fraud prevention and awareness an introduction for clients ... · spear phishing e-mails and/or...
TRANSCRIPT
Alicia Somers - Financial Wellness RM
Dan Eveloff – FL Treasury Executive
Fraud Prevention and AwarenessAn Introduction for Clients Facing Fraud Concerns
© 2018 Regions Bank.
REGIONS NEXT STEP
This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional concerning your specific situation and irs.gov for current tax rules.
2
This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional
concerning your specific situation and irs.gov for current tax rules.
© 2018 Regions Bank.
AGENDA• TODAY WE WILL FOCUS ON THESE BIG QUESTIONS . . .
1.What are the ways fraud can happen to your business?
2.How can you protect your business and yourself?
3
© 2018 Regions Bank.
•PROTECTYOURSELF
© 2018 Regions Bank.4
FRAUD IS A PREVAILING THREAT…
NEARLY THREE-FOURTHS OF ORGANIZATIONS HAVE BEEN VICTIMS OF
FRAUD.5
© 2018 Regions Bank.
• REVENUE LOSS
• CHECKS MOST
VULNERABLE
• UNDETECTED FOR
18 MONTHS
• LOSSES IMPACT YOURBOTTOM LINE
• INVOLVE EMPLOYEES
Typical loss due to fraud = $20,300
© 2018 Regions Bank.6
Fraud Prevention 7
High dollar balances in checking accounts
Can move money quickly
• Real-time using Wire Transfer
• “Near” real-time using ACH
Commercial computers represent a target
rich environment for other corporate information
But, why target commercial accounts?
Fraud Prevention 8
Questions to Address
Are your funds and
information being
transferred securely? Are you
losing revenue to
fraud?
Are you receiving phishing
emails and malware
attempts?
Are you keeping
company information
private?
Are you aware of the latest fraud
trends?
Are your vendors
legitimate?
Are your internal controls strong
enough?
Education and Awareness are Key to Prevention
Fraud Prevention 9
Document Protection
Bookkeeper Fraud
Business E-mail Compromise
Traditional Fraud Schemes
Fraud Prevention 10
Arises when full authority has been given to a single employee to issue and reconcile payments, especially associated with checks
85% of all fraud is perpetrated by a trusted employee
Creates bogus accounts payable/vendors and generates payments
Opens bank account in similar name to business and diverts legitimate checks meant for business
Obtains blank signed company checks and fills in inappropriate payees
May also be associated with investment schemes, sales schemes or identity theft
Bookkeeper Fraud
Fraud Prevention 11
Large Company:
• Company payroll was outsourced to CPA firm
• One employee at the firm was assigned to administer it
• She created employee status for herself
• Regular payroll checks were made payable to her
• Over a five year period a loss of $250k occurred
• Suspect was prosecuted and sentenced to federal prison
Examples of Bookkeeper Fraud
Fraud Prevention 12
Living beyond their means
Financial difficulties
Unusually close association with vendors or customers
Excessive control issues
Little vacation taken
Bookkeeper Fraud – Red Flags
•BEST PRACTICES
© 2018 Regions Bank.13
Fraud Prevention 14
Never sign blank checks
Establish dual control for check issuance and account reconciliation tasks
Make sure all employees are aware of and adhere to internal controls and financial
reporting
Restrict employee access to accounting systems and online functions; audit
periodically
Implement an approval process for new vendors
Preventing Bookkeeper Fraud
Fraud Prevention 15
Payments Fraud
Fraud Prevention 16
Fraud Prevention 17
Business Email Compromise (BEC): 22,000 Victims With Over $3 Billion in Losses
Fraud Prevention 18
1. Executive email intrusion: email compromise resulting in a fraudulent payment request from a company executive
2. Vendor email intrusion: email compromise that results in a fraudulent request to change payment terms or criteria
3. Employee email intrusion: email compromise resulting in fraudulent payment requests being sent to vendors involving a change in payment criteria
Reminders:
• If built in controls don’t exist, employees should stop, question, and investigate before funds are sent.
• Use out of band authentication
• Use Forward instead of Reply
Business Email Compromise
Fraud Prevention 19
Business Email Compromise Timeline
1
2
3 4
Organized crime groups target U.S. and European businesses, exploiting information available online to develop a profile on the company and its executives.
Identify a Target
Grooming
Spear phishing e-mails and/or telephone calls target victim company officials (typically an individual identified in the finance department).
Perpetrators use persuasion and pressure to exploit human nature.
Grooming may occur over a few days or weeks.
The victim is convinced he/she is conducting a legitimate business transaction. The unwitting victim is then provided wiring instructions.
Upon transfer, the funds are steered to a bank account controlled by the organized crime group.*
Exchange of Information
Wire Transfer
* Note: Perpetrators may continue to groom the victim into transferring more funds.
