www2.acams.org/webinars ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC s Guidance for Layered Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "www2.acams.org/webinars ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC s Guidance for Layered Security"

Transcription

1 www2.acams.org/webinars ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC s Guidance for Layered Security

2 www2.acams.org/webinars Today s Presenters

3 www2.acams.org/webinars BRENDAN BROTHERS Co-Founder Verafin Co-founded Verafin (BSA/AML Compliance & Fraud Detection software company) in 2003 Frequent speaker at industry conferences and key presenter for Verafin s anti-financial crime thought leadership webinar series Verafin has more then 800 financial institution customers across North America

4 www2.acams.org/webinars RICK MALTZ Executive Vice President & Chief Risk Officer Bangor Savings Bank More than 29 years of experience in Banking specializing in Risk Management, Information Security, Operations, Compliance and Internal Audit With Bangor Savings Bank for 13 years Oversees enterprise risk management, information & physical security, fraud management, compliance, BSA, credit policy, loan review, real estate valuation and legal

5 ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC s Guidance for Layered Security www2.acams.org/webinars

6 Today s Agenda: FFIEC Guidance on Internet Banking Layered Security Corporate Account Take Over Processes, Controls & Best Practices to Combat Online Account Takeover

7 Guidance Authentication in an Internet Banking Environment Overview of Changes in 2011 Supplement

8 Since 2005, threats have become more sophisticated, effective, and malicious Small and midsize businesses are frequent targets Despite expectation for periodic risk assessments, examiners reported that some FIs have not done so Agencies needed to reemphasize and clarify control expectations Supplement has more specificity: New expected minimum control levels Certain controls no longer considered effective as primary

9 Guidance Authentication in an Internet Banking Environment Key Highlights of the Guidance Supplement

10 Layered Security Agencies expect layered security for all accounts classified as high-risk under FFIEC guidance Different controls at different points so weakness in one compensated for by strengths in another

11 a classic child s toy illustrates very simply the concept of layered security

12 when a financial criminal moves beyond one layer of security they encounter a further layer

13 layered security in the banking world

14 layered security in the banking world The institution with complementary layered technologies is akin to the house with a high fence, a big guard dog in the yard, and a burglar alarm inside. Source: Aite Group, 2011

15 layered security in the banking world The institution with complementary layered technologies is akin to the house with a high fence, a big guard dog in the yard, and a burglar alarm inside. This provides multiple opportunities to catch the bad guys in the act, and encourages the criminals to go in search of easier prey. Source: Aite Group, 2011

16

17

18 overt controls and invisible controls

19 overt controls and invisible controls When constructing a layered security program, strike a balance between overt controls (such as stronger authentication practices) and invisible controls (such as fraud detection and monitoring). Source: Bank Systems and Technology, 2011

20 overt controls and invisible controls When constructing a layered security program, strike a balance between overt controls (such as stronger authentication practices) and invisible controls (such as fraud detection and monitoring). Flashing lights and alarms may work well to scare thieves away, but invisible alarms that call the police are more effective at catching a thief. Source: Bank Systems and Technology, 2011

21 A Framework for Fraud Protection A layered security system affords the best protection, since no single layer is sufficient to stop determined bad actors from penetrating enterprise systems. Source: Gartner, 2011

22 Layer 1 Endpoint-Centric 1 Secure browsing, OOB authentication and transaction verification Endpoint device identification, mobile location services Source: Gartner, 2011

23 Layer 2 Navigation-Centric 1 Analyzes session behavior and compares it to what is expected 2 Source: Gartner, 2011

24 Layer 3 User and Account-Centric for Specific Channel 1 Monitors and analyzes user and account behavior, and identifies anomalous behavior 2 3 Source: Gartner, 2011

25 Layer 4 User and Account-Centric Across Multiple Channels and Products 1 Monitors and analyzes user and account behavior across channels, and correlates alerts for each entity across channels and products Source: Gartner, 2011

