Fraud Prevention Summit: New York 2025 ISMG%%sep%%Events ismg.events

April 10, 2025

Fraud Prevention Summit: New York

8:00 AM - 4:15 PM ET

Event Overview

The tools available to fraudsters have advanced at an unprecedented pace, enabling sophisticated attacks that challenge even the most prepared organizations. At the same time, security leaders are leveraging cutting-edge technologies to revolutionize their defenses. The 2025 ISMG Fraud Security Summit tackles this critical turning point in fraud prevention, equipping participants with the strategies and expertise needed to outmaneuver increasingly bold adversaries.

This year’s summit addresses essential topics such as securing APIs, fortifying digital identity systems, and mitigating insider-driven fraud. Participants will gain insights into real-world defenses against credential stuffing and supply chain infiltration while uncovering strategies to disrupt the shadow economy of Fraud as a Service—a thriving underground industry enabling large-scale cybercrime.

As the stakes climb higher, hear from leading infosec and fraud experts as we explore how advanced tools, cross-industry collaboration, and lessons from high-profile incidents are shaping the future of fraud prevention. From protecting global supply networks to harnessing AI-driven analytics, attendees will leave ready to fortify their defenses and meet emerging challenges with confidence.

View our ISMG Event Experience video to see what your peers are saying about their participation.

Highlight Topics

Bolstering Identity Verification Tactics Against Expanding Fraud Threats
Cross-Industry Fraud Intelligence Sharing: Building Collaborative Defenses
Tackling Emerging Fraud Threats in Global Supply Networks
Protecting Patient Data from Evolving Fraud in Healthcare

Advisors

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space on stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Murli Nambiar

CISO, SBI

Atanu Roy

Group CIO, Biocon Group

Sachin Seth

CEO and MD, BSE Ebix Insurance Broking (BSE Ebix)

John Frushour

Vice President and Chief Information Security Officer, New York-Presbyterian Hospital

Claire Le Gal

SVP, Fraud Intelligence, Strategy & Cyber Products, Mastercard

Michael Gioia

CISO, Babson College

Karen Boyer

SVP Financial Crimes, M&T Bank

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Brennan Lodge

Head of Analytic Engines Cybersecurity, HSBC

Laura Deaner

CISO, Northwestern Mutual

Ali Khan

CISO, Better.com

Karen Boyer

SVP Financial Crimes, M&T Bank

Patrick Keating

SVP, CISO, Sterling Bank & Trust

Michael Sawyer

Head of Enterprise Technology Production and Third Party Risk, Citi

David Pollino

Global Head of Fraud Prevention - Managing Director, Information Security, BNY

Chetan Patel

Senior Vice President - CISO US & UK

Steve Lenderman

Head of Fraud Solutions - North America

La Monte Yarborough

CISO, Acting Deputy CIO, HHS

Walker Newell

Vice President, Securities Litigation and Enforcement, Woodruff Sawyer

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

David Sheidlower

Vice President, Chief Information Security & Privacy Officer, Turner Construction Company

Speakers

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in cybersecurity passionate about the latest tools and technology to defend against threats

Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

You can now view or download a PDF version of the attendee guide.

Registration & Breakfast

Opening Comments

Laura Deaner

CISO, Northwestern Mutual

Sunil Malik

CISO, Discover Financial Services

Cybersecurity & Fraud Risk: Defend, Detect, Defeat!

Cybersecurity and fraud are becoming increasingly linked, as well as the significant hazards they pose to enterprises of every size.

We will examine the evolving strategies used by hackers and fraudsters, which range from simple phishing schemes to complex ransomware operations. The line between cybersecurity and fraud is increasingly blurred. Cybercriminals often exploit security vulnerabilities to commit fraud, and similarly, fraudsters use social engineering to gain access to sensitive systems.

The keynote will focus on the need for businesses to adopt a holistic approach that addresses both areas simultaneously, rather than treating them as separate disciplines. The aim will be to provide participants with the knowledge and tools they need to strengthen their defenses, detect risks proactively, and effectively battle cyber fraud, ensuring their organization’s overall protection. Attendees will learn to move beyond reactive measures and adopt a proactive stance that defends against potential threats, detects risks as they emerge, and defeats attackers swiftly and efficiently.

Key Takeaways:

Developing integrated security frameworks to shield against both cybersecurity breaches and fraud. This involves leveraging technology, process controls, and employee awareness.
Exploring state-of-the-art tools and techniques, including AI-driven analytics and real-time monitoring, to proactively identify and prevent fraudulent activities before they inflict harm.
Understanding the best practices for responding to fraud incidents, encompassing incident response planning, stakeholder communication, and recovery strategies aimed at minimizing impact.

