Fraud & Breach Prevention Summit: Miami

Dates:
April 12 & 13

Keynote:
Coming Soon!

The data stolen during a breach is used for many purposes, but especially for fraud. Security and fraud teams are working ever more closely together, both pre- and post-breach, to ensure that they are in the best possible position to defend, detect and respond. In this dual track day, intended for senior InfoSec and Fraud professionals, we’ll focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach problem that effects all industries. Feel free to switch between sessions in each track and network with your peers as well as our speakers and sponsors throughout the day.

Attendees also gain onDemand access to all summit recordings and our curriculum of 400+ webinars after the Summit.

Additional Fraud and Breach Prevention Summits:

San Francisco* | DC* | Mumbai* | Chicago* | Boston* | New York* | Toronto | London

* OnDemand recordings available.

Healthcare Security Summit

Join us at our annual Healthcare Security Summit – New York City November 1st & 2nd.

2017 Summit Locations Announced

North America
Atlanta | San Francisco | Washington DC | Chicago | New York | Toronto

Eurasia & Oceania
London | Singapore | Dubai | Sydney | Mumbai | Bangalore | New Delhi

To learn more details and reserve your registration or sponsorship contact us here.

Tuesday – April 12

12:00pm – 1:00pm

Workshops Registration & Networking

1:00pm – 2:30pm

Fraud and Cyber Risk in 2016: How Banks Should Divide and Conquer Resources and Focus

Card fraud, account takeovers, business email compromises and emerging cybersecurity regulations and risks have kept, and continue to keep, plenty of CEOs and CISOs up at night. While it’s impossible to focus time, energy and resources on all of today’s fraud and cybersecurity risks, wise banking executives have mastered how to effectively identify their most pressing fraud risks and cybersecurity worries, in order to budget and properly allocate resources.

During this panel discussion, we will review how banks and credit unions of all sizes are addressing everything from EMV rollouts and FFIEC cybersecurity compliance, to ransomware and extortion attacks, and review how they are addressing emerging merchant risks associated with payment card data.

Presented by:
Bill Murphy, SVP Chief Risk Officer, Fidelity Bank of Florida; David Pommerehn, VP, Senior Counsel, Consumer Bankers Association; Tracy Kitten, Executive Editor, ISMG

2:30pm – 3:00pm

Break & Networking

3:00pm – 4:30pm

Case Study: When Government Oversight Goes Wrong

After any significant breach, many parties – ranging from customers, clients, business partners and government agencies – will demand clarity as to how and what data was stolen.

The Federal Trade Commission, for example, acts to ensure that any given organization is not negligent or reckless with private information. But upon what information does the FTC act?

In this session, we’ll focus on a case where the FTC relied on highly suspect information obtained by, for all intents and purposes, a “faux” breach of a cancer-screening service, resulting in a protracted legal fight and ultimately the collapse of the organization. Michael Daugherty, Founder, Presidentand CEO of LabMD and the author of the book “The Devil Inside the Beltway,” will share his story of what to expect when the federal government investigates you. He’ll then join in a discussion about breach investigations with Jason Manar of the FBI, and with Tom Field, VP of Editorial, ISMG, on the many issues raised by this fascinating case study.

What will you do when the government comes calling? Attend this session to learn the key do’s and don’ts.

Presenters:
Mike Daugherty, President and CEO of LabMD and author of the book: “The Devil Inside the Beltway”; Jason Manar, Supervisory Special Agent, Miami Division-Cyber Crime, FBI; Tom Field, VP Editorial, ISMG

4:30pm – 5:00pm

Closing Remarks

5:00pm – 6:00pm

Dinner & Networking

Insight From Our Speakers

 

Wednesday – April 13

Fraud Track

The big picture problem, its implications and a strategy for defense, response and recovery.

Data Breach Track

Focused discussions on specific major issues affecting our ability to defend against targeted attacks.

8:00am – 9:00am

Registration, Breakfast & Exhibit Browsing

9:00am – 9:45am

Keynote: Data Breach Outlook: Tracking the Next, Seemingly Inevitable Attack

It’s a boom time for cybercrime and cyber-espionage, aided by at least two factors. First, many organizations’ websites and databases sport well-known technical weaknesses, while employees remain all to susceptible to low-cost social-engineering attacks. Second, attackers can pummel these technical and human targets using an array of free or low-cost tools and services, until they can successfully access and steal what they’re targeting.

