CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud

Size: px
Start display at page:

Download "CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud"

Transcription

1 CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud Presented by Tom Garcia President / CEO InfoSight, Inc InfoSight

2 What we ll cover today 1. The MFA & NACHA Guidance 2. Developing & implementing your program 3. How to make compliance profitable 4. Managing higher-risk commercial clients 5. Available Resources to assist

3 The FFIEC Guidance Supplement Effective 1/1/2012 On June 28th, 2011 the Federal Financial Institutions Examination Council FFIEC) released a supplement to the 2005 Authentication in an Internet Banking) Environment guidance that describes the measures financial institutions should take to protect Internet banking customers from online fraud. When was Reg-E enacted? 1978

4 Customer Awareness & Education 2005 Guidance the first supplement 1. Implement a customer awareness program & evaluate its effectiveness 2. Track the number of statement stuffers or other direct mail communications 3. Track the number of customers who report fraudulent attempts to obtain their authentication credentials 4. Track the dollar amount of losses relating to identity theft, etc. 5. Track the number of clicks on information security links on websites

5 2011 Guidance Customer Awareness & Education A financial institution s customer awareness & education efforts should address both retail and commercial account holders and, at a minimum: 1. Explain account holder protections relating to electronic funds transfers. 2. Explain under what circumstances, if any, you would contact a customer to request their electronic banking credentials. 3. Suggest to your commercial online banking customers that they periodically perform a risk assessment and controls evaluation. 4. Provide customers with a listing of institutional contacts for security-related events. When is the best time to tell them? At Enrollment!

6 2005 vs Some observations The 2011 guidance clearly delineates between the risks associated with consumer vs. business banking. The 2005 guidance did not do this and many in the industry assumed it was mainly directed towards consumer accounts. It gives good guidance on considerations for updating risk assessments, and what environmental and customer changes to take into account when doing so. It emphasizes a risk-based approach where controls are strengthened as risk increases It is an Awareness Continuum and requires adjusting to the changes risks posed by Cybercriminals. It recommends that financial institutions take the lead in providing resources where alternative risk control mechanisms can be found, so customers can mitigate their own risk.

7 Three Key Elements Risk Assessments Layered Security & Anomaly Detection Customer Education & Awareness

8 Additional notable key points of the guidance The Guidance applies both Commercial and Retail Customers It applies to both In-house and 3 rd party Service Providers It applies to all Financial Institutions (FI) The principles really apply to all forms of electronic banking FIs are expected to conduct their own risk assessments and to adjust layered security controls in response to their unique risks Risk Assessments must consider some new factors, such as customer type, transaction capabilities, sensitivity of information and transaction volume The selection and use of authentication technologies and methods should depend upon the results of the Risk Assessment Process FI s should create awareness and educate customers as a key defense against fraud and ID theft FI s must have Layered Security, Anomaly Detection and Enhanced Controls Since the controls necessary to comply are to some extent a subjective judgment that must be made by the FI, so we might conclude, it s Descriptive, but not prescriptive.

9 The NACHA ACH Security Framework Update

10 Developing & Implementing an effective Program

11 Some questions to get started

12 Three avenues to security awareness What s the difference? AWARENESS TRAINING EDUCATION Attribute: What How Why Level: Information Knowledge Insight Objective: Recognition Skill Understanding Learning is a continuum; it starts with awareness, builds to training, and evolves into education.

13 What makes an effective program? A successful security awareness program consists of: 1. Developing IT security policies that consider business needs, but are tempered by known security threats and in compliance with regulatory guidelines. 2. Informing users of their online responsibilities, as documented in security policies & procedures. 3. Delivery of the materials cross-channel in an effective manner. 4. Establishing processes for monitoring & reviewing the program s effectiveness. The time it takes an individual to review an awareness presentation may be the difference between a secure organization & a multimillion dollar breach of security.

14 Some questions to consider Key questions to help determine the scope of your ISA program What awareness, training, and/or education is needed? What ebanking products do we offer? Do I focus more on commercial or consumer customers? Do I need a different program for High, Moderate &/or Low Risk Customers? How many customers will I be training? What training channels are most effective & efficient?

