fraud awareness seminar september 23, 2015 - fmi*igf · a micro magnetic stripe reader was inserted...
TRANSCRIPT
Fraud Awareness Seminar September 23, 2015
Detective Bill Allen City of Edmonton Police Service
Payment Card Based Crime Presented by Det. William (Bill) Allen
Edmonton Police Service Major Crimes Branch
Economic Crimes Section Coordinated Counterfeit Unit
Counterfeit Currency Coordinator
Topics to Cover History of Credit
Cards How the numbers
are obtained How the numbers
are used Protection Legislation/ Charges
Credit Cards by CCC definition….
Credit Cards Debit Cards Gift Cards Pre Paid Visa/MC
In the Beginning….sort of
Processing…
And this………..
Produced……
And the dreaded wait for authorization
How do they get the numbers?
Technology moves forward…………
Track 1 and 2 Data
Track 1 (IATA) Track 1 ("International Air Transport Association") stores
more information than Track 2, and contains the cardholder's name as well as account number and other discretionary data. This track is sometimes used by the airlines when securing reservations with a credit card.
Track 2 (ABA) Track 2 ("American Banking Association,") is currently
most commonly used, though credit card companies have been pushing for everyone to move to Track 1. This is the track that is read by ATMs and credit card checkers. The ABA designed the specifications of this track and all world banks must abide by it. It contains the cardholder's account, encrypted PIN, plus other discretionary data.
Processing……
How they get the numbers…..
Don’t forget…………these babies
Moving further forward…..
Also…………
The introduction of the CHIP/ PIN…
Chip credit cards can store encrypted confidential information, which significantly helps to protect the card against counterfeit fraud. A chip transaction generates a unique transaction and because each transaction generates a different ID, this makes the counterfeit production of the card more difficult. It does not use any additional personal data.
RFID (Radio Frequency Identification Data)
Imbedded low frequency signal Used at Tap n’ Go equipped Merchants Low limit transactions – under $50-100 Hard to counterfeit Can be disabled by card holder
Canadian Passport
Protection
Pin Pads
Ingenico i3070
Untampered exterior
Ingenico i3070
Comparison: Untampered/Tampered
Ingenico i3070
Close up of tampering
Track 1 and 2 Reader
Microprocessor Bluetooth modem
Antenna
Memory Chip Lead from
parasitic PIN catcher
Ingenico i3070
Close up of tampered chip card acceptor
Anti tamper defeated
Ingenico i3070
Tampered interior
Parasitic pin catcher
Back of keypad
Criminals move fast……
Chip slot POS tamper A micro magnetic stripe reader was inserted on the plastic opening of the
chip reader Chip reader was moved upward on the main board in order to allow the
customer card to be inserted more deeply to allow magnetic stripe to be read by the micro stripe reader
An additional keypad membrane was inserted between the original keypad and the main board in order to capture the customer’s keystrokes and to obtain their PIN numbers
Wireless technology was added to transmit the information using Bluetooth
Ingenico i3070 tampered & legitimate device
33 Confidential - May not be printed or used without explicit consent
Fraud Inspection Tool (FIT) Card • Engagement kit includes
side-by-side photos to raise awareness of POS tamper
• Easy to use with immediate
confirmation of possible tamper
• Leverage rewards program to motivate employees to conduct routine inspections
34 Confidential - May not be printed or used without explicit consent
Prevention
Secure Check for tampering
daily
PROTECT THE TRANSACTION Both on the Retailer side and the
Consumer side
New threat………….
Food Industry serving systems…..
using remote access software
Imbedded capture programs
Keystroke Logger
And now for the exercise………..
Were going to make a credit card number
Mod 10 Algorithm or LUHN Formula
First drop the last digit from the card number (because that’s what we are trying to calculate)
Reverse the number Multiply all the digits in odd positions (The first digit, the third
digit, etc) by 2. If any one is greater than 9 subtract 9 from it. Sum those numbers up Add the even numbered digits (the second, fourth, etc) to the
number you got in the previous step The check digit is the amount you need to add to that number
to make a multiple of 10. So if you got 68 in the previous step the check digit would be 2. You can calculate the digit in code using check digit = ((sum / 10 + 1) * 10 – sum) % 10
CVV – Card Verification Values
To calculate a 3-digit CVV, the CVV algorithm requires a Primary Account Number (PAN), a 4-digit Expiration Date, a 3-digit Service Code, and a pair of DES keys (CVKs).
How to keep your cards safe…..
Money
Security Features at a Glance Metallic portrait
Frosted maple leaf window
Hidden number
s
Raised ink
Metallic portrait
Large window
Transparent text Small numbers Maple leaf border Metallic building
Small numbers
Metallic building
Maple leaf border
Charges….