26 Layer 5 Pattern-Based Intelligence 1 Enables the analysis of relationships among internal and/or external entities and their attributes (e.g., users, accounts, machines) Source: Gartner,

27 transaction-level security

28 transaction-level security Creators of malware are innovative and nimble, and have proven to be effective at compromising security strategies that do not incorporate transaction-level security. Source: Aite Group, 2011

29 transaction-level security Creators of malware are innovative and nimble, and have proven to be effective at compromising security strategies that do not incorporate transaction-level security. Effective, efficient detection of anomalies, especially those related to transaction activity, requires sophisticated behavior analytics. Source: Aite Group, 2011

30 transaction-level security Creators of malware are innovative and nimble, and have proven to be effective at compromising security strategies that do not incorporate transaction-level security. Effective, efficient detection of anomalies, especially those related to transaction activity, requires sophisticated behavior analytics. The key to effective protection against sophisticated attacks is transaction-level security that can profile behavior at the user level, and can send alerts for out-of-pattern behavior. Source: Aite Group, 2011

31 Corporate Account Takeover The Risk Is A Reality

32 Cyberthieves have cost US companies and their banks more than $15bn in the past five years, the Federal Deposit Insurance Corporation found in a recent study. Source: Financial Times, 2012

33 What is Corporate Account Takeover? A fast growing electronic crime where thieves typically use some form of malware to obtain login credentials to Corporate Online Banking accounts and fraudulently transfer funds from the account(s) Payments used to commit the crime: Domestic and International Wire Transfers Business-to-Business ACH Payments Online Bill Pay Electronic Payroll

34 Five Major Aspects of the Crime Recruitment Utilize Command & Control network to recruit Money Mules and target victim companies Target Small to midsized business and organizations Infiltration Attackers utilize numerous tactics to gain access to your network or computer, Banking Trojans Exfiltration Transferring electronic funds out of your account(s) through coordinated effort Money Mules Victims or Suspects/Money laundered

35 How the Takeover Happens Criminals target victims by scams Victim unknowingly installs software by clicking on a link or visiting an infected Internet site Fraudsters begin monitoring the accounts Victim logs on to their Online Banking Fraudsters collect login credentials Fraudsters wait for the right time and then depending on your controls: they either login after hours or if you are using a token - they wait until you enter your code and then hijack the session and send you a message that Online Banking is temporarily unavailable

36 Sample Corporate Account Takeovers and Losses Pennsylvania School District - $450,000 New York School District - $500,000 Experi-Metal - $550,000 PATCO - $358,000 Hillary Machinery - $229,000 Illinois Town - $70,000 Marian College - $189,000 Sand Springs School - $80,000 Sycamore County Schools - $300,000 Village View Escrow - $465,000 Catholic Diocese of Des Moines - $600,000 Town of Pittsford, NY - $139,000 Steuben Arcs - $158,000 St. Isidore s Catholic Church - $87,000 Two Trucking Companies - $115,000 MECA - $217,000

37 FBI currently investigating over 400 cases of corporate account takeovers in which criminals initiated unauthorized ACH and wire transfers from bank accounts of U.S. businesses. In one 2011 wire fraud case Zeus Trojan and keylogging compromised businesses login credentials and wired $11 million to China The FBI estimates Corporate Account Takeover could cost American companies as much as $1,000,000,000 in 2011 alone. Source: ACH Alert

38 Risk Management of Corporate Account Takeover

39 Blueprint for a Risk Management Framework Corporate Account Takeover (CATO)

40

41

42

43

44

45

46

47 Configuration Changes to Cash Management/Online Banking Profiles New user accounts added New ACH batches or wire templates with new payees Changes to personal information Disabling or changing notifications Changes to the online account access profile

