9/11/2014 1 2014 FALL 2014 FALL CONFERENCE CONFERENCE & - - PDF document

9 11 2014
SMART_READER_LITE
LIVE PREVIEW

9/11/2014 1 2014 FALL 2014 FALL CONFERENCE CONFERENCE & - - PDF document

Mar 05, 2024 452 likes •672 views

9/11/2014 1 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 2 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 1 9/11/2014 Agenda: Types of Fraud

slide-1
SLIDE 1

9/11/2014 1

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 1 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 2

slide-2
SLIDE 2

9/11/2014 2

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 3

Agenda:

  • Types of Fraud
  • Things you can do internally
  • Things that companies can do
  • Services Provided by the Bank

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 4

“Because that is where the money is.”

slide-3
SLIDE 3

9/11/2014 3

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 5

Checks Credit Cards ACH (Debits / Credits) Wire Transfers

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 6

2014 AFP Payments Fraud Survey, And the survey say?

slide-4
SLIDE 4

9/11/2014 4

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 7

Percentage of Organizations Subject to Attempted or Actual Payments Fraud in 2013

Source: 2014 AFP Payment Fraud and Control Survey.

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 8

39% 37% 17%

Fraud Losses

< $25,000 $25,000 ‐ $249,999 > $250,000 Source: 2014 AFP Payments Fraud and Control Survey

Losses are significant

slide-5
SLIDE 5

9/11/2014 5

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 9

Check Fraud

Counterfeit Checks

  • What is a counterfeit check?
  • Ways to prevent counterfeit checks.

Check Washing

  • What is check washing?
  • Ways to prevent

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 10

UCC Revisions now define responsibilities for check issuers and paying banks under the term

  • rdinary care. Under Sections 3‐403(a) and 4‐401(a), a bank can charge items against a

customer's account only if they are "properly payable" and the check is signed by an authorized

  • individual. However, if a signature is forged, the corporate account may be liable if one of the

following exceptions applies: According to UCC Section 3‐103(7), ordinary care requires account holders to follow "reasonable commercial standards" prevailing in the area for their industry or business. Under 3‐406, if they fail to exercise ordinary care, they may be restricted from seeking restitution from the payee bank if their own failures contributed to a forged check signature or an alteration ‐ (for example, raising a check amount from $50 to $5000). Section 4‐406 also requires customers to reconcile their bank statements within a reasonable time to detect unauthorized checks. This typically means reconciling statements as soon as they are received. The concept of comparative fault ‐ Sections 3‐406(b) and 4‐406(e) ‐ can shift liability to the check issuer. If both the bank and corporate account holder have failed to exercise ordinary care, a loss can be allocated based upon the extent that each party's failure contributed to the

  • loss. Since banks are not required to physically examine every check, companies may be held

liable for all or a substantial portion of any given loss ‐ even if the bank did not verify the signature on a fraudulent check.

COMPANY RESPONSIBILITIES UNDER THE UCC

slide-6
SLIDE 6

9/11/2014 6

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 11

Credit Card / Check Card Fraud

  • What is check card (Debit Card) Fraud?
  • Ways to prevent:
  • Keep your card safe
  • Only use safe/secure websites
  • Do not give out your PIN
  • Monitor use of your card
  • Monitor activity regularly
  • Restrict usage
  • Dollar
  • Types of purchases

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 12

Wire Fraud (Domestic & International)

  • What is wire fraud?
  • Ways to prevent

‐ Internal controls ‐ Dual control ‐ Segregation of duties ‐ Review transactions

What is ACH fraud?

slide-7
SLIDE 7

9/11/2014 7

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 13

Timing is Essential

  • Businesses must return ACH transactions

within 24 hours

  • Check transactions should be returned

same day

  • Online transactions are often real time
  • Review bank balances and transactions

DAILY

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 14

PHISHING AND MALWARE

What is PHISHING and Malware?

slide-8
SLIDE 8

9/11/2014 8

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 15

Is this Phishing?

*No fish were harmed in the making and taking of this picture. They were all eaten…

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 16

Phishing Email Example:

slide-9
SLIDE 9

9/11/2014 9

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 17

Example: Phishing Website

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 18

Total Estimated Losses in the United States from Phishing

Total Estimated Loses from Phishing: $254 million Percentage of global Phishing attack volume: 52%

slide-10
SLIDE 10

9/11/2014 10

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 19

Fraud protection services from Banks.

California Bank & Trust

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 20

Measures Banks Have in Place

  • Phishing detection and takedown services – services that

identify phishing sites and take action to limit access.

