Online Account Takeover. Roger Nettie
|
|
- Blake Cole
- 8 years ago
- Views:
Transcription
1 Online Account Takeover Roger Nettie CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group 2013
2 Session Outline Types of attacks Movement of funds Consumer versus commercial accounts Liability Issues FFIEC guidelines Online Account Opening & Funding 2
3 Types of Attacks Key Logging Man-in-the-Middle Man-in-the-Browser Account Recovery DDoS Disruptive? Distraction? 3
4 Keylogger Malware SecureIT Researchers: ZeuS Trojan Detections on the Rise The ZeuS Trojan that was employed by cyber crime rings to steal millions of dollars from U.S. banks in fall 2010 appears to be making a comeback. Our SecureIT researchers spotted a 55% increase in ZeuS Trojan or Zbot detections thus far in Q versus Q The new version of the ZeuS Trojan dubbed a Zbot is a botnet targeted towards stealing your banking information. A botnet is a group of Internet connected devices that communicate with one another and carry out tasks simultaneously. These devices are capable of causing serious mayhem if they re all instructed to attack a single target, like a bank, at the same time. 4
5 Movement of Funds Cross-member transfer Bill Payment ACH Wire Transfer 5
6 Terminology Member-to-Member (M2M) Cross-member transfer CU Member Book-entry transfer CU Member Account-to-Account (A2A) Member-generated ACH Debits and credits CU Member Basic ACH origination FI Account Person-to-Person (P2P) Consumer-friendly identification layer over ACH Generally sending funds CU Member Phone/ identifier ACH origination FI Account Peer-to-Peer (also P2P) Book-entry closed systems such as PayPal Vendor Account Book-entry transfer Vendor Account 6
7 Movement of Funds Cross-member transfer Bill Payment ACH Wire Transfer Money Mules Prepaid Debit Cards 7
8 Money Mules How they work Recruited through -based work-at-home job scams Helping companies process payments Receives fraudulent transfer (often under $10,000), keeps a small percentage, and wire remainder to contacts abroad Problems they create Not the brightest individuals, trouble following instructions, mess up the details (reasons they are unemployed) Transposing digits in account and R&T numbers Failure to remove funds timely Might disappear with the money themselves 8
9 Hackers steal $527,000 from LES FCU account at bank 9
10 Credit Union Breaches Accounts at Corporate Credit Unions A $650,000 loss where a credit union gave new online password access to somebody over the phone for a business account, and the perpetrators drained the account using the bill payment feature. Large loss situation where thieves got into multiple member accounts, and used cross-member transfer capabilities to transfer funds into a single member's account. This single member fell for a money mule scam, and took the proceeds over to Western Union to make international wire transfers. Phishing of members, ACH credits 10
11 Credit Union Breaches Multiple waves of malware/mule and cross-member transfers ACHs to prepaid debit cards ACH payroll, with security ACH payroll, without security Core processor breach of password information? Wire, confirmed through Wires by phone, then wires by online request 11
12 Man-in-the-Browser Attacks Cyber crook Password stealing Trojan sent as attachment or link to infected website Mules withdraw money and wire to cyber crooks User logs into online banking system. Trojan wakes up when targeted online banking website(s) visited. User enters transfers ACH or wires. MITB overwrites user s transaction changing dollar amounts and destination accounts. For educational purposes only Funds are sent to the money mules 12
13 Overwrites User s Transaction This illustration is created for educational purposes only. 13
14 Consumer Versus Commercial Accounts, Liability Consumer Accounts Member negligence Regulation E Commercial Accounts Credit union accounts ACH transactions/payrolls Wire transfers Uniform Commercial Code Article 4A Commercially reasonable security procedures Written funds transfer agreements 14
15 FFIEC s Updated Authentication Guidance The Federal Financial Institutions Examination Council (FFIEC) issued updated authentication guidance on June 28, 2011 Risk assessments Financial institutions must review and update risk assessments To reflect changes in the threat environment; Prior to implementing a new electronic service; or At least every 12 months Adjust authentication controls and add layered security controls as appropriate Enhanced multifactor authentication for high risk transactions ACH and/or wire transfer capabilities Implement administrative control capabilities for business accounts Implement layered security controls Multiple controls implemented at various points in the transaction process If one control is compromised, there are others in place to detect and prevent fraudulent transactions Implement customer awareness program 15
16 Authentication Options Something you know Password Challenge questions Something you have IP Address (pc recognition) USB token Smart card Password-generating token Digital certificates Something you are Biometrics MITB Attacks have rendered what were once considered strong multifactor authentication methods ineffective 16
17 FFIEC Updated Authentication Guidance Types of Layered Security Controls Fraud monitoring solution Monitor individual transactions for fraud Initial login and authentication Out-of-band authentication Out-of-band transaction verification Monetary and frequency limits Techniques to limit the use of the account such as ACH debit blocks Restrictions on the days and hours of access Internet Protocol (IP) reputation-based tools to block connection to online banking servers from IP addresses known or suspected to be associated with fraudulent activities Enhanced controls over account maintenance changes initiated by customers through the online banking channel or through the call center 17
