Are All High-Risk Transactions Created Equal?
|
|
- Harold Daniels
- 8 years ago
- Views:
Transcription
1 Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight
2 Agenda New Supplement to FFIEC Guidance Key Points; Intelligent Layering High-Risk Transactions Letter vs. Spirit of the Law The Truth about Santa & Remote Deposit Fraud Risk From the Horse s Mouth (Regulators/Examiners) The Bottom Line on High-Risk and Compliance What to Do Next Payments Risk Assessment; Rating Transaction Type Risk Tying Risk Ratings to Proper Controls/Layers 2 January 27, 2012
3 Supplement to FFIEC Guidance 3
4 FFIEC Guidance Documents August 2001 Authentication in an Internet Banking Environment October 2005 Auth. in an Internet Banking Environment Update January 2009 Risk Management of Remote Deposit Capture June 2011 Supplement to Auth. in Internet Banking Environment 4
5 5 Key Points Banks must: Perform periodic risk assessments Educate customers about fraud Implement layered security systems (intelligently) Mitigate fraud risks related to high risk transactions High risk transactions: Carry non-public personal information or move funds Risk and remote deposit capture Technically, remote deposit items are high risk transactions Examiners see RD as less risky than ACH credits and wires Your response must be based on your assessment!
6 High-Risk Transactions
7 electronic transactions involving access to customer information or the movement of funds to other parties. 7
8 Can you think of an electronic transaction that doesn t involve access to customer information or the movement of funds to other parties? 8
9 High-Risk Defined electronic transactions involving access to customer information or the movement of funds to other parties. More customers are conducting online transactions Not every online transaction poses same level of risk Banks should implement more robust controls as the risk level of the transaction increases
10 High-Risk vs. Higher-Risk electronic transactions involving access to customer information or the movement of funds to other parties. All on-line transactions defined as high-risk, but some higher than others Should NOT be based solely on retail vs. business Reg E apply? Retail transactions carry higher risk of loss to the bank (regulatory) Commercial accounts not covered, but still carry greater risk financial loss (legal) Focus on frequency and dollar amounts
11 The Truth About RDC Fraud Risk 11 January 27, 2012
12 The Truth about Remote Deposit Risk While over 13% of checks are remotely deposited, RDC items comprise only.01% of check fraud reported to FinCen between 2005 and There were no real differences in the various fraud and money laundering schemes perpetrated through the RDC check deposit channel when compared with the check deposits completed through more traditional means. Overall, RDC-related filings have been minimal, and they comprise a miniscule portion of all checkrelated bank SARs. 12
13 A Framework for Layered Security 13
14 14 Layered Security According to the guidance, layered security is: Multiple fraud prevention measures Placed at different points in the transaction process Deployed in a manner so that weaknesses in one measure will be compensated for by other measures To understand layered security, must understand how three components interact: The transaction process Threat categories Security measures
15 The Transaction Process These steps are required to create/process transactions: 1. A user logs in 2. The user submits/authorizes one or more transactions 3. The financial institution reviews and processes the transactions The FFIEC also includes administration activities, like setting up users and configuring the system Together, these steps make up the transaction process These steps are the layers on which your security measures will be deployed 15
16 Threat Categories Account Takeover Fraud committed by external users who gain access to the system with credentials stolen via phishing, malware, social engineering, etc. Trusted Entity Theft Fraud committed by legitimate users (FI employees, merchants, merchant employees, consumers) who go bad Session Manipulation Fraud committed by users or programs that hijack legitimate user sessions and/or modify session data Includes Man-in-the-Middle (MIM) and Man-in-the-Browser (MIB) attacks 16
17 Threats: Man-in-the-Middle (MITM) Normally, user connects via Internet to online site In MITM, fraudsters set up as a proxy in order to: Steal credentials for use in future account takeover Hijack user s session to create their own parallel session Manipulate transaction data sent in the legitimate session 17
18 Threats: Man-in-the-Browser (MITB) During a Man-in-the-Browser (MITB) attack, malware installed in the user s browser may: Steal credentials and deliver them to the fraudster for later use in account takeover attacks Capture data that allows launch of parallel session Manipulate RT/Account Number data during the session Malware 18
19 Why Are MITM & MITB So Dangerous? MITM and MITB can defeat: One Time Password Tokens Browser Cookie Picture or Text on Website IP Geo-location Device Fingerprinting Phone or Out-of-Band Authentication Virtual Keyboard Knowledge-Based Authentication
20 Threats and the Transaction Process Each type of threat attacks one or more points in the transaction process Your risk assessment should identify how threats attack the process used by each type of transaction This will dictate how security should be deployed Account Takeover Trusted Entity Theft Session Manipulation 20
21 Security Measures MFA: Adaptive Authentication/Tokens IP Address Whitelisting Day/Time Controls Security Alerts New Recipient Validation Merchant Velocity/ Daily Amount Limits User Permissions and Limits Dual Control Duplicate Detection Keying/Balancing Transaction Monitoring with Anomaly Detection History/Reporting Transaction Review Payments Dashboard Processing Alerts 21
22 Example: ACH Account Takeover Transaction Type: ACH MFA: Adaptive Authentication/Tokens Environment Protection IP Address Whitelisting Day/Time Controls New Recipient Validation Merchant Velocity/ Daily Amount Limits User Permissions and Limits Dual Control Processing Alerts Transaction Monitoring with Anomaly Detection History/Reporting Transaction Review Payments Dashboard 22 Account Takeover
23 Example: Trusted Entity Theft Transaction Type: Remote Deposit Merchant Velocity/ Daily Amount Limits Duplicate Detection Dual Control Transaction Monitoring with Anomaly Detection History/Reporting Transaction Review Payments Dashboard Keying/Balancing Processing Alerts 23 Trusted Entity Theft
24 A Layered Security Ex.: Session Manipulation Transaction Type: ACH Environment Protection IP Address Whitelisting New Recipient Validation Merchant Velocity/ Daily Amount Limits User Permissions and Limits Dual Control Processing Alerts (ACH Client) Transaction Monitoring with Anomaly Detection History/Reporting (Merchant Portal) Transaction Review (ACH Client) SmartSight (Merchant Portal) 24 Session Manipulation
25 Layered Security: Administrative Transaction Monitoring with Anomaly Detection MFA: Tokens Dual Control Security Alerts 25 Account Takeover Trusted Entity Theft Session Manipulation
26 A Framework for Layered Security Using this approach, banks can demonstrate how their security measures combat each type of fraud for each type of transaction 26
27 From the Horse s Mouth 27
28
29 29 Examiner Ex Cathedra (What He Said) RDC transactions are not as high risk as ACH/Wires. Bank s payments risk assessment and customer education are key to rigor of exam. Examiners will key off the assessment (even if the assessment is wrong and classifies all transactions as equally high risk. Banks can make case that certain low-volume ACH/Wire customers could be considered moderate risk if transaction limits/ceilings in place and those ceilings are commensurate with the FI s risk tolerance (size of bank, capital strength, liquidity, assets, etc.). For small banks with very limited numbers of payments customers, examiner recommends low-tech authentication on high-risk transactions, e.g., call backs, fax confirmations, even text message confirmations.
30 Examiner Ex Cathedra, cont d To simplify, instead of separate risk assessments for FFIEC, IT, GLBA, RDC, banks should (1) Combine their IT/GLBA assessment into one, and (2) combine RDC, ACH, Wires, and any other payment services into one enterprise-wide payments risk assessment that designates each payment type s risk (high, moderate, low) and justifies the FIs risk tolerance across all (a risk tolerance that should be explicitly approved by the FI s Board). Examiners will not discriminate against one anomaly detection solution over another. If, however, bank experiences fraud in which the anomaly detection in place was circumvented or comprised, the examiner will ask for details and ultimately question the efficacy of that solution going forward. 30
31 Demonstrate that You re Minding the Store 31
32 The Risk Management Process 1. Risk Identification - Identify assets to be protected, or source of risk. To properly identify risks, a bank must recognize and understand existing risks or risks that may arise from new business initiatives. Risk identification should be a continuing process. 2. Risk Assessment - Identify threats and vulnerabilities to assets, evaluate the threat impact, & prioritize. Inherent Risk 3. Risk Management - Apply controls designed to: Avoid/Eliminate Reduce Transfer Retain (acceptable or residual risk) 4. Test, train, re-evaluate
33 Inherent vs. Residual Risk Inherent risk prior to the application of controls Subjective based on objective criteria Must be determined before controls applied Residual Risk after application of controls Acceptable risk Also subjective Should be low, but may actually be high for high-risk customers
34 Risk Sources: Product Capability Basic Account Access Bill Payment Intrabank Transfers Interbank Transfers ACH Origination Wire Transfer Mobile Access Remote Deposit Capture
35 Risk Controls Anomaly Detection and Response (manual or automated) o Volume, Time-of-Day and Dollar Amount Thresholds Dual Authorization / Dual Control Multi-factor Authentication Out-of-Band Verification Positive-Pay, Debit Blocks (white lists) IP Blocks (black lists) Enhanced customer account maintenance controls Manual FI Transaction Approval Customer Education On-site Assessments
36 Demonstrate that You Aren t Complacent (Things Change) 36
37 Evolution of Risk: Remote Deposit Right now, most banks rely on client risk management (eligibility) Difficult to qualify for RDC Pay little attention to deposits once onboarded Mainstreaming RDC will require different approach Easier to qualify for RDC Use deposit monitoring tools to control risk 37
