Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber, Computer Fraud & Electronics Funds Transfer Exposures A detailed look at hacking, bank accounts, stolen funds & recovery.

Similar presentations


Presentation on theme: "Cyber, Computer Fraud & Electronics Funds Transfer Exposures A detailed look at hacking, bank accounts, stolen funds & recovery."— Presentation transcript:

1 Cyber, Computer Fraud & Electronics Funds Transfer Exposures A detailed look at hacking, bank accounts, stolen funds & recovery

2 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Speakers Matt Prevost, RPLU AVP, Underwriting D&O, E&O, Cyber Products-Western Territory Eric Zehnpfennig, CPCU, RPLU Underwriting Supervisor, Underwriting D&O,E&O, Cyber Products-Pacific Northwest and Rocky Mountain Regions

3 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Purpose “Organizations may choose to handle the risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk…” Framework for Improving Critical Infastructure Cybersecurity Version 1.0 National Institute of Standards and Technology Released 2/12/2014 Increase Awareness w/information sharing

4 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Today’s Agenda 15 Minutes How(and why) is this happening… 15 MinutesWho is responsible/exposed… 20 MinutesInsurance Coverage Impact… 5 MinutesQuestions/Answers

5 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Intro to Tech Terms Hack: computer based intrusion Mule: entity(ies) or individuals used as middleman in fraudulent transactions Phishing: masquerading as a trustworthy entity in an electronic communication to obtain data PCI DSS: Payment Card Industry Data Security Standard Skimming: using electronic device to swipe CC numbers Compromised: unauthorized point of entry

6 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Why is this happening? 2012 Business Banking Trust Trends Survey(Ponemon Institute August 2012): - 48% of respondents say their business conduct at least 50% of their banking online(increasing from 29% and 39% in previous years. - 43% say their bank take appropriate steps to proactively limit risky banking transactions - 42% agree that their bank makes it too difficult to access bank accounts and conduct online transactions - businesses are basically keeping the same technologies in place despite the increased scale and sophistication of fraud attacks “Any financial institution can put all of the controls they want in place, but if their client isn’t following the instructions or doing things properly, there are certain challenges,” Robbins said. “We do look for all of our clients to use dual controls. and we want to make sure there are multiple points of control. Because what we’re seeing today is that a malware compromise can happen at a single point in the system, and so there have to be multiple controls in place on the customer’s side.” –Virginia Robbins, CAO California Bank of commerce*

7 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. ‘The Smartest Ways to Get Paid’ Inc. Magazine November 2013 A bank is no longer just ‘a bank’… Examples of different payment methods: Name of Mobile Payment App “We like”“not so much”Cost PayPal Here Processes cards and checks…and paypal Speedy: You’ll get access to your funds within minutes of swiping a card Seller Beware: If you process more than $2,500 within a 7 day period, you might not receive the funds for up to 30 days 2.7% per transaction Mobile Pay on Demand A big bank is less likely to freak out over big charges and is equipped for fast growth businesses. Safe: BofA transactions are ultrasecure. Best for high dollar transactions. Printing receipts directly from the app is not yet available. 2.7% per transaction Paydiant You put your own brand on it. Its personal. Because customers register with you, you are able to collect valuable data on them as they use the app. You are reliant on customers downloading your app and associating their cards with it. Variable. SpotPay Easy Set up, a free reader and all the basics. Handy. Spot pay can take photos of the buyer or the purchases. Spotpay’s reader is bulky. 1.99% to 3.19%. Voice is 3.19%.

8 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. How it happens every time…

9 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. How is this happening? *Graphic provided by the FBI

10 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Incident Examples Marketing Firm Example: Plumbing Supply Company Example: Cyber-crooks stole $1.2 million from Unique Industrial Product Co., a Sugar Land, Texas-based plumbing equipment supply company. The company's operations manager said a forensic analysis showed the attackers used malware planted on its computers to initiate 43 transfers out of the company's account within 30 minutes. Experi-Metal, Inc. Mt. Gox Example: Bitcoin exchange that was hacked faced 150,000 hack attacks every second. During a DDOS attack, which lasted for several days an estimated $575mm was stolen from the firm. The Tokyo-based exchange, which filed for bankruptcy protection in February 2014, has been sued by a British law firm in a class action suit.

11 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Who is responsible? Marketing Firm Example: ‘We don’t see the error on our side.’-TD Bank in response to Little & King, LLC etheft loss “They feel that because [the thieves] compromised my computer that it’s my responsibility and that I should look into my insurance, but I don’t have insurance”- Little & King President Utah Pizza Place Example: Cisero’s Pizza Sues US BANK(1 st such suit in the US; 2011) “the McCombs allege that the bank, and the payment card industry (PCI) in general, force merchants to sign one-sided contracts that are based on information that arbitrarily changes without notice, and that they impose random fines on merchants without providing proof of a breach or of fraudulent losses and without allowing merchants a meaningful opportunity to dispute claims before money is seized.”

12 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Coverages potentially ‘in play’ Impacted Entity: Commercial Crime Stand alone Cyber Products Commercial General Liability D&O(failure to maintain or SH/derivative claims) Cyber endorsements Other(potentially responsible parties): Technology providers(E&O) Banks’ Financial Institution Coverage General E&O policies of others Certification Entities Lawyers E&O(drafting contractual language)

13 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Crime EE Theft(rogue employee) Computer Fraud Electronic Funds Transfer Coverage Exclusions

14 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Stand Alone Cyber Chubb Cybersecurity Policy Definitions

15 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Cyber CFC C&P

16 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Cyber Exclusions R.For, arising out of or resulting from any of the following: (1) trading losses, trading liabilities or change in value of accounts; any loss, transfer or theft of monies, securities or tangible property of others in the care, custody or control of the Insured Organization; (2) the monetary value of any transactions or electronic fund transfers by or on behalf of the Insured which is lost, diminished, or damaged during transfer from, into or between accounts; or (3) the value of coupons, price discounts, prizes, awards, or any other valuable consideration given in excess of the total contracted or expected amount;

17 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Impact on Claims handling 1.Various levels of urgency 2.Who is primary? 3.Contractual needs/requirements 4.Third party contracts and information hoarding 5.Allocation 6.Case-law is constantly changing 7.Experience of E&O/CGL adjusters with cyber-related events when cyber coverage is present 8.Separation of responsbilities(breach coach versus defense attorney) 9.PCI fines and penalties; but aren’t regulatory fines uninsurable? 10.Subrogation opportunity?

18 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Who (8wns) this exposure? Underwriting standpoint… Agent standpoint… Entity standpoint…

19 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Why ‘what if’ coverage scenarios are relevant… Start to gather a list of ideas from the technology team, legal team, CFO’s biggest concern and see how the coverage(s) interact. If your CTO asked you… If your CMO asked you… If your CEO’s son wants to use his computer… If your CMO thinks he can build revenue by accepting Bitcoins as payment…

20 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Where to learn more… Conferences: Netdiligence Cyber Conference(East and West Coast) PLUS RIMS Websites: Other: Cyber underwriters Crime underwriters Agents/Brokers Case Law

21 © 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Questions? This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy issued by the Philadelphia Insurance Companies. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.


Download ppt "Cyber, Computer Fraud & Electronics Funds Transfer Exposures A detailed look at hacking, bank accounts, stolen funds & recovery."

Similar presentations


Ads by Google