The Future of ATO

Presented at Black Hat USA 2019, Aug. 8, 2019, 3:50 p.m. (50 minutes).

Account Takeover (ATO) is the silent killer of online security. Between password megalists, massive PII breaches and ever more sophisticated attackers, it's becoming almost impossible to help regular users to thread the needle of a usable, but secure, experience. Coinbase is one of, if not the, largest single store of consumer cryptocurrency in the world. Attackers have enormous motivation to target our customers, and we have enormous motivation to defend our customers. This has resulted in a flurry of innovation over the past few years, on both sides. In this talk, I'll give a look behind the scenes on how Coinbase protects our customers, encourages them to be more secure and handles everything from phone porting to SIM swapping to credential stuffing. I'll also share a view into where we see attackers actively innovating. You will walk away with a window into what ATO may look like in the years to come and some specific, actionable steps you can take to protect your customers right now.


Presenters:

  • Philip Martin - CISO, Coinbase, Inc
    Philip Martin is the CISO at Coinbase, where he is continually amazed at the amount of attacker effort and creativity inspired by a few billion dollars of digital currency. Prior to Coinbase, Philip built and led the Incident Response and Security Engineering teams at Palantir Technologies and spent a decade as a US Army Counterintelligence agent.

Links: