Presentation on theme: "Copyright 2006. T. Rowe Price. All rights reserved Fraud Trends & Prevention Strategies October, 2007."— Presentation transcript:
Copyright T. Rowe Price. All rights reserved Fraud Trends & Prevention Strategies October, 2007
Copyright T. Rowe Price. All rights reserved 2 Agenda Fraud Themes & Statistics ACH Online Services Checks Check Fraud – Preventative Measures Disbursement Account Fraud – Preventative Measures Identity Theft How thieves get personal information Identity Theft Task Force – Recommendations regarding the use of social security numbers
Copyright T. Rowe Price. All rights reserved 3 Panelists Craig Keller- National City Bank Angela Ponte - Wells Fargo Debbie Seidel- T. Rowe Price
Copyright T. Rowe Price. All rights reserved 4 Fraud Themes & Statistics Checks are still the most prevalent method of payment fraud Check presentment volume is lessening but check fraud volume is not Technology makes fraud “easier” Desktop publishing is more sophisticated Internet creates a world-wide means for selling information and sharing fraud techniques, including how firms are vulnerable Firms need to be cognizant of insider (employee, vendor) fraud, given availability to: Customer non-public (personal) data Customer assets, financial payments and/or records of the firm Identity Theft is estimated at $53 billion in losses (“Consumer Fraud & Identity Theft Data January-December 2005” Federal Trade Commission, Jan 2006)
Copyright T. Rowe Price. All rights reserved 5 Fraud Themes & Statistics Results from the 2007 AFP Payments Fraud Survey 72% of companies responding to survey experienced fraud attempts 93% respondents experienced check fraud attempts 35% experienced ACH debit fraud attempts 44-45% of these firms received ACH debit fraud attempts through ACH codes WEB (44%) and TEL (45%) Most firms had little to no actual losses due to payments fraud 42% had no losses 31% had losses under $25,000
Copyright T. Rowe Price. All rights reserved 6 Fraud Themes & Statistics Federal Reserve 2004 Payment Study analyzed several sources of fraud information: 2003 estimated loss for check fraud is $10 to 20 billion within $39.3 trillion in check transactions Estimated 2004 loss for ACH fraud is $1.3 to 8.0 billion within $25 trillion in ACH transactions
Copyright T. Rowe Price. All rights reserved 7 ACH Parties and their primary role Originator- Sender of ACH transaction; controls the activity ODFI- Originating Depository Financial Institution; warrants activity and has liability RDFI- Receiving Depository Financial Institution; duty is to post valid and authorized transactions to receivers account Receiver- Party experiencing debit/credit transaction; must authorize Originator to make transaction
Copyright T. Rowe Price. All rights reserved 8 ACH Types of ACH transactions Expanded beyond recurring payments; now includes “one time” transactions New types of authorizations for ACH WEB- authorization received through Internet for one time or recurring transactions TEL- one time only debit, verbal authorization Check conversion types RCK- representment of a returned check POP- point of purchase (retail stores) ARC- account receivable conversion (lockbox) BOC- back office conversion
Copyright T. Rowe Price. All rights reserved 9 Preventing Fraud in ACH Most ACH fraud loss can be prevented by Timely reconciliations, including resolution of unknown transactions ACH blocks/filters on your bank accounts Timely return of payments Know your customer Have procedures to verify the person initiating or authorizing an ACH transaction Establish strong policies and procedures on payments Written instructions with Medallion signature guarantee if customer is requesting you to make a payment to a third party Hold periods on originated ACH debits Monitor for multiple returns (check and ACH)
Copyright T. Rowe Price. All rights reserved 10 Online/Internet Services Know your customer Verify customers electronically before accepting banking information online (NACHA WEB rule) T. Rowe Price Approach Vendor supplies personalized credit-related questions that customers must answer and then scores results (Demographic and geographic are other options) If they don’t pass, we push them to a paper application We track any failures so that if paper account application is received, we review CIP results closely Used for new accounts that are supplying banking information or existing accounts adding/changing banking instructions online
Copyright T. Rowe Price. All rights reserved 11 Online/Internet Services Provide customers with additional security measures T. Rowe Price Approach “Pick a picture” so customer knows they are on T. Rowe Price website Security questions if they log on from a “foreign” pc These are in addition to paper or electronic confirmations of activity, holds on checks and other traditional security measures Other Options Use of security questions for other types of services (Address changes, Reset passwords, Large dollar transactions) Authentication tokens
hareholder Services Operations S Corporate Operations Fraud Trends & Prevention Strategies Craig K. Keller October 2007
hareholder Services Operations S Corporate Operations Agenda Fraud Themes & Statistics ACH Online Services Checks Check Fraud – Preventative Measures Disbursement Account Fraud – Preventative Measures Identity Theft How thieves get personal information Identity Theft Task Force – Recommendations regarding the use of social security numbers
hareholder Services Operations S Corporate Operations Check Fraud There are various types of check fraud A check is stolen from a shareholder and the signature is forged. Check detail is altered – i.e. Name, Amount, etc. Desktop publishing software is cheap and easy to use. Individuals committing fraud will use the banks routing number, DDA number and Company name to issue checks for personal use. Check stock is stolen
hareholder Services Operations S Corporate Operations Check Fraud – Preventative Measures Use check stock that has multiple security features. Security Paper with Watermarks – Feature allows watermark to be viewed when held at an angle either toward or away from a light source. Invisible Security Fibers – Added to provide a means of forensics identification using a backlight. AlterAlerts – Attempts to alter the document will result in a visible stain due to ‘Chemical’ sensitivity.
