SF Fraud Summit on TargetRetail Breach Discussion Dominates the Day
On Tuesday, we held our San Francisco Fraud Summit, where scores of banking/security leaders gathered to meet and learn from the nation's leading experts on fraud topics such as account takeover, big data analytics, insider risks and, of course, payment card fraud.
See Also: Threat Horizons Report
Generally, retail breaches dominated the day's discussion. Specifically, everybody was talking about Target. Conversations ranged from how this is the breach that got everybody's attention to the impact on individual financial institutions. We discussed the implications for fraud detection and response, as well as how we must fundamentally change our outdated payments system.
For those of you unable to attend the SF Fraud Summit, we have another one coming up immediately in Chicago.
It was a great event with lots of provocative dialogue about issues that matter now to banking institutions, their customers and partners.
And then, when it was all over and I rode to the airport to fly home, I suddenly learned that my own payment card had been deactivated as a result of - guess what? - the Target breach.
It was a frustrating, real-life lesson into how our lives have been disrupted by the ongoing wave of retail breaches. I spent a half-hour on the phone with my bank, re-gaining secure access to my account. And then I spent the remainder of my trip home reflecting on the Target breach and its impact on our fraud dialogue this year.
To be fair, I started the Target discussion at the SF Fraud Summit. I introduced the topic in our opening session, discussing initial results from our 2014 Faces of Fraud survey. Among the survey highlights: Nearly 70 percent of respondents say their banking institutions felt the impacts of the Target breach; more than 60 percent were forced to reissue cards; and a clear majority call for payment system reform and more breach accountability from merchants and their service providers.
I characterize the survey results as banking/security leaders saying: "We're mad as hell, and we aren't going to take it anymore." Summit speaker Rob Zerby of Wells Fargo disagrees. He says retail breaches are simply an unfortunate cost of doing business today, much like check fraud and other threats. But it's a cost he and his peers surely would like to see reduced.
And it's a topic - Target and the retail breaches - that came up repeatedly, whether we were discussing account takeover, big data analytics or the future of payments security. Elsewhere, my colleague Tracy Kitten will take a deeper dive into this latter topic, offering highlights of Ellen Richey's keynote address. I'll take a few minutes now to reflect on the SF Fraud Summit and look ahead to Chicago.
Lively DiscussionsI couldn't attend every session at the summit, but the ones I hosted were lively. George Tubin and Michael Wyffels offered an insightful look at the underground economy and threat landscape. Michael Theis shared new research on malicious and unintentional insider threats. Zerby joined forces with Kirk Arthur of the U.S. Secret Service and Malcolm Palmore of the FBI to offer a riveting look at fraud investigations. And James Van Dyke offered the Javelin Strategy & Research view of how mobile services and fraud are evolving.
At day's end, Ed Ferrara of Forrester Research reviewed the fraud trends he finds most concerning, while attorney Joseph Burton unveiled some potential legal landmines and Wyffels offered the financial institution's perspective on how to take the Fraud Summit ideas home and put them into action.
For those of you unable to attend the SF Fraud Summit, we have our Chicago Fraud Summit coming soon - and the content promises to be equally provocative.
Here are the details: The event will be held Wednesday, May 14, from 8 a.m. to 6 p.m. at the Westin Chicago River North. And here are just a few highlights from the day's agenda:
- Big Data Analytics & Context-Aware Security - Gartner's Avivah Litan hosts this session, introducing the concept of context-aware security, which leverages big data analytics among multiple layers of defense to protect banking institutions' assets.
- Identity Theft vs. Identity Fraud - Richard Parry, a career risk manager who's worked for Visa International, Citigroup and JPMorgan Chase, promises to make this an unconventional session, as he spells out the true risks of identity fraud. Parry will discuss the difference between first-party and third-party fraud, focusing particularly on synthetic identity and why it proliferates, impacting all major business verticals.
- Mobile: Fraud's New Frontier - Julie Conroy of Aite Group returns for a look at the latest mobile threats and strategies. She will review emerging mobile malware threats, their impact on banking institutions and the latest technology solutions to help mitigate the risks.
- Payment Card Fraud & the Future of Secure Payments - In this keynote presentation, Doug Johnson of the American Bankers Association is going to represent banks' views on Target and the retail breaches - who is ultimately responsible and how we can respond effectively. And Kirstin Wells of the Federal Reserve Bank of Chicago is going to share some exclusive new research on the future of the U.S. payments system.
There's far more to say about the Chicago Fraud Summit, of course, and we'll preview some of the speakers and topics in the days ahead. But for now, please accept my strongest recommendation to make time to attend this one-day event. You will not find these speakers or these topics together on any other event agenda.
If the Chicago event is anything like San Francisco, the Fraud Summit will pay huge dividends to you and your organization. I'm already looking forward to meeting the sponsors, speakers and attendees. I'm looking forward to the dialogue.
And I'm also looking forward to receiving my new payment card.