Darren Muise Head of Commercial Partnerships State and Local Government Fraud Awareness and Prevention.

Slides:

Advertisements

Similar presentations

Changing Perspectives on Commercial Cards

Advertisements

MURC Purchase Card (P-Card). Policy & Procedure Manual Read thoroughly Covers most questions P-cards are a privilege that may be revoked for violations.

JPMorgan Chase Purchasing Card Training

Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, /29/2014.

Purchasing Card Best Practices: Program Expansion & Controls Julie Krause, Vice President Commercial Cards Sales Manager M&T Bank May 12, 2010.

CPS Fraud Support Analyst

1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.

Understanding Commercial Card and the use of Controls Louisiana GFOA Fall Conference October 9, 2014 Rhonda C. Engel, SVP Commercial Card Sales Manager.

FRAUD: Risks and Prevention. Fraud: Risks and Prevention Implications of fraud What motivates one to commit fraud The importance of internal control Fraud.

State of Louisiana January 19, AgendaAgenda Program Update –Company Level Support –Technical Help Desk –Account Management Fraud and Misuse Questions.

S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A LS T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L © 2008 JPMorgan Chase & Co. All.

Paper to Electronic - Card GFOA Conference August 2012│ Tucson, AZ.

University of Georgia Business and Accounting Services Education and Outreach Managing Petty Cash Research Participant Payments.

Bank Account Fraud Kimberly Sidden, Vice President Government Banking, UMB Bank.

Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.

REGULATION AND OPPORTUNITY JAY W. COAKLEY COAKLEY STRATEGIC SOLUTIONS LLC Overdraft Income.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

Security Controls – What Works

UNC Charlotte Purchasing Card Training for Auditor Role Annette Heller.

1 Visa Acceptance and Enablement Bank of America Merchant Services - Supplier Strategy April 2009.

Why Comply with PCI Security Standards?

U.S. Bank Payment Analytics Overview. Payment Fraud Trends 2 Reference: Association of Financial Professionals (AFP), 2011 Payments Fraud and Control.

Network security policy: best practices

SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.

Corporate Purchasing Card Enhanced Reporting January 2015 Web Version 1.

Chapter 10 Cash and Financial Investments McGraw-Hill/Irwin

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

State of Louisiana “La Carte” Purchasing Card Program.

Britannia/NET1 Web Seminar 2007 Presented By: NET1 Payment Solutions Presenter: Brian Morabito.

® Working With Citi Sabrina Dyer Vice President. ® 2 To ensure the best possible learning experience for participants, please adhere to the following.

Chapter 16: Audit of Cash Balances

CASH RISK ASSESSMENT. Fraud OverviewFraud SchemesWhen & How Fraud HappensOur Approach to Fraud Deterrence Overview.

Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S. Brown, CPA Bob Powell, CPA November 12, 2010.

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Chapter 7 Internal Control and Cash

JPMorgan Chase Purchasing Card Program Executive Summary.

Justin K. Kiddy, CPA/PFS, CFE Fraud in your Charter School: Is it possible? How to defend against it?

Onebeaconpro.com t f Cyber Liability Insurance Coverages and Trends Affecting Community Banks Craig M. Collins President,

Controlling Fraud Risk Exposure and Loss Sherri Goodman Director of Fraud Operations September 22, 2005.

64 th ILLINOIS ASBO CONFERENCE AND EXHIBITIONS APRIL 29 – MAY 1, #iasboAC15 Credit Cards: Internal Controls, Minimizing Risk and Fraud.

OH 9-1 Protecting Revenue 10 OH 9-1. OH 9-2 Learning Objectives After completing this chapter, you should be able to: Identify and explain the three parts.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

1 Payroll Schemes Chapter 6. 2 List and understand the three main categories of payroll fraud. Understand the relative cost and frequency of payroll frauds.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

e-Learning Module Credit/Debit Payment Card Acceptance and Security

Chapter 6 Payroll Schemes.

TRAVEL CARD The Good, the Bad and the Ugly??? Sandy English, CPCP West Chester University West Chester, PA.

Procurement Card Program. This program was established to allow rapid purchases of repetitive or low dollar goods and services while simultaneously reducing.

SABRE VIRTUAL PAYMENTS Karen Frayer Sabre Virtual Payments Manager.

Langara College PCI Awareness Training

Checking & Savings Accounts Economics What is a Checking Account?  Common financial service used by many consumers (a place to keep money)  Funds.

