Overall, which types of fraud has your organisation experienced in the past year?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Overall, which types of fraud has your organisation experienced in the past year?"

Transcription

1 1) Overall, which types of fraud has your organisation experienced in the past year? Insider fraud Corporate Account Takeover Consumer Account Takeover ATM/ABM (skimming, ram raid, etc.) Bill pay Cheque Corruption or bribery Credit/debit card Cross-border Call Centre First-party Customer information theft Customer information deletion or corruption Intellectual Property theft or piracy Intellectual Property deletion or corruption Mobile device (malware, hack, etc.) Money-laundering Mortgage Online banking ecommerce (non-banking) Theft of physical assets Third-party POS skimming Vendor, third-party or supplier (non-skimming) 2) Which types of fraud do you feel your organisation is currently best prepared to prevent and detect? Insider fraud ACH/wire (corporate account takeover) ATM/ABM (skimming, ram raid, etc.) Bill pay Check

2 Corruption or bribery Credit/debit card Cross-border Call Centre First-party Customer information theft Customer information deletion or corruption Intellectual Property theft or piracy Intellectual Property deletion or corruption Mobile device (malware, hack, etc.) Money-laundering Mortgage Online banking ecommerce (non-banking) Theft of physical assets Third-party POS skimming Vendor, third-party or supplier (non-skimming) 3) How is a fraud incident involving your organisation typically detected? At the point of origination At the point of transaction During account audit/reconciliation Internal whistleblower Third-party investigation Third-party notification Through automated data analysis or transaction monitoring software When a customer notifies us 4) When fraud occurs, how long do you estimate it takes your organisation to uncover the incident? 1 to 2 hours 3 to 4 hours

3 5 to 6 hours 7 to 8 hours More than 8 hours We lack that ability every incident is different 5) Upon discovering fraud, how long does it take for your organisation to react, respond and resolve the incident? 1-8 hours 9-16 hours hours 1-2 days 3-5 days More than five days We lack that ability 6) Have financial losses linked to fraud increased, decreased or stayed steady in the past year? Increased Decreased Remained Steady Unsure 7) Beyond the financial toll from the fraud incidents, what non-financial losses did your organisation suffer from fraud incidents? Customer accounts (moved to other institutions) Loss of productivity No losses Regulatory or other compliance issues (additional scrutiny from regulators or standards bodies) Reputational impact

4 8) Which are your organisation's biggest challenges to fraud prevention? Difficulty integrating data from various sources Difficulty investigating crimes across borders Inadequate fraud detection tools & technologies Insufficient resources (budget and/or personnel) Lack of customer awareness Lack of skills on staff Organisational silos Poor coordination with law enforcement 9) Which of these recommended technology-based controls has your organisation already invested in? Multifactor authentication Device ID Out-of-band verification for authentication Out-of-band verification for transactions "Positive pay," debit blocks, and other limits on transactional use Enhanced control over changes to account-maintenance activities by customers Enhanced controls over account activities Enhanced customer education Fraud detection and monitoring systems Internet protocol [IP] reputation-based tools Behavior-based anomaly detection technology Manual processes to detect online banking anomalies Cross-channel fraud detection Big data analytics Artificial intelligence 10) Which anti-fraud investments do you plan to make within the next 12 months? Multifactor authentication Device ID

5 Out-of-band verification for authentication Out-of-band verification for transactions "Positive pay," debit blocks, and other limits on transactional use Enhanced control over changes to account-maintenance activities by customers Enhanced controls over account activities Enhanced customer education Fraud detection and monitoring systems Internet protocol [IP] reputation-based tools Behavior-based anomaly detection technology Manual processes to detect online banking anomalies Cross-channel fraud detection Big data analytics Artificial intelligence 11) Who ultimately should be held responsible for losses incurred from financial data breaches (assuming the fraudsters themselves are not tracked down)? The organisation whose systems were breached The institution that issued the compromised financial instrument or transaction channel (e.g. payment card or bank account) The security vendor that testified to the breached entity's security The payment card brands whose cards are susceptible to breach and fraud The holder of the account that was compromised Organisations who's systems or products were used to conduct the fraud (such as domain name providers) without due diligence being taken as to their use 12) In the most common or most serious cases of fraud your organisation experienced, which PRIMARY mechanisms were employed to obtain information for fraudulent use? (select two) Phishing - to capture web credentials Phishing - to install malware (from attachment or web site) Malware infection (visiting compromised web site) Malware infection by any other method Call Centre Social Engineering Employee Social Engineering (other than Call Centre)

