Each site license entitles registrant to one login: one phone...
Transcript of Each site license entitles registrant to one login: one phone...
![Page 1: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/1.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
COPYRIGHT NOTICE – USE OF WEBEX LOGIN/PASSWORD FOR ACAMS WEB SEMINARS
Each site license entitles registrant to one login: one phone connection (if accessing audio via teleconference) and one Internet connection for simultaneous Webcast, in
one room where an unlimited number of listeners may participate.
Providing your login instructions and password to another for their use, using your login ID/password more than once, or any simultaneous or delayed transmission,
broadcast, re-transmission or re-broadcast of this event to additional sites/rooms by any means (including but not limited to the use of telephone conferencing services or a conference bridge, whether external or owned by the registrant) or recording is a
violation of U.S. copyright law and is strictly prohibited.
![Page 2: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/2.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Technical Assistance • Send a message via the Q & A box• Or Call WebEx Technical Support:
(US & Canada) 866-229-3239 (International) 916-229-3239
Attendee instructions on how to use Audio Broadcast • Do not close the Audio Broadcast panel• If you are not able to listen to the audio on your computer speakers, press the stop button, wait 5 seconds then press play. • Make sure to adjust the volume button on your computer speakers and also adjust the volume on your sound card. To do
this, go to the Start Menu, click Control Panel, then click Sound & Audio Devices and adjust accordingly.• If you do not have speakers, please refer to your login instructions for the Teleconference Domestic and International
Numbers and Access Code.• You may request the Teleconference Number by clicking “Request” under the attendee box on your left hand side.
![Page 3: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/3.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Welcome to Today’s ACAMS Web Seminar
ACH/Wire and Online Banking Fraud:The Impetus Behind FFIEC’s Guidance for Layered
Security
April 11, 201212:00 Noon– 1:00 PM EDT
A sound check will be performed 5 minutes before the start time.
![Page 4: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/4.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
• Can you hear the sound check? • It has begun
![Page 5: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/5.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
To send a question:
• Locate the Q & A box on the bottom right hand corner of the WebEx platform.
• Type in your question and click send!
![Page 6: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/6.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
ACH/Wire and Online Banking Fraud:The Impetus Behind FFIEC’s Guidance for Layered
Security
![Page 7: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/7.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Today’s Presenters
![Page 8: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/8.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Co‐founded Verafin (BSA/AML Compliance & Fraud Detection software company) in 2003
Frequent speaker at industry conferences and key presenter for Verafin’s anti‐financial crime thought leadership webinar series
Verafin has more then 800 financial institution customers across North America
BRENDAN BROTHERSCo‐FounderVerafin
![Page 9: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/9.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Rick has over 29 years of experience in Banking, specializing in Risk Management, Information Security, Operations, Compliance and Internal Audit.
Has been with Bangor Savings Bank for 13 years
Oversees enterprise risk management, information & physical security, fraud management, compliance, BSA, credit policy, loan review, real estate valuation and legal
RICK MALTZExecutive Vice President & Chief Risk OfficerBangor Savings Bank
![Page 10: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/10.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud:The Impetus Behind FFIEC’s
Guidance for Layered Security
![Page 11: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/11.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Today’s Agenda:
FFIEC Guidance on Internet Banking
Layered Security
Corporate Account Take Over
Processes, Controls & Best Practices to Combat Online Account Takeover
![Page 12: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/12.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Overview of Changes in 2011 Supplement
Guidance
2011
Authentication in an Internet Banking Environment
2005
![Page 13: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/13.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Small and midsize businesses are frequent targets
Despite expectation for periodic risk assessments, examiners reported that some FIs have not done so
Agencies needed to reemphasize and clarify control expectations
Supplement has more specificity:
New expected minimum control levels
Certain controls no longer considered effective as primary
Since 2005, threats have become more sophisticated, effective, and malicious
![Page 14: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/14.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Key Highlights of the Guidance Supplement
GuidanceAuthentication in an Internet Banking Environment
![Page 15: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/15.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Layered Security
Different controls at different points so weakness in one compensated for by strengths in another
Agencies expect “layered security”
for all accounts
classified as “high‐risk”
under FFIEC guidance
![Page 16: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/16.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
a classic child’s toy illustrates very simply
the concept of layered security…
![Page 17: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/17.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
…they encounter a further layer
when a financial criminal moves beyond one layer of security…
![Page 18: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/18.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
layered security in the banking world…
![Page 19: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/19.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
layered security in the banking world…
“The institution with complementary layered technologies is akin to the house
with a high fence, a big guard dog in the yard, and a burglar alarm inside.