15 Involve key functional areas when practical It s crucial that everyone understands they have a responsibility for information security awareness and training. Information Security Officer (ISO) ebanking Manager Treasury Management IT Department Front-line employees Executive Management Failure to pay attention to information security puts an organization at great risk because security is as much a human issue as it is a technology issue.

16 Identify your audience Who do you hope will attend? Identifying who you re talking to helps you to address their specific concerns in and banking activities. Content and delivery can differ greatly between consumer and commercial customers. Commercial mobile business banking security, wire transfers, best practices for remote workers Consumer online banking security, phishing scams, identity-theft

17 Developing the program material Once the awareness and training program has been designed, supporting material can be developed. Material should be developed with the following in mind: What behavior do we want to reinforce? What do we want the audience to learn and apply? An awareness and training program can be effective, only if the material is interesting and current. Attendees will pay attention and incorporate what they see or hear in a session if they feel that the material was developed specifically for them.

18 Program material topics Awareness material can be developed using one theme at a time or created by combining a number of themes or messages. The education is designed to create awareness of specific risks and threats, including the actions required to prevent and remedy security issues. Frontline defense: Passwords Security awareness: Being diligent Defense against online threats Avoiding malware Advanced malware: Trojan horses, etc. Safe social networking ACH & Wire Fraud Corporate Account Takeover Defense against social engineering Phishing, spyware & other wares to be aware of Cyber security & incident response essentials Get smart about identity theft Smartphone security Mobile device & laptop security Safe online shopping Secure Transactions Hackers tricks of the trade & what to watch for Encryption: what it is & why it s necessary Safe Internet surfing Sharing information Understanding cybercrime Mission-critical security Safe data backup and secure storage AND MUCH MORE! Do you have the resources to develop your own content?

19 How to deliver the awareness material 1. Ease of use: (e.g., easy to access and easy to update/maintain) 2. Scalability: (e.g., can be used for various audience sizes and in various locations) 3. Direct communications: (e.g., s, memos, computer based training, etc.) 4. Indirect communications: (e.g., posters, intranet, brochures, etc.) Website content Statement stuffers Newsletters Monthly themed ISA tips Onsite security awareness workshops Educational webinars Web-based ISA training courses ISA Posters & branch collaterals Screensavers, tips, alert messages On-hold scripts & ATM digital messages Company-wide messages Security Awareness Days Shred Events Awards programs Videos & games

20 How to monitor the program Monitoring Compliance: Once the program has been implemented, processes must be put in place to monitor compliance and program effectiveness. Track the number of attendees at awareness sessions Track the number of people trained on a particular topic Track the number of people yet to attend awareness and training sessions Compare the number of security incidents reported before & after the program What other benefit does monitoring have besides compliance reporting? Protection during litigation!

21 Steps to planning your ISA program 1. Identify Program Scope, Goals & Objectives Scope to provide training to both types of customers Goal to protect customers by increasing security awareness 2. Involving Management & Employees All employees need to be aware of the of the losses that security awareness can reduce Employees need to comprehend the value of educating customers and be familiar with content 3. Identify Target Audiences Segment audiences according to type of customer 4. Implementing the Program Include efforts to achieve high visibility of the program Methods used deliver the message to the audience Consider the frequency of training 5. Monitoring the Program Track the trends Observe how well customers follow security procedures Monitor the number & kind of security incidents reported before & after the program 6. Evaluation & Feedback Keep abreast of changes in technology & security requirements Obtain feedback from audiences

22 The Customer Experience is key! Security Usability Cost Your customers need to understand that security is as much their responsibility as it is yours.

23 How do you make Compliance Profitable?

24 Profitable compliance in action Develop Customer Security Awareness Program Create new revenue opportunities like cyber crime coverage Acquire content for your website & branch collaterals, newsletters, s, etc. Drive new product adoption & social media initiatives Conduct commercial customer security workshops Create cross-sales & new client onboarding opportunities

25 InfoSight s Customer Awareness Program Engage your customers in onsite workshops Have a call to action! Partner with a subject matter expert Prepare your customer list Determine how you will invite customers Use InfoSight s template Provide a meal or snacks Distribute audience handouts Invite your staff

26 InfoSight s Customer Awareness Program Live and/or pre-recorded webinars templates provided

27 InfoSight s Customer Awareness Program Provide short videos with ISA tips

28 InfoSight s Customer Awareness Program Newsletters & Branch Collaterals

29 InfoSight s Customer Awareness Program & Social Media Campaigns

30 InfoSight s Customer Awareness Program Educate your customers with short ISA articles Sample topics: Understanding cybercrime What is malware? ID Theft & tax filing tips Making secure online transactions Payment card security How to create a strong password Beware of spyware Password protect your flash drive The social engineering con game Securing your home network Avoiding Facebook scams What are you sharing online? And more!