6 Physical data removal - stolen Physical data removal - lost/poorly disposed of Network penetration (e.g. poor firewall or data segmentation policies) Application security compromise Poor authentication policies (e.g. default, shared or simple passwords) Large scale data breach using a combination of the above (potentially an "Advanced Persistent Threat") 13) What attack mechanisms do you feel that your company is BEST able to defend against? Phishing - to capture web credentials Phishing - to install malware (from attachment or web site) Malware infection (visiting compromised web site) Malware infection by any other method Call Centre Social Engineering Employee Social Engineering (other than Call Centre) Physical data removal - stolen Physical data removal - lost/poorly disposed of Network security circumvention (e.g. poor firewall or segmentation policies) Application security compromise Poor authentication policies (e.g. default, shared or simple passwords) Large scale data breach using a combination of the above (potentially an "Advanced Persistent Threat") 14) What change have you seen in account takeover activity in the past year? Corporate Account takeover incidents have decreased Consumer Account takeover incidents have decreased Corporate Account takeover incidents have increased Consumer Account takeover incidents have increased No measurable impact

7 15) What change have you seen in account takeover financial losses in the past year? Corporate Account takeover losses have decreased Consumer Account takeover losses have decreased Corporate Account takeover losses have increased Consumer Account takeover losses have increased No measurable change 16) Over the past year, how did card-related fraud losses most commonly occur? Customer perpetrated the fraud Data breach at a payment processor Data breach at a retailer Insider/employee perpetrated the fraud Mail or telephone order/internet fraud/card-not-present PIN point-of-sale fraud Signature point-of-sale (skimming) fraud Unauthorised ATM (skimming) withdrawals not applicable 17) Over the past year, have you detected a rise in cross-channel fraud, where multiple channels are compromised concurrently? Yes, we detect an increase in cross-channel fraud No significant increase Cross-channel incidents have decreased 18) How has the number of targeted phishing attacks aimed at your employees changed in the past year? Increased Decreased Employees have not been targeted

8 19) How has the number of fraud incidents resulting from these targeted phishing attacks changed in the past year? Increased Decreased Employees have not been targeted 20) What mobile malware trends have you seen over the past year? We see a significant increase in mobile malware attacks We see no significant change whatsoever We actually see a decrease 21) How does your organisation defend against mobile malware attacks? Secure mobile apps Provide free mobile malware detection software Provide secure mobile-browser banking Customer education Anomaly detection Mobile malware is not a current concern not applicable 22) How has the number of insider fraud incidents changed in the past year? The number has grown The number has decreased No measurable change 23) How does your organisation currently address insider fraud risks? Cross-checks with HR for unsatisfactory performance Use of centralised logging to detect data exfiltration Use of encrypted Web sessions via traffic inspection to detect data exfiltration

9 Use of SIEM signatures to detect precursors to IT sabotage Enhanced IAM systems Behavioral monitoring Anomaly detection Heightened background checks Quarterly reviews of employee activity Internal whistleblower 24) In your opinion, how effective are awareness & training programs for employees and customers in reducing incidents of fraud? Done right, very effective Not at all effective - just lip service Only somewhat effective 25) How do you assess your organisation's current anti-fraud awareness & training programs for employees? 1 - superior 2 - above average 3 - average 4 - below average 5 - failing 26) How do you assess your organisation's current anti-fraud awareness & training programs for customers? 1 - superior 2 - above average 3 - average 4 - below average 5 - failing 27) Does your organisation calculate the total impact of fraud across all channels on an ongoing basis? Yes No 28) Does your organisation report fraud incidents to the police?