Laura Deaner, CISO, Northwestern Mutual

Sunil Malik, CISO, Discover Financial Services

Ali Khan

CISO, Better.com

API Security in Cyber Fraud Prevention

APIs are the backbone of modern financial, healthcare, and tech infrastructures, enabling seamless data flow between applications and services. However, they also present a growing attack surface that fraudsters are exploiting at alarming rates.

This session will explore the critical role of API security in preventing cyber fraud, covering both current threats and best practices for securing APIs against unauthorized access, data leaks, and malicious manipulations.

Participants will learn about real-world API fraud incidents, the latest attack methods such as API abuse and injection attacks, and how to deploy tools like API gateways, authentication protocols, and advanced monitoring to safeguard their API ecosystems.

Key Discussion Points:

New Threats in API Security: Understand the latest fraud tactics targeting APIs, including API abuse and credential stuffing, based on recent real-world incidents.
Best Practices for Securing APIs: Learn essential strategies like enforcing strong authentication, rate-limiting, and encryption to protect APIs from unauthorized access.
API Vulnerabilities and Common Attack Vectors: Identify the most common API weaknesses, such as broken authentication and injection attacks, and how to mitigate them effectively.
Advanced Monitoring and Fraud Detection: Discover how to leverage API gateways and real-time monitoring tools to detect and prevent fraudulent activity within your API ecosystem.

Ali Khan, CISO, Better.com

Steve Lenderman

Head of Fraud Prevention, iSolved

Nisan Bangjev

Director, Fraud Risk Officer, Valley Bank

Mark Eggelston

CISO, CSC

Bolstering Identity Verification Tactics Against Expanding Threats

The rise of digital identity verification has revolutionized how financial institutions combat fraud, but it has also introduced new vulnerabilities.

Fraudsters are increasingly exploiting weak points in verification systems, such as synthetic identities and stolen credentials. This session examines how advancements in biometrics, AI, and fraud modeling are reshaping identity verification to stay ahead of sophisticated financial crime tactics.

We’ll explore the critical balance between providing frictionless customer onboarding and maintaining high security standards to prevent fraud. Attendees will gain insights into the latest fraud prevention strategies and learn how to safeguard digital identities without sacrificing user experience.

Key Discussion Points:

Fraud Threats in Identity Verification: Understanding how synthetic identity fraud and credential theft are evolving in digital environments.
Innovations in Fraud Detection: Exploring how AI and biometric authentication improve fraud detection in real time.
Balancing Customer Experience and Security: Reducing onboarding friction while strengthening identity verification.
Adapting to Emerging Fraud Techniques: Preparing for the next wave of identity-related fraud and staying compliant with regulatory standards.

Steve Lenderman, Head of Fraud Prevention, iSolved

Nisan Bangiev, Director, Fraud Risk Officer, Valley Bank

Mark Eggelston, CISO, CSC

Chetan Patel

Senior Vice President - CISO US & UK, Helaba

Tim Lucey

Supervisory Special Agent, Health Care Fraud Task Force, FBI

Tackling Emerging Fraud Threats in Global Supply Chain Networks

As industries increasingly rely on global networks of vendors and suppliers, the risk of supply chain fraud is increasing significantly year-over-year.

Cybercriminals are targeting third-party service providers to bypass traditional security defenses, injecting malware or stealing sensitive data to infiltrate larger organizations. The April 2024 breach at Sisense, where attackers gained access to cloud storage credentials through a compromised GitLab repository, serves as a stark example of how supply chain attacks can ripple across critical infrastructure. These incidents emphasize the need for stronger vendor management and improved detection systems to prevent fraud.

In this session, panelists will discuss the latest tactics bad actors are leveraging to exploit supply chain vulnerabilities, focusing on cross-industry examples and how to identify and mitigate risks before they lead to significant breaches. The conversation will also explore strategies for bolstering defenses, including vetting vendors, enhancing threat intelligence, and building more resilient supply chains.

Key Takeaways:

Mitigating risks from recent supply chain breaches by strengthening protections against multiple threat vectors, including malware injection, data theft, and phishing attacks via third-party services.
Practical steps for evaluating, monitoring, and securing vendor relationships, ensuring compliance with industry-specific regulations and standards.
Identifying early indicators of supply chain fraud and improving real-time detection through enhanced threat intelligence and AI-powered analysis tools.
Best practices for developing a rapid response and recovery framework, minimizing the damage caused by supply chain attacks, and coordinating across industry sectors.

Chetan Patel, Senior Vice President – CISO US & UK, Helaba

Tim Lucey, Supervisory Special Agent, Health Care Fraud Task Force

Networking & Exhibition Break

John Frushour

Vice President and Chief Information Security Officer

Protecting Patient Data from Evolving in Healthcare

As healthcare organizations continue to digitize operations, the industry is increasingly targeted by sophisticated cybercriminals. Recent high-profile incidents, such as the 2024 cyberattack on Change Healthcare, have demonstrated the devastating impact of large-scale breaches on patient care and data integrity.