48 Unusual Customer Activity Unfamiliar IP log-on address (especially if a foreign IP address) Unusually small transaction amounts (example: $1.00 ACH, bill pay, or other transactions especially if made at unusual time of day) Unusual (non-typical) transfer of funds, especially if out of the bank. One-time bill pay to new payees ACH or wires to new payees or receivers and/or with unusual amounts Changes to the account and routing numbers of existing payees, not just a new payee name Unusual timing of transactions (based on the established transaction schedule of the corporate customer or random transactions submitted between traditional transactions) Larger than usual transactions Overseas transfers

49 Full List of Best Practices See Recommendations

50 Some Closing Thoughts to Ponder Survey results of 533 senior-level executives in small and medium businesses across the United States Source: Ponemon Institute, 2011

51 Startling Statistics 70% believe their banking institution is ultimately most responsible for ensuring their online accounts are secure 61% believe that only one successful fraud involving online bank accounts could destroy their trust 85% say they would transfer their business to another bank Source: Ponemon Institute, 2011

52 www2.acams.org/webinars Online Banking Fraud FFIEC s Guidance on Authentication in an Internet Banking Environment Rick Maltz Executive Vice President & Chief Risk Officer

53 FFIEC Supplement to Authentication in an Internet Banking Environment (2011) Clearly Places More Responsibility on Banks: Requires annual risk assessments Authentication consistent with the level of risk Layered security must be considered Must have practices to Detect & Respond to Suspicious Activity Customer education & awareness

54 Why is this Important?

55 Is this your Risk Management Program?

56 Does your Bank want to lose money?

57 Do you think your customers care whose fault it is?

58 Consumer Liability Under existing regulations, the Consumer liability is extremely limited: Generally $50, but may be $500 or unlimited if Bank is not notified timely Visa/MasterCard, generally $0, if Bank is notified after 2 business days of discovery Basically, the Bank eats it all!

59 Business Liability - Under Uniform Commercial Code For Internet transactions, the business is liable for unauthorized transfers, if: The Bank can prove that the transaction was processed good faith, and The Bank provided & complied with a commercially reasonable security procedures

60 Challenges to UCC standards Banks are being sued for losses due to: Failed or weak security practices Ineffective monitoring

61 Should the car dealer be liable for this? If you.

62 Get hurt because you decided not to wear your seatbelt?

63 Both the Bank & Business Can and Will Lose Money!

64 Threat Environment Organized Global Crime Criminals making investments in people & technology just like normal businesses Sanctioned in some countries for economic benefit Can be related to terrorist financing Money Laundering key to successful fraud activities Threat complexity is overwhelming traditional defenses

65 Threat Environment Criminals know that most small businesses don t: Always use Bank security features, Monitor & reconcile accounts, or Have resources to protect data & systems

66 Threat Landscape

67 Fraud, Data Loss and Identity Theft continues to frustrate Banks & Customers

68 Traditional Threats: Credential Theft by: Phishing Vishing Smishing

69 Significant Threat: Malware Malicious Software, designed to infiltrate a computer system without the owner s informed consent

70 Malware Trends (Source: Symantec Intelligence Report )

71 Simple Statistics (source: Symantec Intelligence Report February 2012 ) Estimated Total # of Global messages: 1.3 trillion messages in Feb 2012 or 43.1 billion messages per day which translates to: Almost 500 million per second

72 Spam (source: Symantec Intelligence Report February 2012) If 68% of all was considered spam in February, then: 29.4 billion spam s per day or million per second

73 Malicious (source: Symantec Intelligence Report February 2012) One in every 274 s contained Malware That s over 157 million s with malware per month or 5.4 million per day One in every 358 s was a phishing scam That s over 120 million phishing s per month or 4.2 million per day

74 Threat: Drive by s Instant infection threat: Infects users who simply view a message, or possibly just glance at it in a preview window New generation of -borne malware consists of HTML s which contain a JavaScript which automatically downloads malware

75 Traditional defenses are no longer effective by themselves: Multi-Factor or Strong Authentication Challenge Response Questions Virus Protection, Firewalls

