1. © 2016 IBM Corporation
Fighting digital banking fraud
objectives & challenges

2. 2© 2016 IBM Corporation
So many ways to commit fraud and account takeover
January 2015
Bank Fraud Toolkit Circumvents
2FA and Device Identification
Use stolen credentials
Phishing / Criminal Device
Steal Personally
Identifiable Information
Steal
Credentials
Automated
Transaction
Man-in-the-Browser MalwarePharming
- Redirect
- Overlay
Landing
Page
Login
Page
My
Information
Website
Remote Control Tools
Ride the session
Transaction

3. 3© 2016 IBM Corporation
Anatomy of a Dyre Attack
Fake Banking Website Banking WebsitePhishing Email
1 2 3 4 5 6
Navigation
to online
banking website
Victim’s device
gets infected with
malware
Credentials and
PII
are sent
to criminal
Dyre diverts user
to fake website
Money transfer to
mule account
Login
to online banking

4. 4© 2016 IBM Corporation
Current fraud prevention solutions are failing
! Accuracy – high false positive alerts
and actual fraud often missed
! Adaptability – cannot react to new
threats and new attack methods
! Cost – maintenance / updates / modifications
are very expensive
! Collaboration – data not shared between
installed solutions
! Convenience – negative impact on customer
Fraud
operation
costs
Authentication
challenges
Transaction
delays
Account
Suspensions
Solution shortcomings… cause critical problems

5. 5© 2016 IBM Corporation
“Vision is the art of seeing what is invisible to others.”
Jonathan Swift

6. © 2016 IBM Corporation
Trusteer Approach
technology & intelligence

7. 7© 2016 IBM Corporation
Trusteer approach vs. traditional fraud controls
Fraud detection that works for your business
• Unparalleled accuracy
evidence-based detection, leveraging
global threat intelligence network
• Built-in adaptability & agility
always up-to-date, seamlessly adjusted to
new-threat, fueled by innovative Big Data
technologies and world-class threat experts
• Extreme operational scalability
cloud-based operation, linearly grows with
your business, processing in real-time
virtually any number of sessions/day
• Seamless user experience
online & mobile channels actionable real-
time risk assessment
• Ease of integration
simple, standardized across Trusteer
solutions
End-userexperience
Fraud detection
Pinpoint
(cloud)
one-time
password
static
password
biometrics
risk-engine
(statistical)
Rapport
(end-point)
Trusteer protection controls
Traditional protection controls
Effectiveness trend over time
?

8. 8© 2016 IBM Corporation
Trusteer threat intelligence network
the largest actionable fraud intelligence network worldwide
USERS
ATTACKSDEFENSES
always up-to-date • push & pull • shared

9. 9© 2016 IBM Corporation
network feeders & brain
dynamically fed, intelligence-driven
USERS
ATTACKSDEFENSES
application
Smart sensors
Trusteer
attack
researchEnd-point
Smart sensors
3rd party
Intelligence
suppliers
Trusteer
defense
research
customers’ own
intelligence
big data & analytics
technologies
100s infections/day
100Ms sessions/day
MOs, targets,
accounts, fraudsters
daily defense
update
pattern recognition

10. 10© 2016 IBM Corporation
Trusteer intelligence lifecycle
volume & velocity
USERS
ATTACKSDEFENSES
collect data • identify new threat • research attack • develop defense • protect
all the time
all over the world
new threat-to-protect measured in hours

11. 11© 2016 IBM Corporation
Trusteer solutions - fighting digital fraud
smart dynamic agents – collecting, detecting & protecting - across the access chain
Mobile SDK & secure browser
mobile application & device protection
Rapport
end-point protection
UDERS
ATTACKSDEFENSES
Fraud protection suite
digital fraud protection & lifecycle management
Pinpoint malware detection
snippet-based man-in-the-browser MW infection alert
new! app /
server
end
point
threat intelligence network
accesschain

12. © 2016 IBM Corporation
What’s new

13. 13© 2016 IBM Corporation
What’s New
Pinpoint Detect
Pinpoint
Detect
Remediate
Pinpoint
Criminal
Detection
Pinpoint
Malware
Detection
Rapport for
Mitigation
Access
Management
(ISAM)
Case
Management
(CFM)
+ lifecycle management solution
unified detection
2
1
Trusteer Fraud
Protection Suite

