NAPAA Conference– Payment Fraud Trends Don Binns, Global Products Fraud Executive Glenna Thompson,...
-
Upload
annice-nichols -
Category
Documents
-
view
218 -
download
2
Transcript of NAPAA Conference– Payment Fraud Trends Don Binns, Global Products Fraud Executive Glenna Thompson,...
NAPAA Conference– Payment Fraud Trends
Don Binns, Global Products Fraud ExecutiveGlenna Thompson, Treasury Sales Officer
May 15, 2014
2
Agenda Topics
Headlines Data Breaches Payment Fraud How To Protect Your Entity On The Horizon
3
News Headlines
(Reuters) - The data breach at Target Corp over the holiday shopping season was far bigger than initially thought, the U.S. company said on Friday, as state prosecutors announced a nationwide probe into the second-biggest retail cyber attack on record.
Target said an investigation has found that the hackers stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. Previously, the No.3 U.S. retailer said the hackers stole data from 40 million credit and debit cards.
ReutersJanuary 10, 2014Target breach worse than thought, states launch joint probeBy Dhanya Skariachan and Jim Finkle
The New York TimesJanuary 23, 2014Neiman Marcus Data Breach Worse Than First SaidBy ELIZABETH A. HARRIS, NICOLE PERLROTH and NATHANIEL POPPER The theft of consumer data from Neiman Marcus
appears far deeper than had been disclosed originally, with the luxury retailer now saying that hackers invaded its systems for several months in a breach that involved 1.1 million credit and debit cards.
Bank of America – Confidential. Do Not Distribute
DATA Breach
5
Typical Data Breach / Fraud Cycle
5
Source: Visa Franchise Data Compromise Trends and Cardholder Security Best Practices October 26, 2010 Visa, Inc)
Bank of America – Confidential. Do Not Distribute
6
Industry Fraud - Excerpt from recent Javelin Research
2013 IDENTITY FRAUD REPORT: EQUIPPING CONSUMERS IN THE FIGHT AGAINST IDENTITY FRAUD
The number of identity fraud victims increased by 500,000 consumers to 13.1 million people in 2013, the second highest number since the study began.
Finding #1: More Victims, but Less Is Stolen
Finding #2: Fraudsters Are Taking Over Accounts More Often
Finding #3: Data Breaches ImpactsIn 2013, nearly one in three data breach victims became a victim of fraud in the same year. This is up from nearly one in four in 2012. A number of data breaches in the past year, have driven down the price of stolen credentials, offering criminals a cheap and lower risk means ‐to commit existing account frauds. Criminals have subsequently gravitated away from the ‐misuse of SSNs to instead focus on compromised payment card data. In 2013 only 16% of SSN breach victims became fraud victims, compared with 39% of card breach victims (which rises to 46% if the breached card was a debit card).
Finding #4: Convenient and Widespread Password Behaviors Are Placing Consumers at Risk
Identity Fraud affects 500K more people in 2013 vs. 2012
Bank of America – Confidential. Do Not Distribute6
^Ƶƌǀ ĞLJZĞƉŽƌƚ
dƌĞŶĚ ϮϬϭϯ ϮϬϭϮ ϮϬϭϭ ϮϬϭϬ ϮϬϬϵ ϮϬϬϴ ϮϬϬϳ ϮϬϬϲ
ĂĚƵůƚǀ ŝĐƟŵƐŽĨ ŝĚĞŶƟƚLJĨƌĂƵĚ;ŝŶŵŝůůŝŽŶƐh ^ Ϳ ϭ ϭϯ ϭ ϲϮ ϭ ϲϭ+ ϭ ϮϬ+ ϭ ϵϯ+ ϭ ϱϮ+ ϭ ϮϬ+ ϭ ϲϬ+