Join this panel session as we discuss the surge in data breaches, low-tech and high-tech attacks, and how we must adapt our defenses accordingly. Our panelists will share real-world insights into not only defense, but understanding the attacker mindset. The discussion will include:

  • What is the scale and scope of today’s targeted attacks and data breaches?
  • Who exactly is executing these attacks and what factors — including financial gain, stealing intellectual property, causing chaos — motivate them?
  • What types of valuable data and/or critical infrastructure are being targeted?
  • Which parts of the organization – website flaws, APIs, mobile devices — are most vulnerable?
  • What is the optimum way to deploy resources to defend against breaches?
  • What related, up-and-coming threats should enterprises beware?

Presented by:
Hal Pomeranz, Independent Digital Forensic Analyst & Expert Witness, SANS Institute Faculty Fellow; David Pommerehn, VP, Senior Counsel, Consumers Bankers Association; Michael Scheidell, InfoSec, Governance, Compliance & Risk Consultant, Managing Director, Security Privateers; Tom Field, VP Editorial, ISMG

9:45am – 10:15am

Keynote: “The Devil Inside the Beltway” – the FTC vs. LabMD

You’ve seen the headlines about the Federal Trade Commission’s messy legal battle with LabMD, a cancer screening service that was investigated for two alleged data security incidents in 2008 and 2012. Last November, an FTC administrative law judge ruled to dismiss the FTC’s case against LabMD, saying the FTC “failed to prove its case” that these two incidents caused, or were likely to cause, “substantial injury to consumers.”

But what you might have missed is that, after more than a two-year legal battle, LabMD – overwhelmed by litigation, fines and penalties – was forced to close its doors.

In this exclusive session, Michael Daugherty, Founder, President and CEO of LabMD , will tell his personal story. And he will discuss the key elements of his book, “The Devil Inside the Beltway,” which details his fight with the FTC and offers important lessons learned about what to expect when the federal government investigates you.

Presented by:
Mike Daugherty, President & CEO of LabMD and author of the book: “The Devil Inside the Beltway”

10:15am – 10:35am

Break & Networking

10:35am – 11:05am

Customer Endpoint Protection – Securing Transactions From Millions of Devices You Don’t Own

By allowing connections to multiple endpoint platform types, financial institutions are tasked with providing a secure transaction channel to a massive number of devices they don’t own and have limited control over. Meanwhile, cybercriminals develop new attacks targeted directly at this type of communication every day, with maturing multifunction malware, such as Zeus, already infecting millions of endpoints in the U.S. alone.

In this session, experts will discuss the latest in tools and strategies, including:

  • The latest endpoint malware capabilities;
  • How assuming that every endpoint may already be compromised, while still providing a secure channel to it, is a viable strategy;
  • The latest fraud detection and prevention technologies;
  • How enhanced authentication with biometrics, Device ID and behavioral analytics can be integrated.

Presented by:
George Tubin, Program Director, Trusteer Global Product Marketing, IBM Security

Malware is Dead?

Advanced attackers always use advanced malware, right? Zero-day exploits, targeted malware, powerful modular frameworks– these are the stock and trade of your adversary.

So we’ve tuned our detection and hunting capability to ferret out the indicators left behind by this malware. Advances in memory forensics, sophisticated endpoint detection capabilities, and efficient enterprise-wide sweeps make tracking the attacker’s malware extremely effective.

Any reasonably advanced adversary understands this, and they’re already working on ways to avoid being found. Defenders tracking attacks by malware signature? Don’t use malware!

What do you do when attackers are acting without persistent malware?
Would you be able to differentiate attacker activity from normal network traffic? Do you even know what “normal” looks like on your network?

Come consider the landscape in a post-malware future. Get a head-start on building detection capabilities that will enable you to defend your networks from sophisticated attackers– even when they’re acting without sophisticated malware.

Presented by:
Hal Pomeranz, Independent Digital Forensic Analyst & Expert Witness, SANS Institute Faculty Fellow

11:10am – 11:50am

The ABA Survey: Changing the Face of Fraud

The 2015 ABA Deposit Account Fraud Survey is the eleventh biennial industry study conducted by the American Bankers Association on the topic of deposit account fraud. For over two decades, this ABA survey series has collected detailed DDA fraud information across traditional and emerging banking channels. With payments innovations picking up speed and the push toward faster payments in the U.S., this survey report series offers a valuable insight into how the modernization of payment methods has changed and will continue to change the type of fraud perpetrated against bank deposit accounts, which hold the funds used to make payments by consumers and businesses. This session will reveal trends and actionable results organizations can use to develop and change their fraud prevention strategies while demonstrating how fraud is evolving.