31 InfoSight s Customer Awareness Program Support your program with print collaterals Statement Stuffers Posters

32 Polls & Surveys InfoSight s Customer Awareness Program Top 5 Smartphone Security Concerns

33 InfoSight s Customer Awareness Program Engage your customers with interactive games

34 For your customers MySecurityAwareness.com Educational resources for: 1. Your commercial customers And their staff 2. Your retail customers And their family (youth & kids) 3. Your employees Monthly Security Theme Downloadable Security Tools Videos, games, quizzes, and more!

35 Designed for your commercial & retail customers For Business For Consumers

36 An effective awareness program checks all 3 boxes! Compliance Security Sales Opportunities

37 Benefits of InfoSight s Customer Security Awareness Program 1. Create cross-sales and new-sales opportunities by conducting security workshops. 2. Drive new product adoption such as mobile and/or Cash Management Services. 3. Create new recurring revenue by selling products such as Cyber-Crime Insurance. 4. Onboarding of new prospective relationships with larger commercial clients by selectively inviting prospects. 5. Integrate with existing Social Media initiatives and/or assist in future efforts. 6. Instill confidence in your customers that doing business with your financial institution electronically is safe. 7. Reduce liability & the risk of litigation InfoSight s CSAP is turnkey offering both full and self-service programs!

38 A consideration for higher risk commercial customers

39 CSAP Commercial Delivery Portal Login Page Customizable! Puts you in control by providing an interface that s branded with your logo Use your logo and colors to Brand it!

40 Welcome page Customer security awareness training portal Update headlines and messages at anytime or schedule them in advanced Customize and change your message at any time

41 CSAP Commercial Delivery Portal Policies Use the online Policy Repository to provide centralized access and distribution of policies and updates.

42 CSAP Commercial Delivery Portal Course Folders Courseware is divided into smaller courses so they can be completed in one sitting enabling the student to retain more information.

43 CSAP Commercial Delivery Portal Document Library The online Document Library can act as your own Document Sharing Solution!

44 CSAP Commercial Delivery Portal Reports

45 Additional Features CSAP Commercial Delivery Portal Features Unique features make this training solution like none you ve ever seen. 1. Institution-branded portal - include your logo and corporate colors 2. Trackable Policy Acceptance - acquire and track signatures of policy acceptance in digital format or in writing, where necessary 3. Online Document Library - host all your documents in one accessible and centralized location including manuals, policies, procedures, HR forms, DR and emergency contact lists, etc. 4. Compliance Tracking & Reporting - by regulation, student, policy, course 5. Customizable & Automated Messaging System - notify employees of FDIC fraud alerts, IT service alerts, customer service improvement measures, health and benefit plan updates, or other internal communications or events 6. Acts as your own intranet - use it for more than just training purposes 7. Effortless Administration Controls 8. Host your own course material too

46 Online Risk Assessment

47 What we covered today 1. The MFA & NACHA Guidance 2. Developing & implementing your program 3. How to make compliance profitable 4. Managing higher-risk commercial clients 5. Available Resources to assist

48 Some Takeaways Remember that the guidance isn t optional Take a proactive approach Do what you know you have to do now Don t solely focus on compliance Technology alone is not the answer Policy driven controls are also a big part of the puzzle Focus on prevention, not just detection Train staff to ensure they understand the controls Educating customers on How not to become a victim which can be the greatest protection

49 So how can InfoSight help? MFA & ebanking Security Reviews & Risk Assessments Pre-implementation Enrollment Technology Operational Controls Customer Awareness Program ebanking Risk Assessment Gap Analysis Penetration Testing & Vulnerability Assessments Virtual ISO Mentoring Programs Turnkey Customer Awareness Program CSAP Portal

50 InfoSight s Starter Toolkit Thank you for attending! Request the free toolkit to help you get started: wtgarcia Customer Security Awareness Program Toolkit +InfoSightInc

FAQs on the Customer Security Awareness Program (CSAP)

FAQs on the Customer Security Awareness Program (CSAP) FAQs on the Customer Security Awareness Program (CSAP) About the program: 1. How does this security awareness program differ from other programs on the market? 2. What does the Customer Security Awareness

More information

FFIEC Authentication Guidance Examination in 2012: Are You Prepared?