&ƌĂƵĚǀ ŝĐƟŵƐĂƐй ŽĨ ƉŽƉƵůĂƟŽŶh ^ ϰϬйϱ Ϯϲйϱ ϵϬйϰ+ ϯ ϱйϰ+ ϬϬйϲ+ ϰϰйϱ+ ϱϭйϰ+ ϳ ϭйϰ+
dŽƚĂůŽŶĞLJĞĂƌĨƌĂƵ ĚĂŵŽƵŶƚ;ŝŶďŝůůŝŽŶƐ Ϳ Ψϭϴ ΨϮϭ Ψϭϴ ΨϮϬ Ψϯ Ϯ ΨϮϵ ΨϮϱ ΨϮϵ
D ĞĂŶĨƌĂƵĚĂŵŽƵŶƚƉĞƌĨƌĂƵĚǀ ŝĐƟŵ Ψϭ ϰϬϵ Ψϭ ϲϲ ϵ ΨϭQ ϱϰϯ ΨϭQ ϵϲ ϳ ΨϮQ Ϯϴϰ ΨϮQ ϯϯ ϱ ΨϮQ ϰϯ ϴ ΨϮQ ϳ ϯ ϵ
D ĞĚŝĂŶĨƌĂƵĚĂŵŽƵŶƚƉĞƌĨƌĂƵĚǀ ŝĐƟŵ Ψϯ ϮϮ Ψϯ ϱϬ Ψϰϳ Ϯ Ψϲϰϯ Ψϳ ϯϰ Ψϳ ϭϳ ΨϴϬϵ Ψϴϱϱ
D ĞĂŶĐŽŶƐƵŵĞƌĐŽƐƚ Ψϭϭϰ Ψϯ ϲϱ Ψϯ ϱϰ Ψϯ ϱϲ Ψϯ ϴϳ Ψϰϰϭ ΨϱϮϵ Ψϱϰϰ
D ĞĚŝĂŶĐŽŶƐƵŵĞƌĐŽƐƚ ΨϬ ΨϬ ΨϬ ΨϬ ΨϬ ΨϬ ΨϬ ΨϬ
D ĞĂŶƌĞƐŽůƵƟŽŶƟŵĞ;ŚŽƵƌƐ Ϳ ϭϬ ϭϮ ϭϮ ϭϯ ϭϰ ϭϱ ϭϲ ϭϳ
D ĞĚŝĂŶƌĞƐŽůƵƟŽŶƟŵĞ;ŚŽƵƌƐ Ϳ ϰ ϯ Ϯ ϯ ϰ ϰ ϰ ϰ
Ξ ϮϬϭϰ:Ăǀ ĞůŝŶ^ƚƌĂƚĞŐLJΘZ ĞƐĞĂƌĐŚ E ŽƚĞcůůĂƉƉůŝĐĂďůĞǀ ĂůƵĞƐĂƌĞĂĚũƵƐƚĞĚĨŽƌŝŶŇĂƟŽŶ
7
Data Compromise – Trending
Industry Trend:
• 2013 reported compromise events increased by 75% in over 2012 levels
• Almost 75% of alerts continue to be Brick and Mortar (Card Present) merchants resulting in counterfeit fraud
Alert Volume Forecast
Compromised card information is an on-going threat in the payments industry. It typically results in a customer experiencing fraud or an unplanned card reissue in an attempt to prevent fraud.
Data Compromise - organized theft of ATM, Debit card, Credit card, or Account information; Primarily through data breaches at merchant locations, third party processors, computer theft, stolen storage devices or company insiders working for a merchant or a merchant’s contractor.
2011 2012 2013
# of Alerts 2,892 1,684 2,123
Bank of America – Confidential. Do Not Distribute
8
Company Impact of Data Compromise is High
If card or bank account information is stolen from you, or a service provider working on your behalf, it can create significant impacts to your Constituent.
Financial impact: Company may be subject to significant fines and losses arising from such fraud and from not properly protecting card account information
Potential for significant monetary losses related to a data compromise: Card organization fines and assessments passed through to the merchant Fraud experienced on compromised cards
Other reimbursements to card issuers for fraud losses passed through to the merchant:
Forensics, card replacement, PCI non-compliant fines etc. Credit monitoring expense for Data Breach victims.
Reputation impact: Potentially more damaging than the financial impacts, public trust and confidence in your organization can be negatively impacted by this type of data security breachRegulatory impact: Increasingly, regulators are scrutinizing controls in place by the company. This can lead to additional scrutiny and compliance expense. Litigation Impact: Companies have seen individual and class action lawsuits resulting from data breach events.
Bank of America – Confidential. Do Not Distribute
9
Business Costs Continue Long After the Data Breach
6%
18%
36%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Switched bank or creditunion
Switched forms of payment
Avoid certain merchants
Percent of consumers
Card number data breachvictims and existing card fraudvictims in the past 12 months
October 2012, n = 97Base: Card number data breach victims who also
experienced existing card fraud in the past 12 months© 2013 Javelin Strategy & Research
Q38. As a result of being a fraud victim, are any of the following statements true of you?