14. 14© 2016 IBM Corporation
IBM Security Trusteer Fraud Protection Suite
Key benefits
FRAUD
PROTECTION
SUITE
new!
next-gen dynamic accurate fraud detection
compromised identities & unauthorized access
threat-aware access management
dynamic risk assessment feed & recommendation
advanced case & event management
streamline investigation and threat analysis
powerful remediation tool
easily protect infected end-points

15. 15© 2016 IBM Corporation
Pinpoint detect – digital fraud detection
ultimate coverage & new threats agility
USERS
ATTACKSDEFENSES
• Remote Access Tool (RAT)
• Malware-driven account takeover
• Malware-driven man-in-the-browser / man-in-the-middle
• Phishing & pharming
• New variation MOs & defenses: Dridex, Zeus, Bugat, etc.
• … new threats defenses updated daily, at no extra charge

16. 16© 2016 IBM Corporation
Pinpoint detect – digital fraud detection
unparalleled efficacy & accuracy for all types of digital fraud
USERS
ATTACKSDEFENSES
user profile +
attack specs +
app-level defense
current
session data
risk
Unparalleled
accuracy
Pinpoint detect is so accurate because it is the only solution that has
intelligence-based real-time risk assessment against attack & user profile
application-aware defense policy
direct & redirect channel cross-check
- risk score
- risk reason
- device details (device ID)
- account details (encrypted UID)
- recommendation (allow/ authenticate/ allow & restrict)
App
server

17. 17© 2016 IBM Corporation
Case study : Tier 1 North American bank
Business application targeted by sophisticated banking Trojan's (mostly Dyre)
• Up to 100% detection - fraud losses are close to 0
• <0.05% alerts per logins - reduced from ~200 alerts/day by legacy system to ~20
100% 98%
90%
97%
100% 99% 100%
97%
100% 99% 100% 100% 99%
0%
50%
100%
Nov-2014 Dec-2014 Jan-2015 Feb-2015 Mar-2015 Apr-2015 May-2015 Aug-2015 Sep-2015 Oct-2015 Nov-2015 Dec-2015 Jan-2016
Detection
Rate
Alert Rate < 0.05%
Within days:
• Live Policy update set
to protect against new
threat
• No impact on alert rate
Corporate app
targeted by new
Dyre Campaign

18. 18© 2016 IBM Corporation
Pinpoint detect – tier options
tiered detection options
USERS
ATTACKSDEFENSES
App
server
Trusteer
attack
research
Trusteer
defense
research
standard
premium
• Pinpoint detect standard Trusteer threat network access and dynamic updates
• Pinpoint detect premium high-touch threat research service, expediting attack analysis & optimizing defense
at the application level granularity
App
server
tailored threat research
threat intelligence network

19. 19© 2016 IBM Corporation
Pinpoint detect - simplified integration
standardized, unified
USERS
ATTACKSDEFENSES
standardized, unified
• Fastest time-to-value, minimum integration effort -
now with smart standard snippet & unified interfaces
across all server-side solutions
• Single page application support
• Seamless upgrade enabled by detaching snippet-
engine backend
GUI
APIs
feeds
Snippets
app /
server

20. 20© 2016 IBM Corporation
Trusteer Fraud Protection Suite
digital fraud protection & Fraud lifecycle management
all-inclusive real-time fraud detection solution, tier options
extendable to a complete lifecycle management solution
unique remediation solution for infected end points
USERS
ATTACKSDEFENSES
app /
server
Protection
&
lifecycle
Detect real-time digital channel fraud
Remediate compromised end-points
• Pinpoint detect standard / premium
• Rapport for Remediation
Enforce access & manage authentication
• IBM Security Access Manager (ISAM)
Investigate case & alert management
• IBM Counter Fraud Management (CFM)

21. 21© 2016 IBM Corporation
Notices and Disclaimers
2
Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission
from IBM.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of
initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS
DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE
USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM
products and services are warranted according to the terms and conditions of the agreements under which they are provided.
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers
have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in
which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and
discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or
their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and
interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such
laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law

22. 22© 2016 IBM Corporation
Notices and Disclaimers Con’t.
2
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not
tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the
ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained h erein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual
property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®,
FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG,
Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®,
PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®,
StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business
Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

23. © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any
damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and
conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other
IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being
altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can
be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF
ANY PARTY.
THANK YOUwww.ibm.com/security