Financial Fraud Threats & Preven3on. Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank

Transcription

1 Financial Fraud Threats & Preven3on Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank

2 Why Pay ACen3on to Fraud Risks? Fraud occurs everywhere, and NO organiza3on is immune Changing business environment: greater convenience and more access channels = greater risk Cyber fraud receiving highest acen3on na3onally Policies and procedures can save the bank and our customers 3me, money and embarrassment Preven3on is significantly less expensive and successful than inves3ga3on and recovery efforts

3 Frightening Fraud Facts Companies in the U.S. lose billions of dollars annually to fraud- related crimes 75% of businesses are vic3ms of fraud at least once An es3mated 7% of total revenue lost to fraud 24 months before detec3on of internal fraud Businesses with <100 employees are most vulnerable Median loss per incident = $200,000 #1 reason for fraud? Poor, circumvented or non- existent internal controls

4 Current Fraud Schemes Account takeovers Counterfeit checks impersona3ons Data breaches Internal fraud

5 Account Takeover Fraud Scenario Network computer is compromised Internet banking creden3als are stolen ACH or wire transfer ini3ated via the internet Funds are transmiced to money mules Recipients of funds (money mules) eventually send money overseas All businesses are a target small to large Recovery is rarely successful Large losses can result in lawsuits between banks and their customers Ohen decided in the bank s favor when commercially reasonable security procedures offered and followed in all cases

6 Account Takeover Fraud Schema3c

7 How Can the Bank Help? Recommend frequent (throughout the day) review of transac3ons via Online Banking Require dual control for online wire transfer and ACH transac3ons Ensure reasonable limits are in place for ACH transac3ons Set up ac3vity alerts Discourage reques3ng excep3ons to your own security procedures

8 Counterfeit Checks Criminals obtain copies of business or bank check stock and counterfeit items for two purposes: Writes checks to major retailers to purchase merchandise and then eventually sell merchandise, or; Sends checks under false pretenses to unknowing businesses for deposit Requests refund of a por3on of the funds via wire transfer prior to the counterfeit check being rejected

9 How Can the Bank Help? Recommend frequent (throughout the day) review of transac3ons via Online Banking Set up ac3vity alerts Recommend Posi3ve Pay services Recommend separate accounts for different disbursement types such as payroll or opera3ng funds Do not deposit checks from unknown sources At a minimum send as a collec3on item

10 Impersona3ons Criminal obtains access to the customer s system or more likely, Creates an address that closely resembles one of a senior level person at the company (easily obtained through social media services such as Linked In) Criminal ini3ates an reques3ng funds to be wired and company employee thinks it is coming from their boss or an authorized party Company employee ini3ates the wire transfer following all appropriate security procedures with the bank Another varia3on is impersona3ng a key vendor who directs regular payments to a different account that is fraudulent

11 How Can the Bank Help? Encourage customers implement internal call back procedures for wire transac3ons This is especially important for large companies or companies with employees working remotely

12 Data Breaches Con3nue to be a significant problem Debit/credit cards Card numbers can be sold on the black market where they are counterfeited Cost of fraud losses and cost of constant reissue of cards is impac3ng overall card industry Other items including checks Criminals try to get us to release check or deposit informa3on so counterfeit checks can be produced

13 How Can the Bank Help? Encourage customers to review transac3ons regularly and quickly report any suspicious ac3vity Encourage clients to let us know when they are traveling, especially abroad Pilo3ng implementa3on of new plas3cs (EMV) in Q that will more difficult to use as counterfeits

14 Internal Fraud Much more frequent than publicized Companies that have poor, circumvented or non existent controls Employees who may have a criminal background Employees with access to accounts receivable, payables or payroll systems Establishment of trust and reliability Detec3on of crime takes between one to three years on average