Card-Breach Victims Are Significantly More Likely to Shift Patronage After Suffering Card Fraud
Bank of America – Confidential. Do Not Distribute
Payment Fraud
11
Checks Are the Dominant Payment Form Targeted by Fraudsters; Card and Electronic Payment Fraud growing
Percent of Organizations Subject to Attempted or Actual Payments Fraud in 2013
Payment Method Responsible for Largest Dollar Amount of Fraud Loss
AFP Payments Fraud and Control Survey
Bank of America – Confidential. Do Not Distribute
12
Evolution of Malware
On the Horizon: Internet connectivity & browsers incorporated into more diverse platforms:
•Electronic book readers - Game Consoles
•Smart TVs - Smart Appliances
•Blu-Ray players - Automobiles
Bank of America – Confidential. Do Not Distribute
13
Malware Threats – How Fraud Occurs
• Phishing• Drive By Downloads• SMishing
Fraudsters attack weakest point in transaction - user’s device
User targeted & Malware installed:
Phishing & SMiShing: Infected files/malicious links sent through email or SMS message
Drive by Downloads: Clicking on a document, ad, or video, posted on legitimate website initiates malware download
Using infected flash drive
Attack is launched and fraud committed:
Credential theft and/or HTML injection
Transaction manipulation
Anatomy of an attack
Bank of America – Confidential. Do Not Distribute
14
Phishing Email
Looks like a legitimate correspondence from
the company
Wording does not have the level of refinement expected from an authentic company message
Has an attention getter – High dollar amount of a cell bill in this example
Embedded links activate Malware download on your device
Often works whether or not you have a relationship with the company
Bank of America – Confidential. Do Not Distribute
15
Employee Phishing
From: [email protected]: Thursday, March 28, 2013 11:35amTo: Pfeiffer, MargaretSubject: Good morning
Account #: 8364927193
From: [email protected]: Thursday, March 28, 2013 10:16amTo: Pfeiffer, MargaretSubject: Good morning
I am in my nephew’s funeral service at the moment but I have an urgent outstanding transaction which I’ll need you to complete today. Firstly, I will need you to update me with the available balance in my account. Secondly, am in the middle of a meeting now and will not be able to make or receive calls kindly email me information you will require to initiate an ongoing domestic wire transfer. I will be very busy but will frequently check my email for your response. We can schedule your furniture delivery for Monday next week if I hear from you. Please acknowledge the receipt of this email.
From: [email protected]: Thursday, March 28, 2013 5:59amTo: Pfeiffer, MargaretSubject: Good morning
Hi – are you going to be at the office today? I have an urgent outstanding transaction that I would like you to complete for me today.
Thanks.
From: [email protected]: Thursday, March 28, 2013 11:35amTo: Pfeiffer, MargaretSubject: Good morning
Account #: 8364927193
From: [email protected]: Thursday, March 28, 2013 10:16amTo: Pfeiffer, MargaretSubject: Good morning
I am in my nephew’s funeral service at the moment but I have an urgent outstanding transaction which I’ll need you to complete today. Firstly, I will need you to update me with the available balance in my account. Secondly, am in the middle of a meeting now and will not be able to make or receive calls kindly email me information you will require to initiate an ongoing domestic wire transfer. I will be very busy but will frequently check my email for your response. We can schedule your furniture delivery for Monday next week if I hear from you. Please acknowledge the receipt of this email.
From: [email protected]: Thursday, March 28, 2013 5:59amTo: Pfeiffer, MargaretSubject: Good morning
Hi – are you going to be at the office today? I have an urgent outstanding transaction that I would like you to complete for me today.
Thanks.
