ACH fraud: The problem Why ACH? Why now? Security evolution How to protect ACH. Combating the Newest Attack Method ACH Fraud Webinar agenda



Similar documents
Securing Cloud Computing. Szabolcs Gyorfi Sales manager CEE, CIS & MEA

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Online Banking Risks efraud: Hands off my Account!

Multi-Factor Authentication of Online Transactions

WHITE PAPER Usher Mobile Identity Platform

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic)

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Fighting ACH fraud: An industry perspective

Top Fraud Trends Facing Financial Institutions

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Corporate Account Takeover & Information Security Awareness. Customer Training

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Improving Online Security with Strong, Personalized User Authentication

Using Entrust certificates with VPN

Modern two-factor authentication: Easy. Affordable. Secure.

Online Cash Manager Security Guide

Best Practices: Reducing the Risks of Corporate Account Takeovers

Advanced Biometric Technology

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

Secure Data Exchange Solution

Corporate Account Take Over (CATO) Guide

Brainloop Cloud Security

ecommercial SAT ecommercial Security Awareness Training Version 3.0

Enhancing Web Application Security

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Automation for Electronic Forms, Documents and Business Records (NA)

Protecting your business from fraud

Online Account Takeover. Roger Nettie

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS

BlackShield Authentication Service

Social Media Single Sign-On: Could You Be Sharing More than Your Password?

NATIONAL CYBER SECURITY AWARENESS MONTH

Cybersecurity Workshop

Chapter 1: Introduction

The SMB Cyber Security Survival Guide

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Enterprise effectiveness of digital certificates: Are they ready for prime-time?

Biometric Recognition s Role in Identity Management

End User Encryption Key Protection Policy

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Remote Deposit Quick Start Guide

Moving to Multi-factor Authentication. Kevin Unthank

Welcome Guide for MP-1 Token for Microsoft Windows

The Key to Secure Online Financial Transactions

What are the common online dangers?

Client Security Guide

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Entrust IdentityGuard

Guide to Evaluating Multi-Factor Authentication Solutions

Information Security Field Guide to Identifying Phishing and Scams

9K: How Technology Can Address Current and Emerging Fraud Risks

A brief on Two-Factor Authentication

Two-Factor Authentication

Public Key Applications & Usage A Brief Insight

ITAR Compliance Best Practices Guide

SecurityMetrics Introduction to PCI Compliance

SecurityMetrics. PCI Starter Kit

How-To Guide: Cyber Security. Content Provided by

ACH AND WIRE FRAUD LOSSES

Innovations in Digital Signature. Rethinking Digital Signatures

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

Executive Summary P 1. ActivIdentity

Transcription:

Combating the Newest Attack Method ACH Fraud Webinar agenda ACH fraud: The problem Why ACH? Attack methods Dynamics of ACH Why now? Action taken Weakness exposed Security evolution How to protect ACH Webinar: Combating the Newest Attack Method ACH Fraud 2

ACH fraud in the news, everywhere ACH fraud: Why Criminals Love this Con Simply defined, ACH fraud is any unauthorized funds transfer that occurs in a bank account. ACH fraud, unfortunately, is very easy to execute Top Trends in ACH Fraud There are 25 billion ACH transactions occurring annually. With these numbers growing every year, ACH fraud is also growing, criminals are finding it more enticing to follow the money Everyone is Learning to Love ACH Including the Crooks Long a virtually fraud-free exclusive banking club, the ACH is paying a price for popular programs ACH fraud: Why Criminals Love this Con Simply defined, ACH fraud is any unauthorized funds transfer that occurs in a bank account. ACH fraud, unfortunately, is very easy to execute On the Backs Of Mules: An ACH Fraud Scheme A community bank based in the Midwest recently intercepted an elaborate ACH fraud scheme involving unwitting mules and multiple financial institutions ACH Fraud Sparks Another Suit Corporate bank account raided over a six-day period last May by cyber thieves who were able to move over $588,000 Bank Settles Suit Against Customer Dispute began last fall, after cyber criminals transferred more than $800,000 Five Indicted in Californian City ACH Fraud Case Theft of $450,000 from a bank account belonging to the City of Carson, CA, ACH fraud has become a preferred method for cybercriminals to steal large sums of money ACH fraud scams total $100 million, FBI says Criminals stealing the online banking credentials of small and midsize businesses has resulted in approximately $100 million in attempted losses, with several new cases opened each week Webinar: Combating the Newest Attack Method ACH Fraud 3