This attack exposed sensitive personal health information (PHI) and disrupted healthcare services nationwide, underlining the importance of strong cybersecurity defenses in the sector. Additionally, the Kaiser Foundation Health Plan breach further highlighted how the improper use of tracking tools on healthcare websites can lead to significant unauthorized data disclosures, affecting over 13 million individuals.

Healthcare CISOs must confront a range of fraud risks, including identity theft, phishing attacks on patient portals, and fraudulent insurance claims. This session will explore the latest trends in healthcare fraud and cyber threats, offering strategies to protect against the misuse of patient data and ensure compliance with regulatory frameworks like HIPAA. We will also discuss how healthcare organizations can enhance their fraud detection capabilities through advanced identity verification and real-time monitoring technologies, which are increasingly critical in today’s threat landscape.

Our panel will discuss:

Insights into recent healthcare cyber incidents, including Change Healthcare and Kaiser Permanente, and their implications for fraud prevention.
Advanced strategies for protecting patient data, reducing fraud risks, and maintaining compliance with HIPAA.
The role of real-time monitoring and identity verification in preventing fraud and protecting patient trust in an evolving digital ecosystem.

John Frushour, Vice President and Chief Information Security Officer

Karen Boyer

SVP Financial Crimes M&T Bank, New York-Presbyterian Hospital

Hiral Mehta

Chief, Business & Securities Fraud, U.S. Attorney's Office for the Eastern District of New York

Fraud as a Service and the Rise of Cybercrime's Shadow Economy

Fraud as a Service has evolved into a highly organized business model, offering cybercriminals access to tools like phishing kits, malware, and stolen payment data.

By lowering the technical barriers, FaaS enables large-scale fraud operations that contributed to global financial losses of nearly $485.6 billion in 2023. In 2024, scam operations using Telegram bots to automate phishing and fraud highlight just how widespread and accessible these services have become, affecting industries from financial services to healthcare.

This session will explore the growth of FaaS, its impact on security across industries, and effective strategies to combat it.

Experts will share insights into how these services operate, as well as actionable defenses to disrupt and prevent FaaS-driven attacks, including:

The business model behind FaaS and its role in enabling large-scale cyber fraud, including automation tools like Telegram bots.
Practical defense strategies to combat FaaS, focusing on early detection and prevention across key industries.
How threat intelligence can uncover FaaS operations and the tactics cybercriminals use to avoid detection.
Building cross-industry partnerships to share intelligence and improve defenses against FaaS attacks.

Karen Boyer, SVP Financial Crimes, M&T Bank

Hiral Mehta, Chief, Business & Securities Fraud, U.S. Attorney’s Office for the

Eastern of New York

David Pollino

Global Head of Fraud Prevention - Managing Director, Information Security, BNY

Carlo Nastasi

Special Agent at IRS - Criminal Investigations, IRS-Criminal Investigations

Insider Threats: Preventing Fraud from Within

Insider threats, whether caused by malicious actors or negligent employees, remain one of the most difficult challenges for organizations to manage.

With insider-driven data incidents increasing 28% in the last year alone, employees with privileged access remain a prime target for exploitation by external actors and, potentially, a direct source of fraud and data compromise. As organizations expand and hybrid work grows more common, securing against internal threats has become even more critical. Whether it’s deliberate fraud or unintentional leaks, insider threats can lead to significant financial and reputational damage.

This session will explore how organizations can better detect, prevent, and respond to insider-driven fraud. Panelists will share insights on leveraging behavioral analytics, privileged access management, and employee awareness to minimize insider risks.

We will discuss:

Implementing behavioral analytics to detect early signs of insider fraud, such as unusual access patterns or data transfers.
Reducing the risk of insider threats through privileged access management (PAM) and least-privilege policies.
The role of employee education and awareness in preventing unintentional fraud caused by negligence or phishing attacks.
Best practices for incident response when insider fraud is detected, including forensics and legal considerations.

David Pollino, Global Head of Fraud Prevention – Managing Director,

Information Security, BNY

Carlo Nastasi, Special Agent at IRS – Criminal Investigations, IRS-Criminal

Investigations

Lunch & Exhibition Break

Fraud Prevention Summit: New York

Data Breaches and Fraud: Reducing the Impact

With data breaches becoming more frequent and severe, organizations face the growing risk of financial fraud and identity theft in the aftermath.

This session focuses on practical strategies to minimize fraud risks after a breach, offering insights into how organizations can quickly mitigate the damage and protect affected individuals. From identity monitoring to rapid incident response, this session will cover the critical actions organizations must take to prevent fraud from compounding the impact of a breach.