Be alert for Email phishing campaigns against employees that appear to be internal
– Employees are sent emails in the form of Phishing attempts
– Company employee’s internal email address has been compromised Has an attention getter – High dollar amount of a cell bill in this example
Emails attempt to drive action such as payment or profile change
Be able to recognize requests that are not consistent with their usual behavior
Follow your Authentication procedures
Bank of America – Confidential. Do Not Distribute
16
eMail Spoofing
Once fraudsters have Malware or Spyware on your computer system they can:
Harvest your access credentials; internal systems, financial systems, email, etc.Read your business contacts and collect their informationInitiate email to accounts payable pretending to be youAsk the recipient to process a payment to pay an invoiceAwait receipt of payment or as in this example, they follow up to check on payment
If you receive an email such as this:
Contact the sender by an alternate method to validate the instructionFollow your authentication proceduresEmploy dual controls prior to making payment changes or processing paymentsValidate that presented invoices are legitimate
From: [email protected]: Monday, July 8, 2013 11:17amTo: [email protected]: FW: Wire Transfer
This is the third one. We are pulling the confirmation now and will send to you.
From: [email protected]: Thursday, June 11, 2013 11:30amTo: [email protected]: FW: Wire Transfer
FYI, this needs to get processed today. I checked with ?? to get your help processing it along. I will assume we take care of any vendor forms after the fact. I can send am email directly to ??? or let you drive from here. Let me know.
From: [email protected] Sent: Tuesday, June 11, 2013 9:59amTo: [email protected]: FW: Wire Transfer
Process a wire of $73,508.32 to the attached account information. Code it to admin expense. Let me know when this has been completed.
Thanks.
------------------------Forwarded message---------------------------------
From: [email protected]: Tuesday, June 11, 2013 6:45amTo: [email protected]: Wire Transfer
Nick,
Per our conversation, I have attached the wiring instructions for the wire. Let me know when done.
Thanks. Charlie
Bank of America – Confidential. Do Not Distribute
17
Fraudulent Invoices
Another trend impacting companies is the Fraudulent Invoice:
It is a variation on the Phishing emails.Fraudster mails an invoice to the company; often addressed to the AP departmentInvoice has description of “Investment”Invoice usually includes remittance information including the account to which funds are to be paid
If you receive an Invoice such as this:
Verify the company is an approved existing and current trading partnerVerify it is for an actual purchase or work performed by the companyConfirm the account on the invoice is what you have on file for the companyCaution – do not add a new vendor, with a new account, and pay an invoice all in the same step
Bank of America – Confidential. Do Not Distribute
18
Utility Industry focused Phishing
Phishing Scam:
Federal Government to pay your utility bills Rolling introductions (rolling blackouts) into different
markets. Social Media (primary) and Email (secondary)
distributed. Instructed customers to call a number to receive their
government grant. Customers provided Utility information, SSN, Bank
Account information. Fraudster provided Account Number, RT/ABA, and grant
confirmation number to be used for government grant. Provided customer with bill pay VRU at Utility
Company. Customer called bill pay phone number and entered
information. Received notice from Utility Company that payment was
returned and account was overdue
Snopes.com
Bank of America – Confidential. Do Not Distribute
19
Are you prepared to identify and manage events like these?
Impact to Company: Potential Impact to cash flow High ACH return rates – implications future direct debit programs Media visibility and brand impact
• Were you proactive or reactive?
• What support did you offer impacted customers?
Sample Social Media Dashboard (socialmediaexaminer.com)Detection:
Social Media Monitoring
Bill Pay account changes – online and VRU
Bill Pay VRU increased activity
Contact Center inquiries
Return payment activity monitoring
Impact to Consumers: Victim of Identity Theft Credit Monitoring and bank information changes Financial loss, inability to pay current bills
Bank of America – Confidential. Do Not Distribute
How to protect your entity
21
The Layered Security Model
Online Banking System
Client Education & Awareness
Login Credentials
Entitlements & Administration Controls
Device Authentication/Fingerprint
Duel Control/Division of Duties
Fraud Monitoring
The Best Practice Layered Security Model
Bank of America – Confidential. Do Not Distribute
The first step to preventing fraud is Knowledge, approach with rigor, and revisit
22
Securing Online Transactions
Be attentive during online session: Are login prompts occurring where they should? Do your online screens look correct?