Presented by:
Jane Yao, SVP, Benchmarking & Survey Research – Office of the Chief Economist, American Bankers Association

Mitigating Risk: The Criticality of Email Security

The increase in data breaches and external threats has reminded us of the importance of securing emails – and just how big a problem business email compromises can be. Organizations need to be confident that the millions of emails leaving their network each day are protected for anywhere and from any device, whether sent from a desktop or from a mobile device. Implementing secure email solutions should increase productivity and mitigate risk without creating employee frustration and friction. Don’t risk violating regulations and your customers’ trust by sending PII unsecured. In this session, you will hear some valuable insights on the best ways to secure your vital email transactions, as well as the latest in technology solutions.

Presented by:
Jeff Hall, Regional Sales Manager, ZixCorp

11:55am – 12:25pm

Behavioral Analytics for Preventing Fraud: Today and Tomorrow

Behavioral Analytics already has proven its effectiveness against today’s sophisticated fraud schemes. But fraudsters continue to escalate and diversify their attacks in and across channels and payment types, while FIs are pressed to expand services and improve the customer experience. This unique confluence of threats and competitive pressure is forcing FIs to adopt new fraud prevention strategies.

Presented by:
Anand Sureka, Senior Sales Engineer, Guardian Analytics; Ana Villarini, SVP – Corporate Fraud Division Manager, BankUnited

What Happens when Big Data, Internet of Things, and the Cloud Meet?

The proliferation of data everywhere has spawned a collusion of topics around Big Data, Internet of Things (IoT), and the Cloud. And they all have one major thing in common—they need data protection. Considering that more 707 million data records were compromised worldwide during 2015, it is key that data protection offerings are strengthened through a layered approach from different vendor offerings. And the protection must focus on many items including devices, identities, and the data itself. So how does an organization begin to understand how to protect these growing phenomena? Learn about the intersection of IoT, Big Data and Cloud and how it relates to your business.

Presented by:
Mark Yakabuski, VP, Business Development Strategy, Gemalto

Insight From Our Speakers

 

12:25pm – 1:25pm

Lunch

1:25pm – 2:10pm

Speed Networking With Your Peers

One of the most valuable ways to learn often is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the arena of fraud and breach prevention and discuss solutions to those potential obstacles. Mingle, share and learn in this unique, rapid fire and interactive environment.

2:10pm – 2:30pm

Break & Networking

2:30pm – 3:00pm

Fraud Trends for Florida Banks

In this session, you’ll learn of some of the latest fraud trends and challenges specific to Florida banks. You’ll hear insights from the Florida Banking Associations Fraud-Net system, as well as some real world examples from the front lines of the information security challenges at one Florida bank, including cybercrimes and phishing.

Presented by:
Jeremy Hayes, Professional Development & Fraud-Net Coordinator, Florida Bankers Association; Bill Murphy, SVP Chief Risk Officer, Fidelity Bank of Florida

Internet of Everything – Connect it First, Secure it Later – Please Don’t

The proliferation of IoT devices will is expected to grow to over one trillion in the next few years, but any device that can communicate with another over the public Internet can potentially provide a direct conduit to some very private and valuable information that these types of devices are gathering.

In our rush to connect everything together, secure connectivity and information handling is frequently an afterthought, if ever even a thought at all.

Is it possible to instill sound SDL (security development lifecycle) practices into the initial build of these new devices? Should these devices be regulated like medical devices are?

An alternative to waiting for built-in security to occur is to bolt it on after it is built and sometimes even after it has been deployed. But why wait? And what are we waiting for? A breach?

Join us as we explore some best practices to secure IoT systems from the beginning, so they don’t have to be redesigned later.

Presented by:
John Christly, CISO & NSU HIPAA Security Officer, Nova Southeastern University

3:05pm – 3:35pm

EMV Rolled Out and Liability Shifted: Restaurant Fraud Emerged from the Shadows

The rollout of EMV technology has changed the face of fraud for restaurants, retailers and merchants. While card-present fraud will likely decrease as the rollout continues, it will remain a major problem, especially for restaurants and food retailers, despite the new chip technology. In this session, we’ll examine the continuing problem of point-of-sale fraud and the solutions on the horizon to mitigate it.

