Battling Fraud Using Today s Technology

2534 days ago, 1045 views
PowerPoint PPT Presentation
Battling Misrepresentation Utilizing Today's Innovation. Kathryne Daniels, CTP Senior VP Government Managing an account. May 2009. Plan. Presentations Administrative Issues Part and Obligations Installments Extortion Check Misrepresentation ACH Extortion Online Security Installments Misrepresentation Counteractive action Best Practices

Presentation Transcript

Slide 1

Battling Fraud Using Today's Technology Kathryne Daniels, CTP Senior Vice President Government Banking May 2009

Slide 2

Agenda Introductions Regulatory Issues Role and Responsibilities Payments Fraud Check Fraud ACH Fraud Online Security Payments Fraud Prevention Best Practices Credit Card Data Security Why Credit Card Data Security is Important Anatomy of a Data Compromise Reducing the Risk of Compromise through PCI Compliance Data Security Best Practices Open Discussion

Slide 3

Regulatory Impacts Uniform Commercial Code Articles 3 and 4 Reg E Expedited Funds Availability Act and Fed Reg CC

Slide 4

Role and Responsibilities Agencies Must exercise conventional care. In the event that an organization does not work out "standard care" your monetary foundation may never again be held completely at risk. Meaning of customary care as I comprehend it: "The adherence to sensible business principles winning in an organization's district and industry" Financial Institutions Bank's partake in the duty regarding building up frameworks and controls to help keep extortion on store accounts from happening.

Slide 5

Payments Fraud October 7, 2008

Slide 6

Why Should I Care? "I don't have anything to stress over, my bank will naturally repay us if check misrepresentation happens." "I have excessively numerous different objectives to achieve this year to shave the main issue - I need to introduce that ERP framework" "We've never been hit with check extortion… "

Slide 7

Check Fraud: How Simple More than 1.2 million useless checks every day enter the managing an account framework Easy to escape with Simple innovation promptly accessible Easily realistic ledger data Available approved marks

Slide 8

Fraud Prevention Tools Positive Pay Dollar and date controls Check outsourcing Check stock security highlights

Slide 9

Positive Pay Services Traditional Positive Pay Teller Positive Pay Payee Positive Pay

Slide 10

Dollar and Date Controls Maximum dollar controls Reviews and returns checks exhibited over a predefined sum Stale date controls Reviews and returns watches that surpass your assigned "stale" time period

Slide 11

Check Outsourcing Eliminates need to request and store check stock Safeguards marks Prints and sends checks Creates positive pay issuance document Provides postal rebates

Slide 12

Check Stock Security Features: Do They Matter? Watermarks Controlled wellbeing paper COPY BAN + VOID pantograph Micro printing Thermachromic ink Laid lines Warning groups Secure number text style Chemical VOIDS Image-survivable elements

Slide 13

About Check 21 Check 21 got to be distinctly powerful October 28, 2004 Purpose Improves effectiveness in the U.S. keeping money framework by dispensing with the need to transport paper checks between banks Encourages development in the installment framework by expelling key obstructions to check truncation What it implies Allows banks to make and give a substitute check in lieu of a unique check Banks must process substitute checks if got

Slide 14

Check Payment Transformation Check change and check truncation are particular other options to change a check ACH: POP, ARC, RCK EFT systems: SafeCheck, Visa POS Check Conversion Truncation Check change changes a check to electronic settlement versus Check truncation changes a check to picture empowered electronic or paper settlement Image Exchange Substitute Checks

Slide 15

Image Survivable Automated acknowledgment Bar-coding Seal-encoding Digital watermarks

Slide 16

Automated Payee Recognition Compares payee name on picture to issuance database Character-by-character Digital cross examination Only genuine exemptions revealed Limited mix with customary Positive Pay

Slide 17

Bar-coding Key information scrambled into standardized tag on the check surface Resembles an UPC image Read by issuing bank and contrasted with the picture

Slide 18

Seal-encoding Unique realistic imprinted on check utilizing merchant provided programming Check data encoded inside seal Automated cross examination and approval Permutation keys and mystery identifiers Replaces formal bank signature confirmation Seal will neglect to decipher appropriately if altered

Slide 19

Digital Watermarks Hidden message on the front surface of check Similar to seal-encoding capacity Digital scanners contrast the advanced watermark with MICR and visual information Real-time distinguishing proof of adjustments conceivable

