Payment Fraud Trends
|
|
- Lesley Curtis
- 8 years ago
- Views:
Transcription
1 2013 CliftonLarsonAllen LLP Payment Fraud Trends How to Protect my Business Customers from Payment and Corporate Account Take Over CLAconnect.com
2 CliftonLarsonAllen Started in 1953 with a goal of total client service Today, industry specialized CPA and Advisory firm ranked in the top 10 in the U.S. Over 50 years of specialized Banking Advisory Services Audit & Tax Regulatory Compliance Information Security Internal Audit Outsourced IT Mgmt Consulting
3 What do the Following Have in Common? Mining company Electrical contractor Catholic church parish Rural hospital Health care trade association Collection agency Main Street newspaper stand Hospice Public School District Community bank On and on and on and on..
4 Norton/Symantec Corp The Cost Norton/Symantec Corp. Cost of global cybercrime: $114 billion annually Time lost due to cybercrime an additional $274 billion Cybercrime costs the world significantly more than the global black market in marijuana, cocaine, and heroin combined ($288 billion) Hackers go for the easy money Bank customers are much easier targets than the banks themselves
5 Ponemon Study(ies) The Cost Cost of data breach has declined from $214 to $194 Business Banking Trust Trends: Small businesses not changing their technologies or processes to keep up Small businesses are holding banks accountable for the security of their banking transactions Seventy-four percent of respondents say their businesses have experienced online banking fraud Often businesses learn about fraud before the bank notifies them In many cases, if funds are stolen banks are not reimbursing the business that was a victim of an attack These findings indicate that businesses are vulnerable to various forms of online fraud and, as a result, banks are at risk of losing their customers if they do not improve their fraud prevention practices
6 Banks vs. Customers In the Courts Bank Sues Customer $800,000 fraudulent ACH transfer - bank retrieves $600,000 = $200,000 lost Both bank and customer have responsibilities, who is at fault? Customer Sues Bank $560,000 fraudulent ACH transfers Funds wired to accounts in Russia, Estonia, Scotland, Finland, China and the U.S. and withdrawn soon after deposits were made Customer alleges the bank failed to notice unusual activity Until the fraudulent transactions were made customer had made just two wire transfers ever In just a three-hour period, 47 wire transfer requests were made In addition, after customer became aware of the situation and asked the bank to halt transactions, the bank allegedly failed to do so until 38 more had been initiated What are the bank s obligations versus the client s? Updated regulatory guidance should improve consistency of controls Court Cases Will Eventually Set Standard - Both parties accountable for risks
7 The Cost Cyber Crime Corporate Account Takeover Fraud 60 percent of small businesses will close within six months of a cyber security attack. - National Cyber Security Alliance
8 Preventing and detecting cyber crime How vulnerable are your customers to a cyber attack Very vulnerable when the proper security measures are not taken Cyber security is often and afterthought until an incident actually happens but by then it may be too late
9 Common Misconceptions about Cyber Fraud Hacking is not real! I d believe it if someone changed my computer wallpaper image! Someone who will remain anonymous It s not going to happen to us Famous last words of several organizations
10 How does it work? Methods of compromise Website hacking Malicious website Social Engineering phishing Rouge employee
11 How does it work? Phishing Harvest organization addresses Typically mass quantity attacks (shotgun approach) NACHA s Designed to appear realistic and/or from internal (trusted) sources.