Attendees will explore the latest best practices for post-breach fraud prevention, including how to secure compromised data, implement identity protection measures, and minimize the potential for further financial or reputational damage. Panelists will share real-world examples of organizations that successfully reduced fraud risks after data breaches, offering a roadmap for effective post-breach responses.

Key Discussion Points:

Effective post-breach fraud prevention strategies and identity protection.
Real-world examples of mitigating fraud risks after a major breach.
Best practices for breach response teams to address identity theft and financial fraud.
How to minimize reputational and financial damage in the wake of a breach.

Matthew Homer Meade, Chair, Cybersecurity, Data Protection & Privacy Group,

Eckert Seamans

Fraud Prevention Summit: New York

Deepfakes, Real Stakes: Unmasking Cyber Deception in a High-Stakes Interactive Tabletop Simulation

Join us for this collaborative tabletop exercise, hosted jointly by the United States Secret Service and CyberEdBoard.

This interactive session is meticulously crafted to mimic a sophisticated cyberattack. It aims to bolster strategic response capabilities and enhance operational readiness against the backdrop of advanced cyberthreats. The focal point of this exercise is a strategically crafted deepfake incident targeting a corporate executive, weaving together elements of social engineering, financial fraud, and the challenges posed by emerging technological threats.

What you will gain from this experience:

Enhanced Organizational Readiness: To critically assess and improve organizational preparedness in response to intricate cyber incidents involving deepfake technology and social engineering.
Interagency Collaboration and Knowledge Exchange: To strengthen the partnership and information sharing between the Secret Service and leaders in the private sector cybersecurity community.
Strategic Response Development: To create all-encompassing incident response strategies that cover legal, technical and communicational facets, while also identifying and rectifying weaknesses in existing cybersecurity policies and governance.

Kevin Cooke, Senior Special Agent, United States Secret Service

Boris Klyuchnikov, Special Agent, FBI

Chris Holden, CISO, Crum & Forster

Fred Harris, Global Head of Risk & Compliance for Enterprise Technology & Operations,

Citi

Peter Tse, Information Security Officer, CTBC Bank

David Anderson, Vice President of Cyber, Woodruff Sawyer

Walker Newell, Vice President, Securities Litigation and Enforcement, Woodruff Sawyer

Sean Mack, Former CISO, Wiley; ISMG Contributor

Networking & Exhibition Break

David Schwed

CISO, Brokerage & Money, Robinhood

Protecting Against Automated Fraud and Credential Stuffing

Automated credential stuffing attacks are on the rise, and demand vigilance from organizations to safeguard their most sensitive account data.

The nearly 10 billion passwords compromised in the RockYou2024 leak is a stark example of how an ever-increasing supply of stolen credentials can enable high-volume, precision-driven attacks with minimal effort.

With leading companies in finance, retail, and manufacturing all falling victim to credential stuffing attacks in the last year, no organization is immune to the financial and reputational damage they can inflict. This session will explore advanced defense strategies, the role of AI in stopping automated fraud, and the latest tools that organizations are deploying to stay ahead of attackers.

We’ll also examine how industries such as financial services, retail, and healthcare are evolving their approach to combat these increasingly sophisticated attacks—integrating cutting-edge solutions to mitigate risks and secure their most valuable assets.

Key Takeaways:

The latest trends in credential stuffing and how automation is reshaping fraud attacks across industries.
Advanced defense strategies, including AI-based anomaly detection and the limitations of traditional solutions like multi-factor authentication.
Real-world insights on effective approaches to fraud prevention from across sectors.
Future trends in automated fraud and how to prepare your security stack for emerging challenges in 2025.

David Schwed, CISO, Brokerage & Money, Robinhood

Nashira Spencer

CISO and Head of Enterprise IT, Stich Fix

Cross-Industry Fraud Intelligence Sharing: Building Collaborative Defenses

As fraudsters continue to exploit vulnerabilities across various sectors, the need for a more unified defense against cyber fraud has never been greater. Regardless of industry, fraudsters benefit from a host of new resources to penetrate defenses and glean the data with the greatest leverage and financial return.

This session explores the importance of sharing fraud intelligence across industries to create a more robust and cohesive defense strategy. By learning from one another’s experiences and challenges, organizations can better protect themselves against evolving fraud schemes.

Participants will gain insights into the benefits and challenges of cross-industry collaboration, including the regulatory and privacy considerations that come with sharing sensitive threat intelligence.

The session will also examine successful examples of industries working together to combat fraud and how to implement similar strategies within their organizations.

Key Discussion Points:

Building cross-industry collaboration platforms to combat fraud.
Case studies of fraud tactics spreading across sectors.
Overcoming regulatory and privacy hurdles when sharing threat intelligence.
Practical steps for fostering intelligence sharing and improving defenses across industries.

Nashira Spencer, CISO and Head of Enterprise IT, Stitch Fix