Fraud Factor – March 2016

We regularly hear from financial institutions how much they appreciate information we share about the latest banking fraud activities. Towards that end, this post pulls together recent news stories across the spectrum of banking fraud developments.

We also distribute this as a monthly Fraud Factor email. If you’d like to be added to the distribution list, please go to our Contact Us page.

Hackers Prove FBI Breach, While New IRS Security Solution is Itself Breached

Hackers Publish Contact Info of 20,000 FBI Employees

Hackers made good on a threat and published contact information for 20,000 FBI employees, just one day after posting similar data on almost 10,000 DHS employees. The information contained names, titles, phone numbers and email addresses. After the hackers published the DHS data, they tweeted, “Well folks, it looks like @TheJusticeDept has finally realized their computer has been breached after 1 week.”

IRS Using a System That Was Hacked to Protect Victims of a Hack—and It Was Just Hacked

To protect the victims of the IRS data breach from further harm, the agency provided them with “Identity Protection PINs.” The PINs are secret codes those taxpayers now have to put on all of their tax returns, or the IRS won’t accept them. However, if someone loses their PIN, they can retrieve it from the IRS website. And, ironically, that login process is secured by the same technology that hackers broke through in the original data breach.

Credit Unions Get Burnt by Wendy’s Data Breach

Earlier this year, it was reported that Wendy’s, America’s third-largest burger chain, was investigating a possible data breach impacting locations in the Midwest and on the East Coast. Now, it seems that credit unions are experiencing a high level of debit card fraud, as well as major losses, due to the fast food chain’s breach.

ATO Insights, New BEC Variation, and Payday Loans Scam Lead New Attack Headlines

Anatomy Of An Account Takeover Attack

Organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services. What makes ATO attacks so dangerous is that they target accounts that are created by real users and contain valuable information such as financial data. Based on the number of data breaches that took place in 2015, it’s likely that the stolen credentials will be used heavily toward ATO attacks in 2016.

A New Twist on a W2 Tax Scam

There’s a new twist on a tax scam that puts filers’ information at risk: fraudsters pretending to be a company’s CEO. In a variation on the much-discussed Business Email Compromise (BEC) scam (see next article), fraudsters are targeting workers in human resources or accounting, sending email posing as their CEO and asking for the company employees’ W2 forms, which provide everything the fraudster needs to file a fraudulent tax return.

CEO Email Scam Has Cost Companies $2B

The FBI has revised its estimates of the impact of the Business Email Compromise (BEC) scam. It now reports a total of $2B lost worldwide from over 12,000 businesses. (see our BEC Scam Detection Kit for best practices for businesses and FIs to detect this scam.)

Online Payday Loan Vendors Engaged in Money Laundering

This newly-uncovered scheme involves fraudsters posing as payday lenders, promoting their services online. Part of a new client getting approved for the loan is to show “good faith,” which ends up involving laundering money from fraudulent checks deposited using RDC.

Skimmers Hijack ATM Network Cables

NCR is warning about skimming attacks that involve keypad overlays, hidden cameras, and skimming devices plugged into the ATM network cables to intercept customer card data. The company has received reliable reports of NCR and Diebold ATMs being attacked through the use of external skimming devices that hijack the cash machine’s phone or Internet jack.

Malware Back in the News

Banking Trojans Expand Their Reach

Leading banking Trojans are expanding their targets, taking aim at industries outside banking to compromise financial accounts and other information. Some of these malware strains also have shifted their focus from targeting big bank brands to smaller financial institutions. And the botnets are proving difficult for law enforcement officials to take down.

Dridex: Financial Trojan Aggressively Spread in Millions of Spam Emails Daily

The Dridex banking Trojan was built to harvest banking credentials. Symantec has found that recent spam campaigns spreading Dridex malware are operating on a vast scale, with millions of new emails being sent out on a daily basis. The attackers are disciplined and professional. They operate on a standard working week, continually refine the malware, and put significant effort into disguising their spam campaigns as legitimate emails. The result: Dridex is now one of the most dangerous pieces of financial malware in circulation.

Clever Bank Hack Allowed Crooks to Make Unlimited ATM Withdrawals

The recently discovered Metel crimeware package contains more than 30 separate modules that can be tailored to the computer it’s infecting. One of the most powerful components automatically rolls back ATM transactions shortly after they’re made. As a result, people with payment cards from a compromised bank can withdraw nearly unlimited sums of money from ATMs belonging to another bank.