Fraud Prevention 20
Thief claims to be an executive, internal or external
Sends email and request employees’ W-2
Targets unsuspecting members of payroll staff
Victims include several high profile companies
Best Practices to Avoid these Schemes:
Implement dual authentication when sending personal information
Provide employee training and awareness
Avoid replying directly to emails regarding payment terms
W-2 Fraud Schemes – BEC
CYBER ATTACKS
TOP 10 CYBER ATTACKS IN 2018
© 2018 Regions Bank.21
CYBER ATTACKS
METHODS OF ATTACK
• Phishing emails
• Banner Ads
• Social Networking
• Probing
© 2018 Regions Bank.22
Fraud Prevention 23
Ringleaders and Malware authors are in Russia and Ukraine
Software is for sale on the Darknet (underground internet) – DHS/FBI says darknet is 90% of the Internet
Command and Control servers along with botnet servers are for rent
These are used to disperse the malware
The actual thief may be in the house or office next door
Where are the bad guys?
Fraud Prevention 24
Phishing emails with malicious links or attachments – Spear Phishing in BEC, shipping documents to compromise e-mail system
Banner ads on prominent surf engines and news sites –“Malvertising.” Increased 200% to 209,000 incidents, 12.4 billion malicious advertisements
Social networking sites (your friends may not be your friends)
Probing for un-patched, vulnerable machines and attacking directly
Immediate goal may be ransomware or theft of intellectual property, not attack of bank accounts
What are their methods of attack?
Fraud Prevention 25
Command and
Control Server
Root Kit
What are their methods of attack?
• User opens email or clicks banner ad and the malware’s root kit is installed.
Client
Fraud Prevention 26
Command and
Control Server
Root Kit
What are their methods of attack?
• Root kit installs itself deep within the client’s operating system.
• Root kit “phones home” across the internet to a Command and Control server. It tells the Command and Control server “I am here. Send me the rest of the malware payload.”
Client
Fraud Prevention 27
What are their methods of attack?
• Malware disables anti-virus software. (The indicator in the system tray isn’t necessarily affected, so the user doesn’t know that anti-virus has been disabled.)
Client
Fraud Prevention 28
What are their methods of attack?
• The malware waits for the user to connect to a financial institution. As soon as that happens, an instant message is sent out to the criminal, alerting him that the user is online.
Client
• User enters logon credentials and token pin if used
• Malware executes a “man in the browser” attack
• Code is injected onto the user’s web page with a message such as “bank app is down; please try again in 15 minutes”
• Key logging software in the malware has captured the login credentials which are sent via Instant Messaging to the bad guy.
Fraud Prevention 29
What are their methods of attack?
• Before the 60 second expiration of the one time token pass code, the criminal logs on to the banking app.
• He now has the ability to do everything that the user is entitled to do.
Fraud Prevention 30
What are their methods of attack?
• Money is usually sent to mules, who are recruited to accept Wire Transfers and/or ACH payments. The mules then withdraw the funds and wire the money outside the US.
$
Fraud Prevention 31
Securing Your Data
Fraud Prevention 32
Fraud Prevention 33
Cyber Incident Response
› Step #1: Know Who to Involve in Your Initial Response
› Leadership Team › Should include Executive Management or have backing of executive
management› What departments need to be notified and develop procedures to conduct
business
› Consider Third Party Support
› Outside legal council › assists with risk and remediation procedures such as compliance
requirements, data breach disclosure laws, industry standards, federal and state laws
› Third party forensic company› Helps contain data breach and collects sensitive electronic data
(evidence) in a forensically sound manner, help mitigate, remediate and provide assistance in investigating the compromised internal workings for your network
Fraud Prevention 34
Cyber Incident ResponseStep #2 Containing the Problem While Investigating the Incident
› Determine the nature of the incident› Identify and close the assess point used by the hackers› Determine if the attack is ongoing, hours or days old› Network Topology – Provide a current and functional understanding
of your organization’s network and flow of data› Security setup and configuration (IDS, Logs servers, router
configurations, etc.)› Brief overview of inventory of computer systems and network
components› Access control – who has access to your systems and by what
means
Fraud Prevention 35
Cyber Incident Response
Step #3 Collecting and Reporting the Facts
› Successful prosecution hinges on locating and capturing evidence of the crime and documenting this in a forensically sound manner
› Log Management System › Key to determining what happened› Chain of custody of all evidence must be established
and preserved
Fraud Prevention 36
Fraud Prevention 37
Dual Control for transaction initiation
• Wire and ACH
• E-mail Alerts for Approvals
Daily Reconcilement
Secure Environment
• Dedicated PC and/or limit web surfing
• Firewall, Anti-virus, Anti-malware, Anti-spyware
Use strong passwords and protect them
• No birthdays or pet names
• Change every 60 days
Don’t click on links in suspicious e-mails
Internet Banking
Best Practices for Emerging Cyber Protection
Fraud Prevention 38
Counterfeit checks are by far the most prevalent check fraud mechanism
Check Fraud Forgery
• Unauthorized maker’s signature – produced manually or via fax• Unauthorized endorsements/payee claims
Alteration• Change to face or back of checks• Results in non-conforming payments instructions/endorsements
Counterfeit• Illegal, unauthorized printing of checks
Improper/missing endorsements• Endorsement is missing or doesn’t confirm to the way check was drawn
Non-negotiable check copy• Photocopy of check processed as an original check
Traditional Check Fraud
Regions Corporate Banking Example Presentation 39Regions Treasury Management
39
Goals:
• Ascertain current fraud protection strategies and risk management policies• Identify internal control gaps and potential risks to prevent loss• Establish an integrated approach to protect against internal and external fraud exposure• Integrate fraud prevention strategies into current treasury management processes, and
exercise industry practices for online security, paper-based and electronic processes • Leverage solutions to ensure early risk detection to prevent fraud before losses can occur • Automate reconciliation processes and online account activity monitoring• Implement alert and notification services • Protect accounts with dual control or custody for online payment processes and self-
administered transactions such as ACH and Wire transactions• Replace paper-based processes with more secure electronic processes where possible• Facilitate employee education regarding financial fraud in all forms
Fraud Protection and Risk Mitigation
Regions Corporate Banking Example Presentation 40Regions Treasury Management
In addition to the safeguards integrated into Regions Treasury Management services, we offer an arrayof advanced fraud protection solutions that work in tandem to substantially reduce your organization’srisk and exposure.