38 Evolution of Remote Deposit Risk, cont d 38
39 The Payments Risk Assessment Jack Henry & Associates, Inc. All Rights Reserved.
40 Right-sizing Risk SOURCE: Gladiator Technology, a ProfitStars Solution For more info: contact Jackie Marshall at (678) ; Or jackie@gladtech.net;
41 Right-sizing Risk, cont d SOURCE: Gladiator Technology, a ProfitStars Solution For more info: contact Jackie Marshall at (678) ; Or jackie@gladtech.net;
42 Right-sizing Risk, cont d
43 Commercial OLB Risk Assessment Likelihood of Occurrence Potential Damage Inherent Risk Residual Risk How likely is this threat to occur (without appropriate security controls in place)? Medium If the threat resulted in a security breach what kind of damage would result? Loss of funds Identity Theft Likelihood of occurrence X Potential Damage Medium Remaining Riskacceptable or unacceptable (unmanaged risk). Explain detail in mitigation strategy. Acceptable Internet Based Financial Transaction Types ACH Transfers, Wire Transfers, Mobile Banking, Remote Deposit Capture Reasonably Foreseeable Internal and External Threats and Vulnerabilities to the Information Asset Cyber criminal attacks such as phishing, social engineering, interception of transaction data, stolen data, resulting in corporate account takeover and identity theft SOURCE: Gladiator Technology, a ProfitStars Solution For more info: contact Jackie Marshall at (678) ; Or jackie@gladtech.net;
44 Commercial OLB Risk Assessment, cont d Controls in place to (P)revent and (D)etect Fraud (P) Business employees educated on use of application(s), IT security standards and best practices, common fraud schemes and procedures for contacting the FI in case of suspected security incident (P) Segregation of Duties; separate approval process; dual control utilizing two separate PCs. (P) (D) Real-time anti-virus and anti-spyware, desktop firewall, malware detection and removal software w/automatic updates and scheduled scans (P) PC not used to surf the web or (P) Procedures for logging off and leaving online banking PC unattended or not in use (P) Spam filters in place and updated (P) Mgr to understand responsibilities and liabilities per account agreement (D) Monitor and reconcile accounts daily (D) Discuss the options offered by the FI to detect or prevent out-of-pattern activity (D) Note any changes in PC performance (D) Pay attention to warnings (D) Be on the alert for rogue s (P) Scanned checks (RDC) retained for 14 days in locked cabinet and then destroyed by cross-cut shredding. Testing Methods, Frequency and Control Issues FI will conduct periodic analysis of the fraud controls via self-assessment or onsite visit Recommendations/Strategy to Mitigate Residual Risk Ex. (P) Dedicated PC utilized for online banking services (not utilized for web browsing, s and social networking SOURCE: Gladiator Technology, a ProfitStars Solution For more info: contact Jackie Marshall at (678) ; Or jackie@gladtech.net;
45 Risk Assessments When? Changes in the internal and external threat environment, or Changes in the customer base adopting electronic banking, or Changes in the customer functionality offered through electronic banking, or Actual incidents of security breaches, identity theft, or fraud experienced by the bank or industry, or At least annually
46
47 Lee Wetherington, AAP
Supplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationSecuring Online Payments in the EPS Merchant and Partner Portals
Securing Online Payments in the EPS Merchant and Partner Portals sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 The Transaction Process 5 Layered
More informationSecuring Online Payments in ACH Client and Remote Deposit Express
Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 The Transaction Process 5 Layered
More informationSecuring Online Payments in ACH Client and Remote Deposit Express
IMAGING & PAYMENTS PROCESSING Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 Layered
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationSecuring Online Payments in the EPS Merchant and Partner Portals
IMAGING & PAYMENTS PROCESSING Securing Online Payments in the EPS Merchant and Partner Portals sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 Layered
More informationGladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT
Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization
More informationFFIEC BUSINESS ACCOUNT GUIDANCE
FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationPayment Fraud and Risk Management
Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationElectronic Fraud Awareness Advisory
Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationOnline Account Takeover. Roger Nettie
Online Account Takeover Roger Nettie CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group 2013 Session Outline Types of attacks Movement of funds Consumer
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationCorporate Account Take Over (CATO) Guide
Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,
More informationThe information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.
