extremely intelligent and creative coworkers who amaze me with their knowledge, imagination, and ability to make abstract a reality on daily basis.  However, I am even more astounded by the unending well of new ideas I see coming from our customer community every time I interact with or observe an interaction between us and you.  You are the true inspiration and driving force of our innovation.  We build products that solve your problems, we offer services that help you, and everything we do - we do with you and your success in mind.

 

This is why I am happy to officially introduce you to a new way to harvest and crowdsource our collective ideas together.  This month, we have launched new idea pages on our RSA Link Community:

These destination pages are places for you to show off your creativity and need, to suggest ways that would improve our offerings to help you be more successful.  It is also the place where you can collaborate on your ideas with other like-minded individuals and vote on ideas suggested by others.

 

We have a great customer community, let’s harness its creative power to see what we can come up with together.

 

For more information, please check out the following FAQs:

A new market for non-financial credentials is emerging in the cybercrime underground, thanks to mass data breaches and phishing attacks exposing billions of usernames, email addresses and passwords in the last two years. But don’t be fooled into believing this data is only being exchanged and sold in the farthest reaches of the Internet.  It is available to anyone on open websites and traded in plain sight on social media

Relying on the fact that many people use the same username–password combination across multiple accounts, cybercriminals are making money by selling stolen credentials. Naturally, verified account credentials command a premium, as they can be more readily used to take over other accounts—for example, making fraudulent e-commerce purchases – so the business of credential testing services is expanding as well.  Yet, other factors are contributing to the price of stolen credentials including the brand, whether there is a credit card on file in the account, and how easy it is to resell the goods or services.  Today, account credentials may sell for as little as $0.20 up to $15 USD.

An abundance of stolen account credentials, coupled with the ease in which they can be obtained by cybercriminals at a low cost, is helping to fuel a rise in account takeover attacks.  In fact, according to the latest 2018 Identity Fraud Study by Javelin Strategy & Research, account takeover losses more than tripled in the last year to $5.1 billion.

Automated tools, such as SentryMBA, enable cybercriminals to carry out high-speed username- and password-guessing attacks, sometimes called credential replay attacks.  These tools are available at low or no cost, or on a fraud-as-a-service basis.  Account takeover success rates can hit up to 5% and produce an acceptable yield of valid credentials to cybercriminals, for their own personal use or downstream sale.

It can be difficult to spot automated attacks because legacy tools such as web application firewalls (WAFs) are not designed or architected to look for them. More organizations are turning to behavior analytics technologies to assure authenticated users and anonymous guests are interacting with their website in expected ways. These technologies can identify unusual patterns of behavior across both web and mobile applications – for example, the way a user navigates a site or robotic activity such as thousands of login attempts within only a few minutes.

2018 Outlook

So what will the state of cybercrime look like in 2018?  We expect to see more mass data breaches, and a spike in account takeover attacks as a result.  This will lead to a flooded market for stolen credentials and thus, verifying credentials will become even more of a priority for cybercriminals looking to monetize them. We also anticipate the development of credential checking tools that are programmed to transact immediately following a successful login as a way to try and bypass fraud prevention systems.

 

Written by: Heidi Bleau, (originally posted on RSA.com blogs)

Banking-as-a-service, or BaaS, is the new reality (and no, it’s not a new kind of phish).  Digital banking is growing fast, and it is expected that by 2021, three billion users will access financial services from a smartphone, tablet, PC or smartwatch.  In the technological world we live in today, financial services--be it loans, deposits, e-commerce, and things we haven’t thought of yet--can be provided in a digital, user-centric, and operationally efficient way.

 

A number of significant technological trends that are impacting the financial industry and propelling the digitalization of banking.  The first is the digital consumer. Today’s consumer expects frictionless digital services in all aspects of life, including banking. In fact, Bank of America’s client-facing technology CIO, Hari Gopalkrishnan, said that “customers don't benchmark us against banks, they benchmark us against Uber and Amazon.”  Consumers today are creating huge demand for digital services, and this is resonating with financial institutions too—if you ask any financial services CEO what is at the top of her agenda, she’ll tell you it is making the bank a technology company.

 

The second market force is FinTech; startup companies across the globe that are stretching the limits of digital banking. Innovating in areas of crowd-sourcing/funding, peer-to-peer lending, blockchains, and much more. And if you consider our banking CEO, FinTechs represent significant competitive pressure on her business to innovate and provide the same level of digital service.

 

The third trend is regulation, and specifically, those around open banking such as the EU’s Payment Services Directive II (PSD2). Think again about our banking CEO, not only is the consumer demanding digital service and FinTechs creating competition by providing said services, but now the regulator is forcing financial institutions to provide those FinTechs with access to the bank accounts. The pressure she is under to become digital is only increasing.

 

But it’s not all bad for financial institutions.  They still have a largely captive audience of tens of thousands, if not millions of customers. And that is where the opportunity lies for them: move fast, embrace digital and develop a strong ecosystem of digital services—offered directly and via third parties. It’ll be the breadth and depth of this ecosystem that will define their competitive advantage.

So how does this impact financial fraud?

 

Gazing into the future, we can already start seeing the expansion in channels and services financial institutions are offering their customers. This expansion, in turn, will generate a significant growth in transaction volumes. Why? Well, we’ve seen it in the past: the more convenient the service/channel, the more we transact. When we moved from branch-based, physical banking to tele-banking we transacted more; and when we moved from tele-banking to web and mobile banking we transacted even more. With a BaaS model, volumes will skyrocket as we offer more digital services (e.g., more convenient access points) to our customers.

 

This will create two significant challenges, the first being trust: who is the digital entity that is transacting with us, and can we trust it (when pondering this question, consider IoT devices and how they will be interacting with financial accounts without the human being present)? The second is more operationally oriented: If transaction volumes are predicted to grow, then fraud cases (in real numbers) will grow too.  So, how do we manage this overhead?

 

The answer to the first challenge: Realize that identity authentication on its own is not enough to create trust in the digital world. But together with deep, holistic insight into entity’s behaviors (read: what is this entity doing across all channels and services, and is what it’s doing now good/bad?), we can bridge the gap.

 

The second challenge will require financial institutions to deploy more autonomous, machine-driven efficiencies that will allow the dwindling fraud team to cope with the growing caseloads.

 

 

Written by : Daniel Cohen (Originally posted on RSA.com blogs)