Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Payment Fraud

Published byDeirdre Owens Modified over 6 years ago

Similar presentations

Presentation on theme: "Internet Payment Fraud"— Presentation transcript:

1 Internet Payment Fraud
Presented by: Bethany Arnold Business & Professional Banking April 2018

2 Disclaimer This presentation is intended for information purposes only
Customers should contact their Information Technology provider to determine the best way to safeguard the security of their computers and networks Customers should familiarize themselves with their Financial Institution’s account agreement and understand their liability for fraud as ACH and Wire transactions are regulated under the Uniform Commercial Code

3 Agenda Fraud Statistics Understanding the Current Environment
Examples of Fraud Scenarios Protection Service Options Sources and Additional Resources

4 Fraud Statistics – Types of Fraud
The percentage of companies surveyed that were targets of payment fraud in 2016 74 Data Source is 2017 AFP Payments Fraud and Control Survey

5 Fraud Statistics – Types of Fraud
Paper checks 75% 46 Credit / Debit Cards 32% The percentage of companies surveyed that victims of wire transfer fraud in 2016. Wire 46% Checks continue to be the payment method most often targeted for fraud. After checks, wire transfers were the second most popular vehicle for payment fraud with nearly half (48 percent) of organizations surveyed exposed to payments fraud in This is a significant increase from the 27 percent and 14 percent that reported wire transfer fraud in 2014 and 2013, respectively. One reason is that wires are attractive targets because of the speed of transaction and also the difficulty in retracting a transaction. ACH Debits 30% Data Source is 2017 AFP Payments Fraud and Control Survey

6 Fraud Statistics – Sources of Fraud
52 The percentage of companies surveyed that were exposed to business compromise in 2016

7 Fraud Statistics – Financial Impact
75 The percentage of companies surveyed that had or experienced fraud without any financial loss $0 $250,000 $2,000,000 4 The percentage of companies surveyed that experienced a fraud loss in excess of $250,000 1 72% of organizations that were exposed to at least one payment fraud attempt in 2015 did no incur an ACTUAL financial loss from that attempt. Only four percent realized a loss greater than $25,000 and only 1% realized a loss greater than $2 million. The percentage of companies surveyed that suffered a financial loss in excess of $2 million Data Source is 2017 AFP Payments Fraud and Control Survey

8 Fraud Statistics – Cost to Manage, Defend, or Clean Up
48 Cost to Manage/Defend/ Clean Up % of Organizations No Cost 48% Up to $24,999 41% More than $25,000 11% The percentage of companies that did not incur any expenses as a result of a fraud attempt. Although the number of payment fraud attempts has been on the rise, the cost to manage/defend and/or clean up from fraud attacks were relatively low for most organizations. Nearly half did not incur any expense, 35% spent less than $25,000 and 16% spent more than $25,000. A greater share of larger organizations, specifically those with more accounts, were more likely to have spent more than were other companies. Data Source is 2017 AFP Payments Fraud and Control Survey

9 Fraud Statistics – Non-Financial Impact
Employee Morale Reputation/ Brand Relations with Regulators Business Relations 13 The percentage of companies surveyed that believe their reputation/brand could be damaged if they experience fraud Data Source is 2014 PWC Global Economic Crime Survey – US Supplement

10 Agenda Fraud Statistics Understanding the Current Environment
Examples of Fraud Scenarios Protection Service Options Sources and Additional Resources

11 Understanding the Current Environment
Internet Risks and Fraud Trends Internet fraud is a high-growth, profitable industry Organized crime element has moved into the business of Internet fraud, driving a significant increase in incidents and sophistication of incidents Customer environment (i.e. customer PCs) is the target of the fraudsters Criminals using targeted social engineering techniques in conjunction with crimeware/malware infections

12 Understanding the Current Environment
Crimeware and the Threat it Presents Crimeware is a class of malware designed to facilitate and automate illegal activity online Client PC is infected with crimeware by either or Internet browser Client receives Internet “maintenance window” pop-up or is prompted to provide more log in information on a fake webpage Hackers use Zeus or other crimeware software on client PC to record keystrokes (usernames/passwords, token values) and gather log in information from the client/victim Using stolen credentials, hackers perform unauthorized transactions and send funds to mules Mules withdraw funds and send to “company” they are working for, keeping portion for service

13 Understanding the Current Environment
Example of Corporate Account Takeover Fraud

14 Agenda Fraud Statistics Understanding the Current Environment
Examples of Fraud Scenarios Protection Service Options Sources Additional Resources