12
13 Phishing and ACH Case Study Two December Finance person receives 2,000 spam messages Later in the day, fraudsters make three ACH transfers within 30 minutes: $8,000 to Houston Two transfers for $540,000 each to Romania In this case, business insists the following controls were not followed: Dollar limit/thresholds were exceeded Call back verification did not occur Lessons learned
14 Case Study Three mytimeufa.ru/images/nacha_paychange[.]ht ml
15 Case Study Three Employee clicked on a phishing appearing to come from the National Automated Clearing House Association (NACHA) Embedded link resolves to a Russian IP address Employee s internet banking credentials were compromised Employee s browser was injected with malicious HTML asking for additional confidential information when they visited the internet banking site Employee also received a call from supporting actor in the attack
16 Case Study Three Attacker initiated approximately $125,000 in fraudulent ACH transactions The weird call prompted the employee to call the bank and transactions were stopped Additional information: Employee indicated to IT that anti virus logs were reporting malicious activity the day before the malicious transaction activity Lessons learned
17 Phishing and ACH Case Study Four August 2012 January 2013 Bank customer (hospital) gets hacked/phished Two ACH payroll files totaling > $150,000 Lessons learned
18 2013 CliftonLarsonAllen LLP Key Defensive Measures CLAconnect.com
19 Key Defensive Measures Our focus is on customer awareness training because Customers LOVE to click on malicious s! Security falls on the back burner at many organizations...they want things to run! The human element is often the weakest link when it comes to information security It s cost effective
20 What s in a training program? Quality/Quantity vs. Annual Check-the-box approach Social media and website awareness prevents data and harvesting, limits clicking on malicious links Safe web browsing phishing identifying fake s Password management Proper technical security measures Reporting suspicious activity BTW be sure to listen to your customers Dual approval
21 What s in a training program cont Delivery methods In person training Lunch and learns Newsletters alerts Quick reference guides Website messages MAKE IT OBVIOUS! Not buried in a website Same principles can and should be applied internally
22 Key Defensive Measures Technical Security measures Firewalls Web traffic filtering (blocking bad sites) Intrusion detection systems Logging and alerting Anti-virus software Password enforcement Dedicated (isolated) systems for performing banking transactions Incident planning Be prepared. Think WHEN, not IF
23 Key Defensive Measures What about online banking? Layers of security Two factor authentication for business customers (at least two of the following: Something you know (username, password, questions) Something you have (token, smart card) Something you are Dual control Disable uncommon services Fraud alerting
24 Key Defensive Measures What about online banking cont Transaction templates Account and transaction thresholds Enforce strong passwords
25 Key Defensive Measures Security = Culture!! Security is a BUSINESS issue, NOT a technical issue!! Strategy: Administrative Policies / Procedures Physical Access Controls Technical Security Controls
26 Key Defensive Measures Test, Test, Test Belt and suspenders approach Penetration testing Internal and external Social engineering testing Simulate spear phishing Application testing Test systems at your bank Test internal processes
27 Summary Hacker trends Education communicate with your customers Risk assessment Administrative controls Monitoring and anomaly detection Communicate with your customers People Rules ` Tools
28 Questions? Hang on, it s going to be a wild ride!! Randy Romes, Partner Information Security Financial Institutions Randy.Romes@CLAconnect.com (612) Peter Storm, Senior Consultant Information Security Financial Institutions Peter.Storm@CLAconnect.com (612)
29 References FFIEC Authentication Guidance (2001) (2005) 11%20(FFIEC%20Formated).pdf (2011) Bank Info Security: FDIC ACH Advisories:
30 References Fraud Detection and Monitoring Solutions Guardian Analytics - FraudDesk Guardian Analytics - FraudMAP Easy Solutions Detect Safe Browsing Easy Solutions Detect Monitoring Service Jack Henry Banking Gladiator NetTeller ESM ICT Solutions Smart Fraud Monitoring ACH Positive Pay
31 Resources and References Privacy Rights <dot> org Resource for state laws Michigan company sues bank nk_over_theft_of_560_000_?taxonomyid=17 Bank sues Texas company
32 References to Specific State Laws Are there state-specific breach listings? Some states have state laws requiring breaches be reported to a centralized data base. These states include Maine, Maryland, New York, New Hampshire, North Carolina, Vermont, and Virginia. (Virginia s notification law only applies to electronic breaches affecting more than 1,000 residents) However, a number of other states have some level of notification that has been made publicly available, primarily through Freedom of Information requests. These states include California, Colorado, Florida, Illinois, Massachusetts, Michigan, Nebraska, Hawaii, and Wisconsin. State laws: For details, see the Open Security Foundation Datalossdb website:
33 Risk Mitigation for Online Banking Review and understand bank supplied/required controls for electronic banking Review and understand the differences between wire transfer, ACH, and other methods of payment
34 Risk Mitigation for Online Banking Limit administrative control on banking account Do NOT use master account to perform standard banking activities Create segregation of duties and delegate responsibilities 1. Initiation/request 2. Authorization 3. Review (might be part of authorization might be independent review later)