Source: Aite
Group, 2011
![Page 20: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/20.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
layered security in the banking world…
“The institution with complementary layered technologies is akin to the house
with a high fence, a big guard dog in the yard, and a burglar alarm inside.
This provides multiple opportunities to catch the bad guys in the act,
and
encourages the criminals to go in search of easier prey.”
Source: Aite
Group, 2011
![Page 21: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/21.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Examples of Security Layers
the deeper the defense – the stronger the protection
![Page 22: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/22.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
tokens
the deeper the defense – the stronger the protection
customer education & awarenesscustomer
agreements secure browser plug-
inimage &
challenge questions
strong passwords
backend analytics
TMS fraud services
out of band authorization
associate education & awareness
commercial dual
controls
Security Layers
![Page 23: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/23.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
overt controls and invisible controls…
![Page 24: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/24.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
“When constructing a layered security program, strike a balance
between
overt controls
(such as stronger authentication practices) and invisible
controls
(such as fraud detection and monitoring).
overt controls and invisible controls…
Source: Bank Systems and Technology, 2011
![Page 25: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/25.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
“When constructing a layered security program, strike a balance
between
overt controls
(such as stronger authentication practices) and invisible
controls
(such as fraud detection and monitoring).
Flashing lights and alarms may work well to scare thieves away, but invisible
alarms that call the police are more effective at catching a thief.”
overt controls and invisible controls…
Source: Bank Systems and Technology, 2011
![Page 26: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/26.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
A Framework for Fraud Protection
A layered security system affords the best
protection, since no single layer is
sufficient
to stop determined bad actors
from penetrating enterprise systems.
Source: Gartner, 2011
![Page 27: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/27.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
1Endpoint‐Centric
Secure browsing, OOB authentication and transaction verification
Endpoint device identification, mobile location services
Layer 1
Source: Gartner, 2011
![Page 28: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/28.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
1
2
Navigation‐Centric
Analyzes session behavior and compares it to what is expected
Layer 2
Source: Gartner, 2011
![Page 29: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/29.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
1
2 3
User and Account‐Centric
for Specific Channel
Monitors and analyzes user and account behavior, and identifies anomalous behavior
Layer 3
Source: Gartner, 2011
![Page 30: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/30.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
1
2 34
User and Account‐Centric Across
Multiple Channels and Products
Monitors and analyzes user and account behavior across channels, and correlates alerts for each entity across channels and products
Layer 4
Source: Gartner, 2011
![Page 31: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/31.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
1
2 34
5
Pattern‐Based Intelligence
Enables the analysis of relationships among internal and/or external entities and their attributes (e.g., users, accounts, machines)
Layer 5
Source: Gartner, 2011
![Page 32: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/32.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
transaction‐level security…
![Page 33: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/33.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
“Creators of malware are innovative and nimble, and have proven to
be effective at compromising security strategies that do not
incorporate transaction‐level security.
transaction‐level security…
Source: Aite
Group, 2011
![Page 34: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/34.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
“Creators of malware are innovative and nimble, and have proven to
be effective at compromising security strategies that do not
incorporate transaction‐level security.
Effective, efficient detection of anomalies, especially those related
to transaction activity, requires sophisticated behavior
analytics.
transaction‐level security…
Source: Aite
Group, 2011
![Page 35: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/35.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
“Creators of malware are innovative and nimble, and have proven to
be effective at compromising security strategies that do not
incorporate transaction‐level security.
Effective, efficient detection of anomalies, especially those related
to transaction activity, requires sophisticated behavior
analytics.
The key to effective protection against sophisticated attacks is
transaction‐level security that can profile behavior
at the user level,
and can send alerts for out‐of‐pattern behavior.”
transaction‐level security…
Source: Aite
Group, 2011
![Page 36: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/36.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Corporate Account TakeoverThe Risk
Is A Reality
![Page 37: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/37.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Source: Financial Times, 2012
Cyberthieves have cost US companies and their banks more than $15bn in the past five years, the Federal Deposit Insurance Corporation found in a recent study.
![Page 38: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/38.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
What is Corporate Account Takeover?