Section 402.2(1) Criminal Code – Identity theft 342(1)(c) Possession of stolen credit card 342(3) Possess or trafficing in Credit Card
data
Operation Farmer/ Web
Search Warrant on a south side Edmonton home that was the site of a credit card factory referred to as ‘The Office’
Contact Information Det. Bill Allen #1535 Edmonton Police Service Economic Crimes Section Counterfeit Currency Coordinator 780-421-3426 [email protected]
Ray Haywood Director, Investigations and Forensic Services Pricewaterhouse Coopers LLP
Economic crime is on the rise - but you can fight back
PwC 2014 Global Economic Crime Survey Canadian Supplement – Presented by Ray Haywood Financial Management Institute September 23, 2015
www.pwc.com/ca
PwC
Headlines
1. The Big Picture
2. High-Impact Economic Frauds
3. Cybercrime in our Networked World
4. Internal vs. External Fraudster
5. Perception of Economic Crimes
65 September 23, 2015 Economic crime is on the rise - but you can fight back
PwC
1. The Big Picture
September 23, 2015 Economic crime is on the rise - but you can fight back 66
PwC
1. The Big Picture Most common types of economic crime
September 23, 2015 Economic crime is on the rise - but you can fight back 67
PwC
1. The Big Picture Financial impact
September 23, 2015 Economic crime is on the rise - but you can fight back 68
PwC
1. The Big Picture Crime by industry
.
September 23, 2015 Economic crime is on the rise - but you can fight back 69
PwC
2. High Impact Economic Frauds Asset misappropriation
(Not) Falling off the Back of a Truck
• Asset misappropriation was the most common economic crime experienced by 58% of our Canadian respondents.
Fighting Back Against Asset Misappropriation
To combat asset misappropriation, organizations should implement the following common sense procedures:
• Know your employee;
• Know your vendor;
• Segregate job duties; and
• Implementation of a well-conceived and designed fraud risk management plan.
September 23, 2015 Economic crime is on the rise - but you can fight back 70
PwC
2. High Impact Economic Frauds Procurement fraud A Growing Opportunity, A Growing Threat
Canadian respondents noted procurement fraud occurred primarily during the payment process.
Fighting Back
By implementing a few strategies such as the following, organizations can reduce the risk of procurement fraud:
• Solicit sealed bids revealed before a group of people;
• Segregation of duties within purchasing/procurement; and
• Usage of different vendors for different projects.
Where does procurement fraud take place?
September 23, 2015 Economic crime is on the rise - but you can fight back 71
PwC
2. High Impact Economic Frauds Accounting fraud
The Persistent Threat
From a Canadian standpoint, 22% of respondents reported having experienced accounting fraud;
• One of the most commonly reported economic crimes; and
• Due to the pervasive use of financial statements and financial data in business operations, this kind of economic crime impacts a variety of business processes.
September 23, 2015 Economic crime is on the rise - but you can fight back 72
PwC
3. Cybercrime in our Networked World What do organizations care about?
September 23, 2015 Economic crime is on the rise - but you can fight back 73
PwC
4. Internal vs. External Fraudster Who’s committing fraud?
Economic crime is on the rise - but you can fight back
61% of the economic crimes reported were perpetrated by an employee.
While survey results show that economic crimes committed by senior management were fewer than by employees at more junior levels, these crimes tend to be more sophisticated and larger in dollar value.
September 23, 2015 74
PwC
5. Perception of Economic Crimes Perception of fraud over the next 24 months • With a high level of perceived fraud in the next 24 months, it is important
for companies to implement a rigorous anti-fraud regime.
September 23, 2015 Economic crime is on the rise - but you can fight back 75
PwC
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisers. © 2015 PricewaterhouseCoopers LLP, an Ontario limited liability partnership. All rights reserved.
PwC refers to the Canadian firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
Thank you
For further information contact:
Krista Mooney, CPA, CA•IFA, CFE, CFF Partner, Forensic Services Tel: (403) 509-7336 Email: [email protected] Ray Haywood, CFE Director, Forensic Services Email: [email protected]
Monique Nowak and Melaney Woods, Investigators Ministry of Human Services in the Govt. of Alberta
Human Services Investigations Presented by:
Melaney Woods Monique Nowak Investigator Investigator
• Investigators for the Alberta Government are appointed Alberta Peace Officers for the purpose of conducting investigations into alleged abuse of the Human Services Programs
• We have Authority under the Criminal Code of Canada, the IESA Act, AISH Act, Child Youth and Family Enhancement Act, Emergency Management Act, FSCD Act and the Government Organization Act
Locations
1. Calgary 2. Edmonton 3. Westlock 4. High Prairie 5. Lethbridge 6. Medicine Hat 7. Red Deer
79
What Do We Do?