 

Posted in Uncategorized | Leave a comment

How Improved Fraud Prevention Increases Operational Efficiency (part 4 in a 4-part series)

What is the strategic business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the business opportunities created by mitigating fraud risk plus the value of achieving the full potential of new and existing banking services.

There are four categories of value: enhanced compliance, improved competitiveness and growth, reduced fraud risk and losses, and increased operational efficiency. In this 4-part series, we’ll explore each of these topics. (watch our video that introduces all 4.)

Part 4 of 4: Increase Operational Efficiency

With new products and services being made available, FIs need to reconsider their operations and how they can scale processes to support growth and meet clients’ needs. Using behavioral analytics to prevent fraud improves operational efficiency in several ways.

Stop More Attacks – The most obvious time savings is the result of catching more fraud. An iSMG survey found that 59% of institutions found out about fraud from their account holders. Clearly, it’s more efficient, and less of a fire-drill, if the FI detects fraud first.

Avoid Lost Productivity While an Attack is Investigated – When an FI suffers a fraud attack, even if there is not a fraudulent transaction, employees will drop what they’re doing to investigate the attack, including how the fraudster got “in,” what actually took place, if processes need to be reviewed and updated, and who, if anyone, is responsible for not catching the fraud and if roles need to be redefined. If there is a transaction involved, additional time is needed to try to get the money back. Our customers report spending 100-200 hours per fraud incident investigating the attack, communicating with impacted account holders, and reporting to management.

Stop Reviewing Low-risk Activity – Analysts can stop wasting time reviewing low-risk activity and false positives. Behavioral analytics solutions can automatically release low-risk payments, for example. They also have a very low false-positive rate thanks to individual behavioral models instead of generic rules.

Reduce the Time Spent Monitoring Activity Manually – An automated behavior-based solution significantly reduces time-consuming manual reviews of transactions and verifying requests with account holders. In a recent survey of FraudMAP customers, users reported 25%-75% improvement in efficiency of operations.

Detect Fraud Early in the Fraud Lifecycle – A Ponemon study reported that 78% of fraud victims had money leave their accounts before anyone noticed. Instead of waiting for a fraudulent transaction, behavioral analytics solutions detect early-stage fraud activity – such as account takeover, reconnaissance, and fraud setup – when it’s easy to intervene. And it avoids the much higher time commitment required to claw back the money after it’s gone.

Apply Resources to Higher-priority Projects – When current staff spends less time reviewing and investigating low-risk activity, they can focus on high-priority projects and can support growth without having to add headcount.

Increasing operational efficiency is only one contributor to high-level strategic value delivered by FraudMAP. We offer two options for learning about the full return that financial institutions will receive:

A short video (TRT: 4:22) introduces the four strategic business goals supported by improved fraud prevention. Watch it now.

An in-depth write up (PDF, 323KB) includes topics for internal discussion as you build your business case plus detailed proof points based on feedback from our customers. Download it now.

This concludes this 4-part series.

 

Posted in Business benefits | Leave a comment

Fake Online Lenders and A New Check Fraud Scheme

 

Even old forms of payments get new forms of fraud.

It starts with a person signing up to receive a payday loan from an online vendor. Little does that person know, the site is a front for a criminal. The “online payday lender” tells the applicant that, in order to receive their loan, they must demonstrate “good faith”. The person seeking the loan is instructed to enroll in online banking at their financial institution. Typically the person’s bank account does not have much activity, was recently activated, or has an extremely low balance.

To demonstrate their good faith, the customer gives the payday vendor their online banking login information. The payday loan company then enrolls the customer in mobile banking and deposits checks through the customer’s account. The customer is instructed to go to the bank, withdraw the funds and send the money back to the payday loan company through an alternative system, such as Western Union.

By demonstrating this “ability to pay” the customer will then supposedly receive their payday loan. No big surprise but the deposited checks are fraudulent, the money is gone, and the victimized account holder has zero ability to repay as they are waiting to receive their payday loan.

Initially the amount of the checks has been right below either the $500 mark or the $1,000 mark, as those are typically review levels for mobile deposits. In some cases the fraudster was able to deposit two checks in the amount of $2,450 each, and even attempted a third one in the same amount, although the third one was denied because it exceeded the daily limit for mobile deposits.

Some approaches to detecting this scheme:

  • Monitor the IP address used to access online banking for unusual activity. In one case, the FI noted 28 logins in a 24-hour period from 4 different IP addresses
  • Monitor mobile deposits for unusual frequency, amounts, device, speed of registration to deposit usage
  • Review the endorsement used on  the check deposited. In these attacks, the endorsement is usually abnormally correct – there is a full name endorsement (usually including middle names), the endorsement is not a signature but a printed name, there’s a full account number, and it includes the verbiage “for mobile deposit only.”  The typical (legitimate) account holder does not provide such a textbook endorsement.