Presented by:
David Matthews, General Counsel, National Restaurant Association

Breach Response Planning: Hammer Out Your Legal, Business and Technology Differences, Before a Breach

Every mature enterprise understands the necessity of a maintaining a tested breach-response plan. But it’s critical that the scope of this plan covers all interested parties, not just technical operations, such as legal, finance and media relations that may have greatly different priorities at crunch time.

Hear the perspectives of key stakeholders – the practitioners who represent legal, IT and business operations, and whose organizations have suffered severe data breaches. Learn from them:

  • The roles each stakeholder plays in crafting and testing the plan;
  • What changes when the breach is real and it’s time to put the plan in action;
  • Lessons learned from their own breach experiences.

Presented by:
Michael Scheidell, InfoSec, Governance, Compliance & Risk Consultant, Managing Director, Security Privateers

3:40pm – 4:10pm

If Data Has No Value, Its Theft Is Pointless

Consumer and merchant confidence in the payment network requires constant vigilance, investments and cross-industry collaboration. As more consumers shop and pay with connected devices, and commerce increasingly migrates to digital channels, the industry must invest in new standards, technologies and products. One of the best defenses is removing sensitive account data from the payment environment, putting it into a form that cannot be used by criminals for fraud. In this session we’ll discuss the use of chip, tokenization and encryption technologies and how they work in tandem to secure payments.

Presented by:
Jacinto Cofino, VP Risk Services – Latin America and the Caribbean, Visa, Inc.

4:10pm – 4:55pm

The Crypto Debate: Beyond “Apple vs. FBI”

Everyone knows Apple refused to comply with a court order to assist the FBI in bypassing security features built into an iPhone that was issued to a San Bernardino shooter. The Justice Department then dramatically said it found another way to access the iPhone, thus deferring crucial underlying questions, which have implications for law enforcement, national security, privacy and personal freedom. In this panel discussion, we will continue this healthy debate and examine such questions as whether federal investigators should be able to circumvent security features and encryption, and the potential resulting downsides. Hear new insights from a broad spectrum of panelists with legal and security expertise. But also bring your own opinions to what promises to be a lively session of give and take between panelists, as well as with attendees.

Panelists:
Dr. Yair Levy, Professor – Information Systems & Cybersecurity; Director, Center for e-Learning Security Research (CeLSR), Nova Southeastern University; Scott Gilbert, Assistant Special Agent in Charge, Miami Division, FBI; Robert Villanueva, Assistant to the Special Agent in Charge, US Secret Service – Miami Electronic Crimes Task Force; Tracy Kitten, Executive Editor, ISMG

4:55pm – 5:00pm

Closing Remarks

5:00pm – 6:00pm

Cocktails & Networking

Venue

The Biltmore Hotel

1200 Anastasia Ave
Coral Gables, FL 33134

Visit hotel website

2016 Speakers

speaker
George Tubin
Program Director, Trusteer Global Product Marketing, IBM Security
speaker
Tom Field
Vice President - Editorial, ISMG
speaker
Tracy Kitten
Executive Editor, BankInfoSecurity & CUInfoSecurity
speaker
David Matthews
General Counsel, National Restaurant Association
speaker
Mike Daugherty
Founder, CEO & President, LabMD
speaker
Jane Yao
SVP, Benchmarking & Survey Research - Office of the Chief Economist, American Bankers Association
speaker
David Pommerehn
VP, Senior Counsel, Consumer Bankers Association
speaker
Dr. Yair Levy
Professor - Information Systems & Cybersecurity; Director, Center for e-Learning Security Research (CeLSR), Nova Southeastern University
speaker
Hal Pomeranz
Independent Digital Forensic Analyst & Expert Witness, SANS Institute Faculty Fellow
speaker
Jeremy Hayes
Professional Development & Fraud-Net Coordinator, Florida Bankers Association
speaker
Robert Villanueva
Assistant to the Special Agent in Charge, US Secret Service - Miami Electronic Crimes Task Force
speaker
John Christly
CISO & NSU HIPAA Security Officer, Nova Southeastern University
speaker
Mark Yakabuski
VP, Business Development Strategy, Gemalto
speaker
Michael Scheidell
InfoSec, Governance, Compliance & Risk Consultant, Managing Dir., Security Privateers
speaker
Bill Murphy
SVP Chief Risk Officer, Fidelity Bank of Florida
speaker
Jason Manar
Supervisory Special Agent, Miami Division-Cyber Crime, FBI
speaker
Scott Gilbert
Assistant Special Agent in Charge, Miami Division, FBI
speaker
Jacinto Cofino
VP Risk Services - Latin America and the Caribbean, Visa, Inc.
speaker
Jeff Hall
Regional Sales Manager, ZixCorp
speaker
Anand Sureka
Senior Sales Engineer, Guardian Analytics
speaker
Ana Villarini
SVP – Corporate Fraud Division Manager, BankUnited