76 Why is compliance with the guidance important? Because it makes sense!

77 What Can Banks Do?

78 Not Going to Work!

79 Leverage Current Investments

80 Leverage Personnel BSA/AML Analysts Already reviewing data for suspicious activity Trained to spot certain behavior Investigations Filing SARs Fraud & Information Security Analysts Already reviewing data for suspicious activity Trained to spot certain behavior Investigations Filing SARs Learn to Share Intelligence Internally

81 Leverage Technology Investments Consolidate technology where practical Wire & ACH Monitoring Monitoring of log-on anomalies AML Debit Card fraud Check Fraud Case Management & SAR filing

82 Practice Defense in Depth

83 Control: Out-of-Band Authentication Enhanced Multi-Factor Authentication 1. User logs in with their Username and Password Something you know

84 Control: Out-of-Band Authentication 2. User is prompted to select channel for delivery of One Time Password (OTP) Something you have * Login Code: Because of multi-factor authentication, fraudster can not independently log into a user account. Fraudster would need to know username/password AND have the users phone. *

85 Control: Transaction Verification Require secondary approval of transactions or key changes with OTP Payment To: Bob, Account #12345 Amount: $ Access Code: Transaction OTP requires a second individual to verify the EFT. In separate out of band channel, User sees transaction detail and amount Unless verified with OTP, the EFT will not go through

86 Control: Callbacks Bank will call to verify whether a transaction is authentic: The call should go to someone other than the person who initiated the transaction Call should be confirmed by a PIN Callbacks are effective as they provide true out of band authentication. They protect against both internal & external fraud

87 Control: Browser-based control

88 Control: Separation of Duties Separation of Duties Configure one account with permission initiate a funds transfer Configure a secondary account to approve the transfer User A initiates EFT User B approves EFT By separating the capabilities in this way, you prevent a scenario where one account can transfer funds independently.

89 Control: Separation of PCs Use separate PCs One PC to initiate a funds transfer One PC to approve a funds transfer Don t allow other Internet Activity User A initiates EFT User B approves EFT By isolating the PCs in this way, you reduce the risk that malware can infect both machines and steal information

90 Control: Strong Passwords A well-chosen password is easy to remember, but hard to guess. Length: Minimum 8 characters Complexity: Combination of mixed case letters, numbers, and special characters. Periodically change password Do not share passwords A few of the common things to avoid in your password: User ID, family member or name, pet name, address, birth dates, SSN, account #, phone #

91 Control: Malware protection, Patching, and Firewalls Anti Virus, Anti-Spyware Install and ensure virus protection and security software are updated regularly Patching Ensure security patches are applied to both OS and applications (Microsoft, Adobe, Java, etc) Firewall (Corporate & desktop) Install a dedicated, actively managed firewall Firewalls limit the potential for unauthorized access to a network and computers

92 Transaction Alerting User makes a change User is instantly alerted of change Payee Added: Bob, Account #12345 It is impossible to prevent attacks on insecure client PCs. TA exposes results of transactions to the user who then can take appropriate action User is notified when important changes are made If alerted of a change they did not make, users will naturally contact the FI

93 Control: Monitor for Unusual Activity Look for event anomalies associated with: Logon activity Changes in user profiles, customer setup IP addresses not associated with your corporation Transactions not consistent with customer s behavior

94 Control: Customer Contracts Evaluate customer contracts: Clearly define security procedures Define customer s responsibility Provide educational material Do not allow Opt Out

95 Educate your customers: Prevention is a Partnership

96 Risk Problem Van has rolled over the edge

97 Risk Solution Lift it with a crane

98 Risk Monitoring: Going well so far..

99 Ooooops..New Risk Problem

100 Traditional Thinking Get A Bigger Crane

101 Result of Traditional Thinking.Who cares!

102 If you continue to think inside of the box, you will lose $

103

Online Banking Risks efraud: Hands off my Account!

