MARTIN BISHOP

Director, Emerging Propositions, Asia Pacific, Experian

Martin is the Director of our Asia Pacific Identity and Fraud business,
leading a team of Identity and Fraud specialists across the region
working closely with customers and partners advising them on the
latest fraud management strategies and technology implementations.
Based in Singapore for the past 6 years, he has experience running
regional product portfolios across Asia Pacific.

He has a background in telecommunications, having specialised in

emerging technologies including cloud computing, software defined
networking and network security services.
JAY LEE
Principal Consultant, Identity & Fraud, Southeast Asia, Experian

Jay is a consultant with more than 10 years of experience in solving

complex problems for clients across 10 major industries through
analytics and enterprise intelligence.

He has worked on several high-profile projects with leading financial

service institutions in Australia and Southeast Asia.
VISHAL VERMA
Head of Sales, Identity & Fraud, Asia Pacific, Experian

Vishal has over 12 years of experience in banking, analytics and

software businesses across India, Middle East and South East Asia.

He was part of the core team at Experian India which built the Credit
Bureau and National Fraud Consortium businesses for over 7 years.
He has extensive experience of managing large projects panning
across software and analytics side of business.
Overview:
Global and Asia Pacific Fraud Landscape
Consumers are confronted daily by the spectre of fraud

1million victims of identity theft every day (12 per second)

Personal information (ID including ID and Passwords) is sold on

dark web for as little as $1

92 accounts registered to the average e-mail account

20% of stolen credentials used within 30 mins and 50% within 7

hours

© Experian
Who did we survey?

More than 6000

consumers ages 18-69

More than 40 senior

executive interviews
11countries

More than 590

businesses Survey was conducted during the 4th quarter of 2018

© Experian
 Key Themes for Indonesia

Transparency is a strong enabler for Fast-growing digital adoption is

consumer trust changing consumer behaviour
88% of Indonesian consumers feel that business should across Asia-Pacific
be transparent about data usage

Consumers are willing to share Businesses must invest more to

their personal data – if they combat Fraud
40% of Indonesian business experienced
perceive a benefit in doing so increased online Fraud losses

Consumers and businesses embrace Consumers want greater security

advanced authentication methods without giving up on convenience
76% Indonesians had high confidence in physical biometrics 77% of Indonesians say security No1 priority
77% indicated high confidence in behavioural Biometrics

8
© Experian
Spotlight on Indonesia
SURGE IN CREDIT IN INDONESIA
231% increase in Lending to Households from 2006 – 2014

CREDIT APPLICATION
VIEW ON DATA FRAUD
BREACHES 86% of Indonesian financial Indonesia
62% of Indonesians agree that firms are citing credit Facebook-CA data breach
data breaches are bound to application fraud as no. 1
happen regardless of what
1 Million Indonesian
growth area
they do to try and prevent it Facebook users

INDONESIA
FRAUD
LANDSCAPE
DIGITAL CUSTOMER
EXPERIENCE
Receiving a better online
experience for 92% of
LARGEST ONLINE
Indonesians is the most PRESENCE
Indonesian consumers have Sephora data breach 2019:
focused on protecting them Indonesia, Singapore,
from online fraud / identity the largest number of online
accounts in APAC region Malaysia, Thailand, the
theft’ – highest in APAC region Philippines, Hong Kong,
Australia and New Zealand
PRIVACY- THE PRICE FOR CONVENIENCE
77% of consumers agree that ‘privacy is the price they
pay for the convenience of their digital lives’ – highest
© Experian in APAC region
What’s happening at a
global level?

© Experian
Managing a shifting and ever growing fraud risk
Here’s what we’re fighting:

OF ALL FRAUD CAME

24,000 MALICIOUS APPS

blocked every day 65% FROM MOBILE DEVICES
IN Q1 2018

MOBILE PLATFORMS AVERAGE

MILLION
$54 $6.3
BLACK MARKET

AVERAGE
PRICE FOR
STOLEN UK VISA
AND USER DATA
ARE AS LIKELY TO BE
ATTACKED BY
FRAUDSTERS
8x COST
OF A DATA BREACH
UP 6% ANNUALLY