  • Threat intelligence – tools and services for the collection and

analysis of suspicious activity from online customers to detect potential malware infection.

  • Transaction monitoring and profiling – methods and tools to

determine the risk of a given transaction based on analysis of that transaction against the customer’s transaction behavior profile.

  • Working with the FBI, Secret Service, ATF, Interpol, & Local

Law Enforcement Authorities.

slide-11
SLIDE 11

9/11/2014 11

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 21

What Your Bank Can Do?

Online Banking Solution:

Security tokens required at time of transaction, reducing wire and ACH fraud attempts

  • Monitor user behavior based on location
  • Secure transmissions with encryption
  • Firewalls and Virus Protection (internal)
  • Challenge response questions
  • Automatic sign‐off (no activity)

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 22

What Your Bank Can Do?

Anti‐Phishing Initiatives:

  • Contract with a security company to monitor and

remove fraudulent Websites

  • Use services to help prevent account hijacking
  • Security awareness training for customers and

front‐line employees

slide-12
SLIDE 12

9/11/2014 12

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 23

Things You and Company can Do

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 24

How Do I Protect My Business?

  • Computer system and security software up to date
  • Personal firewall in place for broadband Internet

connection

  • Use secure sites for online transactions
  • Request paperless statements for your

bank accounts

  • Periodically obtain &review credit

reports to check for fraudulent activity

  • Look for skimmers
slide-13
SLIDE 13

9/11/2014 13

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 25

How Do I Protect My Business?

  • Use secure sites for online transactions
  • Do not use public “hot spots” for online transactions
  • Passwords and PINs include numbers and special

characters

  • Reconcile all banking transactions on a daily basis
  • Change the password a few times each year
  • Delete incoming email requesting personal

information or providing web site links

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 26

How Do I Protect My Business?

  • Use secure sites for online transactions
  • Do not use public “hot spots” for online transactions
  • Passwords and PINs include numbers and special

characters

  • Reconcile all banking transactions on a daily basis
  • Change the password a few times each year
  • Delete incoming email requesting personal

information or providing web site links

slide-14
SLIDE 14

9/11/2014 14

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 27

How Do I Protect My Business?

  • Avoid using an automatic login features that save

usernames and passwords for online banking

  • Never give out personal information over the

phone, especially if you did not initiate the call

  • Initiate ACH and wire transfer payments under dual

control, with a transaction originator and a separate transaction authorizer

  • Immediately escalate any suspicious transactions to

your bank. Immediate escalation may prevent further losses

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 28

  • Train your employees to recognize scams
  • Keep your employees updated on the latest threats
  • Always update your software
  • Keep antivirus on the PC and patched at all times
  • Keep track of which websites your employees are

visiting

  • Leverage malware protection tools such as Trusteer

Rapport, offered free of cost by California Bank & Trust.

Protect My Business from Social Networking

slide-15
SLIDE 15

9/11/2014 15

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 29

Available Protection tools from the Bank

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 30

Protection tools from the Bank

Fraud Type Bank Service

Malware Trusteer Rapport Check Fraud Positive Pay Payee Alteration Payee Match ACH Fraud ACH Positive Pay Unauthorized Transactions Dual Control Transaction Limits Accounts Receivable Lockbox Unauthorized Access Treasury Gateway

slide-16
SLIDE 16

9/11/2014 16

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 31

Tools To Protect

Online Banking:

  • Password security at sign‐on
  • Token security
  • View account activity in real‐time (intraday)
  • User Access and Controls
  • Using the internet is an effective way to process ACH and

Wire transactions but safeguards need to be in place

  • Set specific permissions by user and by account
  • Daily limits for ACH origination
  • User security & dual approval process
  • Segregation of duties is highly encouraged!

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 32

Tools To Protect

Early Fraud Detection: Positive Pay provides you with the confidence of knowing

that only the checks you issue will be paid. This service interfaces with the teller system and notifies the teller if the check is not valid.

ACH Blocks/Filters Service was designed to protect

you against unauthorized ACH transactions posting to your account.

slide-17
SLIDE 17

9/11/2014 17

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 33

Trust, But Verify

  • Dual control with account balancing
  • Control use of signature facsimile stamp
  • Importance of signature card and designating

authority

  • Bank statement/Notice diversion

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 34

“Vintage” Skimming Devices

slide-18
SLIDE 18

9/11/2014 18

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 35

New and Improved Skimming Devices

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 36

ATM Skimming Overlay

slide-19
SLIDE 19

9/11/2014 19

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 37

Fraudster Placement

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 38

slide-20
SLIDE 20

9/11/2014 20

2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 39