Slide 20

ACH Payments Reduces introduction to exorbitant check misrepresentation movement Reduces costs B-2-B installment development Electronic finance arrangement: Direct store – spare $0.89 per installment Establish double control over record readiness Have your bank forward verifiable start documents to your interior inspectors Payroll cards Provides workers with ATM money get to and a protected approach to make buys

Slide 21

Potential Fraud Growth WEB TEL POS/POP

Slide 22

ACH Blocks and Filters Debit pieces Prevent all ACH charges as well as credits from posting Prevent buyer section class charges Debit channels Permit ACH charges or potentially credits from known exchanging accomplices just Cumulative every day sum restricts by exchanging accomplice

Slide 23

Online Security Strong verification systems, for example, computerized endorsements 128-piece Single Socket Layer encryption Dual organization, adaptable consents and approvals. Complete review logs and action following. Organize border and application security that incorporates round-the-clock checking of firewalls, against infection frameworks and interruption discovery and anticipation innovations.

Slide 24

Best Practices Internal Controls Practice division of obligations Keep approaches and methodology avant-garde and partners prepared. Inform bank and law authorization specialists when speculate misrepresentation. Perform historical verifications on new partners, watch representative conduct Use isolate represents electronic and paper exchanges Reconcile your records day by day (or if nothing else inside 30 days) Reconcile ACH exchanges every day Make beyond any doubt check stock is picture capable Control physical security of check stock, signature plates, transitory get to and worker ID cards. Utilize laser printed checks with security highlights Deliver active checks to mailroom as late in day as conceivable Properly obliterate basic bookkeeping data Take preferred standpoint of extortion items

Slide 25

Best Practices Online Controls Practice safe processing Use firewall, against infection, and spy-product counteractive action instruments Do not permit clients to download unapproved programming on business PCs Limit physical access to treasury PCs Assign authorizations just for what is required Delete old client records and access to bank frameworks Ensure clients don't share passwords Encrypt touchy data away Take favorable position of bank gave application controls: Dual organization Dual endorsement of installments User exchange limits Audit Logging

Slide 26

Why Credit Card Data Security is Important If you acknowledge installments through charge card, charge, or prepaid cards, your misrepresentation avoidance endeavors must incorporate the insurance of any cardholder account information took care of by you, or on your sake. In the event that card account data is stolen from you, or a specialist co-op chipping away at your benefit, it can be utilized by hoodlums to confer extortion. Monetary Impact: You might be liable to noteworthy fines and misfortunes emerging from such misrepresentation and from not legitimately securing card account data. Notoriety Impact: Potentially more harming than the money related effects, open trust and trust in your association can be contrarily affected by this kind of information security rupture. 1001011001

Slide 27

Card Data Security in the Headlines " 11 Charged in Theft of 41 Million Card Numbers … . Government prosecutors have accused 11 individuals of taking more than 41 million credit and check card numbers, splitting what authorities said on Tuesday gave off an impression of being the biggest hacking and data fraud ring at any point uncovered . " – August 5, 2008 – New York Times [Major supermarket chain] Malware utilized as a part of "a gigantic information break that traded off up to 4.2 million credit and check cards … " – March 28, 2008, Boston Globe [Major retailer] " Breach of information… is known as the greatest ever - stolen card numbers put at 45.7 million … Credit and charge card numbers were stolen by programmers who got to the PC frameworks… " – March 29, 2007, Boston Globe

Slide 28

Anatomy of a Data Compromise An information bargain is an occurrence including the rupture of a framework or system where cardholder information is handled, put away or transmitted. An information trade off can likewise include the associated or affirmed misfortune or burglary with any material or records that contain cardholder information. There are three fundamental sorts of information security breaks that can prompt to an information bargain: Physical Breach – burglary of archives or hardware Electronic Breach – electronic rupture of a framework or system condition Skimming – catch of card attractive stripe information utilizing an outer gadget

Slide 29

Reducing the Risk of Compromise by means of PCI Compliance The significant charge card organizations, including Visa and MasterCard, require any business which acknowledges credit, charge, or prepaid card installments to consent to the Payment Card Industry Data Security Standard (PCI DSS) The PCI DSS is a worldwide standard for ensuring cardholder account data to lessen the danger of information trade off The PCI DSS comprises of 12, "computerized dozen," prerequisites for securing card account data, and works on the accompanying standards: If you needn't bother with cardholder account information, don't store it. Never store touchy validation information (i.e. full attractive card stripe information, card confirmation values, or PIN/PIN piece information), after exchange approval. In the event that you store allowed cardholder account information (i.e. full Primary Account Number, cardholder name, benefit code, and close date), it must be ensured as per the PCI DSS "computerized dozen