Purchasing Cards. What is a Purchasing Card? It is a type of commercial credit card, used by organizations for payment of goods and services. This tool.

T O S H I B AT O S H I B A Fraud & Disputes – Know Who You Are Trading With.

CREDIT CARD PAYMENT SYSTEM System involves Several major participants Purchaser that is cardholder Card Issuer that issues credit card Merchant that makes.

Unit 6 – Chapter 5.  Describe the Sarbanes-Oxley Act of 2002 and its impact on internal controls and financial reporting.

Who’s A Control Freak? Audrey Flood November 2006 State of Texas User Conference.

Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.

| gtb.scotiabank.com Global Transaction Banking & Scotiabank Mount Allison University Global Transaction Banking Global Transaction Banking | pg.

Commercial Card Expense Reporting (CCER) The Trustees of Roanoke College An internet solution Accessed via Wells Fargo’s secure Commercial Electronic Office.

Fraud Procedures Tips for Mitigation Fraud Case Process.

Payment Card Industry (PCI) Rules and Standards

PCI-DSS Security Awareness

Electronic/Online Banking & Bill Pay

Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions

VSA Pcard Training.

The University Purchasing Card

Presentation transcript:

Darren Muise Head of Commercial Partnerships State and Local Government Fraud Awareness and Prevention

2 Roles and Responsibilities Issuer Issue cards Assume credit risk Fraud monitorng Risk mitigation Provide EAS Provide customer service Provide custom products and enhancements Visa Sets standards and rules Provides systems/operations Move money and data Provides risk management Balance the needs of Issuers, Acquirers, Merchants, Cardholders and Businesses Provide expert service/support to Issuers, Acquirers, Merchants, Cardholders and Businesses Acquirers Process Transactions Underwrite supplier risk Generate reports Provider customer service Differentiate service with custom products and enhancements Assess processing fees to suppliers Visa Inc Fraud and Misuse 2011

Payment System Risk PROTECT Protecting vulnerable account data RESPOND Monitor and manage events that occur PREVENT Minimize fraud in the payment system Trust and Partnership Maintaining and enhancing stakeholder trust in Visa as the most secure way to pay and be paid Visa Inc Fraud and Misuse

Multi-Layered Strategy To address security concerns we need to align rules, strategies, programs, initiatives and solutions Laws and Regulations Industry Standards Visa Rules and Regulations Visa Programs and Solutions Risk Information and Benchmarking PROTECT RESPOND Trust and Partnership PREVENT Education, Awareness and Best Practices Visa Inc Fraud and Misuse

Fraud, Abuse, & Misuse: Definitions Fraud – The theft card information by fraudsters Abuse – Intentionally or unintentionally violating policies and procedures for personal gain Misuse – Intentionally or unintentionally violating policies and procedures for work related gain Account takeover (information change) Mail thefts Counterfeit cards Lost/Stolen cards Mail order/telephone order Skimming Database Hacking Franchise Software Hacking Sniffing Phishing Visa Inc Fraud and Misuse

Reported “Loss” to Organizations The differences in card misuse between the Corporate and Government and Not-for-Profit segments. Overall, losses due to fraud and misrepresentation as a percentage of purchasing card spending are higher in the Corporate or private sector A summary of loss experienced by the card-using organizations related to misrepresentation and internal and external fraud. The median dollar loss per incident and the total loss to the organization as a percent of total purchasing card spending for each category of misuse are consistent with the overall study findings Source: Purchasing Card Benchmark Survey Report, R. Palmer and M. Gupta, RPMG Research, Visa Inc Fraud and Misuse 2011

Perception of Risk In comparison to other payment methods, purchasing card spending at my organization is associated with a _%_ likelihood of fraudulent/misrepresented spending The comparison to other payment methods, 84% and 76% of respondents believe that purchasing card spending is associated with a similar or lower likelihood of fraudulent or misrepresented spending, respectively Source: Purchasing Card Benchmark Survey Report, R. Palmer and M. Gupta, RPMG Research, 2010 Significantly Lower Similar Significantly Higher 7 Visa Inc Fraud and Misuse 2011

Loss Due to Policy Violations The loss associated with purchase card policy violations remains relatively insignificant, accounting for.006% of purchasing card spending – which is the equivalent of $60 of policy violations for every $1 million of purchasing card spending Source: Purchasing Card Benchmark Survey Report, R. Palmer and M. Gupta, RPMG Research, Visa Inc Fraud and Misuse 2011