 

Posted in Criminal Attack Strategies, New Threats | Leave a comment

Criminals Using New FaaS Options in Combination to Scale Effective Scams

Fraud-as-a-Service (FaaS) has been around for years. It started with adapting malware, then deploying DDoS attacks. These were technology-based services.

Now it has evolved to include more interpersonal services, including call center services. Yes, there are call centers advertising their services on the dark web that knowingly help fraudsters steal money.  (See recent Krebs on Security post on call center services.)

One recently discovered example of the latest generation of FaaS features providing call center services to support sweetheart scams.

In this instance, a fraudsters may have read about the success of sweetheart scams and would like to give it a go. But he really doesn’t know how to do it. No worries! There are other fraudsters who are happy to sell him whatever he needs to successfully trick lonely hearts into sending him money or acting as a money mule.

He starts by purchasing a pre-packaged sweetheart scam (Krebs also recently wrote about these sweetheart scam kits). It includes everything he needs:

  • Email templates, including many variations for different stages of the scam, and even includes emails from “mom” pleading with the victim to help, adding legitimacy to the scam.
  • Best practices on how to implement the scam, including suggestions for who are the best targets, information on how to manage the scam, what persona to create, and a decision tree to guide next steps when faced with different responses.
  • Photos of who the fraudster is posing to be and profiles to post on dating sites.
  • Even black lists of who not to include, which may include known law enforcement personnel or security experts who just play along but know it’s a scam.

The fraudster then identifies who to target and starts reaching out with email or creates profiles on dating sites, and once he gets some responses he sticks with emails as long as possible to get victim engaged.

He has decided that he wants to set up his victims as money mules through which he will launder fraudulent checks. There comes a time in the scam where more personal contact is needed to escalate the scam to the next level. He needs to explain to his victim why he needs help with deposits, but also explain that he doesn’t have regular access to phone and will need to rely primarily on email. Often sweetheart scammers pose as deployed military, oil platform workers, or someone in a remote location without reliable phone service.

But the fraudster has presented himself as a woman, and he doesn’t speak English, whereas his victim is American. This is where the call center comes in. He simply completes a form providing all the relevant details – his character’s name, information about the victim including personal details such as a nickname, background on the setup, what he needs the victim to do, etc. He submits this to the call center with payment (in Bitcoin), and they identify the right person to play the role, and make the call, setting the hook and initiating what is often a long series of money mule deposits and withdrawals.

Another version of the sweetheart scam is when the fraudsters creates a crisis and asks the victim for money (e.g. detained at the airport, a visa issue, is stranded – so needs money). Again, a call is most effective, and the FaaS call center is happy to help. Fraudsters also use call centers to pose as account holders and call financial institutions directly to, for example, request a wire transfer or change contact information to bypass dual controls.

The sweetheart scam is proven to be effective, expanded to a larger group of criminals through packaged kits and call center services. The result is victims tricked into laundering money or robbed of their own account balances. With the exception of requirements to report money mules, financial institutions are largely blameless. But there’s an opportunity to avoid time spent trying to unravel fraudulent activity, and rescuing victims from this fate results in a loyal client for life.

By monitoring account holder behavior, FIs can detect sudden increases in the volume of deposits, the size of deposits, and the short window between deposits and withdrawals, all of which suggest possible money mule activity. If payments include wires, FIs might detect unusual use of the wire payment service or new beneficiaries in unusual locations. Whatever the scheme, to the extent it includes money flowing into and out of a client’s account, the FI has the opportunity to detect the scam and deny the fraudsters of another payday.

 

Posted in Uncategorized | Leave a comment

Recognizing the Full Cost of Fraud and How Improved Fraud Prevention Lowers These Costs While Reducing Fraud Risk (part 3 in a 4-part series)

What is the strategic business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the business opportunities created by mitigating fraud risk plus the value of achieving the full potential of new and existing banking services.

There are four categories of value: improved competitiveness and growth, reduced fraud risk and losses, increased operational efficiency, and enhanced compliance. In this 4-part series, we’ll explore each of these topics. (Watch our video that introduces all 4.)