A fast growing electronic crimewhere thieves typically use some form of malware to obtain login credentials to Corporate Online Banking accounts and fraudulently transfer funds from the account(s)
Payments used to commit the crime:
•
Domestic and International Wire Transfers
•
Business‐to‐Business ACH Payments
•
Online Bill Pay
•
Electronic Payroll
![Page 39: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/39.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Five Major Aspects of the Crime
Recruitment – Utilize Command & Control network to recruit Money Mules and target victim companies
Target – Small to midsized business and organizations
Infiltration – Attackers utilize numerous tactics to gain access to your network or computer, Banking Trojans
Exfiltration – Transferring electronic funds out of your account(s) through coordinated effort
Money Mules – Victims or Suspects/Money laundered
![Page 40: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/40.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
How the Takeover HappensCriminals target victims by scams
Victim unknowingly installs software by clicking on a link or visiting an infected Internet site
Fraudsters begin monitoring the accounts
Victim logs on to their Online Banking
Fraudsters collect login credentials
Fraudsters wait for the right time and then depending on your controls:
•
they either login after hours
•
or if you are using a token ‐
they wait until you enter
your code and then hijack the session and send you a
message that Online Banking is temporarily unavailable
![Page 41: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/41.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Sample Corporate Account Takeovers and LossesPennsylvania School District ‐ $450,000New York School District ‐ $500,000Experi‐Metal ‐ $550,000PATCO ‐ $358,000Hillary Machinery ‐ $229,000Illinois Town ‐ $70,000Marian College ‐ $189,000Sand Springs School ‐ $80,000Sycamore County Schools ‐ $300,000Village View Escrow ‐ $465,000Catholic Diocese of Des Moines ‐ $600,000Town of Pittsford, NY ‐ $139,000Steuben Arcs ‐ $158,000St. Isidore’s Catholic Church ‐ $87,000Two Trucking Companies ‐ $115,000MECA ‐ $217,000
![Page 42: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/42.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Source: ACH Alert
The FBI estimates Corporate Account Takeover could cost American companies as much as $1,000,000,000
in 2011 alone.
FBI currently investigating over 400 cases of corporate account takeovers in which criminals initiated unauthorized ACH and wire transfers from bank accounts of U.S. businesses.
In one 2011wire fraud case – Zeus Trojan and keylogging compromised businesses’ login credentials and wired $11million to China
![Page 43: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/43.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Risk Management of
Corporate Account Takeover
![Page 44: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/44.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Blueprint for a Risk Management FrameworkCorporate Account Takeover (CATO)
![Page 45: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/45.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
CATO
Three-Part Framework
![Page 46: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/46.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
CATO
Protect Implement processes and controls to protect the
financial institution and corporate customers.
![Page 47: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/47.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Detect
Protect
Establish monitoring systems to detect
electronic theft and educate employees and
customers on how to detect a theft in progress.
CATO
![Page 48: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/48.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Respond
Detect
Protect
Prepare to respond to an incident as
quickly as possible (measured in minutes,
not hours) to increase the chance of
recovering the money for your customer.
CATO
![Page 49: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/49.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
19 Recommended
Processesand
Controls
![Page 50: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/50.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
(outlined for each of the nineteen recommended processes and controls)
Best Practices
![Page 51: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/51.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
ExampleBest Practice
Educate bank employees of warning signs that a theft may be in progress.
Red Flags of a possible takeover
![Page 52: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/52.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Configuration Changes to Cash Management/Online Banking Profiles
New user accounts added
New ACH batches or wire templates with new payees
Changes to personal information
Disabling or changing notifications
Changes to the online account access profile
![Page 53: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/53.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Unusual Customer ActivityUnfamiliar IP log‐on address (especially if a foreign IP address)
Unusually small transaction amounts (example: $1.00 ACH, bill pay, or other transactions – especially if made at unusual time of day)
Unusual (non‐typical) transfer of funds, especially if out of the bank. One‐time bill pay to new payees
ACH or wires to new payees or receivers and/or with unusual amounts
Changes to the account and routing numbers of existing payees, not just a new payee name
Unusual timing of transactions (based on the established transaction schedule of the corporate customer or random transactions submitted between traditional transactions)
Larger than usual transactions
Overseas transfers
![Page 54: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/54.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Full List of Best Practices
www.ectf.dob.texas.govSee “Recommendations”
![Page 55: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/55.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Source: Ponemon
Institute, 2011
Survey results of 533
senior‐level executives in small
and medium businesses across the United States
Some Closing Thoughts to Ponder…
![Page 56: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/56.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Startling Statistics
70% believe their banking institution is ultimately most responsible for ensuring their online accounts are secure
61% believe that only one successful fraud involving online bank accounts could destroy their trust
85% say they would transfer their business to another bank
Source: Ponemon
Institute, 2011
![Page 57: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/57.jpg)
www2.acams.org/webinars
Online Banking Fraud
FFIEC’s Guidance on Authentication in an Internet Banking Environment
Rick MaltzExecutive Vice President & Chief Risk Officer
![Page 58: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/58.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
FFIEC –
Supplement to Authentication in an Internet Banking Environment (2011)
Clearly Places More Responsibility on Banks:
Requires annual risk assessments
Authentication consistent with the level of risk
Layered security must be considered
Must have practices to Detect & Respond to Suspicious Activity
Customer education & awareness
![Page 59: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/59.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Why is this Important?