BILLION

$32.82 2019 ESTIMATED GLOBAL CARD FRAUD LOSSES

290% GROWTH SINCE 2012

The total predicted costs of

$6 Trillion cybercrime in 2021

© Experian
Attack Vectors
INDUSTRIALIZATION OF CYBER FRAUD DATA BREACHES

6x 78%
The value of cyber crime compared to
Increase in the number of Mobile Phone
the global drug trade
Account Takeovers (from 2016-2017)

Source: Javelin (2019)

SHIFT TO SPEAR-PHISHING EXPLOSION IN IOT MALWARE

71% 32,700,000
Number of cyber attacks originating from
Spear Phishing each year - not including Strains of IOT MALWARE detected in 2018
Vishing, SMShing, etc

Source: PhishingBox (2018) Source: Bullguard (2018)

© Experian
Attack Types
How do fraudsters obtain personal data?

▪ Data Breaches
▪ Phishing – Spear phishing/smishing/vishing
▪ Lottery scams
▪ “Black Hat” chat rooms
▪ Hacking
▪ Malware - Viruses/spyware/trojans
▪ Account Takeovers

© Experian
Attackers have evolved

Opportunist Carder Hacktivist Organized Ring State-Sponsored

© Experian
Attackers have evolved

Opportunist

• Masquerade as another identity a la Frank Abagnale

• Leverage repurposed malware, likely blocked
• Mistakes common, easily traced
• Low barrier to entry, moderate risk to reward ratio

© Experian
Attackers have evolved

Carder

• Small copycat rings focused on stealing, selling, repeating

• Leverage keyloggers and repurposed malware kits
• Sell data on carding / data forums
• Entry limited to reputation, low risk to reward ratio

© Experian
Attackers have evolved

Hacktivist

• Distributed hacker network

• Access via vulnerabilities, brute force, or social engineering
• Typically targeted attack for political or social motivation
• Maintain anonymity, low risk of detection

© Experian
Attackers have evolved

Organized Ring

• Global fraud enterprise with strong domain expertise

• Target large international financial transactions
• Top 10% of attackers, quickly attack and disappear
• Fund terrorism, drug trade, human trafficking, etc.

© Experian
Attackers have evolved

State-Sponsored

• Sophisticated, well-funded, often state-sponsored

• Create / embed new malware, deep and persistent
• Elite 0.5% of attackers, quickly attack and disappear
• Extract secrets, corporate espionage, infrastructure

© Experian
We now live in a world
where attackers seem
to have the advantage
#DataIsGold
(and they have a ton of it)

© Experian
Recent Data Breach Activity

© Experian
A sobering statistic

2X the total
global
population

© Experian
Shifting fraud trends
Accounts rather
“Fraud-as-a-Service”
than cards
! Access to compromised organisations
$6.43 ! For Rent
- Call center
- Botnets
$3.78 - Ransomware
! Guarantees

$3.02 ! Try-before-you-buy options

! Returns for "faulty" merchandise

$0.22 Targeting Internet-of-Things

© Experian
© Experian
© Experian
Impact of stolen data

Consumers have
Stealing just one Stolen identities
100s of online
set of credentials are used to
profiles and
compromises create new
frequently re-use
multiple accounts accounts
credentials

The result
More difficult than ever to distinguish attackers from true customers.

You must now assume that every identity, account and card is compromised.

© Experian
Fraud Is NOT A Single Event

Logon Validation Execution

• Malware is • Credentials • Monitor
installed • Credentials are sold • Check stolen account • Money is
• Email, ad, stolen credentials • Plan strike moved
fake URL • They work!
Sale
Infection Surveillance

© Experian
The Fraud Paradox

Digital customer Stopping

journey fraud

Friction & drop outs Fraud detection

False positives Reduced Fraud losses
Life time value of customers Reduce cost through digitization

Survey – where does your business lose more money?

© Experian
The five core capabilities for a balanced fraud approach

4. Technology

5. Expertise and
X 3. Decisioning
Best Practice ✓

2. Advanced Analytics

1. Data

© Experian
A balanced approach to fraud is critical to business

1 Understand the true cost of fraud

2 Understand the true cost of customer drop out

3 Get an expanded view of internal and external data

4 Use sophisticated analytics, decisioning & technology

© Experian
Consider the entire customer journey - across the enterprise

Access and
Origination
Maintenance
Identity Authentication
Proofing & Identity
Management Authentication
Identity & Identity
Confidence Authentication Management
Acquisition Login Transaction