10 Yes, in all cases Only when losses incurred reach a pre-determined level No 29) Does your organisation share information on fraudulent activity with other companies in your sector? If so, how effective is this strategy in reducing fraud perpetrated against your company? We do not share information on fraud outside our organisation Sharing information on fraudulent activity with other companies has no measurable impact on reducing future fraudulent activity against us Sharing information on fraudulent activity with other companies helps us implement appropriate counter-fraud measures which has a measurable impact on future attempts at fraud 30) Do you support the need for added public surveillance and expanded monitoring powers for law enforcement in combatting cyberfraud? Always for matters of a national security scope Only in extreme cases where court authorisation can be produced In specific cases where court preauthorisation can provide blanket access Law enforcement & intel agencies should have access to all available information Surveillance and monitoring are always acceptable with proper notice & consent So long as the fundamental right to individuals' privacy is respected 31) Where should we draw the line for warrantless access when investigating cybercrime or traditional fraud activity? Warrantless access with proper notice, consent and disclosure is permissible It must be disclosed well ahead of time in every instance It must be publicly disclosed & independently audited, but allowed It must only be kept secret if deemed of a national security nature It should never be used as it erodes public trust not applicable 32) Why is the battle against money laundering and ID theft so difficult in the UK?

11 Cybercrime trends are moving faster than law enforcement can keep up Inadequate training for law enforcement & intelligence agencies Lack of collaboration and shared/centralised information access Discrepancies in law across geopolitical boundaries Organised cybercrime is too complex, layered and decentralised Don't believe the hype. The UK has made great progress in the past 36 months. 33) In what ways has cyberfraud supplanted traditional fraud? Actually, cyberfraud and cybercrime require entirely different law enforcement capabilities Both are motivated by profit and leverage deceptive tactics, but cyberfraud does it on a larger scale For traditional fraud to scale, it must go digital, so cyberfraud is the natural next step Law enforcement already treats them largely the same way Laws should be harmonised to prosecute and treat them with equal veracity 34) How should the effectiveness of fraud reporting be enhanced in the UK? Fraud reports should be openly accessible by everyone Much more resources should be allocated to combatting emerging threats Public education programs should be widely available across UK Free tools should be made available to supplement enhanced education Better metrics and quantitative methods should be used to track fraudulent activity There should be single reporting point for fraud and cyber crime 35) What is the title of the person charged with leading fraud prevention at your organisation? Chief operations officer Compliance officer Fraud manager Information security officer IT Physical security/loss prevention officer

12 Risk manager local counter fraud specialist 36) How large is your organisation's department assigned to fraud prevention and detection? 1 to 5 6 to to to 100 More than 100 We do not have a designated dept. Duties are managed by audit, compliance, IT, risk, etc. 37) What is your primary job function? Auditor BSA officer CEO/COO/CFO/CIO Compliance manager Fraud/loss prevention Finance/Accounting Operations Risk officer Security officer CISO Security consultant CRO Risk manager Senior Security/IT (non-c titles) Technical Staff 38) What type of entity is your organisation? Bank Building Society Government agency Independent service organisation

13 Other financial services organisation 39) If a bank or other FI, what is your organisations size by assets? Under 250 million 250 million to 500 million 500 million to 1 billion 1 billion to 5 billion 5 billion to 10 billion Over 10 billion Not applicable 40) Where is your organisation headquartered geographically? United Kingdom Asia (except India) Australia/New Zealand Canada Caribbean Europe (except UK) India Mexico Pacific/Oceania South America 41) The first 50 respondents will receive a 15 Amazon gift card. Please submit your address to qualify. If you would like to be notified of survey results, please provide your address in the box below:

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat. Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

More information

Franchise Data Compromise Trends and Cardholder. December, 2010

Franchise Data Compromise Trends and Cardholder. December, 2010 Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit

More information

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What

More information

Presented by: Mike Morris and Jim Rumph

Presented by: Mike Morris and Jim Rumph Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

ACI Response to FFIEC Guidance

ACI Response to FFIEC Guidance ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention

More information

A strategic approach to fraud

A strategic approach to fraud A strategic approach to fraud A continuous cycle of fraud risk management The risk of fraud is rising at an unprecedented rate. Today s tough economic climate is driving a surge in first party fraud for