FFIEC Authentication Guidance Examination in 2012: Are You Prepared? FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Areas of Continuity, Change, and Emphasis The Knowledge Congress LIVE Webcast March 8, 2012 Andrew Lorentz Partner, Washington, D.C.

More information

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,

More information

Best Practices: Reducing the Risks of Corporate Account Takeovers

Best Practices: Reducing the Risks of Corporate Account Takeovers Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

Grow Your Business with Email and Social Media

Grow Your Business with Email and Social Media Grow Your Business with Email and Social Media Simple Marketing Strategies for Small Businesses and Nonprofits Constant Contact 2015 Welcome Rebecca Esparza, MBA Authorized Local Expert, Constant Contact

More information

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Jim Bray, Cyber Security Adviser InfoSight, Inc. Best Practices for protecting patient data Training and education is your best defense! Presented by Jim Bray, Cyber Security Adviser InfoSight, Inc. 2014 InfoSight Cyber Security starts with education

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Cybersecurity Best Practices

Cybersecurity Best Practices Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Top 10 Tips to Keep Your Small Business Safe

Top 10 Tips to Keep Your Small Business Safe Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Are All High-Risk Transactions Created Equal?

Are All High-Risk Transactions Created Equal? Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance

More information

Online Cash Management Security: Beyond the User Login

Online Cash Management Security: Beyond the User Login Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

ACI SELF-SERVICE BANKING

ACI SELF-SERVICE BANKING DELIVERS CONTROL, CHOICE AND FLEXIBILITY PRODUCT FLYER ACI SELF-SERVICE BANKING SINGLE INTEGRATED PLATFORM FOR ONLINE, MOBILE AND VOICE EXTENSIBLE REAL-TIME CONSUMER AND BUSINESS TRANSACTIONS AND PAYMENTS

More information

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners Understanding It s Me 247 Security A Guide for our Credit Union Clients and Owners October 2, 2014 It s Me 247 Security Review CU*Answers is committed to the protection of you and your members. CU*Answers

More information

IT Security Risks & Trends

IT Security Risks & Trends IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health

More information

Top Fraud Trends Facing Financial Institutions

Top Fraud Trends Facing Financial Institutions Top Fraud Trends Facing Financial Institutions Presented on: October 7, 2015, 2-3 ET Presented by: Ann Davidson - VP of Risk Consulting at Allied Solutions Webinar Agenda 1. Fraud trends in 2015 and beyond

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Security Bank of California Internet Banking Security Awareness

Security Bank of California Internet Banking Security Awareness Security Bank of California Internet Banking Security Awareness INTRODUCTION Fraudsters are using increasingly sophisticated and malicious techniques to thwart existing authentication controls and gain

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

電 子 銀 行 風 險 - 認 證 與 核 實. Fraud Risk Management The Past and the Future 欺 詐 風 險 管 理 - 過 去 與 未 來

電 子 銀 行 風 險 - 認 證 與 核 實. Fraud Risk Management The Past and the Future 欺 詐 風 險 管 理 - 過 去 與 未 來 Hong Kong Clean PC Day 2009 Seminar 25 th November 2009 Protection from e-banking Threats Authentication & Verification 電 子 銀 行 風 險 - 認 證 與 核 實 Florence Tam Chairman,e-Banking Working Group, HKAB Senior

More information

Supplement to Authentication in an Internet Banking Environment

Supplement to Authentication in an Internet Banking Environment Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in

More information

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

Grow Your Business with Email and Social Media Simple Marketing Strategies for Small Businesses and Nonprofits. Constant Contact 2015

Grow Your Business with Email and Social Media Simple Marketing Strategies for Small Businesses and Nonprofits. Constant Contact 2015 Grow Your Business with Email and Social Media Simple Marketing Strategies for Small Businesses and Nonprofits Constant Contact 2015 Grow with Constant Contact All the channels that matter. Email. Mobile.

