Main host & discussion facilitator:
Global Head, business continuity, security & governance practice
Regional Director of the Ethical Hacking Centre of Excellence for Europe, Middle East & Far East, BT INS
Business Continuity, Security, and Governance Practice, BT
E-Commerce Manager, Harvey Nichols
An interactive breakfast briefing bringing together security professionals across the retail sector for an interesting and thought-provoking discussion, focusing on ethical hacking and consumer authentication as well as presenting a recent case study.
- Has your organisation suffered any attacks against its online business capabilities?
- Is there a security testing and assurance program in place that gives your organisation a continual and accurate picture of the current security position of your online retail capabilities?
- Is your organisation required to comply with PCI DSS legislation? Are there areas of the Standards that are yet to be covered within the organisation?
- Are there areas of your Infrastructure and Application Security that you are concerned about, or that are not covered by your in-house teams or current suppliers?
As part of its mission to help clients manage risk and improve security, BT has developed an Ethical Hacking Centre of Excellence (EHCOE). EHCOE consultants specialise in the identification and mitigation of weaknesses and vulnerabilities in diverse technical environments, using structured Security and Network Engagement Methodologies to safely test the security of IT systems through simulated attacks that are completed in a safe environment. Members of the BT EHCOE are continually researching emerging threats, testing new intrusion techniques and developing effective counter-measures to malicious activities. Constant vigilance enables us to provide our clients with exceptional security on an ongoing basis.
As retail and financial organisations continue to develop their online capabilities it is of vital importance to them that the levels of security protect the brand and reputation of the organisation. This maintains the trust required to maximise the revenue streams available from online business.
- Does your organisation need to take steps beyond AVS/CVV to reduce online fraud?
- Is completion of the transaction a concern relative to managing online fraud?
- Do the fraud management services available in the market meet your organisation’s requirements?
- Does your organisation have specific issues that the online fraud market is not addressing?
Retailers and financial institutions continue to struggle with fraud related to identity theft. The introduction of Chip and PIN has greatly reduced ‘card present’ fraud, but ‘card not present’ fraud represents a real threat to both the consumer and the merchant while phishing attacks increased by 200% in 2007.
UK banks, in response to faster payments and fraud reduction, are rolling out two factor authentication solutions to their customers for online authentication. These authentication solutions are working hand in hand with online fraud management systems. UK banks are rolling out various combinations of one time password (OTP) tokens, SMS-based authentication solutions, and/or EMV card readers to enable Chip and PIN for online authentication. Merchants responding to the threat by implementing 3D-Secure to underwrite ‘card not present’ transactions have found that 3D-Secure is not without issues. PayPal in the US has rolled out two factor authentication tokens to 400,000 of its customers and eBay accepts these tokens for authentication.
Jim is the Regional Director of the BT Ethical Hacking Centre of Excellence for Europe, Middle East & Asia Pac. He has over 14 years’ experience within the IT industry, the majority of which has been focused on information security. Jim brings a wealth of security expertise to the table having led the IT Security Development team of a global mobile Telco prior to joining BT.
Ray Stanton is the Executive Global Head of BT’s Business Continuity, Security and Governance Practice (BCS&G) and has worked in information security for over 24 years. He has worked for both government and commercial organisations in a variety of security related roles including project management, security auditing, policy design, and the development of security management strategies. Before joining BT in 2004, Ray was head of UK security services for Unisys Corporation and, prior to that, he was head of information security for British Aerospace Limited, working primarily on its commercial projects, such as its role in Airbus.
Jeanne has a 20 year career in security, with experience spanning everything from the design and implementation of secure strategic communication systems for the US Military to defining the identity management services for BT Global Services. Her experience also includes working with MasterCard and Visa to define the online payments standard “Secure Electronic Transactions”, one of the precursors to 3D-Secure, as well as designing and establishing some of the first commercial PKI services for US financial institutions. Jeanne is responsible for identity management business development within BT, and for defining identity, authentication, and fraud management solutions for financial services and retail markets. Before joining BT in 2007, she managed pre-sales and professional services teams for Cybertrust and was responsible for delivering IdM and MSS solutions to European customers. Jeanne has a BSc in Electrical Engineering from Worcester Polytechnic Institute and an MSc in Computer Engineering from Boston University in the United States.
Rob is the E-Commerce Manager for Harvey Nichols. He has twenty years’ experience in IT, the last 11 of which have been spent in the Retail Industry. Rob introduced E-Commerce into Harvey Nichols, and manages the online fraud prevention and customer services supplier relationships. Rob has worked with BT Fresca to implement 3D Secure into Harvey Nichols’ website and with Third Man to improve fraud checking services.