CrossCoreTM “One API” – Global Product Access Portal

CrossCoreTM Adaptive Decisioning Layer

3rd Party Services Experian Solutions Client Systems

© Experian
Experian Fraud Management Platform
“The nature of war is constant change…”
Sun Tzu: The Art of War
Attacks Prevention measures
Credential harvesting Strong authentication
2005
• Phishing • OTP
• Basic Trojans • Device intelligence

Man-in-the-browser Anti-malware
2010
• Automated transfers • Client-side detection
• HTML manipulation • Server-side baiting

NOW New acct & ATO fraud – trusted info Biometrics and behaviors
• Device Emulation • Evolved Robust Device Intelligence
• Credential Stuffing • Digital device behavior
• Synthetic ID Fraud • Layered Identity solutions/Authenticated
• Remote access Consumer Data

• Social engineering • Physical attributes (one time)

• Human behavior (continuous)

© Experian
 Common challenges for most businesses

Challenges Solutions
• Use data creatively to increase accuracy – reduce false positives
Separate fraudsters from good • Use a layered strategy via a single/comprehensive risk engine
customers • Analyze digital behaviors, device insights, phone porting, etc.

• Combine new and legacy solutions in smart workflows

Optimize fraud solution • Quickly onboard complementary capabilities
investments • Build and deploy models on all available data
• Ingest data from all services to maximize value

• CrossCoreTM offers a PLUG-AND-PLAY integration to an

10x Integration Costs ecosystem of solutions
• Integration managed between Experian and other vendors
• Rich decision output to feed internal systems

• Experian’s CrossCoreTM partner onboarding includes

Required 3rd Party Due Diligence • Extensive 3rd party vetting
• Adding new services becomes an addendum to the MSA

© Experian
 One Fraud and Identity Platform to manage it all
- CrossCore

Access and
Origination Maintenance

Identity Authentication
and Identity Authentication and
Proofing Management Identity
Identity Management
Confidence Authentication

Acquisition Login Transaction

CrossCore API

CrossCore Orchestration and Decisioning

Identity Link analysis

Device Multi-factor Commercial Client data and Partner data
verification and across
intelligence Step-up Auth intelligence and technology
risk Experian
and risk logic Auth
Network

© Experian
 How CrossCoreTM works
Strategies

API Workflow Decisioning

Connects fraud and Orchestrates tools Combines insights

Incoming identity tools from into smart workflows from each tool in the Final
Customer Experian, 3rd party that blends each workflow to create a Decision
Data sources, and client tool’s output with more accurate fraud
systems conditional logic risk or identity trust
assessment

Informed by Machine
Learning

Fraud Risk Device Identity Email risk Document

Biometrics
Engine Intelligence Verification scoring verification

© Experian
Where ML fits within CrossCore decision flow
Machine learning in a sample CrossCore process

Your transaction data

Email Risk Scoring

Recognize customers Detect more fraud

CrossCore machine learning helps
resolve identity, device, account, and
transaction data into accurate and
holistic consumer profiles.
It can also leverage behavioural models
to profile and segment consumers by
device, account, and business; as well as
globally across businesses, industries,
and regions.
Recommendation
Device
Intelligence CrossCore machine learning models
leverage all of the available CrossCore
request and enrichment data, including
Behaviour email, phone and device intelligence,
Biometrics biometrics and document verification to
provide precise fraud recommendations.
Machine With regular fraud feedback and model re-
Learning training, clients can quickly adapt to the
latest fraud tactics from sophisticated fraud
rings.
Final

© Experian
 100,000,000
transactions processed
in CrossCore TM

*In the first 4 months of current financial year

© Experian
CrossCore Propositions in Indonesia
Device Intelligence | Risk Engine Behavioral Biometrics Email Risk Scoring

Browser-based Activities App-based Activities

JavaScript Collector (JSC) Native Collector (SDK)

Differentiating genuine Email attributes- recency,

Complex Device Recognition
customers from fraudsters basis country of origin, IP, corporate
Device usage history for their behaviour : hand-eye proxy, negative list, connected
applications, Malware, TDLTM coordination, pressure, SM connections, etc.
(Time Differential Link) navigation, etc. Fraud propensity score
No PII, 800+ Rules Application fluency, data
Forensic tools – SketchMatch and familiarity, navigation fluency,
DataSpider Invisible challenges

© Experian