Featured Past Speakers

speaker
Ron Ross
Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)
speaker
Art Coviello
former CEO, RSA Security; Venture Partner, Rally Ventures
speaker
Glen Jones
Head of Payment System Cyber Intelligence, Visa
speaker
Lovell Hodge
VP North American Fraud Analytics, TD Bank
speaker
Eduardo Perez
SVP Payment System Risk, Visa Inc.
 
speaker
Ben Knieff
Senior Analyst, Aite Group
 
speaker
Jessica Corley
Partner, Chair of the Securities Litigation Group, Alston & Bird LLP
speaker
George Tubin
Program Director, Trusteer Global Product Marketing, IBM Security
speaker
Mark Sullivan
Head, Fraud Risk Programs, Interac, Acxsys Corporation
speaker
Liz Garner
Vice President, Merchant Advisory Group
speaker
Todd G. Shean
Assistant Commissioner, Federal Policing Special Services, RCMP
speaker
Robert Carr
Founder, Heartland Payment Systems
speaker
Steve Durbin
Managing Director, Information Security Forum (ISF)
speaker
Christopher Ipsen
CIO, Desert Research Institute and Former CISO, State of Nevada
speaker
David Pollino
SVP, Enterprise Fraud Prevention Officer, Bank of the West
speaker
John Walp
Managing Director Forensic Technology, KPMG
speaker
Barbara Pacheco
SVP, Federal Reserve Bank of Kansas City
 
speaker
Joseph Burton
Managing Partner, Duane Morris LLP
 
speaker
Malcolm Palmore
Assistant Special Agent in Charge, FBI San Francisco Cyber Division
speaker
Doug Johnson
SVP & Chief Advisor - Payments and Cybersecurity Policy, American Bankers Association
speaker
Gray Taylor
Executive Director, Conexxus
speaker
Mitch Parker
CISO, Temple University Health System
speaker
Joseph Johnson
CISO, Premise Health
speaker
Al Pascual
SVP, Research Director Head of Fraud & Security, Javelin Research
speaker
David Matthews
General Counsel, National Restaurant Association
speaker
Scott Swantner
Director for Global Security (Western Union Digital Ventures), Western Union
speaker
Matthew Rosenquist
Cyber Security Strategist, Intel Corporation
speaker
Randy Vanderhoof
Executive Director, Smart Card Alliance & Director, EMV Migration Forum
speaker
Jon Jeswald
VP, Faster Payments Improvement Initiatives, Federal Reserve System
speaker
Mike Daugherty
Founder, CEO & President, LabMD
speaker
Malcolm Harkins
Global CISO, Cylance
speaker
Mark Mao
Partner, Troutman Sanders LLP
speaker
Elvis Chan
Supervisory Special Agent, FBI
speaker
Ken Meiser
VP, Identity Solutions, ID Analytics
speaker
Thomas Hill
CIO, Live Oak Bank
speaker
Dr. Yair Levy
Professor - Information Systems & Cybersecurity; Director, Center for e-Learning Security Research (CeLSR), Nova Southeastern University
speaker
Hal Pomeranz
Independent Digital Forensic Analyst & Expert Witness, SANS Institute Faculty Fellow
speaker
Jeremy Hayes
Professional Development & Fraud-Net Coordinator, Florida Bankers Association
speaker
Robert Villanueva
Assistant to the Special Agent in Charge, US Secret Service - Miami Electronic Crimes Task Force
speaker
Jacinto Cofino
VP Risk Services - Latin America and the Caribbean, Visa, Inc.
speaker
Larry Clinton
President, Internet Security Alliance
speaker
Karen Jackson
Secretary of Technology, Commonwealth of Virginia
speaker
Dr. Phyllis Schneck
Deputy Undersecretary - Cybersecurity, National Protection & Programs Directorate, Department of Homeland Security (DHS)

2016 ISMG Summits

Cost

$595

With $100 discount code "EARLY BIRD"

    

Summits Sponsors


























































































































































Association Partners