15 Recent Internal Fraud Schemes $1.2 million in false expenses/false invoicing from Quest Diagnos3cs employee $1.1 million in cashed checks from Block Communica3ons employee $400,000 stolen by IKEA employee through elaborate refund/ inventory record adjustment scheme $350,000 stolen by sole bookkeeper of independent bookstore in North Carolina who wrote checks to herself $375,000 stolen by Calgary Transit employee over seven years by taking coins home in his bag everyday U.S.P.S. employee falsified court records to look like he was on jury duty for five months

16 How Can the Bank Help? Encourage customers to consider the list of things to do included in this presenta3on

17 Best Prac3ces for Businesses

18 Best Prac3ces for Businesses Perform financial and transac3onal risk assessment to ensure material areas of exposure are addressed Review inflows and ourlows for all deposit and credit accounts Determine volumes, dollars and types of transac3ons (wires, checks, debit/credit cards, electronic payroll/vendor payments) Determine who has access to review and ini3ate different types of transac3ons For larger volume businesses, establish thresholds that balance risk tolerance and workload

19 Best Prac3ces for Businesses Internal Accoun3ng Controls Require dual control over ini3a3on of transac3ons Review internet banking transac3ons throughout the day Verify transac3ons through call back procedures Develop cross training program and require rota3on of du3es Require at least one full week of 3me off for each employee Balance and reconcile accounts frequently Separate transac3on and reconcilia3on responsibili3es

20 Best Prac3ces for Businesses Internal Accoun3ng Controls Review payroll records including amounts and new hires Review account payables including new vendors Review A/R aging reports and verify outstanding amounts Review cash handling func3ons and require daily balancing Secure destruc3on of sensi3ve documents Security over cash and check stock Use sohware to track inventory and sales records

21 Best Prac3ces for Businesses Technology Controls Ensure technology staff or vendor has background in current network and internet security architecture Consider an independent review of network security and architecture Installa3on and regular updates of opera3ng system, firewall, virus, spyware detec3on sohware

22 Best Prac3ces for Businesses Technology Controls Consider download restric3ons from web on network PCs Ensure protec3on of data on laptop/home/mobile devices Network system administra3on that includes strong password protocols and inac3vity protec3ons Isolate PCs used for financial transac3ons or have the highest levels of internet security on these devices

23 Best Prac3ces for Businesses Human Resource Controls Develop Code of Conduct and Ethics Perform background checks of new hire candidates Ins3tute whistleblower programs Educate employees regarding appropriate use of technology Limit personal web browsing Training on detec3ng suspicious s Training on confiden3al informa3on sharing Training on safe remote access to company data Develop repor3ng on employee computer usage

24 Best Prac3ces for Businesses Key Vendors Accoun3ng system sohware provider Accountant and acorney Technology vendors/suppliers Media Your insurance agent Consider fraud insurance

25 Best Prac3ces for Businesses Key Vendors Your bank Internet banking to check accounts and submit transac3ons Posi3ve Pay for checks & ACH transac3ons Dual control for payment ini3a3on Transac3on limits for wires/ach Call back & PIN verifica3on for wire transfers Limit excep3ons to rules regarding payments Set up ac3vity alerts

26 Best Prac3ces for Individuals

27 Personal Internet Safety Make passwords difficult to decipher and change ohen Keep opera3ng system up to date Keep virus protec3on, spyware and adware up to date Do not answer s from people you don t know or companies you have not solicited informa3on from Do not click on internet- based offers Monitor your children s computer(s) and web access including with whom they are engaging Ensure social networking profiles do not reveal personal informa3on If you care for elderly parents or rela3ves, consider monitoring those financial ac3vi3es

28 Personal Financial Safety Keep a record of your card account numbers and number to call if they are lost, stolen or compromised Never share your ATM PIN Balance your checking account regularly but at least monthly Review checking account transac3ons regularly but at least weekly through internet banking Review credit card statements at least monthly Do not leave purses or wallets in cars Consider subscribing to credit monitoring services Consider subscribing to iden3ty theh services