![Page 60: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/60.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Is this your Risk Management Program?
![Page 61: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/61.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Does your Bank want to lose money?
![Page 62: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/62.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Do you think your customers care who’s fault it is?
![Page 63: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/63.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Consumer Liability
Under existing regulations, the Consumer liability is extremely limited:
Generally $50, but may be $500 or unlimited if Bank is not notified timely
Visa/MasterCard, generally $0, if Bank is notified after 2 business days of discovery
Basically, the Bank eats it all!
![Page 64: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/64.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Business Liability -
Under Uniform Commercial Code
For Internet transactions, the business is liable for unauthorized transfers, if:
The Bank can prove that the transaction was processed good faith, and
The Bank provided & complied with a commercially reasonable security procedures
![Page 65: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/65.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Challenges to UCC standards
Banks are being sued for losses due to:
Failed or weak security practices
Ineffective monitoring
![Page 66: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/66.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Should the car dealer be liable for this? If you…….
![Page 67: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/67.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Get hurt because you decided not to wear your seatbelt?
![Page 68: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/68.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Both the Bank & Business Can and Will Lose Money!
![Page 69: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/69.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Threat Environment
Organized Global Crime
Criminals making investments in people & technology just like normal businesses
Sanctioned in some countries for economic benefit
Can be related to terrorist financing
Money Laundering key to successful fraud activities
Threat complexity is overwhelming traditional defenses
![Page 70: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/70.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Criminals know that most small businesses don’t:
Always use Bank security features,Monitor & reconcile accounts, orHave resources to protect data & systems
Threat Environment
![Page 71: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/71.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Threat Landscape
![Page 72: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/72.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Fraud, Data Loss and Identity Theft continues to frustrate Banks & Customers
![Page 73: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/73.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Traditional Threats:
Credential Theft by:
Phishing
Vishing
Smishing
![Page 74: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/74.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Significant Threat: Malware
Malicious Software, designed to infiltrate a computer system without the owner’s informed consent
![Page 75: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/75.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Malware Trends (Source: Symantec Intelligence Report )
![Page 76: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/76.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Simple Email Statistics
(source: Symantec Intelligence Report –
February 2012 )
Estimated Total # of Global e-mail messages:
1.3 trillion messages in Feb 2012
or
43.1 billion email messages per day
which translates to:
Almost 500 million per second
![Page 77: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/77.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Spam Email
(source: Symantec Intelligence Report –
February 2012)
If 68% of all e-mail was considered spam in February, then:
29.4 billion spam emails per day
or
339.7 million per second
![Page 78: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/78.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Malicious Email
(source: Symantec Intelligence Report –
February 2012)
One in every 358 emails was a phishing scam
That’s over 120 million phishing emails per month or 4.2 million per day
One in every 274 emails contained Malware
That’s over
157 million emails with malware per month or 5.4 million per day
![Page 79: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/79.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Threat: “Drive by E-mails”
Instant infection threat:
Infects users who simply view a message, or possibly just glance at it in a preview window
New generation of e-mail-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware
![Page 80: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/80.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Traditional defenses
are no longer effective by themselves:
Multi-Factor or Strong Authentication
Challenge Response Questions
Virus Protection, Firewalls
![Page 81: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/81.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Why is compliance with the guidance important?
Because it makes sense!
![Page 82: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/82.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
What Can Banks Do?
![Page 83: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/83.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Not Going to Work!
![Page 84: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/84.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Leverage Current Investments
![Page 85: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/85.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
BSA/AML Analysts
•
Already reviewing data for suspicious activity
•
Trained to spot certain behavior
•
Investigations
•
Filing SARs
Fraud & Information Security Analysts
•
Already reviewing data for suspicious activity
•
Trained to spot certain behavior
•
Investigations
•
Filing SARs
Learn to Share Intelligence Internally
Leverage Personnel
![Page 86: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/86.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Consolidate technology where practical
•
Wire & ACH Monitoring
•
Monitoring of log-on anomalies
•
AML
•
Debit Card fraud
•
Check Fraud
•
Case Management & SAR filing
Leverage Technology Investments
![Page 87: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/87.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Practice Defense
in Depth
![Page 88: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/88.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Out-of-Band Authentication
Enhanced Multi-Factor Authentication
1. User logs in with their Username and Password
Something you know
![Page 89: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/89.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Out-of-Band Authentication
Because of multi-factor authentication, fraudster can not independently loginto a user account.