Ensure all users are educated to recognize Phishing scams and know to not open file attachments or click links in suspicious emails. Always be on lookout for:
• Any requests for personal information
• Urgent appeals claiming your account will be closed if you fail to respond
• Messages about system/security updates
Use caution when visiting Internet sites, avoiding social networking & unknown sites that are not trusted and used for business purposes
Consider the use of dedicated, hardened computer
Ensure your Anti-Virus software/system patches are kept up to date. Consider anti-malware software that specifically protects your Internet Browser
Implement Duty Segregation/Dual Administration
Prohibit shared user names/passwords and avoid using automatic login features that save usernames/passwords
Never access online banking via Internet cafes, public libraries or open Wi-Fi hotspots
Report suspicious transaction activity to bank/authorities immediately
Bank of America – Confidential. Do Not Distribute
23
Mobile is Growing Target
Mobile Fraud• A growing risk, albeit less than online• 1800 mobile strains vs 75M online• Online techniques crossing over to mobile• All of threat vectors not yet known
Physical device security• Secure mobile device with pin/strong password• Lock device after use• Install software to track mobile device in case of theft
Manage system settings, downloads and device software • Don’t leave Wi-Fi in ad hoc mode• Disable discoverable mode after enabling Bluetooth devices, if your
Smartphone does not automatically default to off after adding a device• Setup a personal firewall • Don’t modify the device to:
• Give yourself more control• Enable features that void warranties• Change root file systems• Allow modifications to install third party software/hardware
components
Bank of America – Confidential. Do Not Distribute
24
Fraud Prevention Considerations for ACH & Wire
Payment Fraud Utilizes ID & Password obtained through Malware, Phishing, etc. to initiate outbound electronic payments
from your account Third party obtains your account information from an intercepted check. Pays for bills, gets car loan, purchases goods on account. Provides biller with electronic debit authorization
– not to his account but to your account
Best Practices Separate duties/auditing responsibilities across user credentials to provide additional security within cash
management system Set individual user limits appropriate for payment /user
• Maximum dollar amount / transaction for initiating/approving wires/ACH
• Maximum daily cumulative dollar amount of all wires initiated and/or approve Review ACH / Wire Transfer Procedures on regular basis, confirm user credentials updated and maintained
to represent appropriate needs Use Repetitive Wire Templates to eliminate manual intervention/manipulation Implement ACH Blocks to block incoming ACH transactions from posting to accounts Use ACH Positive Pay to monitor / control ACH transactions before they post to your bank account,
allow transaction acceptance or rejection in real time Apply ACH Authorization Service to post only incoming “authorized” ACH items
Bank of America – Confidential. Do Not Distribute
25
Fraud Prevention Considerations for Check
Best Practices Reconcile accounts on a daily basis Segregate internal duties for financial activities (Audit/Control) Consider migration from Check Payments to Electronic Payment Products Become fraud focused on inquiries from other banks/institutions regarding legitimacy of checks Escalate suspicious activities to management team Safeguard check stock/use check stock security features Consider outsourcing check processing to secured vendor
Prevention Products Positive Pay - Automate review of items before decision to Pay or Return Teller Positive Pay - Integrates check decision with banking center teller line Payee Positive Pay - Determines if payee names have been altered Reverse Positive Pay - Notify bank of exception items identified on file Maximum Dollar Control - Flag any check over a given dollar amount to decision
Bank of America – Confidential. Do Not Distribute
26
Converting Paper Payments to Electronic
Outsourcing to third party
Invoiced spend (ACH payments)
Direct vendor spend (Card payments)
Indirect/low-dollar spend
Travel-related spend
Paper checks
ACH Payments
Vendor Payments
Purchasing Card
Travel Card
27
Services Providers Fraud Risk and Role in Fraud Prevention
Reliance on third-party/outsourcer security may present increased vulnerability to access by fraudsters
Controls for identifying access to shared information/log-ins managed beyond your four walls
Potential losses/recovery need to include vendor impacting fraud recovery efforts
Businesses that outsource transactional network servers and/or services (i.e. reporting services, payroll, accounts payable, etc.) must ensure vendors maintain acceptable security levels
Vendor Services Best Practices
Perform site review/engage all security/process experts to assist in decision making
Review internal needs/allow vendor access only to required data
Limit/segregate log-ins to mitigate potential breaches
Address responsibility/liability if vendor compromise impacts your business
Understand vendor’s loss recovery processes and service level agreements currently in place
Do your homework – check references, awards, company standards regarding product /data security processes/procedures to ensure balanced risk/reward decision
Hold your vendor to the same “Best Practice” standards you adopt internally
Bank of America – Confidential. Do Not Distribute
28
Employee Education
Don’t assume employees understand email and internet risks
Don’t rely only on your company’s email or intranet to inform employees of email and internet policies and procedures
Set rules for personal internet usage
Ensure that employees understand policies toward monitoring of their computer activity
Consider restricting the ability to load/download data on your company computers
User Awareness Training:
Bank of America – Confidential. Do Not Distribute
29
Specificity Strengthens the Impact of Employee Training; Simple, Straight-forward Examples Can Be the Most Powerful
Show employees how to recognize threats and convey the consequences of those threats
Be explicit about what to look for to identify a malicious email
Explain that users will keep passwords in a secure place and not to share them with coworkers
Provide frequent reports of new threats and statistics of how many viruses have been caught within your company
Never turn off security protection on your computer and stay current with updates
Do not use your personal computer for company business
Do not connect to the internet through suspect wireless networks (e.g., Wi-Fi from a café)
Forward suspicious emails to the company’s designated email account (include the email address)
Open only identifiable attachments from known sources. Financial institutions never ask you to enter personal data, such as passwords, SSN, account numbers, etc.
