external bank fraud-090510 from henry hardoon of hhassociates.co.uk
TRANSCRIPT
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
1/43
Paul Lower 2010
FRAUD DETECTION & CONTROL
EXTERNAL BANK FRAUD
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
2/43
Paul Lower 2010
External Bank Fraud
Why do robbers steal from banks?
because thats where the money is
WILLIE SUTTONUS bank robber
Stole $2m over 30 years
Spent half of his life in jail
go where the money is - and go there often
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
3/43
Paul Lower 2010
External Bank Fraud
The external threat to financial institutions
Banks and other institutions are desirable targets
Always have been, always will be
Robbery involves actual or threatened violence
Fraud involves deception, manipulation & concealment
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
4/43
Paul Lower 2010
External Bank Fraud
The threat to banks
Cheque and credit card fraud
Online banking fraud and Phishing
Identity theft
Advance fee fraud and 419 fraud
Money laundering
Foreign currency fraud
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
5/43
Paul Lower 2010
FRAUD DETECTION & CONTROL
CHEQUE AND CREDIT CARD FRAUD
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
6/43
Paul Lower 2010
Cheque and Credit Card Fraud
Cheque fraud
Cheques remain important method of payment
Main types of external cheque fraud
Forged cheques
Cheque altering
Cheque theft and forged signature
Cheque Kiting
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
7/43
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
8/43
Paul Lower 2010
Cheque Altering
BRAKELYS BANK DATE 18-6-10
PAY Acme Homecare 669.99MR. J SMITH
Six hundredSixty Nine Pounds 99 pence
John SmithSORT CODE ACCOUNT CHQ NO SIGNATURE21-22-39 13256897 10032
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
9/43
Paul Lower 2010
Cheque and Credit Card Fraud
Cheque altering variation 1
A dishonest salesman makes a sale for 69.99. The customer paysby cheque and writes the amount in the right hand side of the amountbox and the amount in words to the right hand side.
The fraudulent salesman uses the spaces to alter the cheque andincrease by 600.
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
10/43
Paul Lower 2010
Cheque Altering
BRAKELYS BANK DATE 18-6-10
PAY Acme Homecare 669.99MR. J SMITH
Six HundredSixty Nine Pounds 99 pence
John SmithSORT CODE ACCOUNT CHQ NO SIGNATURE21-22-39 13256897 10032
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
11/43
Paul Lower 2010
Cheque and Credit Card Fraud
Cheque altering variation 2
Johnson & Company Limited is a company that provides computerservices to small and medium sized clients and is frequently paid bycheques payable to Johnson & Co or Johnson and Company.
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
12/43
Paul Lower 2010
Cheque Altering
BERKSHIRE BANK DATE 18-6-10
PAY Johnson & Company 6,200.00
Six Thousand Two Hundred Pounds Only
John SmithSORT CODE ACCOUNT CHQ NO FOR THE SMITH TOOL COMPANY29-42-39 256897124 1005232
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
13/43
Paul Lower 2010
Cheque and Credit Card Fraud
Cheque altering variation 2
Johnson & Company Limited is a company that provides computerservices to small and medium sized clients and is frequently paid bycheques payable to Johnson & Co or Johnson and Company.
A dishonest post-room worker at the firm uses chemical solution toalter the cheque and make it payable to Johnson Cooper.
That could be the name of the fraudster, the name of an accompliceor the name of a false account specifically set up for the purpose.
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
14/43
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
15/43
Paul Lower 2010
Cheque and Credit Card Fraud
Cheque fraud
Cheques remain important method of payment
Main types of external cheque fraud
Forged cheques
Cheque altering
Cheque theft and forged signature Cheque Kiting
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
16/43
Paul Lower 2010
Cheque Kiting
Cheque Kiting what is it? How does it work?
Check kiting takes advantage of the cheque clearing process tomake use of non-existent funds in a bank account.
It is defined as writing a cheque from one bank with insufficientfunds, then writing a cheque to another bank, also with insufficientfunds, in order to cover the absence.
The purpose of cheque kiting is to falsely inflate the balance of abank account in order to clear cheques that have been written thatwould otherwise bounce.
CASE STUDY
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
17/43
Paul Lower 2010
Cheque Kiting
A kite that soared to $1.3m before crashing
John Quaid pleaded guilt to a kiting scheme that inflated his accountbalances with Bank of America and USAA Federal Savings Bank.
Quaid, who ran several small businesses, wrote worthless chequesand deposited them in to his business accounts with the banks andartificially increased the balance in the accounts.
The scheme was a classic cheque kiting scheme.
After depositing one bad cheque in to one business account, he thendrew a second cheque on the second account with insufficient fundsand deposited in the first account to cover the first bad cheque.
