Effective detection and prevention of financial transaction fraud requires analytic techniques capable of characterizing the transaction stream and determining the likelihood of fraud or misuse in real time. The nature of fraud makes the development of transaction monitoring models challenging, and inspires new Analytic innovations to respond to the ever changing tactics taken on by fraudsters. In this talk, we will review traditional payment card fraud detection analytic techniques such as transaction profiling and neural network models, and then expand to new analytic techniques. These new techniques include Adaptive Analytics which allows a model in production to adjust its scores dynamically based on analyst fraud case dispositions; Self-Calibrating Analytics which determines outlier fraud features in streaming transactions through real-time estimations of variable distributions; and Global Intelligent Profiles which enable profiling of various entities in the fraud decision such as ATMs, countries, and compromise clusters.

Scott Zoldi is a Vice President of Analytic Science at FICO. He has responsibility for the analytic development of FICO's transaction analytics products and solutions, including the FICO™ Falcon® Fraud Manager product. While at FICO, Scott has been responsible for authoring over 30 patent applications related to fraud and transaction analytics. He is actively involved in the development of FICO's new Falcon 6 product, which includes new analytic innovations such as adaptive analytics, global intelligent profiles, self-calibrating analytics and enterprise analytics. Before joining FICO, Scott was a director's postdoctoral fellow at Los Alamos National Laboratory. Scott received his Ph.D. in theoretical and computational physics from Duke University and was a DOE computational science graduate fellow.

Hyoungshick Kim, John Tang and Ross Anderson
Social Authentication: Harder than it Looks

Sonia Chiasson, Chris Deschamps, Elizabeth Stobert, Max Hlywa, Bruna Freitas Machado, Alain Forget, Nicholas Wright, Gerry Chan and Robert Biddle
The MVP Web-based Authentication Framework (Short Paper)

Joseph Bonneau, Sören Preibusch and Ross Anderson
A birthday present every eleven wallets? The security of customer-chosen banking PINs

Tyler Moore, Jie Han and Richard Clayton
The Postmodern Ponzi Scheme: Empirical Analysis of High-Yield Investment Programs

Dan Bogdanov, Riivo Talviste and Jan Willemson
Deploying secure multi-party computation for financial data analysis (Short Paper)

Christopher Thorpe and Steven Willis
Cryptographic Rule-Based Trading (Short Paper)

Zi Lin, Denis Foo Kune and Nicholas Hopper
Efficient Private Proximity Testing with GSM Location Sketches

Benjamin Johnson, John Chuang, Jens Grossklags and Nicolas Christin
Metrics for Measuring ISP Badness: The Case of Spam (Short Paper)

Tao Wang, Kevin Bauer, Clara Forero and Ian Goldberg
Congestion-aware Path Selection for Tor

Scott Wolchok, Eric Wustrow, Dawn Isabel and J. Alex Halderman
Attacking the Washington, D.C. Internet Voting System

Rainer Boehme
Security Audits Revisited

Attila A. Yavuz, Peng Ning and Mike Reiter
Efficient, Compromise Resilient and Append-only Cryptographic Schemes for Secure Audit Logging

Morten Dahl, Chao Ning and Tomas Toft
On Secure Two-party Integer Division

Rafik Chaabouni, Helger Lipmaa and Bingsheng Zhang
A Non-Interactive Range Proof with Constant Communication

T-H. Hubert Chan, Elaine Shi and Dawn Song
Privacy-Preserving Stream Aggregation with Fault Tolerance

Daniel Slamanig
Dynamic Accumulator based Discretionary Access Control for Outsourced Storage with Unlinkable Access (Short Paper)

Mariana Raykova, Hang Zhao and Steven Bellovin
Privacy Enhanced Access Control for Outsourced Data Sharing

Andres Molina-Markham, George Danezis, Kevin Fu, Prashant Shenoy and David Irwin
Designing Privacy-preserving Smart Meters with Low-cost Microcontrollers

Benjamin Mood, Lara Letaw and Kevin Butler
Memory Efficient Garbled Circuit Generation for Mobile Devices

Payman Mohassel and Salman Niksefat
Oblivious Decision Programs from Oblivious Transfer: Efficient Reductions

Kaoru Kurosawa and Yasuhiro Ohtaki
UC-Secure Searchable Symmetric Encryption

Jeremy Clark and Aleksander Essex
CommitCoin: Carbon Dating Commitments with Bitcoin (Short Paper)

Simon Barber, Xavier Boyen, Elaine Shi and Ersin Uzun
Bitter to Better — How to Make Bitcoin a Better Currency

As organizations look to mitigate their privacy risks, they are increasing being encouraged by regulatory authorities to consider privacy by design (PbD) and privacy enhancing technologies (PETs). PETs present an alternative to the standard model of most organizations: data collection coupled with data protection. PETs can either increase transparency, by allowing individual or collective auditing of company privacy practices (Google's Privacy Center) or increase opacity, by hiding or eliminating some of the links between data points (TOR anonymity network).

Laws and regulations can also affect the transparency and opacity of personal data. While some laws may adversely affect privacy for organizations following the standard model, other laws may directly impede privacy enhancement by requiring the collection of personal data that are not necessary for organization operations. This panel aims to look at laws and regulations that either directly or inadvertently are not PET friendly.

Jens Bender, Özgür Dagdelen, Marc Fischlin and Dennis Kügler
The PACE|AA Protocol for Machine Readable Travel Documents, and its Security

Aleksander Essex and Urs Hengartner
Oblivious Printing of Secret Messages in a Multi-party Setting

Anthony Van Herrewege, Stefan Katzenbeisser, Roel Maes, Roel Peeters, Ahmad-Reza Sadeghi, Ingrid Verbauwhede and Christian Wachsmann
Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-enabled RFIDs

Junaid Jameel Ahmad, Shujun Li, Ahmad-Reza Sadeghi and Thomas Schneider
CTL: A Platform-Independent Crypto Tools Library Based on Dataflow Programming Paradigm

Michael Weiß, Benedikt Heinz and Frederic Stumpf
A Cache Timing Attack on AES in Virtualization Environments

Franz Ferdinand Brasser, Sven Bugiel, Atanas Filyanov, Ahmad-Reza Sadeghi and Steffen Schulz
Softer Smartcards: Usable Cryptographic Tokens with Secure Execution