Why ACH fraud? Attacking ACH is a combination of the following: Technology Stealing credentials (including OTP) and logging into the system(s) Accomplished with MITM, MITB, real-time phishing The Nature of ACH A [often] large database of information where it is not practical to verify all details each time it is executed More like a database than protecting a transaction Webinar: Combating the Newest Attack Method ACH Fraud 4

Why Now? Protecting the other stuff (wires, account transfers, etc.) is relatively simple As an industry it has been done for years Call-backs, pass-phrases, etc. Different dynamic when it s 1:1 transfers We ve done a relatively good job at protecting the other stuff If you re the weakest link in the security chain, you get exposed ACH is complex, large amounts of data Only totals are verified, not the individual data points Webinar: Combating the Newest Attack Method ACH Fraud 5

The security industry is evolving Applies OTP to protect user Apply OTP at T(x) PKI T(x) Signature + secure browser Webinar: Combating the Newest Attack Method ACH Fraud 6

How do you protect ACH? The complexities of ACH require a new approach to protecting ALL financial transactions The solution must address: Wire transfers (single and batch) ACH (database at rest, batch transmission) Account transfers The solution should/can address: Account changes (email address, user creation) Document management (contracts, signature cards) Secure correspondence (encrypted email, statements) There is only one solution that can achieve all of the above: PKI Designed to protect large amounts of alpha-numeric information This distinction is critically important Dramatically simplified in past several years Webinar: Combating the Newest Attack Method ACH Fraud 7

Simple, Secure Solutions from Ezio Suite Plug & Sign Usable across all transaction types Eliminating all transactional fraud Ezio Mobile Improves ROI and enables new channels Simplifies user experience Display Card Industry revolutionizing technology MasterCard approved and certified Optical Reader Credit card sized token for true transaction signing Does not require user to re-enter transaction data it is read from the screen Webinar: Combating the Newest Attack Method ACH Fraud 8

Ezio Plug & Sign Simplifying PKI Rollouts Through Innovation Quest for zero footprint device is over Token interface and activation Authentication With portal Transaction signature Document signature Browser Web page signature (esigner) File signature (pdf etc ) PCSC drivers PKCS#11 Passwords Certificate containers Webinar: Combating the Newest Attack Method ACH Fraud 9

Ezio Plug & Sign Simplifying PKI Rollouts Through Innovation A device that is a smart card & a reader & has all the software inside it Token interface and activation Authentication With portal Transaction signature Document signature Browser Auto launch Auto connection (pre stored Web site) Web page signature (esigner) File signature (pdf etc ) HID interface CD rom emulation PKCS#11 Passwords Certificate containers Webinar: Combating the Newest Attack Method ACH Fraud 10

Gemalto s secure personal devices are in the hands of billions worldwide 1.5 billion secure devices Produced and personalized in 2009 200 million citizens Received a Gemalto produced e-passport 500 million people Carry a Gemalto produced credit card 400 mobile operators Connecting 2 billion subscribers 1.65 billion in 2009 revenue Innovation 11 R&D sites worldwide 1,400 engineers 103 invention in 2009 4,500 patents/patent applications Global footprint 18 production sites 30 personalization centers 85 sales/marketing offices Experienced team 10,000 employees 90 nationalities 40 countries 30 years experience Webinar: Combating the Newest Attack Method ACH Fraud 11

Identity The IdenTrust Model Built by banks, for banks IdenTrust identities are issued and usable in 175+ countries IdenTrust acts as a utility, reducing costs, improving knowledge sharing, delivering scale Global interoperable identity scheme User-level non-repudiation, legally enforceable Single identity, multiple uses, any form-factor Proven record of delivering bank-grade strong authentication Used across 6+ billion transactions annually with aggregate annual values of $7+ trillion No data or infrastructure compromise in the ten years of platform operation A scalable, self-routing, real-time, highly secure global identity network Used by many of the world s leading financial institutions and multinational corporations The foundation: P.L.O.T. - Common global standards - A global and scalable network, not dependent on bi-lateral contracts Webinar: Combating the Newest Attack Method ACH Fraud 12

What makes IdenTrust Identity unique Countries AA Corporate Banks Corporates Applications Single trusted identity - multiple applications, multiple banks, network independent Webinar: Combating the Newest Attack Method ACH Fraud 13

Questions? For additional information on ACH fraud and Gemalto s product offering, please email: Adam Dolby, adam.dolby@gemalto.com Christy Serrato, Christy.Serrato@IdenTrust.com Follow us: Twitter: @DigitalSecurity Facebook: www.facebook.com/digitalsecurity LinkedIn: Gemalto Customer Group Webinar: Combating the Newest Attack Method ACH Fraud 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information