35 Risk Mitigation for Online Banking Meet with insurance agent to understand what, if any, cyber liability coverage is in place or can be acquired Understand limitations and exclusions Perform risk analysis of (electronic) banking function at least annually - review the following: AV and anti-malware software function Patch/update management How do other roles/responsibilities/activities of staff interact/intersect with banking responsibilities
36 Risk Mitigation for Online Banking Consider having systems tested to ensure they are configured to operate securely (behave as expected) Firewall Wireless Servers Workstations/laptops/tablets Strongly consider the use of dedicated PC(s) for banking activities Stand alone PC NOT used for internet browsing, , or any other functions
37 Risk Mitigation for Online Banking Manually scrutinize payment activities on/around high volume times (i.e. payroll, month-end accounts payable activities, etc ) Implement positive pay features/functionality if available Pay for it if available Monitor/review your account(s) as frequently as possible (i.e. at least daily)
38 Risk Mitigation for Online Banking Follow good password practices DO NOT use the same password for banking that you use anywhere else Make banking password as long as the system will support and you can remember (think pass phrases)
39 Risk Mitigation for Online Banking Computer/system controls to implement: Enable automatic updating for operating systems and applications Ensure that Antivirus/Antimalware software is automatically updating every day Employ spam filtering service
40 Risk Mitigation for Online Banking Configure client software so that it does NOT automatically open/render/display imbedded graphics or pictures in messages Consider using personal/dedicated cellular MIFI cards for wireless internet access if banking must be done from laptops/portable devices Turn on system auditing and retain log files (consider hiring a consultant to ensure this is occurring properly)
41 Risk Mitigation for Online Banking Do NOT DO NOT Perform commercial banking activities from home/personally owned PCs DO NOT Perform banking activities from public use PCs/kiosks
42 Risk Mitigation for Online Banking DO NOT open attachments or links from unsolicited/unexpected messages claiming there is a problem with your account or there is a problem with your payment DO NOT provide information proving who you are (i.e. password, SSN, account numbers) to unsolicited callers or unsolicited The bank will NOT contact you in this manner
IT Security Risks & Trends
IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationManaging the Operational Risk of Our Bank
Managing the Operational Risk of Our Bank 1 Managing Operational Risk Has your organizational leadership ever made any of the following comments? The Board wants us to focus on risk management since we
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationElectronic Fraud Awareness Advisory
Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved
More informationPayment Fraud and Risk Management
Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationYour security is our priority
Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationAre All High-Risk Transactions Created Equal?
Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationCybersecurity Governance Update: New FFIEC Requirements cliftonlarsonallen.com
Cybersecurity Governance Update: New FFIEC Requirements cliftonlarsonallen.com Overview Up To Date Cybersecurity and Fraud Risks Current threat environment Industry examples and case studies FFIEC Cybersecurity
More informationFraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank
Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are
More informationCorporate Account Take Over (CATO) Guide
Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,
More informationPreventing Corporate Account Takeover Fraud
Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions
More informationBusiness Online Banking & Bill Pay Guide to Getting Started
Business Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Business Online Banking. Whether you re
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationInformation Security Awareness
Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationOnline Cash Manager Security Guide
Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0
More informationCyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group
Cyber Security Breakout Session Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group December 2014 Disclaimer: The material in this presentation
More informationACH AND WIRE FRAUD LOSSES
ACH AND WIRE FRAUD LOSSES Financial Institution Technology Funnel Matthew G. Brenner Date: September 26, 2013 Orlando, Florida www.lowndes-law.com What We Will Cover Why is this important? Who does this
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationSecurity Bank of California Internet Banking Security Awareness
Security Bank of California Internet Banking Security Awareness INTRODUCTION Fraudsters are using increasingly sophisticated and malicious techniques to thwart existing authentication controls and gain
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More informationTransforming the Customer Experience When Fraud Attacks
Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking
More informationOnline Banking Risks efraud: Hands off my Account!
Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary
More informationPhishing for Fraud: Don't Let your Company Get Hooked!
Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior
More informationGladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT
Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization
More informationTHE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationCYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer
CYBERCRIME: What your Bank should be doing to Protect your Business David Pollino Senior Vice President Fraud Prevention Officer Agenda Changing Landscape Case of Efficient Services Escrow Group Six key
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationThe information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.