• Investigate alleged abuse of the Income Support and AISH Programs, as well as Learner’s Benefits and other Human Service Programs as required.
• Investigations typically include: 1. Unreported employment income 2. Unreported change in circumstance 3. Submitting false information 4. Duplicate cheques 6. Not having custody of children 7. Unreported income from boarders 8. Collecting IS in another province 9. Living in a cohabiting relationship
80
How Do We Do This? • Interview clients, potential witnesses, landlords, schools,
employers, neighbors and other pertinent individuals • When we have reasonable and probable grounds to do so we
can access Motor Vehicles, JOIN, Corporate Registries, Vital Statistics, Equifax, WCB, Land Titles, City Taxation, Service Canada, Bank Accounts, Cheque Cashing Services, Revenue Canada, Correctional Facilities, Police Services, RCMP and Canada Border Services
• We can also access Law Enforcement Investigators in other provinces
• Client monitoring
81
Common Charges These Criminal Code charges: • Fraud under $5000 • Fraud over $5000 • Use, Trafficking or Possession Forged Document Provincial Statutes charges: • IESA 41(1) A person who under this Act is required to provide information who (a) knowingly gives false
information, (b) knowingly conceals information, or (c) knowingly omits to provide or disclose information, is guilty of an offence and is liable to a fine of not more than $2000
• AISH Act 11(1) A person who is required to provide information under this Act and knowingly gives false information, conceals information or omits to provide information is guilty of an offence and liable to a fine of not more than $1000 and, where ordered by a judge, repayment of the amount or value of the benefit received.
• (2) A financial administrator or third party is guilty of an offence and liable to a fine of not more than $5000 if he or she (a) benefits from a benefit knowing that the client was not entitled to receive it, or (b) willfully misuses a benefit provided for a client.
• All Investigations are completed to a Criminal Level
82
Less Common Offences These Include: • Forgery • Theft From Mail • Theft • Personation • Falsifying Employment Records • Possession of Property
Obtained by Crime
83
Investigation Outcomes • The possible outcomes to an Investigation:
• Criminal Charges are laid under the Criminal Code of Canada or the ACT,
• Recommend client’s file be closed or benefits changed/reduced
• Investigation is closed due to lack of evidence • Investigation is closed as the accusation was unfounded • Returned to Income Support or AISH Program areas for
possible overpayment
84
Kevin McKay IT Security Manager City of Edmonton
Kevin McKay, @kmckay27
466 data breaches >139 million records in
2015 (to August)
Target, Home Depot, Sony Pictures, Ashley Madison, Anthem Health Insurance, IRS, Uber, Staples, UPS, Hacking Team, Premera Healthcare, US Office of Personnel Management . . . . .
Use layers of Internet security solutions ◦ anti-virus / anti-malware solution ◦ browser protection ◦ website reputation checkers and safety rankings ◦ parental control tools
Keep systems and programs up-to-date Install only what you need ◦ From software and vendor sites that you trust ◦ From automatic updates if possible
Avoid versions of software that is free, cracked or pirated as they can expose you to malware
Do use a password manager ◦ Cloud option ◦ Local option
Do use two factor authentication ◦ Code to phone or email
Don’t use the same password on multiple sites Don’t use security challenge questions that are
overly simply or complex
Be cautious with attachments you don’t expect even when you trust the sender
Be cautious when clicking on links in emails or social media
Be suspicious of search engine results Be suspicious of pop-ups asking you to install
media players, document viewers or security updates
Social engineering ◦ Call them back instead of volunteering information
Social media ◦ Limit exposing personal information on social media ◦ Recognize when an email, instant message, or direct
message is suspicious, it is very likely malicious ◦ Watch out for “friend” requests ◦ Review your privacy settings
Backup files ◦ onsite … and offsite ◦ to backup services or cloud storage
Encrypt your hard drive ◦ using Bitlocker or FileVault ◦ to a portable USB drive
Remove data completely from devices before recycling/disposing
Connect only to reputable or trusted organizations ◦ Starbucks Wi-Fi > Jimmy’s Wi-Fi ◦ Pearson Airport > Wi-Fi Hotspot
Use complex Wi-Fi passwords at home Use virtual private networks where possible
Install security software Use strong passwords at work and at home Update your computers and limit your apps Think before you click Control your information Consider social media information is public Don’t give away sensitive work or personal
information to be helpful Make encrypted backup copies of your files
Question and Answer Session
Thank You! Next Event Nov. 18, 2015
Topic – Capital Projects in Alberta