Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bank Crime Investigation Techniques by means of Forensic IT

Published byPercival Hawkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Bank Crime Investigation Techniques by means of Forensic IT"— Presentation transcript:

1 Bank Crime Investigation Techniques by means of Forensic IT
Technological Crime Trends Gina Carletti’s Scotiabank Canada

2 Agenda Risk Mitigation Prevent, Detect & Respond Focus on Technological Crime and Forensics Technological Crime Trends Business Impact/ Potential Risk Computer Forensics Forensic Tools Technology as an Investigation tool Recommendations Q&A

3 Technological Crime Investigators:
Risk Mitigation Technological Crime Investigators: Understand the value of the business assets. Identify the threats in the environment. Review security measures in place. Mitigate residual risk to an acceptable level.

4 Prevent, Detect and Respond Strategies
Prevent: the act of preventing the unwanted event The best protection Anti-Skimming Devices Monitors Systems Staff and Customer Education, Training/Awareness Detect: the act of detecting the unwanted event Identification of high risk customers and services. Detection of attacks either being planned or in progress. Respond: after the fact investigation Investigations gather facts, reports to business lines with recommendations and risk assessments.

5 Focus on Technological Crime and Forensics
Profile of an Investigator Manage and respond to time sensitive Electronic Crime Investigations. Intelligence analysis used to identify new suspect profiles that may be involved in money laundering, fraud or other criminal activity. The identification of new technological crime trends and exploit vectors. Provide computer forensic support to investigations such as: Defalcation, Irregular practice, Bank Card Fraud, etc. Provide technical assistance in personal security incidents.

6 Technological Crime Trends
Computer crimes have become increasingly common due to the prevalence of computers today. As technology advances and becomes more sophisticated, so does computer-based crime. Computers have been used for embezzlement, money laundering, fraud, organized crime and various other illegal activities, e.g. identity theft. Note: Computer and cyber forensics as well as electronic surveillance are now common tools used to investigate fraud.

7 Technological Crime Trends - Continue…
Phishing - A form of social engineering personal information from victims (customers) via spoofed s/websites. Pharming – Criminals hack a Domain Name Server, or a user’s computer/wireless router, to direct unsuspecting individuals to a fake website to steal their user ID and password. Crimeware - Malicious software/hardware that can infect the victim’s (customers) computer to capture, record and transmit data to be used fraudulently. e.g. keyloggers, trojans.

8 Technological Crime Trends - Continue…
Online Social Networks – websites that allow people of common interest to share experiences. In the social networking site Myspace, the fraudsters have discovered ways to inject malicious code and deceive users to divulge confidential information. Vishing - Is also a social engineering method that incorporates the use of Voice Over Internet Protocol (VOIP) and traditional phishing tactics to garner confidential personal information. Skimming (ATM/POS) - is where the data in the card's magnetic strip is copied to a duplicate card without the card owner's knowledge

9 Technological Crime Trends - Continue…
Mobile Devices - is a pocket-sized computing device, typically utilizing a small visual display screen for user output and a miniaturized keyboard for user input. May result in confidential information being lost Unsecured data warehouses and/or tape backup delivery channels - Security breach resulting in loss of confidential information, putting consumers and organizations at risk of crimes, such as identity theft. Regulations - Compliance with SOX, AML/ATF, Basil II and others regulatory requirements are driving security improvements and policy.

10 Business Impact/ Potential Risk
Reputation Risk Identity Theft Financial Losses Information leakage and targeted attacks Threat to network security Hinder user productivity Bandwidth Consumption Legal Risk

11 Computer Forensics The simple definition of computer forensics
... is the art and science of applying computer science to aid the legal process Computer forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law e-discovery, requires the proper tools and qualifications to meet the Court's procedural criteria

12 Digital Media Acquisition & Examination
Forensic Tools Digital Media Acquisition & Examination Computer Hard Drive DVD USB Phones Smart phones Servers accounts Log analysis: Web logs Systems logs Application logs Telephone logs

13 Technology as an Investigation tool
Types of Investigations: Irregular Practices Insider Threats Fraud Investigations Money Laundering and Terrorist Financing Harassment Inappropriate Internet Use Pornography Privacy Technological Tools: Analysis Forensic Analysis of Digital Media Forensic Analysis of Systems Cyber Forensics

14 Recommendations We need to focus on understanding and mitigating fraud related risks We all need to embrace the idea of becoming “Anti-Fraud Professionals” Employee, customer and police awareness training Security development training Implantation of new technology such as: one time passwords and anti-skimming devices Separation of duties in critical security functions Strict policy restrictions Regular auditing Monitoring systems/trigger programs Adequate logging Encryption

15 Thank you! Gina Carletti, Bcomm - ITM, CISSP Senior Manager
Technological Crime & Forensics Tel: (416) Mobile: (647)

Download ppt "Bank Crime Investigation Techniques by means of Forensic IT"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
© Peter Readings 2007 1 Data Leakage Pete Readings CISSP.

© Peter Readings Data Leakage Pete Readings CISSP.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.

Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Security Controls – What Works

Security Controls – What Works
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Similar presentations

Ads by Google