The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;
More informationWHITE PAPER Moving Beyond the FFIEC Guidelines
WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationOnline Banking Risks efraud: Hands off my Account!
Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary
More informationFive Trends to Track in E-Commerce Fraud
Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes
More informationFFIEC Authentication Guidance Examination in 2012: Are You Prepared?
FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Areas of Continuity, Change, and Emphasis The Knowledge Congress LIVE Webcast March 8, 2012 Andrew Lorentz Partner, Washington, D.C.
More informationReliance Bank Fraud Prevention Best Practices
Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.
More informationTHE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationMeeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper
Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention
More informationIT Security Risks & Trends
IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health
More informationA Practical Guide to Anomaly Detection
A Practical Guide to Anomaly Detection Implications of meeting new FFIEC minimum expectations for layered security White Paper A Practical Guide to Anomaly Detection: Implications of meeting new FFIEC
More informationCAPITAL PERSPECTIVES DECEMBER 2012
CAPITAL PERSPECTIVES DECEMBER 2012 MITIGATING PAYMENT FRAUD RISK: IT S A WAR ON TWO FRONTS Payment fraud continues to be one of the biggest risk management challenges facing corporate treasury managers
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationInternet Banking Authentication Guidance is Out
Brace Yourself: Updated d FFIEC Internet Banking Authentication Guidance is Out October 13, 2011 Paul Rainbow, Manager David Dyk, Manager 1 The material appearing in this presentation is for informational
More informationTransaction Anomaly Protection Stopping Malware At The Door. White Paper
Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side
More informationecommercial SAT ecommercial Security Awareness Training Version 3.0
ecommercial SAT ecommercial Security Awareness Training Version 3.0 Welcome The goal of this training course is to provide you with the information needed to assist in keeping your online banking account
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationWHITE PAPER Fighting Banking Fraud Without Driving Away Customers
WHITE PAPER Fighting Banking Fraud Without Driving Away Customers Effective Methods for Targeting Cybercrime in Financial Services Table of Contents Introduction 1 Stopping Fraud: One Goal Among Many 2
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationCUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud
CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud Presented by Tom Garcia President / CEO InfoSight, Inc. 2014 InfoSight What we ll cover today 1. The MFA & NACHA
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationSecurityMetrics Vision whitepaper
SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationBusiness Internet Banking / Cash Management Fraud Prevention Best Practices
Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization
More informationROOBA SM. Frequently Asked Questions. Regions Out-of-Band Authentication. It s time to expect more. Regions Bank Member FDIC Revised 041415
ROOBA SM Frequently Asked Questions Regions Out-of-Band Authentication It s time to expect more. Regions Bank Member FDIC Revised 041415 Frequently Asked Questions: ROOBA (Regions Out of Band Authentication)
More informationAlternatives for Managing Commercial Payments Risk
Alternatives for Managing Commercial Payments Risk FDIC Symposium Arlington, VA May 11, 2010 Deborah Shaw Managing Director, Network Enforcement & Risk Management NACHA The Electronic Payments Association
More informationProtecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks
Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks Whitepaper W H I T E P A P E R OVERVIEW Arcot s unmatched authentication expertise and unique technology give organizations
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationBusiness ebanking Fraud Prevention Best Practices
Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special
More informationTHE FFIEC CHALLENGE A Call for Reliable Authentication
THE FFIEC CHALLENGE A Call for Reliable Authentication March 14, 2006 ISACA LOS ANGELES RISK ADVISORY SERVICES INFORMATION RISK MANAGEMENT Agenda The FFIEC Challenge Current/Future Authentication Scenarios
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationTRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness
TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationOnline Banking Fraud Prevention Recommendations and Best Practices
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know
More informationMifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness
Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationSECURING IDENTITIES IN CONSUMER PORTALS
SECURING IDENTITIES IN CONSUMER PORTALS Solution Brief THE CHALLENGE IN SECURING CONSUMER PORTALS TODAY The Bilateral Pull between Security and User Experience As the world becomes increasingly digital,