Key Success Factors:
Bank of America – Confidential. Do Not Distribute
On The Horizon
31
What is EMV Chip Technology?
Chip Technology allows data to be stored and processed in a microchip. A chip has 3 key functions that help to create a more secure payment solution:
• data storage
• cardholder identification and authentication
• cryptographic processing EMV (Europay, MasterCard and Visa) is the global standard that defines how the
chip card and terminal communicate.
Chip technology provides additional layer of security:
Transaction is encrypted each time to protect against counterfeit fraud with both online and offline transactions.
Chip technology represents 3 primary enhancements:
• Data is dynamic and every transaction made with the card is unique. The issuer can easily identify that the genuine card is being used.
• The PIN validates the Card and the Cardholder; where with mag-stripe it only validates the cardholder.
• The card can be configured to make authorization decisions.
Bank of America – Confidential. Do Not Distribute
32
Example Traditional Card Present Transaction
32Bank of America – Confidential. Do Not Distribute
Customer hands plastic to cashier
Card swiped at point of sale
Association passes request to issuer
Bank makes auth decision
Card information is susceptible to compromise during merchant presentment and processing
33
Tokenization Overview
What is a Token?
• Tokenization is the process of substituting a sensitive data element with a proxy.
• The proxy will have limited to no value outside of its intended use.
Tokenization of Card Number: A proxy value is used as the payment “token” during the transaction so that true card number is never exposed to merchant.
Why is it Important?
• Enhanced Security - By securing token provisioning through strong detection capabilities, and continuing to push for stronger authentication practices, we can count on tokenized transactions being more secure – potential to reduce card alerts.
• Reduce Physical Card Issuance (expense impact)
• Opportunity to Impact Non-Approval RateRisks:
• Card Not Present (request token) becoming Card Present (Contactless)
• Fraud Token Issuance (from increase in Account Takeover, PHISHing, and plastic card number compromises).Bank of America – Confidential. Do Not Distribute
34
Example Tokenized Card Present Transaction
34Bank of America – Confidential. Do Not Distribute
34Bank of America – Confidential. Do Not Distribute
Customer UnlocksDigital Wallet
Device waved at point of sale
Association mapstoken to plastic
Bank makes auth decision
44443333222211114444333322221111 44443333222211114444333322221111 44443333222211114444333322221111
SecureSecureTokenTokenVaultVault
Association passesrequest to issuer
Data thieves can’t Data thieves can’t steal steal
what isn’t therewhat isn’t there!!
35
Example of Consumer Requesting Token (Provisioning)
Bank of America – Confidential. Do Not Distribute
Open App Wallet Authentication(PIN)
Select Issuer Customer Authentication(Online Banking)
Select CardCard Authentication
(CVC)Token
CreationToken Stored
Visual Card Art
36
Customer Experience: How Do Customers Get a Token?