9 Fraud, Abuse, & Misuse: Prevention & Detection Strategies for success: Program management Metrics Internal controls Reconciliation Audits Training and communication Program Management: Data Mining –Business rules Statistical Sampling –Statistically-valid sampling plans Machine Learning Tools –Neural networks –Smart algorithms Visa Inc Fraud and Misuse 2011

 External Data Compromises: Data breach that occurs at merchant, merchant processor, or other 3 rd party processor Compromises increased 35% 2009 and expect similar trends in single event impacted 130 Million Debit and Credit Accounts  Phishing s/Telephone Calls: Fraudster with limited and uses or telephone to solicit remaining data needed to commit attack Attacks increased 25% in 2010 across industry Newest trend is Spearphishing which targets same organization with mass s or telephone calls  Client Internal Fraud: Many clients have limited internal audits to identify internal fraud attempts Fraud increased 15% across industry for clients in 2010 Reported Top Fraud Risks 10 Visa Inc Fraud and Misuse 2011

This device can capture over 2500 credit card account numbers, expiration dates and CVV codes in the palm of your hand. The unit can operate continuously for 40 hours on a single 3V battery (6000 swipes). Skimmed data can be downloaded to any PC with software provided. At a moment’s notice, or the moment of arrest, the contents can be deleted with the press of a button to avoid prosecution. Cost = $500 And An Old Favorite – “The Handheld Skimmer” 11 Visa Inc Fraud and Misuse 2011

False fronts on ATM terminals with built in magnetic stripe readers. Hidden camera captures PIN and transmits the information to a nearby crook Increasingly common ATM Skimmers 12 Visa Inc Fraud and Misuse 2011

Sniffing devices installed in ATMs or other Point of Sale devices allow fraudsters to compromise a Debit card PIN. In this example, the PIN and magnetic stripe information are captured before encryption. Recent cases have Bluetooth transmission to remote receiver. Sniffing Devices 13 Visa Inc Fraud and Misuse 2011

Internal Audit Process Sample Metrics Card Industry Best Practices Audits should be scheduled, random, and unannounced Audit representative samples - within days Review span of control Focus resources on areas of weakness or opportunity Combine filter development and automation of monthly review process Streamlines review and audit process Eliminates the need for 100% transaction review Documents the review process Ensures timely review of transactions within the span of control Improves the recovery potential Improve communication of audit findings to card program participants Develop a sampling audit strategy for current cycle transactions Audit the first statement cycle following cardholder training or change in process Audit high-risk transactions monthly Cardholders with the highest number of transactions Cardholders with the highest dollar amount spent Employees with multiple disputes Purchases charged to clients Increase frequency for those cardholders with exceptions Audit representative samples - within days new account Vendors Number of vendors utilized Transactions per vendor Transactions between a cardholder and same vendor Reconciliation # and $ of Transactions between a cardholder and same vendor Review items not submitted or duplicate expense reports for same transaction Accountable property transactions logged Transactions from approved suppliers Transactions reconciled using default funding Split purchase occurrences to avoid dollar thresholds 14 Visa Inc Fraud and Misuse 2011

Program Administrator Cardholder Card Industry Best Practices Insure cardholder statement reconciliation is performed in a timely manner Monitor declined authorizations for signs of merchant and/or employee abuse Manage credit limits based on individual cardholder spending needs Consider MCC (Merchant Category Codes) restrictions and $ thresholds to prevent internal and fraud abuse Complete internal audits of transaction monitoring at MCC and cardholder levels Provide your issuing bank with after hours contacts or cell phone telephone numbers and s for prompt contact to detect and prevent fraud Partner with fraud team future or current authorization needs to ensure control with least amount of cardholder impact Report non-received cards to your issuing bank immediately Examine cards received for evidence of tampering during transit Do not provide your individual account number to a merchant to keep on file unless approved by company Contact Fraud team prior to international trips and provide alternate contact phone number as needed Create guidelines for card issuance and handling Determine who should be eligible to apply for a card Determine approval levels required Segregate duties of ordering and receiving of cards Create internal procedures Requirements for obtaining a card Administrative / Management Usage / Purchasing Accounts Payable/Accounting Reconciliation Audit Create policies or business rules Business versus Personal Use Cash access Card sharing Ghost cards Roles and responsibilities Training Audit exceptions Client Controls 15 Visa Inc Fraud and Misuse 2011

16 Questions ? Visa Inc Fraud and Misuse 2011