Fraud in today’s world September 18, 2015. 60 82 23 1 What do these numbers represent?

Slides:

Advertisements

Similar presentations

Banking Services AVAILABLE FOR A SMALL BUSINESS. BANKING SERVICES 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.

Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

P ASSWORD S ECURITY. I F SOMEONE HAS YOUR PASSWORD, EITHER FROM YOU GIVING IT OUT OR THEM FIGURING OUT, THEY COULD : 1.Send abusive or threatening .

1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

8 Mistakes That Expose You to Online Fraud to Online Fraud.

Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Corporate Account Takeover & Information Security Awareness PRESENTATION FOR BANK CUSTOMERS.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Payment Fraud Trends : What Can you do? Protect Yourself and Your Business from Financial Fraud.

Electronic Payment By: El Panda. What is an electronic payment? Electronic money (also known as e-currency, e-money, electronic cash, electronic currency,

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams Stevie's Scam School videos

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

CASH CONTROLS AT OSU. WHAT IS “CASH”? Currency, coin, and cash equivalents: Checks Traveler’s checks Cashier’s checks Credit card records EFTs: ACH and.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Online Shopping Take Charge of Your Finances

© Family Economics & Financial Education –October 2007 – Consumer Protection Unit – Online Shopping Funded by a grant from Take Charge America, Inc. to.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

What is Check Tampering? Form of Fraudulent Disbursement Employee does one of two things: Prepares a fraudulent check for own benefit Converts a check.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

BUSINESS B1 Information Security.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

IT security By Tilly Gerlack.

Identity Theft  IDENTITY THEFT occurs when someone wrongfully acquires and uses a consumer’s personal identification, credit, or account information.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

Information Security Sharon Welna Information Security Officer.

The “F” Word: Fraud Presented by: Donna Mayes, CPA.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.

A Matter of Your Personal Security Phishing Revised 11/30/15.

U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.

Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.

Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.

INTRODUCTION & QUESTIONS.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim.

Corporate Account Takeover & Information Security Awareness.

OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.

STOP.THINK.CONNECT™ A NATIONAL CYBERSECURITY AWARENESS CAMPAIGN Protecting Yourself and Your Family Online.

FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.

Important Information Provided by Information Technology Center

What do these numbers represent?

Information Security.

Phishing, what you should know

Information Security 101 Richard Davis, Rob Laltrello.

Phishing is a form of social engineering that attempts to steal sensitive information.

Lesson 2- Protecting Yourself Online

Cybersecurity Awareness

9 ways to avoid viruses and spyware

What is Phishing? Pronounced “Fishing”

Lesson 2- Protecting Yourself Online

Cybersecurity Simplified: Phishing

Presentation transcript:

Fraud in today’s world September 18, 2015

What do these numbers represent?

% of organizations were exposed to actual or attempted payments fraud in % of survey respondents report checks were the primary target for fraud attacks at their organization $23,100 was the typical financial loss incurred by organizations due to payments fraud Source: 2014 AFP Payments Fraud and Control Survey 2 Fraud statistics

Payment method responsible for largest dollar amount of fraud loss Source: 2014 AFP Payments Fraud and Control Survey 3

Types of check fraud  Unauthorized check  Maker forgery  Internal embezzlement  Forged endorsement  Customer victimization  Counterfeit  Altered check 4

Electronic deposit check fraud  Check 21 opened up a world of possibilities for financial institutions, their customers, and unfortunately, criminals  Risk management has become a key focal point for financial institutions as they offer more opportunities for image-related deposits 5

ACH Debit Fraud  Criminals get MICR-line information from a legitimate check  Sell information to fraud rings  Fraud rings originate ACH transactions using legitimate account numbers

Cyber fraud – three primary methods  Social engineering  Malware  Combination: social engineering used to install malware 7

Social engineering via phishing example 8

Spear phishing  Spear phishers target select groups of people  Information obtained by hacking into a computer network, or by combing through other sites  The messages look more legitimate to the receivers  Create false sense of security about clicking on the embedded link  Tone of urgency convinces victims to act quickly, providing information they would not normally disclose  This may allow installation of malicious codes known as “malware”  Malware can be used by criminals to gain unlimited access to data from victims’ computers 9