• Fraudster would need to know username/password AND have the users phone. *
Login Code:
351073.
2. User is prompted to select channel for delivery of One Time Password (OTP)
Something you have *
![Page 90: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/90.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Transaction Verification
Transaction OTP requires a second individual to verify the EFT.
• In separate out of band channel, User sees transaction detail and amount• Unless verified with OTP, the EFT will not go through
Require secondary approval of transactions or key changes with OTP
Payment
To: Bob, Account #12345
Amount: $100.00
Access Code: 46548
![Page 91: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/91.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Callbacks
Bank will call to verify whether a transaction is authentic:
The call should go to someone other than the person who initiated the transaction
Call should be confirmed by a “PIN”
Callbacks
are effective as they provide true “out of band”
authentication.
They protect against both internal & external fraud
![Page 92: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/92.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Browser-based control
![Page 93: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/93.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Separation of Duties
By separating the capabilities in this way, you prevent a scenario
where one account can transfer funds independently.
Separation of Duties
Configure one account with permission initiate a funds transfer
Configure a secondary account to approve the transfer
User A initiates EFT User B approves EFT
![Page 94: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/94.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Separation of PCs
By isolating the PCs in this way, you reduce the risk that malware can infect
both machines and steal information
Use separate PCs
One PC to initiate a funds transfer
One PC to approve a funds transfer
Don’t allow other Internet ActivityUser A initiates EFT User B approves EFT
![Page 95: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/95.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Strong Passwords
A well-chosen password is easy to remember, but hard to guess.
Length: Minimum 8 characters
Complexity: Combination of mixed case letters, numbers, and special characters.
Periodically change password
Do not share passwords
A few of the common things to avoid in your password:
• User ID, family member or name, pet name, address, birth dates, SSN, account #, phone #
![Page 96: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/96.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Control: Malware protection, Patching, and Firewalls
Firewalls limit the potential for unauthorized access to a network and computers
Anti Virus, Anti-Spyware •Install and ensure virus protection and security software are updated regularly
Patching •Ensure security patches are applied to both OS and applications (Microsoft, Adobe, Java, etc)
Firewall (Corporate & desktop)•Install a dedicated, actively managed firewall
![Page 97: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/97.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Transaction Alerting• User makes a change
−
User is instantly alerted of change
Payee Added:
Bob, Account #12345
It is impossible to prevent attacks on insecure client PCs. TA exposes resultsof transactions to the user who then can take appropriate action
User is notified when important changes are made• If alerted of a change they did not make, users will naturally contact the FI
![Page 98: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/98.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Look for event anomalies associated with:
Logon activityChanges in user profiles, customer setupIP addresses not associated with your corporationTransactions not consistent with customer’s behavior
Control: Monitor for Unusual Activity
![Page 99: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/99.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Evaluate customer contracts:
Clearly define security proceduresDefine customer’s responsibilityProvide educational materialDo not allow “Opt Out”
Control: Customer Contracts
![Page 100: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/100.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Educate your customers:
Prevention is a Partnership
![Page 101: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/101.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Risk Problem – Van has rolled over the edge
![Page 102: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/102.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Risk Solution – Lift it with a crane
![Page 103: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/103.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Risk Monitoring: Going well so far……..
![Page 104: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/104.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Ooooops……..New Risk Problem
![Page 105: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/105.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Traditional Thinking – Get A Bigger Crane
![Page 106: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/106.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Result of Traditional Thinking….Who cares!
![Page 107: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/107.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
If you continue to think inside of the box, you will lose $
![Page 108: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/108.jpg)
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
![Page 109: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/109.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
Q&A• Locate the Q & A box on the bottom right hand corner of the WebEx platform.
• Type in your question and click send!
![Page 110: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/110.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security
If you have suggestions for future web seminars or
additional questions for today’s experts, please send them to:[email protected]
Thank you for joining us today!
![Page 111: Each site license entitles registrant to one login: one phone …files.acams.org/webcasts/20120411/Verafin FFIEC - Online... · 2012-04-10 · analytics. The key to effective protection](https://reader034.fdocuments.us/reader034/viewer/2022050311/5f72c38169fcc25a5b7d97ee/html5/thumbnails/111.jpg)
www2.acams.org/webinars
ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC’s Guidance for Layered Security111
Next Web Seminar:AML Audit (Part I): Demystifying the AML Audit Discovery Phase—Preparing for the Pre-Visit
April 18, 2012 – Noon to 2:00 PM EDT