Presentation on theme: "Fraud Can Happen Steps to Detection & Prevention Kevin Hennessy, CTP Vice President & Manager, Treasury Management Sales Presented By David E. Sems CPA,"— Presentation transcript:
Fraud Can Happen Steps to Detection & Prevention Kevin Hennessy, CTP Vice President & Manager, Treasury Management Sales Presented By David E. Sems CPA, CITP, CFF Founder, CEO
Small Print I'm not a lawyer and don't play one on TV. All ideas shared are based on experience and is not legal advice. All the slides in this presentation have been painstakingly prepared, although the content has not. Don't steal ALL my slides - that's just rude. And if anybody out there doesn't get what I'm talking about, don't worry - I know how you feel!
David E. Sems, CPA, CITP, CFF Founded Sems & Associates in 2009. More than 15 years of investigation & technology experience 11 Years at Ernst & Young Americas - Leader of Forensic Analytics. Founded Practice SafeGuard Frequent Speaker: –Federal Bureau of Investigation –Association of Certified Fraud Examiners –American Institute of CPAs –University of Notre Dame –Baldwin-Wallace –Institute of Internal Auditors –Ohio Auditor of State –American Association of Oral and Maxillofacial Surgeons
Kevin Hennessy, CTP Manager of Dollar Bank’s Cleveland Treasury Management Group Brings over 33 years of banking experience and 25 years of treasury management experience. Has been responsible for providing innovative treasury management solutions to organizations ranging from small business to large multinational corporations. Certified Treasury Professional (CTP) Serves on the board of The Northeastern Ohio Treasury Management Association (NEOTMA). Oversees all aspects of sales and customer service in Ohio.
Overview Introduction to Fraud Top Fraud Schemes Fraud Detection & Prevention Technology Practical Steps You Can Take
Introduction to Fraud Why Should I Care? There is no system can be complete immune from theft and embezzlement. Employee Fraud is a Significant Threat to Small Businesses* 87% of the people committing fraud are 1st time offenders* * ACFE 2012 Report to the Nation
Introduction to Fraud Why Should I Care? 5% of Global Revenue Loss from Fraud –Global fraud loss of more than $3.5 trillion Perpetrators with higher levels of authority tend to cause much larger losses.
Introduction to Fraud Why Is This Important Now? The Perfect Fraud Storm –Reduced staff can eliminate the concept of separated duties. –In desperate times, people do desperate things. –Ethics Deterioration –Increase Demand For Cash
Introduction to Fraud What Causes Fraud? Opportunity Rationalization Incentive Capability FRAUD Incentive: I want to, or have a need to commit fraud. Opportunity: There is a weakness in the system that the right person could exploit. Rationalization: I have convinced myself that this fraudulent behavior is worth the risks Capability: I have the necessary traits and abilities to be the right person to pull it off. I have recognized this particular fraud opportunity and can turn it into reality.
Payment Fraud / Counterfeiting Counterfeit Currency The Secret Service investigates counterfeit currency in the US. In 2011 $154.7 million in counterfeit currency was recovered. –The Secret Service arrested 2,471 individuals in the US and 386 individuals abroad 60% of the counterfeit currency passed in the US in 2011 was produced using digital means, versus less than 1% in 1995.
Payment Fraud / CHECKS Which is the fraudulent check?
Who is to blame ? Check Fraud In 2008 there were 760,955 “reported” cases of check fraud. Actual losses were “estimated” at $1 to $5 BILLION. The imprisonment rate for check fraud is 2% Who will PAY ? Payment Fraud / Checks Check Fraud –In 2008 there were 760,955 “reported” cases of check fraud. –Actual losses were “estimated” at $1 to $5 BILLION. –The imprisonment rate for check fraud is 2% Who is to blame ?
5 Ways to Prevent Check Fraud 1.Use Payee Match Positive Pay 2.Use Dual Controls -not- Dual Signatures 3.Use separation of duties 4.Use more electronic payments 5.Use Number 1
Sources of ACH & Wire Fraud Internal Employees External Individuals Computer Takeover R/T & Account Number Loss External Vendor Fraud
ACH Fraud Prevention Tools Internal employees –Dual Control –Separation of duties –Limits & Users review –Frequent reconciliation External Individuals –Stolen Checks Computer Takeover –Dedicated PC’s –Anti-virus software –Separation of duties
ACH Fraud Prevention Tools R/T & Account Number Loss –ACH Positive Pay / Debit Block & Filters –Dual Controls –Reconcilement External Vendor fraud –Payroll & 3rd Party Administrators –ACH Positive Pay / Debit Block & Filters –Reconcilement Mobile Payments –ACH Positive Pay –Frequent Reconcilement
ACH Fraud Prevention Tools Additional Steps –Work with your banks & bankers –Set appropriate limits –Be aware of out of channel wires –Use email confirmations –Watch for over limit transactions –Use pre-authorized wires
Cyber Fraud & Banking Systems Corporate Account Takeover –A type of fraud where online banking user credentials are stolen and used to access corporate accounts.
Cyber Fraud & Banking Systems Phishing –An attempt to solicit confidential information by utilizing electronic communication. It can be accomplished numerous ways, including spoofed emails, misdirected URLs, and fake surveys. Other related concepts include spear phishing, vishing (VoIP), and SMiShing (text phishing). Malware –A general term for malicious software including viruses, worms, keyloggers (see below), Trojans and spyware. Malware is usually delivered via email or by visiting an infected website, and in many cases is used to facilitate an account takeover. Keystroke logging (“keylogging”) –a program that tracks key strokes to capture sensitive information such as usernames and passwords.