More information

CSF Designer. Complete Customer Communication

CSF Designer. Complete Customer Communication CSF Designer Complete Customer Communication Your relationship with your customers is only as strong as the last interaction you had with them. Maybe it was face to face the ideal opportunity to do business.

More information

Identity Protection Guide. The more you know, the better you can protect yourself.

Identity Protection Guide. The more you know, the better you can protect yourself. Identity Protection Guide The more you know, the better you can protect yourself. Be Aware According to a 2012 report, identity theft is one of the fastest growing crimes in America 1 and it can have serious

More information

How To Help Protect Yourself From Identity Theft

How To Help Protect Yourself From Identity Theft How To Help Protect Yourself From Identity Theft January 20, 2015 Bryan Strong Senior Vice President and Director Information Security This complimentary interactive webinar is sponsored by Zions Bank

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

An IBA Preferred Service Provider CISSPs, CISAs, CISMs, CRISCs, CPAs The Customer Awareness Control. my.infotex.com Page 1 of 12

An IBA Preferred Service Provider CISSPs, CISAs, CISMs, CRISCs, CPAs The Customer Awareness Control. my.infotex.com Page 1 of 12 my.infotex.com Page 1 of 12 Executive Summary: Within the context of your existing Awareness Training Program, the new FFIEC Supplement requires that you focus on customer awareness controls. Meanwhile,

More information

ACI Response to FFIEC Guidance

ACI Response to FFIEC Guidance ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches. Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown

More information

Information Security Field Guide to Identifying Phishing and Scams

Information Security Field Guide to Identifying Phishing and Scams Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting

More information

Oakland Family Services Information Breach FAQs

Oakland Family Services Information Breach FAQs Oakland Family Services Information Breach FAQs 1. What happened? An unauthorized individual remotely gained access to the email account of one Oakland Family Services employee July 14, 2015 resulting

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool

ICBA Summary of FFIEC Cybersecurity Assessment Tool ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary

More information

Corporate Account Takeover & Information Security Awareness. Customer Training

Corporate Account Takeover & Information Security Awareness. Customer Training Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN

More information

FFIEC BUSINESS ACCOUNT GUIDANCE

FFIEC BUSINESS ACCOUNT GUIDANCE FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds

More information

Online Banking Risks efraud: Hands off my Account!

Online Banking Risks efraud: Hands off my Account! Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary

More information

Keep Your Business Banking

Keep Your Business Banking Keep Your Business Banking Safe in the Digital Age By Erin Fonté As a business executive, you have many choices in conducting banking activities, including online and mobile banking options. But with increasing

More information

How One Smart Phone Picture Can Take Down Your Company

How One Smart Phone Picture Can Take Down Your Company SESSION ID: HUM-R04 How One Smart Phone Picture Can Take Down Your Company Dr. Larry Ponemon Chairman and Founder Ponemon Institute @Ponemon Have You Ever Felt Wandering Eyes Over Your Shoulder? Username:

More information

WHITE PAPER Moving Beyond the FFIEC Guidelines

WHITE PAPER Moving Beyond the FFIEC Guidelines WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device

More information

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group Cyber Security Breakout Session Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group December 2014 Disclaimer: The material in this presentation

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

More information

2015 Information Security Awareness Catalogue

2015 Information Security Awareness Catalogue Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

Information Security Awareness

Information Security Awareness Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved.

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved. (Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY Company Policies Security Awareness Program Purposes Integrate Define Feedback Activities Elicit Implement Employees

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Five Trends to Track in E-Commerce Fraud

Five Trends to Track in E-Commerce Fraud Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other

More information

What Directors need to know about Cybersecurity?