18 FFIEC Updated Authentication Guidance FFIEC s Minimum Expectations Perform annual risk assessment A fraud monitoring method capable of detecting and effectively responding to suspicious or anomalous activity related to the initial login and authentication of customers and transfers to third parties Robust administrative function capabilities for business accounts The ability to set-up multiple users and assign specific levels of authority to each user; The ability to set-up monetary limitations for each user who is authorized to initiate payments and transfers initiated through bill pay, ACH, and wires; The ability to establish dual control requirements for initiating payments and transfers initiated through bill pay, ACH and wires; The ability for the administrator to receive activity reports from transaction logs for reporting purposes; and The ability for the administrator to receive account maintenance reports to assess the validity of any maintenance changes. 18
19 FFIEC Updated Authentication Guidance Member Awareness Program Explain protections provided/not provided to members for electronic funds transfers initiated through online banking Indicate whether member is entitled to Regulation E protection Explain the circumstances, if any, and the means the credit union may contact the member on an unsolicited basis requesting account information Most credit unions indicate they will not contact members to request account information Explain safe online banking practices Recommend business members perform their own risk assessment Provide a list of credit union contacts in the event members notice suspicious account activity/experience security-related events 19
20 Online Account Opening, Account Funding Fraudulent opening of accounts Identity theft Account used for fraudulent purposes Deposit Fraud Remote deposit capture Electronic Deposits Fraud by member Fraud by outsider, account compromised Fraud by member s new online friend 20
21 Security Authentication standards High Level 2 Online process that compares personal information against widely referenced databases Level 3 Requires physical appearance with government-issued photo identification Hardware-based digital certificates Knowledge-based authentication Level 1 Verification of an address Password / shared secret Low Low verification Complexity & Cost of Implementation High 21
22 What questions do you have? 22
23 CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. This presentation was created by the CUNA Mutual Group based on our experience in the credit union and insurance market. It is intended to be used only as a guide, not as legal advice. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value and implementing loss prevention techniques. No coverage is provided by this presentation/ publication, nor does it replace any provisions of any insurance policy or bond. Credit Union Protection insurance products offered to credit unions, including the Fidelity Bond, Management & Professional Liability Policy, Special Insurance Package, Plastic Card Policy, Cyber & Security Incident Policy, and Property/Business Liability Policy are underwritten by CUMIS Insurance Society, Inc., a member of CUNA Mutual Group. CUNA Mutual Insurance Agency, Inc., an affiliate within CUNA Mutual Group, is the marketing agent licensed to broker various other property and casualty coverage. To determine underwriting company information for each policy type, please refer to the actual policy documents and declarations pages. Coverage may vary or may not be available in some states. This summary is not a contract and no coverage is provided by this publication, nor does it replace any provisions of any insurance policy or bond. Please read the actual policy for specific coverage, terms, conditions, and exclusions. CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. This is not intended to be legal advice but only a high-level review of the law. As the exact interpretation of the statutory requirements will depend on specific facts and circumstances, credit unions are encouraged to consult independent legal counsel in interpreting the requirements of the law and its application to their operations. CUNA Mutual Group Proprietary and Confidential. Further Reproduction, Adaptation, or Distribution Prohibited. CUNA Mutual Group, All Rights Reserved. 23
Online Banking Risks efraud: Hands off my Account!
Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary
More informationAccount-to-Account Transfer Services Risk
Account-to-Account Transfer Services Risk This white paper is part of the Risk Management White Paper Series, which CUNA Mutual Group provides exclusively to its Bond policyholders. TABLE OF CONTENTS Table
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationFFIEC BUSINESS ACCOUNT GUIDANCE
FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds
More informationSupplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationElectronic Fraud Awareness Advisory
Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationData Breaches and Cyber Risks
Data Breaches and Cyber Risks Carolinas Credit Union League Leadership Conference Presented by: Ken Otsuka Business Protection Risk Management CUNA Mutual Group CUNA Mutual Group Proprietary Reproduction,
More informationAre All High-Risk Transactions Created Equal?
Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance
More informationGladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT
Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization
More informationAlternatives for Managing Commercial Payments Risk
Alternatives for Managing Commercial Payments Risk FDIC Symposium Arlington, VA May 11, 2010 Deborah Shaw Managing Director, Network Enforcement & Risk Management NACHA The Electronic Payments Association
More informationCorporate Account Take Over (CATO) Guide
Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,
More informationE-Banking Regulatory Update
E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org
More informationInternet Banking Authentication Guidance is Out
Brace Yourself: Updated d FFIEC Internet Banking Authentication Guidance is Out October 13, 2011 Paul Rainbow, Manager David Dyk, Manager 1 The material appearing in this presentation is for informational
More information2014 Payments Fraud Survey
2014 Payments Fraud Survey Summary of Consolidated Results Payments Information & Outreach Office Federal Reserve Bank of Minneapolis December 2014 Topics Survey Methodology & Respondent Profile Fraud
More informationOnline security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.
Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationSecuring Online Payments in ACH Client and Remote Deposit Express
Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 The Transaction Process 5 Layered
More informationData Breaches and Cyber Risks
Data Breaches and Cyber Risks MD/DC Credit Union Association 2015 Volunteer Leadership Conference Presented by: Ken Otsuka Business Protection Risk Management CUNA Mutual Group CUNA Mutual Group Proprietary
More informationCyber Liability Insurance: It May Surprise You
Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,
More informationThe information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.
The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;
More informationGet on First Base with your Regulators and Cyber Security
Get on First Base with your Regulators and Cyber Security Secure Banking Solutions Chad Knutson 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance
More informationPayment Fraud and Risk Management
Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly
More informationTransforming the Customer Experience When Fraud Attacks
Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationSecuring Online Payments in ACH Client and Remote Deposit Express
IMAGING & PAYMENTS PROCESSING Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 Layered
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationTHE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationTop Authentication & Identification Methods to Protect Your Credit Union
Top Authentication & Identification Methods to Protect Your Credit Union Presented on: Thursday, May 7, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Tammy Behnke Credit
More informationecommercial SAT ecommercial Security Awareness Training Version 3.0
ecommercial SAT ecommercial Security Awareness Training Version 3.0 Welcome The goal of this training course is to provide you with the information needed to assist in keeping your online banking account
More informationKeeping A Lid On Payment Fraud Joni Lovingood, CRM, CFE Corporate Property & Casualty Sales Specialist CUNA Mutual Group
Keeping A Lid On Payment Fraud Joni Lovingood, CRM, CFE Corporate Property & Casualty Sales Specialist CUNA Mutual Group CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited
More informationRemittance Transfer Rules Under Regulation E
Remittance Transfer Rules Under Regulation E This white paper is part of the Risk Management White Paper Series, which CUNA Mutual Group provides exclusively to its Bond policyholders. TABLE OF CONTENTS
More informationTRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness
TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This
More informationEMERGING TRENDS IN FRAUD: CRIMINALS HAVE FOUND THE WEAKEST LINK
EMERGING TRENDS IN FRAUD: CRIMINALS HAVE FOUND THE WEAKEST LINK Fraud Investigations Division: Global Security & Investigations Ed Cook Executive Director Regional Investigations Objectives: Provide a
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationACH AND WIRE FRAUD LOSSES
ACH AND WIRE FRAUD LOSSES Financial Institution Technology Funnel Matthew G. Brenner Date: September 26, 2013 Orlando, Florida www.lowndes-law.com What We Will Cover Why is this important? Who does this
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationGovernment Crime Prevention Regulations. Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta
Government Crime Prevention Regulations Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta The Big Disclaimers The views expressed in this presentation are those
More informationCYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer
CYBERCRIME: What your Bank should be doing to Protect your Business David Pollino Senior Vice President Fraud Prevention Officer Agenda Changing Landscape Case of Efficient Services Escrow Group Six key
More informationSecuring Online Payments in the EPS Merchant and Partner Portals
Securing Online Payments in the EPS Merchant and Partner Portals sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 The Transaction Process 5 Layered
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationPhishing for Fraud: Don't Let your Company Get Hooked!
Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior
More informationProtecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationMeeting Updated FFIEC Requirements and Strengthening Security and Fraud Controls with Live Attack Intelligence
Meeting Updated FFIEC Requirements and Strengthening Security and Fraud Controls with Live Attack Intelligence Increasing the Efficacy of Security and Fraud Prevention Systems to Minimize Risks to Financial
More informationROOBA SM. Frequently Asked Questions. Regions Out-of-Band Authentication. It s time to expect more. Regions Bank Member FDIC Revised 041415
ROOBA SM Frequently Asked Questions Regions Out-of-Band Authentication It s time to expect more. Regions Bank Member FDIC Revised 041415 Frequently Asked Questions: ROOBA (Regions Out of Band Authentication)
More informationEFT Industry and BSA/AML Dan Altman
EFT Industry and BSA/AML Dan Altman Sr. IT and Risk Consultant Background Dan Altman, Sr. IT and Risk Consultant SHAZAM Internal Audit SHAZAM Secure o IT Exam, ACH Exam, BSA Exam, IT Consulting, Security
More informationPreventing Corporate Account Takeover Fraud
Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationTHE FFIEC CHALLENGE A Call for Reliable Authentication
THE FFIEC CHALLENGE A Call for Reliable Authentication March 14, 2006 ISACA LOS ANGELES RISK ADVISORY SERVICES INFORMATION RISK MANAGEMENT Agenda The FFIEC Challenge Current/Future Authentication Scenarios
More informationFive Trends to Track in E-Commerce Fraud
Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other
More informationInformation Security Awareness
Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationFFIEC Authentication Guidance Examination in 2012: Are You Prepared?
FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Areas of Continuity, Change, and Emphasis The Knowledge Congress LIVE Webcast March 8, 2012 Andrew Lorentz Partner, Washington, D.C.
More informationTHOUGHT LEADERSHIP FIGHTING ONLINE FRAUD: AN INDUSTRY PERSPECTIVE VOLUME 3
THOUGHT LEADERSHIP FIGHTING ONLINE FRAUD: AN INDUSTRY PERSPECTIVE VOLUME 3 1 TABLE OF CONTENTS INTRODUCTION... 3 CYBERCRIME AND ONLINE FRAUD: AN EVOLVING THREAT... 3 FIGHTING ONLINE FRAUD REQUIRES A MULTI-LAYERED
More informationSecurity Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide
Best Practices Guide Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision Evolving security threats require the use of evolving controls and methods
More information2015 CENTRI Data Breach Report:
INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer
More informationIdentity Theft: A Growing Problem. presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection
Identity Theft: A Growing Problem presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection Identity Theft What it is How it happens How to protect yourself
More informationSecurity aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationFraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank
Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationIT Security Risks & Trends
IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health
More informationSecurity Guidelines and Best Practices for Retail Online and Business Online
Best Practices Guide Security Guidelines and Best Practices for Retail Online and Business Online Evolving security threats require the use of evolving controls and methods to protect all transaction activity
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationProperty of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply
Malware - Mules & Money Mobile Edition v2.0 By Steve Stasiukonis What We Do Security Assessments & Penetration Tests Incident Response Digital Investigation & Forensic Services Technical Surveillance Countermeasure
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More informationMifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness
Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationUpdate on Anthem Cyber Attack General Information for Clients and Brokers
Update on Anthem Cyber Attack General Information for Clients and Brokers February 20, 2015 What happened? Anthem, Inc. was the victim of a cyber attack. Anthem discovered that one of its database warehouses
More informationBioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology
BioCatch Fraud Detection CHECKLIST 6 Use Cases Solved with Behavioral Biometrics Technology 1 2 MAN-IN-THE- BROWSER MALWARE ATTACK DETECTION (E.G. DYRE, NEVERQUEST) REMOTE ACCESS (RAT) DETECTION Challenge:
More informationABA Deposit Account Fraud Survey
ABA Deposit Account Fraud Survey Presented by: Steve Kenneally, Vice President, Payments & Cybersecurity Policy Jane Yao, Senior Vice President, Benchmarking & Survey Research aba.com 1-800-BANKERS 1 2015
More informationOVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft
OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationInformation Technology. A Current Perspective on Risk Management
Information Technology A Current Perspective on Risk Management Topics Covered Information Security Program Common Examination Findings Existing and Emerging Risks ACH/Wire Fraud and Corporate Account
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationCU*BASE AND THE FFIEC SUPPLEMENT TO AUTHENTICATION IN AN INTERNET BANKING ENVIRONMENT
August 5, 2015 CU*BASE AND THE FFIEC SUPPLEMENT TO AUTHENTICATION IN AN INTERNET BANKING ENVIRONMENT Your Guide to Compliance LEGAL DISCLAIMER The information contained in this document does not constitute
More informationMeeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper
Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention
More informationHow To Comply With Ffiec
SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the
More informationCAPITAL PERSPECTIVES DECEMBER 2012
CAPITAL PERSPECTIVES DECEMBER 2012 MITIGATING PAYMENT FRAUD RISK: IT S A WAR ON TWO FRONTS Payment fraud continues to be one of the biggest risk management challenges facing corporate treasury managers
More informationTransaction Anomaly Protection Stopping Malware At The Door. White Paper
Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side
More informationMITB Grabbing Login Credentials
MITB Grabbing Login Credentials Original pre-login fields UID, password & site Modified pre-login fields Now with ATM details and MMN New fields added MITB malware inserted additional fields. Records them,
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationACI SELF-SERVICE BANKING
DELIVERS CONTROL, CHOICE AND FLEXIBILITY PRODUCT FLYER ACI SELF-SERVICE BANKING SINGLE INTEGRATED PLATFORM FOR ONLINE, MOBILE AND VOICE EXTENSIBLE REAL-TIME CONSUMER AND BUSINESS TRANSACTIONS AND PAYMENTS
More information