Goals:Reduce fraud
Exposure &Mitigate
Risk
• Regions ACH Alert
• Positive Pay Services
• Account Reconcilement
• Commercial Check Imaging
• Commercial Card
• Skylight ONE Card
• Cash Concentration/ZBA
• EDI Services
Fraud Protection and Risk Mitigation
Regions Corporate Banking Example Presentation 41Regions Treasury Management
Regions Positive Pay ServicesEnsure your company is protected against unnecessary loss due to paper-based fraud
As payments fraud continues to increase, it is essential to have established safeguards to protect your company from the risk ofloss inherent with paper-based fraud. Positive Pay services are among the strongest and most immediate controls available to detect and prevent fraud. If your company issues checks, you should be using Positive Pay.
Regions gives you the power of choice. No industry is exempt from check fraud. That is why Regions offers a variety of Positive Pay service options to accommodate your specific fraud prevention goals and risk mitigation policies. Plus, Regions provides a Same Day Positive Pay option.
• Next Day Positive Pay• Same Day Positive Pay
• Reverse Positive Pay
• No Check Positive Pay
Fraud Protection and Risk Mitigation
Regions Corporate Banking Example Presentation 42Regions Treasury Management
Regions ACH Alert®Minimize risk and reduce exposure to ACH fraud through early detection.
Regions ACH Alert provides a low-cost, effective safeguard for preventing unauthorized Automated Clearing House (ACH) debits. ACH Alert automatically monitors ACH debit activity and notifies you of any unauthorized or potentially fraudulent transactions based on the parameters you elect. Simply select suspect items for return using the online tool provided. There is no charge for returning unauthorized items, and ACH Alert will maintain a record of all ACH debit activity and return decisions for ease of future research.
Key Benefits:• Complete online management to monitor and control all ACH debit transactions
• Helps minimize risk associated with unauthorized ACH transactions reducing exposure to ACH fraud
• Customizable alerts allow you to select the transactions and parameters for alert notifications
• Transaction preauthorization enables the alert function to be bypassed online with no paperwork required
• You have complete control — early detection of suspect transactions enables potentially fraudulent ACHdebits to be rejected
If you leverage the ACH Network for payments, Regions ACH Alert will provide advanced fraud protection, safeguardingyour organization from potential ACH debit fraud, minimizing overall risk.
Fraud Protection and Risk Mitigation
WHAT CAN YOU DO WITHIN THE NEXT 24 HOURS TO HELP PROTECT YOUR BUSINESS FROM FRAUD?
© 2018 Regions Bank.43
REGIONS FINANCIAL WELLNESS PROGRAM
44
REGIONS FINANCIAL WELLNESS SEMINARS
FINANCIAL EDUCATION CURRICULUM • Wise Use of Credit• Protect Yourself From Identity Theft• The Importance of Saving• Managing Your Money• Building Your Financial Know-How • Your Road to Home Ownership• Your Credit Report• Banking Basics for Students• Protect Your Small Business From Fraud• Energize Yourself Financially • Financial Tips for Your Small Business• 10 Ways To Simplify Your Life Using Banking Technology• Tips and Tools for Helping Seniors Avoid Financial Exploitation• Maximize Your Personal Wealth• Counterfeit Money Awareness and Cash Handling Tips
45
© 2018 Regions Bank.
CONGRATULATIONS
• The ways fraud can happen to your business
• How you can protect your business and yourself
Thank you.
• TODAY, YOU WILL LEAVE WITH:
46
MEETING YOUR FINANCIAL GOALSMake an appointment with a Regions banker:• Call the Regions Green Line at 1-800-REGIONS• Go to regions.com and click “Make an Appointment”• Visit any Regions branch
Visit the Next Step Financial Learning Center for free, online interactive videos: Regions.com/learn
Use our online resources including articles, videos, and calculators:
Regions.com/nextstep
1
LEARN MORE ABOUT
23
47