What Directors need to know about Cybersecurity? What Directors need to know about Cybersecurity? W HAT I S C YBERSECURITY? PRESENTED BY: UTAH BANKERS ASSOCIATION AND JON WALDMAN PARTNER, SENIOR IS CONSULTANT - SBS 1 Contact Information Jon Waldman Partner,

More information

2 0 1 4 F G F O A A N N U A L C O N F E R E N C E

2 0 1 4 F G F O A A N N U A L C O N F E R E N C E I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,

More information

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices

More information

Engaging Agents in Joint Marketing Initiatives

Engaging Agents in Joint Marketing Initiatives Engaging Agents in Joint Marketing Initiatives How Insurance Companies can Increase Sales and Improve Results by Kandi O Connor President, MarketHUB+ Executive summary The disconnect between insurance

More information

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention

More information

Preventing Corporate Account Takeover Fraud

Preventing Corporate Account Takeover Fraud Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions

More information

2009 Intuit, Inc. All rights reserved. Intuit. Solution Provider Member Guide August 2009

2009 Intuit, Inc. All rights reserved. Intuit. Solution Provider Member Guide August 2009 2009 Intuit, Inc. All rights reserved. Intuit Solution Provider Member Guide August 2009 Intuit is committed to providing our Solution Providers with customized business management solutions, programs

More information

McAfee S DO s AnD DOn ts Of Online Shopping

McAfee S DO s AnD DOn ts Of Online Shopping McAfee s Do s and don ts OF Online Shopping Table of Contents Foreword by Parry Aftab, 3 Online Safety Expert Online Shopping: The Real Deal 4 The DO s and DON Ts 5 Summary 17 Resources 18 Happy Online

More information

Managing Brands for Maximum Profit: A Guide to Brand Asset Management Solutions

Managing Brands for Maximum Profit: A Guide to Brand Asset Management Solutions Managing Brands for Maximum Profit: A Guide to Brand Asset Management Solutions Managing Brands for Maximum Profit executive summary In today s competitive global marketplace, enterprise brand managers

More information

Online Banking Fraud Prevention Recommendations and Best Practices

Online Banking Fraud Prevention Recommendations and Best Practices Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know

More information

Commercial Online Banking Frequently Asked Questions Bryn Mawr Trust Company

Commercial Online Banking Frequently Asked Questions Bryn Mawr Trust Company Commercial Online Banking Frequently Asked Questions Bryn Mawr Trust Company Bryn Mawr Trust Company August 2015 Page 1 of 9 CONTENTS Contents... 2 IMPORTANT NEWS!... 3 Fees and Enrollment... 3 Q&A: Commercial

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

Business Online Banking & Bill Pay Guide to Getting Started

Business Online Banking & Bill Pay Guide to Getting Started Business Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Business Online Banking. Whether you re

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Protect Yourself. Who is asking? What information are they asking for? Why do they need it? Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary

More information

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures

More information

Cybersecurity A Clear and Present Danger

Cybersecurity A Clear and Present Danger Cybersecurity A Clear and Present Danger Thomas J. DeMayo, CISSP, CISA, CIPP, CEH, CHFI, MCSE Director IT Audit and Consulting Services TDeMayo@odpkf.com Objectives Gain an understanding of current cyber

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan

More information

Welcome 10/16/2015. Connect With Your Customers And Grow Your Practice Simple Marketing Strategies for Audiologists and Speech Language Pathologists

Welcome 10/16/2015. Connect With Your Customers And Grow Your Practice Simple Marketing Strategies for Audiologists and Speech Language Pathologists Welcome Constant Contact 2015 Connect With Your Customers And Grow Your Practice Simple Marketing Strategies for Audiologists and Speech Language Pathologists Constant Contact 2015 Ken Fehner Owner- The

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

Analytics, Big Data, & Threat Intelligence: How Security is Transforming

Analytics, Big Data, & Threat Intelligence: How Security is Transforming Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1 Presentation Overview The Largest Threat How Can Big Data

More information

Questions You Should be Asking NOW to Protect Your Business!

Questions You Should be Asking NOW to Protect Your Business! Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

Presented By: Corporate Security Information Security Treasury Management

Presented By: Corporate Security Information Security Treasury Management Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical

More information

Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks. September 16, 2015

Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks. September 16, 2015 Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks September 16, 2015 Current Cyber Threat Cyber criminals are not only targeting businesses, but individuals Stolen personally identifiable

More information

Product. Retail Online Flexible and Integrated Consumer Online Banking

Product. Retail Online Flexible and Integrated Consumer Online Banking Product Retail Online Flexible and Integrated Consumer Online Banking helps you attract new customers and build profitable relationships with them. Offer customers real-time information and advanced functionality

More information

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Estimated time: 45 minutes Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Overview: Students learn strategies for guarding against

More information

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What

More information

E-Banking Regulatory Update

E-Banking Regulatory Update E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org

More information