Online Banking Risks efraud: Hands off my Account! Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary

More information

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

Corporate Account Takeover & Information Security Awareness. Customer Training

Corporate Account Takeover & Information Security Awareness. Customer Training Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization

More information

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

Payment Fraud and Risk Management

Payment Fraud and Risk Management Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This

More information

Information Security Awareness

Information Security Awareness Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes

More information

ACI Response to FFIEC Guidance

ACI Response to FFIEC Guidance ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

Supplement to Authentication in an Internet Banking Environment

Supplement to Authentication in an Internet Banking Environment Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in

More information

ACH AND WIRE FRAUD LOSSES

ACH AND WIRE FRAUD LOSSES ACH AND WIRE FRAUD LOSSES Financial Institution Technology Funnel Matthew G. Brenner Date: September 26, 2013 Orlando, Florida www.lowndes-law.com What We Will Cover Why is this important? Who does this

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

Preventing Corporate Account Takeover Fraud

Preventing Corporate Account Takeover Fraud Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions

More information

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,

More information

Alternatives for Managing Commercial Payments Risk

Alternatives for Managing Commercial Payments Risk Alternatives for Managing Commercial Payments Risk FDIC Symposium Arlington, VA May 11, 2010 Deborah Shaw Managing Director, Network Enforcement & Risk Management NACHA The Electronic Payments Association

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

Best Practices: Reducing the Risks of Corporate Account Takeovers

Best Practices: Reducing the Risks of Corporate Account Takeovers Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States

More information

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

Information Technology. A Current Perspective on Risk Management

Information Technology. A Current Perspective on Risk Management Information Technology A Current Perspective on Risk Management Topics Covered Information Security Program Common Examination Findings Existing and Emerging Risks ACH/Wire Fraud and Corporate Account

More information

Online Cash Management Security: Beyond the User Login

Online Cash Management Security: Beyond the User Login Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud

More information

Are All High-Risk Transactions Created Equal?

Are All High-Risk Transactions Created Equal? Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance

More information

CYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer

CYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer CYBERCRIME: What your Bank should be doing to Protect your Business David Pollino Senior Vice President Fraud Prevention Officer Agenda Changing Landscape Case of Efficient Services Escrow Group Six key

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

CAPITAL PERSPECTIVES DECEMBER 2012

CAPITAL PERSPECTIVES DECEMBER 2012 CAPITAL PERSPECTIVES DECEMBER 2012 MITIGATING PAYMENT FRAUD RISK: IT S A WAR ON TWO FRONTS Payment fraud continues to be one of the biggest risk management challenges facing corporate treasury managers

More information

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business Internet Banking / Cash Management Fraud Prevention Best Practices Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization

More information

Online Banking Fraud Prevention Recommendations and Best Practices

Online Banking Fraud Prevention Recommendations and Best Practices Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

FFIEC BUSINESS ACCOUNT GUIDANCE

FFIEC BUSINESS ACCOUNT GUIDANCE FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds

More information

Security Guidelines and Best Practices for Retail Online and Business Online

Security Guidelines and Best Practices for Retail Online and Business Online Best Practices Guide Security Guidelines and Best Practices for Retail Online and Business Online Evolving security threats require the use of evolving controls and methods to protect all transaction activity

More information

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

Safeguarding Your information and accounts

Safeguarding Your information and accounts Safeguarding Your information and accounts D Bank with confidence The security of your funds and information is a top priority at Liberty Bank. We do our utmost every day to prevent fraud and identity

More information

Security Bank of California Internet Banking Security Awareness

Security Bank of California Internet Banking Security Awareness Security Bank of California Internet Banking Security Awareness INTRODUCTION Fraudsters are using increasingly sophisticated and malicious techniques to thwart existing authentication controls and gain

More information

A Practical Guide to Anomaly Detection

A Practical Guide to Anomaly Detection A Practical Guide to Anomaly Detection Implications of meeting new FFIEC minimum expectations for layered security White Paper A Practical Guide to Anomaly Detection: Implications of meeting new FFIEC

