Mike Wyeth, Group Security e ye ,GoupSecu y ... - Retail Knowledge
Mike Wyeth, Group Security e ye ,GoupSecu y ... - Retail Knowledge
Mike Wyeth, Group Security e ye ,GoupSecu y ... - Retail Knowledge
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CYBER CRIME – A RETAIL PERSPECTIVE<strong>Mike</strong> <strong>W<strong>ye</strong>th</strong>, <strong>Group</strong> <strong>Security</strong>Director, March UK Ltd
A quick overview ofShop Direct <strong>Group</strong>
Turnover circa £1.7bnCirca 9,000 emplo<strong>ye</strong>es10.5 million customerson our database5 million tradingcustomers
We sell more than 750brands across 7 fascias
Every <strong>ye</strong>ar we sell over 50 millionitems:• 800,000 mobile phones• 300,000 beds• 300,000 laptopsp• 200,000 games consoles• 250,000 digital cameras• 300,000 portable audio pla<strong>ye</strong>rs• Our call centre's handle over 20 Million inboundand make 5 Million outbound calls every yy<strong>ye</strong>ar
Pick, pack and dispatchOur warehouse andreturns operations process53 million items orderedeach <strong>ye</strong>ar into 28 millionparcels to customersThat’s up to 6,000 parcelsevery hourAverage delivery of 540Kparcels every week
AGENDA‣ Tensions/Issues‣ Problem‣ Examples‣ How we tackle it‣ Law enforcement response‣ Future risks and opportunities
CYBER CRIME V RETAIL– STRATEGIC ISSUES‣ Economic – Public Confidence in trading on line, (UK Cyber strategy2011)‣ Links to Serious & Organised Fraud‣ Industry Tensions – Customer Experience : Fraudster Experience‣ Under reporting – unwilling + unable ?, (CSOC Report 2011)‣ Engagement with Law Enforcement, (CSOC Report 2011)
MAIN CYBER RISKS TO RETAIL‣ Stolen credentials traded on virtual black market‣ Citizens & retailers both victims‣ E Comm Fraud – Financial Loss + Prevention Costs‣ Reputation Risks‣ “Hactivists”
OUR WORLD – NATURE AND EXTENT OFPROBLEM‣ Online Fraud is in the £Millions‣ Thousands of victims‣ It is UK wide albeit the worst is SE London‣ Phishing is a real problem, it’s easier to get info from the public thanbreaking through our firewalls‣ And it’s worldwide – here are some examples………..
From US/Israel/Russia/Greece/Netherlands /G /N l & more
COMPANY RESPONSE -PROACTIVE‣ We go after the fraudsters , we don’t justwriteitoff‣ Team of 9 field based investigators & 6 It security Specialist‣ 257 Fraudsters arrested in last 12 months‣ £2.1 Million of Fraud prevented‣ We can get the Police through the door‣ More than just Fraud when you go through h the door‣ Now focusing on the e-crime gangs‣ Built our own forensics unit‣ Proactively capturing victims details before their credentials areused‣ Proactively taking down phishing sites‣ We want to get the guys who are pulling the strings but need thehelp of the Police
PRO-ACTIVE ANTI PHISHING SERVICE
CAPTURING SCRIPTS WRITTEN BYFRAUDSTERS‣ Script – Rayodark.php
WHICH CAPTURE CUSTOMER CREDENTIALS‣ -----------------rayodark------------------‣ Wed Feb 01, 2012 5:36 am‣ email : nxxxxx74@hotmail.co.uk‣ password : Bxxxxx0y‣ date of birth: xx/Oct/197x‣ zip : SExx 6xx‣ 85.92.208.73‣ -----------------rayodark------------------‣ Wed Feb 01, 2012 5:48 am‣ email : suzxxxx@live.co.uk‣ password : wxxxx48‣ date of birth: xx/Mar/19xx‣ zip : ehxxxh‣ 82.41.59.30‣ -----------------rayodark------------------‣ Wed Feb 01, 2012 5:54 am‣ email : melxxxxx@hotmail.co.uk‣ password : oraxxxxx2‣ date of birth: xx/Feb/19xx‣ zip : Ixx 9xx‣ 178.102.111.78
SHOP DIRECT - EXPERIENCE OF WORKINGWITH UK LAW ENFORCEMENT‣ City Of London – Superb‣ We also get some great results from other forces includingMerseyside & GMP‣ Some forces / officers having difficulty ,try and find an excuse to sayno‣ Officers don’t like working across borders‣ Once you get to know us , the attitude rapidly changes‣ Once we get a contact we never let him/her go‣ We now need to work wider than the UK
INDUSTRY EXPERIENCE & CONCERNS REENGAGEMENT‣ SDG not typical !‣ Barriers to Reporting –reputation, cost, structures, responsibility, patchyresponse se (CSOC Report 2011)‣ Regional Hubs will be welcomed and supported‣ These are NOT victimless crimes‣ We don’t engage well together we need to co-operate operateand SYNDICATE and that includes e-crime data‣ NFIB – In but we don't get data out re suspect hosts etc
FUTURE RISKS FROM OUR PERSPECTIVE‣ Growth in Mobile‣ Growth in Social Networking‣ Expansion of retail into online‣ Reduced funding for Police‣ Real need for forces to co-operate operate world wide not just in UK
INTERNATIONAL RISKS & OPPORTUNITIES‣ UK retailers extending E-Comm market toEurope and beyond‣ Extending Black Market for credentials =
CONCLUSIONS‣ Cyber Crime v <strong>Retail</strong> is threat to the “Public Interest” as well as“Private”‣ The Cyber Threat is increasing as more retailers major online‣ Engagement, we could do better – BRC/IMRG/ICSPA possiblevehicles, we want to work with all of them but it musn’t just be atalking shop.‣ Regional Hubs 3 cheers !‣ We need to SYNDICATE INTELLIGENCE
THANK YOU – CONTACT INFORMATION‣ March UK Ltd – <strong>Mike</strong> <strong>W<strong>ye</strong>th</strong>‣ mike.w<strong>ye</strong>th@marchukltd.com‣ Shop Direct <strong>Group</strong> – <strong>Mike</strong> Marshall‣ 07920 467463 michael.marshall@shopdirect.com‣ ICSPA – John Lyons – john.lyons@icspa.org‣ BRC – Catherine Bowen – catherine.bowen@brc.org.uk‣ IMRG – Andrew McClelland –andrew.mcclelland@imrg.org