Integrated approach to online frauds detection

This dissertation has focused on the description of how it is possible to detect and block simple and complex online frauds on electronic payment services and gaming online services through an integrated Anti-fraud Framework ingested by data from a Datawarehouse (DWH) infrastructure and a Security Information and Events Management (SIEM) correlation system, both implemented in a large organization respectively for transactional analysis and cyber attacks protection. In this document, therefore, we will show how the correlation between the transactional data coming from different heterogeneous platforms and the alarms coming from the related ICT security technologies can be processed in real time for frauds in progress detection and blocking, and the predictive analysis of anomalous behavior of customers, including cross-business frauds attempts. This integrated approach is possible as the online gambling industry, in the widest meaning of the term, going from classic lotteries to interactive contexts in all their variations, is a very complex scenery in terms of ICT aspects, because its hybrid technologies peculiarities could be associates to other sectors, as: Fin-tech, Ecommerce, TelCo and IoT, for similitude of enabling technologies (on-field terminals, mobile app and online portals) and security issues. Attack attempts against gaming platforms, processes and technologies, dedicated to perpetrating frauds are so complex and changeable that their detection cannot be disjointed from an integrated logic that connects native ICT security enabling technologies with anti-fraud analytics tools systems. Another aspect addressed in this work is the use of a software SOAR (Security Orchestration Automation and Response) to mitigate a Credential Stuffing attack on gaming accounts (GA), very simple to observe but difficult to counter with normal cyber defense technologies. The complex architectures that are at the base of online gaming delivery platforms needs of an integrated detection logic that connects the native ICT security enabling technologies and the analysis engine tools established by the anti-fraud systems to allow the use of fundamental predictive models for the detection of complex attack patterns, different for each single platform but sharing data independent of the type of service able to provide transversal correlations (personal data, GAs, IPs, ecc.).