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationE-Banking Regulatory Update
E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org
More informationPayments Fraud: It's Not Fun & Games
Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationUnderstanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners
Understanding It s Me 247 Security A Guide for our Credit Union Clients and Owners October 2, 2014 It s Me 247 Security Review CU*Answers is committed to the protection of you and your members. CU*Answers
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationInformation Security Awareness
Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation
More informationTop Fraud Trends Facing Financial Institutions
Top Fraud Trends Facing Financial Institutions Presented on: October 7, 2015, 2-3 ET Presented by: Ann Davidson - VP of Risk Consulting at Allied Solutions Webinar Agenda 1. Fraud trends in 2015 and beyond
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationHow To Comply With Ffiec
SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the
More informationPreventing Corporate Account Takeover Fraud
Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions
More informationINTELLIGENCE DRIVEN FRAUD PREVENTION
INTELLIGENCE DRIVEN FRAUD PREVENTION OVERVIEW If you were in business 15 years ago, the term cybercrime was just hitting the mainstream and cyber criminals were transitioning from showing off technical
More informationOnline Cash Manager Security Guide
Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0
More informationPayment Fraud Trends
2013 CliftonLarsonAllen LLP Payment Fraud Trends How to Protect my Business Customers from Payment and Corporate Account Take Over CLAconnect.com CliftonLarsonAllen Started in 1953 with a goal of total
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationBEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS
BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS TABLE OF CONTENTS BEST SECURITY PRACTICES Home banking platforms have been implemented as an ever more efficient 1 channel through for banking transactions.
More information2014 Payments Fraud Survey
2014 Payments Fraud Survey Summary of Consolidated Results Payments Information & Outreach Office Federal Reserve Bank of Minneapolis December 2014 Topics Survey Methodology & Respondent Profile Fraud
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today
More informationWinning the war on cybercrime: Keys to holistic fraud prevention
IBM Software Thought Leadership White Paper December 2013 Winning the war on cybercrime: Keys to holistic fraud prevention To combat growing cyber threats, holistic solutions provide the most accurate
More informationBest Practices in Account Takeover
WHITEPAPER Best Practices in Account Takeover July 2013 2 Table of Contents Introduction 3 Account Takeover is Painful 4 Differences between Account Takeover and Account Compromise 4 Why Account Compromise
More informationGUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationACH AND WIRE FRAUD LOSSES
ACH AND WIRE FRAUD LOSSES Financial Institution Technology Funnel Matthew G. Brenner Date: September 26, 2013 Orlando, Florida www.lowndes-law.com What We Will Cover Why is this important? Who does this
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More information9K: How Technology Can Address Current and Emerging Fraud Risks
9K: How Technology Can Address Current and Emerging Fraud Risks Session Level: Intermediate Tuesday, June 14-1:40-3:00 p.m. This session will explore how organizations are addressing the operational and
More informationCybersecurity A Clear and Present Danger
Cybersecurity A Clear and Present Danger Thomas J. DeMayo, CISSP, CISA, CIPP, CEH, CHFI, MCSE Director IT Audit and Consulting Services TDeMayo@odpkf.com Objectives Gain an understanding of current cyber
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationCLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses
CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses Introduction Clear Lake Bank & Trust Company is committed to protecting your business, personal, and
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationSecurity Bank of California Internet Banking Security Awareness
Security Bank of California Internet Banking Security Awareness INTRODUCTION Fraudsters are using increasingly sophisticated and malicious techniques to thwart existing authentication controls and gain
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationone admin. one tool. Providing instant access to hundreds of industry leading verification tools.
2 7 12 14 11 15 8 16 10 41 40 42 19 49 45 44 50 48 47 51 46 52 53 55 54 56 57 67 68 1 5 39 43 58 71 81 82 69 70 88 25 29 23 26 22 3 21 28 4 6 32 30 38 33 31 37 34 35 36 63 59 64 60 62 61 65 72 73 66 74
More informationCYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer
CYBERCRIME: What your Bank should be doing to Protect your Business David Pollino Senior Vice President Fraud Prevention Officer Agenda Changing Landscape Case of Efficient Services Escrow Group Six key
More information