15 Examples of Fraud Scenarios
“Phishing” Many payment fraud attacks begin with a “phishing” , which correctly names the recipient and contains either an infected file or a link to an infectious website The recipient is generally a person within an organization who can initiate funds transfers or payments on behalf of the organization Once the recipient opens the attachment, or clicks the link to open the website, malware is installed on the recipient’s computer

16 Examples of Fraud Scenarios
“Phishing” (continued)

17 Examples of Fraud Scenarios
“Phishing” (continued)

18 Examples of Fraud Scenarios
“Phishing” (continued) Source:

19 Examples of Fraud Scenarios
Infected Browser Payment fraud attacks can also occur when an individual navigates to a website that appears to be legitimate but is in fact fictitious These are referred to as “drive by downloads”; simply visiting the site infects the individual’s PC Source: NACHA.org

20 Examples of Fraud Scenarios
Fraudulent Webpage Once malware has been installed on a PC, the fraudster can take over the browser (“man-in-the- browser”) to present a fake webpage to gather log in credentials Individuals should be familiar with the standard look and functionality of commonly used sites Potential signs of fraudulent tactics include: Lack of full branding (e.g. logo on page) Non-standard log-in screen System messages targeted to get User to wait so fraud can occur or to have another User log in so secondary set of credentials can be captured

21 Agenda Fraud Statistics Understanding the Current Environment
Examples of Fraud Scenarios Protection Service Options Sources and Additional Resources

22 Protection Service Options
At Log-in Activate security features on all User computers Utilize Secure token security devices Secondary authentication by tokens may be required for all Users for a Company that has access to ACH or Wire payments

23 Online Service Options
Payment Initiation System Access Restrict User permissions Delegate the minimum requirements to the User to get the job done Review User access and permissions on a regular basis Payment Processing Implement Company level Secondary Authorization for all ACH & Wire payments Segregate payment functions Segregate permission to create profiles from permission to create payments Segregate permission to create/modify from permission to approve (applies to both profiles and Payments) Establish transaction limits for Users Other Implement Positive Pay and ACH Positive Pay to protect against other fraud schemes, e.g. altered checks, counterfeit check fraud and unauthorized ACH transactions

24 Online Service Options
What You Can Do to Protect Yourself Train your staff Don’t respond to or open attachments or click on links in unsolicited s Be very suspicious of s claiming to be from a Financial Institution requesting account information, account verification or banking access credentials Verify that you are using a secure session (https, not http) Always end your Online Banking Internet sessions by “logging off” Enhance the security of your computer and networks Carry out all online banking activities from a stand-alone and dedicated computer (e.g. no general web browsing, ing, social networking) Regularly update the anti-virus and anti-spyware programs

25 What You Can Do to Protect Yourself
General Practices What You Can Do to Protect Yourself Maintain a comprehensive compliance program Identify and quantify exposures Think possibilities, not probabilities Keep program updated Cooperate with your financial institutions and authorities Notify your Financial Institution immediately when fraud is suspected Conduct internal investigations once wrongdoing is uncovered Perform third-party due diligence* Understand your partner’s qualifications, associations, and reputation Question the business rationale of the relationship Continually monitor the relationship Collaborate with others Join associations/organizations (e.g., local AFP) Share best practices * Guidance influenced by DOJ Resource Guide to the U.S. Foreign Corrupt Practices Act

26 Agenda Fraud Statistics Understanding the Current Environment
Examples of Fraud Scenarios Protection Service Options Sources and Additional Resources

27 Sources and Additional Resources
AFP Payments Fraud and Control Survey – PWC Global Economic Crime Survey, US Supplement - The United States Department of Justice, A Resource Guide to the U.S. Foreign Corrupt Practices Act - fraud/legacy/2015/01/16/guide.pdf FBI and National White Collar Crime Center Fraud Advisory - NACHA -

Download ppt "Internet Payment Fraud"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Corporate Account Takeover & Information Security Awareness PRESENTATION FOR BANK CUSTOMERS.

Corporate Account Takeover & Information Security Awareness PRESENTATION FOR BANK CUSTOMERS.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent emails.

Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
© 2009 National Automated Clearing House Association. All rights reserved. Industry Perspectives on Emerging Risks and Public/Private Engagement: Network.

© 2009 National Automated Clearing House Association. All rights reserved. Industry Perspectives on Emerging Risks and Public/Private Engagement: Network.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Malware Targets Bank Accounts GAMEOVER!!. GameOver Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme.

Malware Targets Bank Accounts GAMEOVER!!. GameOver Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.

1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is Spam? d 0-0.49 min.

What is Spam? d min.

Similar presentations

Ads by Google