hareholder Services Operations S Corporate Operations Check Fraud - Preventative Measures Use check stock that has multiple security features. Cont. Toner Retention – Deters attempts to fraudulently alter documents by lifting or scraping away the toner image and replacing it with new data. SecureScan enhanced void pantograph – Deterrence against high-tech color copiers used to duplicate checks. Warning Bands – Printed on the face of the document.
hareholder Services Operations S Corporate Operations Check Fraud - Preventative Measures When replacing checks, issue replacements to the same name and address as the original check was issued to, unless appropriate documentation is received authorizing the transaction. Store unused check stock in a vault or locked area. Regularly audit check inventories to insure stock has not been stolen.
hareholder Services Operations S Corporate Operations Check Fraud - Preventative Measures Insure that clearing bank has process to detect fraudulent items Positive Pay - Checks should not be paid if check number and dollar amount do not match. Some banks are also using payee verification as an additional match. If check is received that has one of the mismatches from above, research item to determine if item is fraudulent. Notify Fraud Prevention Department of fraudulent activity.
hareholder Services Operations S Corporate Operations Disbursement Account Fraud Protect yourself from Disbursement Account Fraud Investors obtain disbursement account number when receiving disbursements from issuer or agent. Investors use the disbursement account number to pay bills using electronic bill pay feature. Investors use the account number to set up electronic debit transactions to purchase shares.
hareholder Services Operations S Corporate Operations Disbursement Account Fraud - Preventative Measures Be sure that DDA’s used for disbursements are coded to NOT allow ACH debit transactions against the DDA.
Fraud Trends & Prevention Strategies October 26, 2007
Agenda Fraud Themes & Statistics ACH Online Services Checks Check Fraud – Preventative Measures Disbursement Account Fraud – Preventative Measures Identity Theft How thieves get personal information Identity Theft Task Force – Recommendations regarding the use of social security numbers
How identity thieves get personal information: Stealing mail (statements, 1099s, div checks) dumpster diving (shareholder and TA) change the billing address on account Phishing stealing records or information while they're on the job bribing an employee who has access to these records conning information out of employees
Insider Threat to Companies One in five workers (21%) let family and friends use company laptops and PCs to access the Internet More than half (51%) connect their own devices or gadgets to their work PC, a quarter of these every day Around 60% admit to storing personal content on their work PC One in ten confessed to downloading content at work they shouldn't Two thirds (62%) admitted they have a very limited knowledge of IT Security More than half (51%) had no idea how to update the antivirus protection on their company PC Five percent say they have accessed areas of their IT system
Hackers aren't just picking up computer skills: they are acquiring psychological and counterintelligence skills. In the past, hackers had to master at least the rudiments of a programming language and operating system knowledge. Today’s hacker assisted by more than 30,000 Web pages devoted to the subject, and most tools they use are freely available from Internet sources. The real hacking risk of the future is that these new, younger hackers will enter the job market and neglect to check their hacking behaviors at the door. Through 2009, the financial damage experienced by businesses due to targeted attacks will increase at least five times faster than damage caused by mass events. How identity thieves get personal information:
The largest ever security breach ~50MM customers impacted Undetected for 18 month Appears to be Romanian hackers and Russian organized crime second-quarter earnings fell 57%, due to a charge of $118 million related to theft
Identity Theft Life Cycle Identify thief attempts to acquire a victim’s personal information The thief attempts to misuse the information that was acquired –Existing account fraud –New account fraud An identity thief has completed the crime and is enjoying the benefits, while the victim is realizing the harm
TASK FORCE RECOMMENDATIONS REGARDING THE USE OF SSNS On May 10, 2006, the President established an Identity Theft Task Force. Comprised of 17 federal agencies, including the FTC. The Task Force mission is to develop a comprehensive national strategy to combat identity theft. The President specifically directed the Task Force to make recommendations on ways to improve the effectiveness and efficiency of the Federal government’s activities in the following areas of identity theft: Awareness Prevention Detection Prosecution
TASK FORCE RECOMMENDATIONS REGARDING THE USE OF SSNS In April 2007, the Task Force published a strategic plan for combating identity theft. The plan is organized around the life cycle of identity theft – from the thieves’ attempts to obtain sensitive information to its impact on victims – and identifies roles for consumers, the private sector, government agencies, and law enforcement. The plan recommends that the Task Force develop a comprehensive record on the uses of the SSN in the private sector and evaluate their necessity.
