VOLUME 2 | 2017

T H E C E N T E R O F C O M M E R C E

A LIGHT IN THE

SHADOWSDetecting Crime On The Dark Web.

Their techniques are advanced, leveraging the

same technology that the largest eCommerce

giants use today.

The hackers who stole the data have had weeks

to prepare, because the breach wasn’t made

public until just recently. Data is stolen by crim-

inals to be monetized and brought to the un-

derground market for sale. First Data’s cyber

security team in New York can use proprietary

technology and unique data analytics skills to

identify accounts and other types of data in this

market. They uncover where it was stolen and

predict what types of fraud may occur as a result.

By now, most consumers have heard about the

massive data breach at a leading credit report

provider that exposed the personal information

of countless Americans, including many who

have never heard of the service. Hackers gained

access to the data using a pathway through open-

source software running the company’s website.2

While it isn’t the biggest breach by sheer num-

bers of people affected, it could prove the be

the most serious. In addition to documents and

credit card numbers, the hackers retrieved per-

sonal information like names, Social Security num-

bers, and birth dates. This personal information is

the key to unlocking more sensitive files like bank

account information and employee databases.3

Just in the last five years, hackers have accessed

the data of three billion users of a popular web por-

tal,4 retrieved tens of millions of credit card num-

bers from retail and home improvement chains

and even hacked federal government systems at

the IRS and Securities and Exchange Commis-

sion.5 In at least one case, the breach happened

years before it was discovered and made public.6

Earlier this year, First Data expanded its risk man-

agement and cyber security solutions to include

Advanced Fraud Intelligence Solutions (AFIS), a

tool that monitors the dark web to improve fraud

alerting for financial institutions. The system uses

machine learning to mine the parts of the inter-

net that are hidden from normal view, where sto-

len data ends up. The algorithms operate inde-

pendently, without human guidance, to ferret out

anomalies that signal fraud.

“Typically, an issuer’s cycle of fraud manage-

ment is reliant on customer disputes and fraud

that is detected through the identification of a

pattern of emerging unauthorized transactions,”

Pete Cavicchia, First Data’s Senior Vice Presi-

dent, Head of Global Cyber Security & Fraud In-

vestigations, explains. “By that time the damage

has already been done. AFIS allows an issuer to

enter the fraud management cycle way earlier

in the game, by providing them early warning

on parts of their portfolio that are already in the

hands of criminals before fraud can occur, and

even let them know when the cards have been

tested —prior to fraudulent use.”

AFIS’s independence allows the program to re-

spond more quickly as hackers continuous-

ly change their methods.7 The system spots

potentially compromised accounts to initiate

breach detection and card testing operations

that identify wider fraud trends. Once the sus-

pect accounts are identified, they’re immediate-

ly scrubbed and new cards are issued, while the

attached assets are protected.

Considering the intrusive, and seemingly un-

relenting data breaches, financial institutions

are hearing from anxious customers demand-

ing increased protection and timelier notifica-

tion about the attacks themselves.8 Not just in

the U.S., either —the European Union has started

the clock ticking on new regulations that come

into effect next Spring, governing how compa-

nies acquire and protect customer data. One

consulting firm estimates companies could face

up to $6.4 billion in fines just among FTSE 100

companies, if they don’t comply.9

Because of the financial risks, and their desire

to protect their valuable customers’ data, many

of those companies and financial institutions

have turned to First Data to create an addition-

DETECTING CRIME ON THE DARK WEB.

RIGHT NOW,CRIMINALS ARECOMBINING THEPERSONAL DATA

AND CREDIT CARDNUMBERS STOLEN

FROM 145.5 MILLION PEOPLE1 AND

TRANSFERRING THE DATA TO THEHIDDEN AUCTION

BLOCKS ON THEDARK WEB.

al protective shield acting as an

early warning system to miti-

gate potential risk. Marianne

Johnson, Senior Vice President of

the company’s Network and Se-

curity Solutions Product Inno-

vation, Technology and Enter-

prise Commercialization, says a

global perspective division is

needed to spot any problems.

“Financial institutions and mer-

chants are relying on us for our

reach and scale. We’re able to

spot macro trends, and then

follow the footprints back to

our clients.”

While federal agencies and pri-

vate businesses try to tackle the

problems of the hacks them-

selves, there are seemingly few

solutions in sight. For now, the

most companies and custom-

ers can hope for is to keep the

stolen data out of the dark web

marketplace. If they’re success-

ful, they can render these types

of cyber-attacks harmless, by

promptly removing the poten-

tial value of the stolen goods.

#AFIS

#DarkWeb

#CyberSecurity

#NotTodayCyberCrooks

#PreventDetectResolve

In This Article:

Brad Rhoads Greg gatlin FirstData.com/Connected

A Light In The Shadows 1 Equifax Underestimated by 2.5 Million the Number of Potential Breach Victims. Fortune. Oct 2, 2017. http://fortune.com/2017/10/02/equifax-credit-breach-total

2 Equifax says web server vulnerability led to hack. Reuters. Sep 14, 2017. https://www.reuters.com/article/us-equifax-cyber/equifax-says-web-server-vulnerability-led-to-hack-idUSKCN1BP0CB

3 Equifax Says Cyberattack May Have Affected 143 Million in the U.S. New York Times. Sep 7, 2017. https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html

4 Yahoo Triples Estimate of Breached Accounts to 3 Billion. Oct 3, 2017. Wall Street Journal. https://www.wsj.com/articles/yahoo-triples-estimate-of-breached-accounts-to-3-billion-1507062804

5 Cyber hack hall of shame. Yahoo! Finance. Sep 22, 2017. https://finance.yahoo.com/news/cyber-hack-hall-shame-231200094.html

6 It’s strange Yahoo took 2 years to discover a data breach, security experts say. LA Times. Sep 23, 2016. http://www.latimes.com/business/technology/la-fi-tn-yahoo-data-breach-20160923-snap-story.html 7 Machine-Learning Algorithm Combs the Darknet for Zero Day Exploits, and Finds Them. MIT Technology Review. Aug 5, 2016. https://www.technologyreview.com/s/602115/machine-learning-algorithm-combs-the-darknet-for-zero-day-exploits-and-finds-them

8 The Equifax hacks are a case study in why we need better data breach laws. Vox. Sep 14, 2017. https://www.vox.com/policy-and-politics/2017/9/13/16292014/equifax-credit-breach-hack-report-security

9 Data Breaches Could Cost FTSE 100 Companies $6.4B A Year In Fines. Forbes. Jun 2, 2017. https://www.forbes.com/sites/dinamedland/2017/06/02/data-breaches-could-cost-ftse-100-companies-6-4b-a-year-in-fines/#7298a42744d0

©2017 First Data Corporation. All Rights Reserved. The First Data® name, logo and related trademarks and service marks are owned by First Data Corporation and are registered or used

in the U.S. and many foreign countries. The Money Network® name, logo and related trademarks and service marks are owned by Money Network Financial, LLC, an indirect wholly owned

subsidiary of First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property of their respective owners.

Download the entire issuewww.firstdata.com/connected