More information

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

Securing Online Payments in ACH Client and Remote Deposit Express

Securing Online Payments in ACH Client and Remote Deposit Express Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 The Transaction Process 5 Layered

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Online Banking Customer Awareness and Education Program

Online Banking Customer Awareness and Education Program Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are

More information

Business Identity Fraud Prevention Checklist

Business Identity Fraud Prevention Checklist Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business

More information

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

FSOEP Web Banking & Fraud: Corporate Treasury Attacks FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

IT Security Risks & Trends

IT Security Risks & Trends IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health

More information

Online Account Takeover. Roger Nettie

Online Account Takeover. Roger Nettie Online Account Takeover Roger Nettie CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group 2013 Session Outline Types of attacks Movement of funds Consumer

More information

Keep Your Business Banking

Keep Your Business Banking Keep Your Business Banking Safe in the Digital Age By Erin Fonté As a business executive, you have many choices in conducting banking activities, including online and mobile banking options. But with increasing

More information

Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide

Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide Best Practices Guide Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision Evolving security threats require the use of evolving controls and methods

More information

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

Transaction Anomaly Protection Stopping Malware At The Door. White Paper Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side

More information

Securing Online Payments in ACH Client and Remote Deposit Express

Securing Online Payments in ACH Client and Remote Deposit Express IMAGING & PAYMENTS PROCESSING Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 Layered

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Glenn Gizzi Senior Stakeholder Liaison Marc Standig Enrolled Agent What is tax-related identity theft? Tax-related identity

More information

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention

More information

Internet Banking Authentication Guidance is Out

Internet Banking Authentication Guidance is Out Brace Yourself: Updated d FFIEC Internet Banking Authentication Guidance is Out October 13, 2011 Paul Rainbow, Manager David Dyk, Manager 1 The material appearing in this presentation is for informational

More information

Avoid completing forms in email messages that ask for personal financial information.

Avoid completing forms in email messages that ask for personal financial information. INTERNET FRAUD Online scams and viruses are constantly evolving and they threaten the security of computers worldwide. As criminals evolve their tactics, you need to keep your PC's security software (virus

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

Phishing for Fraud: Don't Let your Company Get Hooked!

Phishing for Fraud: Don't Let your Company Get Hooked! Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior

More information

E-Banking Regulatory Update

E-Banking Regulatory Update E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org

More information

PATRIOT BANK CUSTOMERS. Corporate Account Takeover & Information Security Awareness

PATRIOT BANK CUSTOMERS. Corporate Account Takeover & Information Security Awareness PATRIOT BANK CUSTOMERS Corporate Account Takeover & Information Security Awareness What will be covered! What is Corporate Account Takeover?! How does it work?! Sta9s9cs! Current Trend Examples! What can

More information

What are the common online dangers?

What are the common online dangers? ONLINE SECURITY GUIDELINES Internet Banking is convenient and times saving. You can do remittances, place online deposit and other transactions through online banking with the convenience and privacy of

More information

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

More information

A Brief Overview of Cross-Channel Fraud, the Financial Intelligence Unit (FIU) and the Role of Technology

A Brief Overview of Cross-Channel Fraud, the Financial Intelligence Unit (FIU) and the Role of Technology A Brief Overview of Cross-Channel Fraud, the Financial Intelligence Unit (FIU) and the Role of Technology A Verafin White Paper November 2011 Introduction. BSA compliance and fraud detection professionals

More information

Business Online Banking & Bill Pay Guide to Getting Started

Business Online Banking & Bill Pay Guide to Getting Started Business Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Business Online Banking. Whether you re

More information

Fighting ACH fraud: An industry perspective

Fighting ACH fraud: An industry perspective THOUGHT LEADERSHIP Fighting ACH fraud: An industry perspective Volume 2 1 Contents 03 Introduction 04 The ACH fraud process 07 Finding the needle in the haystack 07-08 Legal landscape 09 The customer s

More information

Multi-Factor Authentication of Online Transactions

Multi-Factor Authentication of Online Transactions Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best