CASE STUDY
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
18/43
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
19/43
Paul Lower 2010
Cheque and Credit Card Fraud
Red flags of cheque fraud
Blank cheques missing
Cancelled cheques show signs of tampering
Signatures are missing or appear forged
Customer complain about payments not being credited
Misspellings or errors on cheques
If background checks on new account applicants revealdebt problems check kiting may be more likely
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
20/43
Paul Lower 2010
Cheque and Credit Card Fraud
Preventing cheque fraud
Secure all cheques and enforce dual control of stock
Ensure and enforce all cheque limits
Conduct prompt bank reconciliations
Use anti-forgery cheque security features
Latest technology watermarking
Embedded fluorescent fibres
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
21/43
Paul Lower 2010
Cheque and Credit Card Fraud
Preventing cheque fraud
Secure all cheques and enforce dual control of stock
Ensure and enforce all cheque limits
Conduct prompt bank reconciliations
Use anti-forgery cheque security features
Encourage and reward employee vigilance
Credit check on new business account applicants
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
22/43
Paul Lower 2010
Cheque and Credit Card Fraud
Preventing cheque fraud
Restricted policies on use of uncleared funds
Use automated detection software to trap anomalies
Suspicious cheque account transactions
Frequently overdrawn accounts
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
23/43
Paul Lower 2010
Cheque and Credit Card Fraud
Credit card fraud
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
24/43
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
25/43
Paul Lower 2010
Cheque and Credit Card Fraud
Red flags of credit card fraud
Customers complain of unauthorised purchases
Unusual patterns in multiple customer card accounts
Sudden surge in cards maxing out quickly
Unusual increase in out of pattern purchases
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
26/43
Paul Lower 2010
Cheque and Credit Card Fraud
Preventing credit card fraud
Use best security including chip and PIN
Mail cards and PIN numbers separately
Work closely with merchants on prevention measures
Insist on photo ID with large purchases
Insist merchants use chip and PIN technology
Or check signature against another document
Scrutinise cards for signs of forgery
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
27/43
Paul Lower 2010
Cheque and Credit Card Fraud
Preventing credit card fraud
Use best security including chip and PIN
Mail cards and PIN numbers separately
Work closely with merchants on prevention measures
Maintain highest security on credit card database
Operate 24 hour hotline for card theft reporting
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
28/43
Paul Lower 2010
FRAUD DETECTION & CONTROL
ONLINE BANKING FRAUD
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
29/43
Paul Lower 2010
Online Banking Fraud
Fraud for the 21st century
Online methods increasingly the mode of fraud
Fraud against financial institutions
Fraud directly against customers and individuals
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
30/43
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
31/43
Paul Lower 2010
Customer Data Theft
We will never know the numbers of records stolen
The largest breach of corporate information security so far is the2008 cyber attack on Heartland Payment Systems, one of the largestprocessors of credit card transactions in the US.
The crime affected more than 600 financial institutions and resultedin the loss of more than 100 million card numbers and other data.
Although the breach was shrouded in secrecy, sources said
we will never know the exact number of records stolen in thesecurity breach; but we do know that the company processes
payments for 175,000 merchants at the rate of 100 milliontransactions per month and the breach was going on for 6 months
CASE STUDY
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
32/43
Paul Lower 2010
Online Banking Fraud
Online fraud against financial institutions
Usually aimed at breaching computer security
To steal large volumes of confidential customer data
Cyber criminals use several tactics
Direct hacking attacks on company networks
Internet based attacks
Malicious computer code and viruses
Social engineering
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
33/43
Paul Lower 2010
Online Banking Fraud
Social engineering
Not in itself a type of fraud
It is a psychological tactic aimed at obtaining theinformation needed to commit a fraud
Social engineering is:
A scam that preys on our acceptance of authority and
willingness to cooperate with others. The Social Engineersobjective is to extract sensitive information, including login
names and passwords for websites.
These scams usually take place via email or telephone
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
34/43
Paul Lower 2010
Online Banking Fraud
Online fraud against customers
Challenge is that fraudsters move quickly
IT security professionals engaged in constant battle
Cyber criminals attack customers to steal personalinformation to raid credit cards and bank accounts
Trojan horses
Keystroke logging software
Phishing scams
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
35/43
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
36/43
Paul Lower 2010
Phishing Scams
NOT SPECIFICALLY ADDRESSED
NOT SPECIFICALLY ADDRESSED
NO ACCOUNT NUMBER
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
37/43
Paul Lower 2010
Online Banking Fraud
Phishing scams
Phishing is a form of social engineering
Usually in the form of a real email from the bank
A modern method of identity theft that allows thefraudster to assume the identity of the victim
Allows the fraudster to perpetrate a number of frauds
Theft from victims bank account
Fraudulent use of victims credit card
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
38/43
Paul Lower 2010
Online Banking Fraud
Red flags of online bank fraud
Customers complain of unauthorised withdrawals
Firewall logs show sustained illegal access attempts
Increase in warnings from anti virus programs
Multiple online accounts accessed illegally
Unusual patterns of multiple online customer accounts
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
39/43
Paul Lower 2010
Online Banking Fraud
Red flags of Phishing fraud
Unsolicited email requests for personal information
Email links to supposedly secure bank websites
Destination websites have long URL addresses
Emails are not personally addressed to recipient
Data requested is that which bank would have
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
40/43
Paul Lower 2010
Online Banking Fraud
Preventing information breaches
Avoid placing secure login boxes on insecure pages
Use strongest ID and password security
Maintain up to date firewall and anti-virus software
Install all updates and patches for operating software
Prohibit emailing of security-sensitive data
Screen and background check IT personnel
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
41/43
Paul Lower 2010
Online Banking Fraud
Preventing Phishing and online fraud
No foolproof way of staying ahead of cyber criminals
Key preventive measure is customer communication
Repeatedly warn customer of Phishing type scams
Always address customers by name
Use same strong URL for bank website
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
42/43
Paul Lower 2010
Online Banking Fraud
Preventing Phishing and online fraud
No foolproof way of staying ahead of cyber criminals
Key preventive measure is customer communication
Use PINsentry for access to online bank accounts
-
8/9/2019 External Bank Fraud-090510 from Henry Hardoon of hhassociates.co.uk
43/43
Paul Lower 2010
FRAUD DETECTION & CONTROL
ONLINE BANKING FRAUD