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Fraud Threat Intelligence

Fraud Threat Intelligence About ERM About The Speaker Safe Browsing, Monitoring Services Product Manager, Easy Solutions Inc. 8+ years anti-fraud, fraud risk, and security intelligence programs Previously licensed Securities Principle

More information

Accepting Payment Cards and ecommerce Payments

Accepting Payment Cards and ecommerce Payments Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont

More information

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards

More information

Transforming the Customer Experience When Fraud Attacks

Transforming the Customer Experience When Fraud Attacks Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Breach Findings for Large Merchants 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Disclaimer The information or recommendations contained herein are

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security. Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

2014 Payments Fraud Survey

2014 Payments Fraud Survey 2014 Payments Fraud Survey Summary of Consolidated Results Payments Information & Outreach Office Federal Reserve Bank of Minneapolis December 2014 Topics Survey Methodology & Respondent Profile Fraud

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Common Data Breach Threats Facing Financial Institutions

Common Data Breach Threats Facing Financial Institutions Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported

More information

FFIEC BUSINESS ACCOUNT GUIDANCE

FFIEC BUSINESS ACCOUNT GUIDANCE FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds

More information

Deception scams drive increase in financial fraud

Deception scams drive increase in financial fraud ADDRESS 2 Thomas More Square London E1W 1YN WEBSITE www.financialfraudaction.org.uk DIRECT LINE 020 3217 8436 NEWS RELEASE EMAIL press@ukcards-ffauk.org.uk Deception scams drive increase in financial fraud

More information

Developments in cybercrime and cybersecurity

Developments in cybercrime and cybersecurity Developments in cybercrime and cybersecurity Developments in cybercrime and cybersecurity As customers and clients increasingly go online to do their banking with convenience, privacy and security their

More information

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches. Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown

More information

IT Security Risks & Trends

IT Security Risks & Trends IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health

More information

An New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com

An New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing Kaspersky Fraud Prevention platform: a comprehensive solution for secure Today s bank customers can perform most of their financial operations online. According to a global survey of Internet users conducted

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

Best Practices in Account Takeover

Best Practices in Account Takeover WHITEPAPER Best Practices in Account Takeover July 2013 2 Table of Contents Introduction 3 Account Takeover is Painful 4 Differences between Account Takeover and Account Compromise 4 Why Account Compromise

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

What is Management Responsible For?

What is Management Responsible For? What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional

More information

Reducing Fraud whilst Keeping Transactions in Motion

Reducing Fraud whilst Keeping Transactions in Motion Reducing Fraud whilst Keeping Transactions in Motion Fraud Today Following a decrease in 2012, fraud is on the rise again, and so are the costs involved in managing it. These factors are in turn driving

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

ATM/Debit Terms and conditions

ATM/Debit Terms and conditions ATM/Debit Terms and conditions www.bankofireland.com Bank of Ireland is regulated by the Central Bank of Ireland. 37-1108R (11/11) Terms and Conditions ATM Card and Visa Debit Card 1.0 Definitions of Terms

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Online Banking Internet Agreement

Online Banking Internet Agreement Online Banking Internet Agreement 1. THE SERVICE In consideration of the Online Banking services (Services) to be provided by Stockmens Bank (Bank) as described from time to time in information distributed

More information

Economic Crime: A Threat to Business Globally

Economic Crime: A Threat to Business Globally www.pwc.com s 2014 Global Economic Crime Survey Latin America Supplement Economic Crime: A Threat to Business Globally Introduction We are pleased to present the Latin America results of the PricewaterhouseCoopers

More information

www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse Finland Who are we? Bring a robust forensics team to the table to support your organisation Our practice can

More information

Guidance on data security breach management

Guidance on data security breach management Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial

More information

Presented By: Corporate Security Information Security Treasury Management

Presented By: Corporate Security Information Security Treasury Management Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

www.pwc.com Cybersecurity and Privacy Hot Topics 2015

www.pwc.com Cybersecurity and Privacy Hot Topics 2015 www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets

More information

Cumberland Business Debit Card. Terms & Conditions

Cumberland Business Debit Card. Terms & Conditions Cumberland Business Debit Card Terms & Conditions These Conditions apply to the use of business debit cards issued by Cumberland Building Society ( the Society ) by which you can: withdraw money, or obtain

More information

365 Phone, Online and Mobile Banking Terms and Conditions - Republic of Ireland Effective from 25 th November 2013

365 Phone, Online and Mobile Banking Terms and Conditions - Republic of Ireland Effective from 25 th November 2013 365 Phone, Online and Mobile Banking Terms and Conditions - Republic of Ireland Effective from 25 th November 2013 1.0 Definitions of Terms used in this Document 2.0 Accounts 3.0 Mandates 4.0 SEPA Transfers

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

Making Your Fraud Vision 20 / 20. Thomas R. Strause, CIA, CFE, CBA, CISA, CFSA, CICA Partner FOS tstrause@fosaudit.

Making Your Fraud Vision 20 / 20. Thomas R. Strause, CIA, CFE, CBA, CISA, CFSA, CICA Partner FOS tstrause@fosaudit. Making Your Fraud Vision 20 / 20 Thomas R. Strause, CIA, CFE, CBA, CISA, CFSA, CICA Partner tstrause@fosaudit.com 610-603-5603 Topics to be Covered + Summary of Fraud Statistics ACFE 2014 Report + Current

More information

Fraud and Abuse Policy

Fraud and Abuse Policy Fraud and Abuse Policy 2015 FRAUD AND ABUSE POLICY 2015 1 Contents 4. Introduction 6. Policy Goal 7. Combatting Customer Fraud and Abuse 8. Reporting Breaches 9. How Alleged Breaches Will Be Investigated

More information

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Glenn Gizzi Senior Stakeholder Liaison Marc Standig Enrolled Agent What is tax-related identity theft? Tax-related identity

More information

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law. HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial

More information

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015 12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Questions You Should be Asking NOW to Protect Your Business!

Questions You Should be Asking NOW to Protect Your Business! Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional

More information

CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD. Data Breach Management Policy. Adopted by Cavan and Monaghan Education Training Board

CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD. Data Breach Management Policy. Adopted by Cavan and Monaghan Education Training Board CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD Data Breach Management Policy Adopted by Cavan and Monaghan Education Training Board on 11 September 2013 Policy Safeguarding personally identifiable information

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

E Commerce and Internet Security

E Commerce and Internet Security E Commerce and Internet Security Zachary Rosen, CFE, CIA President, ACFE Czech Republic Chapter Introduction The Internet has become a global phenomenon reshaping the way we communicate and conduct business.

More information

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established Network Security ProPosal Form Important Please answer all questions from each section and complete in block capitals. Tick the appropriate boxes where necessary and supply any further information requested.

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

ONLINE BANKING AGREEMENT

ONLINE BANKING AGREEMENT ONLINE BANKING AGREEMENT 1. The Service. In consideration of the Online Banking services ("Services") to be provided by Bank of The Valley ("BANK"), as described from time to time in information distributed

More information

Cyber Risk in Healthcare AOHC, 3 June 2015

Cyber Risk in Healthcare AOHC, 3 June 2015 Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan, Senior Healthcare Risk Management and Data Specialist James Penafiel, Underwriting Supervisor, Insurance Operations CFPC Conflict of Interest -

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization

More information

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Privacy Policy. PortfolioTrax, LLC. 2015 v1.0. PortfolioTrax, LLC Privacy Policy 2

Privacy Policy. PortfolioTrax, LLC. 2015 v1.0. PortfolioTrax, LLC Privacy Policy 2 Privacy Policy 2015 v1.0 Privacy Policy 2 Document Controls and Review This document is to be reviewed once every two quarters and updated to account for any changes in privacy practices that may not have

More information

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the

More information

Payments Fraud: It's Not Fun & Games

Payments Fraud: It's Not Fun & Games Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice

More information

Breach Found. Did It Hurt?

Breach Found. Did It Hurt? ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many

More information