More information

Dissecting Wire Fraud: How it Happens, and How to Prevent It WHITE PAPER

Dissecting Wire Fraud: How it Happens, and How to Prevent It WHITE PAPER Dissecting Wire Fraud: How it Happens, and How to Prevent It WHITE PAPER 2013 Guardian Analytics. Inc. All rights reserved. Introduction Preventing wire fraud starts with understanding how it is perpetrated

More information

CUSTOMER AWARENESS TRAINING FOR INTERNET BANKING

CUSTOMER AWARENESS TRAINING FOR INTERNET BANKING CUSTOMER AWARENESS TRAINING FOR INTERNET BANKING Recently, Eagle Bank & Trust & Trust has seen significant changes in the internet banking threat landscape. Fraudsters have continued to develop and deploy

More information

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention

More information

Protecting Yourself from Identity Theft

Protecting Yourself from Identity Theft Protecting Yourself from Identity Theft Identity theft is everywhere. In fact, according to a 2013 report by Javelin Research, there is one incident of identity fraud every two seconds. While we cannot

More information

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What

More information

Top Authentication & Identification Methods to Protect Your Credit Union

Top Authentication & Identification Methods to Protect Your Credit Union Top Authentication & Identification Methods to Protect Your Credit Union Presented on: Thursday, May 7, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Tammy Behnke Credit

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

Customer Awareness for Security and Fraud Prevention

Customer Awareness for Security and Fraud Prevention Customer Awareness for Security and Fraud Prevention Identity theft continues to be a growing problem in our society today. All consumers must manage their personal information wisely and cautiously to

More information

Cybersecurity: Is Your Company Prepared?

Cybersecurity: Is Your Company Prepared? Treasury and Trade Solutions April 29, 2015 Cybersecurity: Is Your Company Prepared? Sabine Mcintosh Managing Director Global Head of TTS Digital Security and Account Services sabine.mcintosh@citi.com

More information

Five Trends to Track in E-Commerce Fraud

Five Trends to Track in E-Commerce Fraud Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other

More information

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

When visiting online banking's sign-on page, your browser establishes a secure session with our server. The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server. How Encryption

More information

Cybersecurity Governance Update on New FFIEC Requirements

Cybersecurity Governance Update on New FFIEC Requirements Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Questions You Should be Asking NOW to Protect Your Business!

Questions You Should be Asking NOW to Protect Your Business! Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional

More information

ecommercial SAT ecommercial Security Awareness Training Version 3.0

ecommercial SAT ecommercial Security Awareness Training Version 3.0 ecommercial SAT ecommercial Security Awareness Training Version 3.0 Welcome The goal of this training course is to provide you with the information needed to assist in keeping your online banking account

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY FRAUD ALERT THESE SCAMS CAN COST YOU MONEY Phishing spear phishing vishing smishing debit card skimming fake check scams THE COMMON SENSE PRECAUTIONS INSIDE CAN KEEP YOU SAFE! SCHEMES SCAMS FRAUDS Criminals

More information

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security location of optional horizontal pic Corporate and Investment Banking Business Online Information Security Business Online Information Security Risk reduction: Ensuring your sensitive information is secure

More information

CORPORATE ACCOUNT TAKEOVER INFORMATION FOR ACH ORIGINATORS/BUSINESS INTERNET BANKING CUSTOMERS (2015)

CORPORATE ACCOUNT TAKEOVER INFORMATION FOR ACH ORIGINATORS/BUSINESS INTERNET BANKING CUSTOMERS (2015) CORPORATE ACCOUNT TAKEOVER INFORMATION FOR ACH ORIGINATORS/BUSINESS INTERNET BANKING CUSTOMERS (2015) Please review this important information regarding the ACH Origination and/or Internet Banking services

More information

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners Understanding It s Me 247 Security A Guide for our Credit Union Clients and Owners October 2, 2014 It s Me 247 Security Review CU*Answers is committed to the protection of you and your members. CU*Answers

More information