The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;
More informationACE Advantage PRIVACY & NETWORK SECURITY
ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationPersonal Online Banking & Bill Pay. Guide to Getting Started
Personal Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Online Banking. Whether you re at home,
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More information2012 Business Banking Trust Trends Study
2012 Business Banking Trust Trends Study Sponsored by Guardian Analytics Independently conducted by Ponemon Institute LLC Publication Date: August 2012 Ponemon Institute Research Report Part 1. Introduction
More informationThe SMB Cyber Security Survival Guide
The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today
More informationZurich Security And Privacy Protection Policy Application
Zurich Security And Privacy Protection Policy Application COVERAGE A. AND COVERAGE F. OF THE POLICY FOR WHICH YOU ARE APPLYING IS WRITTEN ON A CLAIMS FIRST MADE AND REPORTED BASIS. ONLY CLAIMS FIRST MADE
More informationMifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness
Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationSecurity Challenges and Solutions for Higher Education. May 2011
Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationToday s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
More informationCybersecurity Best Practices
Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%
More informationTRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness
TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationWelcome to the Protecting Your Identity. Training Module
Welcome to the Training Module 1 Introduction Does loss of control over your online identities bother you? 2 Objective By the end of this module, you will be able to: Identify the challenges in protecting
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationCybersecurity A Clear and Present Danger
Cybersecurity A Clear and Present Danger Thomas J. DeMayo, CISSP, CISA, CIPP, CEH, CHFI, MCSE Director IT Audit and Consulting Services TDeMayo@odpkf.com Objectives Gain an understanding of current cyber
More informationPayments Fraud: It's Not Fun & Games
Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationFFIEC BUSINESS ACCOUNT GUIDANCE
FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationTJ Maxx Settlement Requires Creation of Information Security Program and Funding of State Data Protection and Prosecution Efforts
Litigation Privacy & Data Protection Global Sourcing July 1, 2009 TJ Maxx Settlement Requires Creation of Information Security Program and Funding of State Data Protection and Prosecution Efforts by Tara
More informationConfirm that an on-line credit union is legitimate and that your share deposit is insured; Keep your personal information private and secure;
Introduction As use of the Internet continues to expand, more credit unions are using it to offer products and services or otherwise enhance communications with members. The Internet offers the potential
More informationReliance Bank Fraud Prevention Best Practices
Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationRisks and Trends in Network Security. Credit Unions
Risks and Trends in Network 012 CliftonLarsonAllen LLP 20 Security Key IT Controls for Credit Unions ACUIA Region 4 Meeting April 2013 1 1 Our perspective CliftonLarsonAllen Started in 1953 with a goal
More informationPresentation Objectives
Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller
More informationKeep Your Business Banking
Keep Your Business Banking Safe in the Digital Age By Erin Fonté As a business executive, you have many choices in conducting banking activities, including online and mobile banking options. But with increasing
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationBusiness Internet Banking / Cash Management Fraud Prevention Best Practices
Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization
More informationCommonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon
More informationHigh Speed Internet - User Guide. Welcome to. your world.
High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More informationEnhanced Security for Online Banking
Enhanced Security for Online Banking MidSouth Bank is focused on protecting your personal and account information at all times. As instances of internet fraud increase, it is no longer sufficient to use
More informationSupplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationWhen visiting online banking's sign-on page, your browser establishes a secure session with our server.
The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server. How Encryption
More informationOnline Banking Customer Awareness and Education Program
Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationCyber Security Awareness. Internet Safety Intro. www.staysafeonline.org
Cyber Security Awareness Internet Safety Intro www.staysafeonline.org 1 What is Cyber Security? Cyber Security is the body of technologies, processes and practices designed to protect from attack, damage
More informationBusiness ebanking Fraud Prevention Best Practices
Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special
More informationCAPITAL PERSPECTIVES DECEMBER 2012
CAPITAL PERSPECTIVES DECEMBER 2012 MITIGATING PAYMENT FRAUD RISK: IT S A WAR ON TWO FRONTS Payment fraud continues to be one of the biggest risk management challenges facing corporate treasury managers
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationAUDIT TAX SYSTEMS ADVISORY
AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationConnect Smart for Business SME TOOLKIT
Protect yourself online Connect Smart for Business SME TOOLKIT WELCOME To the Connect Smart for Business: SME Toolkit The innovation of small and medium sized enterprises (SMEs) is a major factor in New
More information