9/11/2014 1 2014 FALL 2014 FALL CONFERENCE CONFERENCE & - PDF document

9/11/2014 1 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 2 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 1

9/11/2014 Agenda: • Types of Fraud • Things you can do internally • Things that companies can do • Services Provided by the Bank 3 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR “Because that is where the money is.” 4 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 2

9/11/2014 Checks Credit Cards ACH (Debits / Credits) Wire Transfers 5 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR 2014 AFP Payments Fraud Survey, And the survey say? 6 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR 3

9/11/2014 Percentage of Organizations Subject to Attempted or Actual Payments Fraud in 2013 Source: 2014 AFP Payment Fraud and Control Survey. 7 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR Losses are significant Fraud Losses 17% 39% < $25,000 $25,000 ‐ $249,999 37% > $250,000 Source: 2014 AFP Payments Fraud and Control Survey 8 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 4

9/11/2014 Check Fraud Counterfeit Checks  What is a counterfeit check?  Ways to prevent counterfeit checks. Check Washing  What is check washing?  Ways to prevent 9 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR COMPANY RESPONSIBILITIES UNDER THE UCC UCC Revisions now define responsibilities for check issuers and paying banks under the term ordinary care. Under Sections 3 ‐ 403(a) and 4 ‐ 401(a), a bank can charge items against a customer's account only if they are "properly payable" and the check is signed by an authorized individual. However, if a signature is forged, the corporate account may be liable if one of the following exceptions applies: According to UCC Section 3 ‐ 103(7), ordinary care requires account holders to follow "reasonable commercial standards" prevailing in the area for their industry or business. Under 3 ‐ 406, if they fail to exercise ordinary care, they may be restricted from seeking restitution from the payee bank if their own failures contributed to a forged check signature or an alteration ‐ (for example, raising a check amount from $50 to $5000). Section 4 ‐ 406 also requires customers to reconcile their bank statements within a reasonable time to detect unauthorized checks. This typically means reconciling statements as soon as they are received. The concept of comparative fault ‐ Sections 3 ‐ 406(b) and 4 ‐ 406(e) ‐ can shift liability to the check issuer. If both the bank and corporate account holder have failed to exercise ordinary care, a loss can be allocated based upon the extent that each party's failure contributed to the loss. Since banks are not required to physically examine every check, companies may be held liable for all or a substantial portion of any given loss ‐ even if the bank did not verify the signature on a fraudulent check. 10 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR 5

9/11/2014 Credit Card / Check Card Fraud  What is check card (Debit Card) Fraud?  Ways to prevent:  Keep your card safe  Only use safe/secure websites  Do not give out your PIN  Monitor use of your card  Monitor activity regularly  Restrict usage  Dollar  Types of purchases 11 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR Wire Fraud ( Domestic & International )  What is wire fraud?  Ways to prevent ‐ Internal controls ‐ Dual control ‐ Segregation of duties ‐ Review transactions What is ACH fraud? 12 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR 6

9/11/2014 Timing is Essential • Businesses must return ACH transactions within 24 hours • Check transactions should be returned same day • Online transactions are often real time • Review bank balances and transactions DAILY 13 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR PHISHING AND MALWARE What is PHISHING and Malware? 14 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 7

9/11/2014 Is this Phishing? *No fish were harmed in the making and taking of this picture. They were all eaten… 15 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR Phishing Email Example: 16 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 8

9/11/2014 Example: Phishing Website 17 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR Total Estimated Losses in the United States from Phishing Total Estimated Loses from Phishing: $254 million Percentage of global Phishing attack volume: 52% 18 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 9

9/11/2014 Fraud protection services from Banks. California Bank & Trust 19 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR Measures Banks Have in Place • Phishing detection and takedown services – services that identify phishing sites and take action to limit access. • Threat intelligence – tools and services for the collection and analysis of suspicious activity from online customers to detect potential malware infection. • Transaction monitoring and profiling – methods and tools to determine the risk of a given transaction based on analysis of that transaction against the customer’s transaction behavior profile. • Working with the FBI, Secret Service, ATF, Interpol, & Local Law Enforcement Authorities. 20 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR 10

9/11/2014 What Your Bank Can Do? Online Banking Solution: Security tokens required at time of transaction, reducing wire and ACH fraud attempts • Monitor user behavior based on location • Secure transmissions with encryption • Firewalls and Virus Protection (internal) • Challenge response questions • Automatic sign ‐ off (no activity) 21 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR What Your Bank Can Do? Anti ‐ Phishing Initiatives: • Contract with a security company to monitor and remove fraudulent Websites • Use services to help prevent account hijacking • Security awareness training for customers and front ‐ line employees 22 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR 11

9/11/2014 Things You and Company can Do 23 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR How Do I Protect My Business? • Computer system and security software up to date • Personal firewall in place for broadband Internet connection • Use secure sites for online transactions • Request paperless statements for your bank accounts • Periodically obtain &review credit reports to check for fraudulent activity • Look for skimmers 24 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR 12

9/11/2014 How Do I Protect My Business? • Use secure sites for online transactions • Do not use public “hot spots” for online transactions • Passwords and PINs include numbers and special characters • Reconcile all banking transactions on a daily basis • Change the password a few times each year • Delete incoming email requesting personal information or providing web site links 25 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR How Do I Protect My Business? • Use secure sites for online transactions • Do not use public “hot spots” for online transactions • Passwords and PINs include numbers and special characters • Reconcile all banking transactions on a daily basis • Change the password a few times each year • Delete incoming email requesting personal information or providing web site links 26 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 13

9/11/2014 How Do I Protect My Business? • Avoid using an automatic login features that save usernames and passwords for online banking • Never give out personal information over the phone, especially if you did not initiate the call • Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer • Immediately escalate any suspicious transactions to your bank. Immediate escalation may prevent further losses 27 2014 FALL CONFERENCE 2014 FALL CONFERENCE & TRAINING SEMINAR & TRAINING SEMINAR Protect My Business from Social Networking • Train your employees to recognize scams • Keep your employees updated on the latest threats • Always update your software • Keep antivirus on the PC and patched at all times • Keep track of which websites your employees are visiting • Leverage malware protection tools such as Trusteer Rapport, offered free of cost by California Bank & Trust. 28 2014 FALL 2014 FALL CONFERENCE CONFERENCE & TRAINING & TRAINING SEMINAR SEMINAR 14