Cyber Fraud & Banking Systems Man-in-the middle (MITM) –A situation where a criminal is able, through the use of malware, to intercept communications between the user and a legitimate website, enabling both to be manipulated. DDoS (Distributed denial-of-service) –A cyber attack from a network of infected machines intended to deny users access to a website, which is usually done to make a political statement (“hacktivism”), or mask a fraudulent transaction in progress. Money mule –A third party who, often unwittingly, receives stolen funds and wires a majority of the illicit proceeds to the perpetrator (i.e. work-at home schemes).
Preventative Measures Antivirus software (regularly updated). Note: NSS Labs estimates a 36% successful detection rate, so this by itself is not enough. Use a dedicated computer for online banking activity (no email, web surfing, etc.) Strong passwords (combination of letters numbers, characters, case sensitive, changed frequently) Treasury Management products such as positive pay and ACH debit block/filter Segregated duties, dual control, and/or out-of-band verification Staff training Be aware of what to look for – what to avoid
Cyber Fraud Trends 30.68% of all PC’s around the world are infected –China 57% –Thailand 52% –Taiwan 50% –USA (between 26% and 34%) Malware is prolific –26 million new samples in 2011 –73% are Trojans –50+% of the phishing / keylogging Trojans have IP addresses in the USA. Denial of Service attacks –Financially motivated –Politically motivated
Payment Trends Increase in transactions via wireless devices. –Deposits –Transfers –Electronic wallets Steady increase in ACH payments –Payroll –Increased vendor payments Increase in Card Payments –Payroll cards –Its own set of fraud issues Checks declining slowly –Easy to exploit –Still #1 for fraud attempts
Threat Trends Top Cyber Threats in 2013: –Mobile malware from mobile app stores –Increasing exploits involving cloud-based computing –Expanded government- sanctioned attacks –New level of email attacks Focus moves to Online, mobile and banking with use of malware and Trojans.
What To Do BEFORE? Before you experience Fraud –Set up Positive Pay & ACH Debit Blocks/Filters –Review & implement anti virus & anti malware software –Understand how your bank handles fraud –Train your staff –Develop continuity plan procedures –Remain vigilant
What to Do AFTER? After you experience Fraud –Contact your bank immediately –Work with your bank and the authorities –Isolate computers or checking accounts –Run virus scans / clean computers –Implement contingency plans –Determine source of fraud and mitigate
Attn : [RECIPIENT] From : Engr Usman Malika STRICTLY CONFIDENTIAL Dear, It is with respect and confidence that I decided to contact you for a confidential transaction, which requires your assistance for our mutual beneficial relationship. My name is Engineer Usman Malika, the chairman of contract awarding committee of the Togolais national oil (PETROTOGOLAIS) Republique du Togo. Sometimes last two years, our refinery was engulfed with fire for almost two weeks, that most of the heavy equipment got damaged as a result of the unprecedented fire. There was assistance from the world bank and other financial institutions for the replacement of the damaged equipment. During this period, a lot of contracts were awarded to so many international contractors all over the world. Now that all the contracts has been fully executed, and some of the contractors has been fully paid; During this period, I was able to preserve the sum of $25,000,000.00 (Twenty five million united states dollars) which I want to transfer out of the country immediately. Therefore, I need the confirmation of your interest on this transaction, so as to furnish you with further information. Finally, if you are willing to assist me, I will give you 30% of the total money as compensation for your assistance. While replying, send me your private telephone and fax numbers for easy communications. Note that this transaction is 100% risk free and also, all necessary arrangements has been finalised. Awaiting your urgent response. Best regards. Yours faithfully, Engineer Usman Malik One More Thing...
Fraud Detection Technology Transforming raw data into actionable intelligence
Fraud Detection & Prevention Technology How Does Technology Fit In? Large Amounts of Data Complex Heterogeneous systems need to be tied together. Deleted file recovery Accounting system reconstruction/recovery Document review
Forensic Analytics Maturity Model Detection Rate LowHigh False Positive Rate HighLow Structured Unstructured Rules-Based Queries & Analytics Keyword Searching Model-Based Mining Visual Analytics Latent Semantic Analysis Natural Language Processing Predictive Data & Text Mining Continuous Forensic Monitoring
Latent Very fragile by nature - Requires Special Handling Can move across boarders rapidly & easily Every Changing and Growing Time Sensitive Often very voluminous 38 Fraud Detection & Prevention Technology Problems with Electronic Data
Data Mining Example Example: –We were able to detect fake temp employees based on an automated comparison of their pay rate, billing rate and job title. –We applied multiple rule sets in order to determine if specific entry users where responsible for fraudulent behavior. Known suspect. Potential new suspects.
Computer Forensics Bit-For-Bit Copy (100%) Empty Space Read-Only Access Specialized Hardware & Software is Needed Don’t Use Ghost or other IT Cloning Tools 46
Computer Forensic Examples Explicit Image Detection Accounting System reconstruction Timeline Key Events on the Computer Instant Message Recovery Altered Document Detection
Computer Forensic Case Our client purchased a sports apparel company in Vegas After about 1 year the was not performing as expected. Our client planned to replace management and we were asked to “preserve” the electronic records
eDiscovery Example Emails Matter Assume everything you write in an email can be read by a third party Sent in “Plain Text” Same policy for all levels
eDiscovery Example E-mail is discoverable Great for facts – not for discussion of sensitive issues The Front Page Rule Have and enforce monitoring policy: Remind your employees of the policy on a regular basis
eDiscovery Example Even more risky –Facebook –Twitter –Other “Social Media”
Technique: Benford’s Law Figures have a certain probability of occurring in a certain order (identifies possibility of fraudulent transactions)