Business account takeover Password-stealing Trojan sent as attachment Online banking credentials sent to criminal Criminal sends sub $10,000 payments to money mules Criminal logs into victim company’s bank accounts Mules withdraw cash and forward to criminals overseas 10

11 Imposter Fraud Are you who you say you are? Do you know whom you are paying?

12 Reduce your risk Educate your staff Verify your vendor Verify your requestor Watch your wires Audit your activity

What steps can entities take to avoid fraud? 13

Six rules for a strong fraud protection program  Protect access credentials  Increase internal controls  Educate employees  Know your employees  Keep authorizations up to date  Know your vendors 14 Trust is not an internal control

Number-one line of protection  Your employees are the front line of defense against online fraud  Entities must ensure they get the training they need and remind them often to stay on their guard against online fraud 15

Diligent user management  Audit users on a regular basis, especially those with transaction privileges  Review user privileges often to ensure no one has unauthorized or unnecessary access  Limit transaction privileges to an absolute minimum – needs only basis  Apply separation of duties for key money movement activities 16

Maintain separation of duties ■ Assign accounts payable functions to more than one person ■ Rotate personnel in financially sensitive assignments ■ Limit the number of signers ■ Require more than one signature on large dollar check amounts 17

Dual custody – online banking portal  One person initiates and another approves from a different computer  Online payment transactions  Self-administration changes  Be aware of collusion risks  Select approvers that are less likely to collude  Different locations  Different functions  Option exists to require multiple approvals 18

Enforce mandatory vacation policies  One of the most effective ways to avoid internal embezzlement  Also a good way to detect embezzlement if someone is operating a scheme 19

To avoid phishing attempts  Remember that most companies, banks, etc. will never request personal or sensitive information via or text  If in doubt, call the company to check, but don’t use the phone number on the  Don’t reply to a message that asks for personal or financial information  Never follow a link to a secure site from an , always enter the URL manually  Use a phishing filter; many of the latest web browsers have them built in 20

Secure passwords are critical  Create different passwords for different purposes  Social networking  Major shopping sites  Financial institutions  Separate passwords for infrequently visited sites  Use passwords that cannot be easily guessed  No pet names, family names – they can be found on social media sites  A recent survey revealed that “password” and “123456” are very popular  Try using the first letters of a memorable phrase and make it more complex by replacing letters with characters or numbers 21

Security considerations for mobile banking  Be cautious of unsolicited text messages. Avoid clicking on links contained in text messages.  Don’t store sensitive data on your mobile device.  Install tracking software that allows you to locate, lock or wipe data. 22

Maintain check security  Require tight security of all check stock  Destroy obsolete check stock  Keep check stock in an area that is locked and secure  Purchase check stock from a reputable vendor  Include safety features in checks  Require a secure method of delivery for new stock  Inventory check stock at least quarterly  Limit number of individuals who have access to check stock 23

Reconcile accounts promptly  Required by UCC  Ensures timely identification of errors and/or fraud  Reconcilement duties must be kept separate from check issuing duties 24

TM services to reduce risk and fraud  Positive Pay with Payee Validation  Payment Authorization  ACH Fraud Filter  notification of outgoing wires (event messages)  Account Reconciliation  Dual control  Remote Desktop Deposit  Virtual Vaults  Lockbox  Merchant Services  ACH payments  Prepaid Cards  Unique AP Cards 25

Webinar training sessions Every week, a 60-minute, instructor-led online training class is offered to all Commercial Electronic Office ® (CEO ® ) portal users. The training class is called: Reducing Risks: What you need to know about Payment Fraud During this course, the instructor will review:  Growing fraud threats, including account takeover fraud and impostor fraud  The latest fraud statistics  Tips for how to minimize the risk of fraud To locate training to go: CEO Homepage>Support Dropdown Menu>Online Training

Thank you