Bank of America – Confidential. Do Not Distribute36
Today
Call for Card Wait for Card Store Plastic
Request Token
(5 – 10 Days)
Store Token
Send Token
Seconds
Deliver Card
Deliver Token
44443333222211114444333322221111
Tomorrow
37
Disclaimer
“Bank of America Merrill Lynch” is the marketing name for the global banking and global markets businesses of Bank of America Corporation. Lending, derivatives, and other commercial banking activities are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., member FDIC. Securities, capital markets, strategic advisory, and other investment banking activities are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, Merrill Lynch, Pierce, Fenner & Smith Incorporated and Merrill Lynch Professional Clearing Corp., both of which are registered broker-dealers and members of SIPC, and, in other jurisdictions, locally registered entities. Merrill Lynch, Pierce, Fenner & Smith Incorporated and Merrill Lynch Professional Clearing Corp. are registered as futures commission merchants with the CFTC and are members of the NFA. This document is intended for information purposes only and does not constitute a binding commitment to enter into any type of transaction or business relationship as a consequence of any information contained herein. These materials have been prepared by one or more subsidiaries of Bank of America Corporation solely for the client or potential client to whom such materials are directly addressed and delivered (the “Company”) in connection with an actual or potential business relationship and may not be used or relied upon for any purpose other than as specifically contemplated by a written agreement with us. We assume no obligation to update or otherwise revise these materials, which speak as of the date of this presentation (or another date, if so noted) and are subject to change without notice. Under no circumstances may a copy of this presentation be shown, copied, transmitted or otherwise given to any person other than your authorized representatives. Products and services that may be referenced in the accompanying materials may be provided through one or more affiliates of Bank of America, N.A. We are required to obtain, verify and record certain information that identifies our clients, which information includes the name and address of the client and other information that will allow us to identify the client in accordance with the USA Patriot Act (Title III of Pub. L. 107-56, as amended (signed into law October 26, 2001)) and such other laws, rules and regulations. We do not provide legal, compliance, tax or accounting advice. Accordingly, any statements contained herein as to tax matters were neither written nor intended by us to be used and cannot be used by any taxpayer for the purpose of avoiding tax penalties that may be imposed on such taxpayer. For more information, including terms and conditions that apply to the service(s), please contact your Bank of America Merrill Lynch representative. Investment Banking Affiliates are not banks. The securities and financial instruments sold, offered or recommended by Investment Banking Affiliates, including without limitation money market mutual funds, are not bank deposits, are not guaranteed by, and are not otherwise obligations of, any bank, thrift or other subsidiary of Bank of America Corporation (unless explicitly stated otherwise), and are not insured by the Federal Deposit Insurance Corporation (“FDIC”) or any other governmental agency (unless explicitly stated otherwise). This document is intended for information purposes only and does not constitute investment advice or a recommendation or an offer or solicitation, and is not the basis for any contract to purchase or sell any security or other instrument, or for Investment Banking Affiliates or banking affiliates to enter into or arrange any type of transaction as a consequent of any information contained herein. With respect to investments in money market mutual funds, you should carefully consider a fund’s investment objectives, risks, charges, and expenses before investing. Although money market mutual funds seek to preserve the value of your investment at $1.00 per share, it is possible to lose money by investing in money market mutual funds. The value of investments and the income derived from them may go down as well as up and you may not get back your original investment. The level of yield may be subject to fluctuation and is not guaranteed. Changes in rates of exchange between currencies may cause the value of investments to decrease or increase. We have adopted policies and guidelines designed to preserve the independence of our research analysts. These policies prohibit employees from offering research coverage, a favorable research rating or a specific price target or offering to change a research rating or price target as consideration for or an inducement to obtain business or other compensation. Copyright 2014 Bank of America Corporation. Bank of America N.A., Member FDIC, Equal Housing Lender.
38
ANSWERS KEYWORD
a. Businesses are more gullible 298242
b. Businesses have less controls in place
298428
c. That’s where the real money is 298429
d. All of the above 298430
Text a KEYWORD to 22333 or Submit responses at PollEv.com
Why have Fraudsters increased their Phishing attacks against businesses?
39
ANSWERS KEYWORD
a. They are not available 298432
b. They are currently embedded on every card
298434
c. They are available and significantly increasing in popularity
298436
d. Available upon request 298440
Text a KEYWORD to 22333 or Submit responses at PollEv.com
What statement best describes Chip Cards in the US?
40
ANSWERS KEYWORD
a. Avoid writing checks 298535
b. Acknowledge, approach with vigor, and revisit
298558
c. Convert all paper disbursements to electronic
298559
d. Implement fraud prevention solutions
298579
Text a KEYWORD to 22333 or Submit responses at PollEv.com
What is the first step to preventing fraud?