TASK FORCE RECOMMENDATIONS REGARDING THE USE OF SSNS To prevent thieves from obtaining sensitive information, government and the business community should, Limit the information they collect and maintain from or about consumers - including SSNs - to that necessary to meet clear legal or business needs. Improving the manner in which those who collect such data safeguard it. Make it more difficult for thieves to use data they steal. Improving methods to authenticate consumers. More effective prosecution of criminals.
Keeping Consumer Data Out of Hands of Criminals Establish national standards for data protection requirements and breach notice requirements Develop comprehensive record on private sector use of SSN Better education of the private sector on safeguarding data Initiate investigations of data security violations Initiate a multi-year public awareness campaign Develop online clearinghouse for current educational resources
FTC Hosts SS# Workshop On December 10 th and 11 th, 2007 the Federal Trade Commission will host a public workshop, “Security in Numbers: SSNs and ID Theft,” to explore the uses of Social Security numbers in the private sector and the role of SSNs in identity theft. Members of the public can view a live Webcast of the summit on the FTC’s web site. Although pre- registration is not required, interested parties may pre- register by contacting By the first quarter of 2008, the Task Force will make recommendations to the President on whether additional steps should be taken regarding the use of SSNs.
TASK FORCE RECOMMENDATIONS REGARDING THE USE OF SSNS There is no single “right” way to authenticate individuals, but rather there are a number of promising techniques being developed and implemented that use multiple layers of security, including biometrics and smart cards. Identity thieves are increasingly sophisticated and adept at defeating authentication efforts, so that it is critical that new techniques continue to be developed to stay “a step ahead” of the thieves.
Prosecuting and Punishing Identity Thieves Coordination and Information/Intelligence Sharing Coordination with Foreign Law Enforcement Prosecution Approaches and Initiatives –Increase prosecutions of identity theft –Review civil monetary penalty programs –Conduct targeted enforcement initiatives
Strategy Keeping sensitive consumer data out of the hands of identity thieves through better data security and more accessible education Making it more difficult for identity thieves who obtain consumer data to use it to steal identities Assisting the victims of identity theft in recovering from the crime Deterring identity theft by more aggressive prosecution and punishment of those who commit the crime
Presented (insert date) By (insert organization’s name)
WHAT CAN YOU DO? DETER Deter identity thieves by safeguarding your information DETECT Detect suspicious activity by routinely monitoring your financial accounts and billing statements DEFEND Defend against identity theft as soon as you suspect a problem
DETER identity thieves by safeguarding your information. Shred financial documents before discarding them Protect your Social Security number Don’t give out personal information unless you’re sure who you’re dealing with Don’t use obvious passwords Keep your information secure
DETECT suspicious activity by routinely monitoring your financial accounts and billing statements. Be alert Mail or bills that don’t arrive Denials of credit for no reason Inspect your credit report Law entitles you to one free report a year from each nationwide credit reporting agencies if you ask for it Online: by phone: ;www.AnnualCreditReport.com or by mail: Annual Credit Report Request Service, P.O. Box , Atlanta, GA Inspect your financial statements Look for charges you didn’t make
DEFEND against identity theft as soon as you suspect a problem. Place a “Fraud Alert” on your credit reports by calling any one of the three nationwide credit reporting companies: Equifax: Experian: TransUnion: Review reports carefully, looking for fraudulent activity Close accounts that have been tampered with or opened fraudulently File a police report Contact the Federal Trade Commission
WHERE CAN YOU LEARN MORE? Online: ftc.gov/idtheft By phone: ID-THEFT By mail: Identity Theft Clearinghouse Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580