Part 3 of 4: Decrease Fraud Risk and Losses

The total cost of a fraud attempts and the complete set of risks facing an institution in the aftermath of a fraud attack go far beyond the fraud loss itself. Implementing a behavioral analytics solution for preventing fraud lowers costs in the following ways:

Nominal Fraud Loss – Calculating the full cost of a fraud attack starts with how much money was fraudulently transferred. Estimating this starts with tallying historical fraud losses. A more accurate estimate would include looking at how many accounts have already been compromised but haven’t suffered a loss (yet), what losses in offline channels – branches, call center, offline wire requests, etc. – originated with online account compromise, and estimating how losses will increase as you add features and clients increase use of online and mobile banking channels.

Lost Productivity / Investigation – When an FI suffers a fraud attack, even if there is not a fraudulent transaction, employees will drop what they’re doing to investigate the attack, including how the fraudster got “in,” what actually took place, if processes need to be reviewed and updated, and who, if anyone, is responsible for not catching the fraud and if roles need to be redefined. If there is a transaction involved, additional time is needed to try to get the money back. Our customers report spending 100-200 hours per fraud incident investigating the attack, communicating with impacted account holders, and reporting to management.

Remediation – As per Reg E, financial institutions must reimburse consumers who have funds stolen through fraudulent activity. While the same doesn’t hold true for commercial account holders, many FIs choose to reimburse all or part of fraud losses in the interest of client loyalty or to avoid legal repercussions.

Legal Costs – Even if a financial institution is not at fault, a victimized business might still choose to take legal action. In the worst case scenario (for the FI), they will be told to reimburse losses and pay damages, but even if the court doesn’t hold the FI accountable there is significant time and legal costs resulting from defending themselves in court.

Client Churn and Reputation Damage – When an FI is attacked by fraudsters, and even if there are no losses, customers loose trust and move their accounts. 30% of FIs suffer damage to their reputation following a fraud attack.* In addition, 20% of customers take their business elsewhere when fraud is reported by the customer (which is the case 59% of the time) vs. only 2.5% when fraud is discovered by the financial institution.* Consider the cost of a lost client – financial cost as well as the impact of having an unhappy client in the community – and the cost to acquire a new client.

Decreasing fraud risk and losses is only one contributor to high-level strategic value delivered by FraudMAP. We offer two options for learning about the full return that financial institutions will receive:

A short video (TRT: 4:22) introduces the four strategic business goals supported by improved fraud prevention. Watch it now.

An in-depth write up (PDF, 323KB) includes topics for internal discussion as you build your business case plus detailed proof points based on feedback from our customers. Download it now.

Watch for part 4 of this series next month.

* Source: 2015 iSMG Faces of Fraud Survey

 

Posted in Uncategorized | Leave a comment

It’s Time Again for Fraudulent Tax Refunds

It’s tax season again – especially for fraudsters who want to get a jump on submitting fraudulent tax returns. They submit them early before the legitimate tax payers do and they result in FIs receiving fraudulent funds in the form of an in-bound ACH payment. And despite increased efforts by the IRS to thwart them (see recent Krebs on Security article), this is just too lucrative of a scam for the fraudsters to go down easily and they have repeatedly demonstrated their creativity and perseverance in figuring out how to bypass security measures. Plus there’s last year’s hack of the IRS’ own system.

The IRS continues to rank identity theft tax refund fraud as one of it’s top challenges – it is #3 on their 2015 “Dirty Dozen” list of tax scams. And while it’s the IRS that takes the loss, RDFIs are required to report any suspicious credit activity and notify the government of any misdirected tax funds and return the credit entry to the IRS.

We’re reprinting our fraud update on how fraudsters executed this scam previously (originally released at this time last year). And while they will likely evolve their strategy in light of new security measures, this hopefully provides a reminder to financial institutions of this threat. This summary provides a description of the scam, and offers recommendations for how to detect fraudulent tax refunds. Or you can download the PDF version: Fraud Update: Identity Theft Tax Fraud (PDF, 100kb).

Impact on Financial Institutions

Under Title 31 Code of Federal Regulations, Part 210, RDFIs are required to notify the government of any misdirected tax funds and return the credit entry to the IRS. In addition, the Bank Secrecy Act (BSA) requires financial institutions to detect and report any suspicious credit activity.

So, while financial institutions are not in the direct line of fire for financial loss, they have compliance requirements to watch for and report transactions that would result from fraudulent tax refunds.

Description of the Scheme – Here’s how the scheme has typically worked:

  1. The criminal obtains personally identifiable information (PII) on a taxpayer, such as their name, address, contact information, and Social Security Number, all of which has been exposed in the seemingly endless data breaches.
  2. The criminal uses obtained PII to file a fraudulent tax return and claim a refund. Often he uses the same return and supporting documentation to file many fraudulent returns at the same time, simply changing personal details about the taxpayer.
  3. As part of the filing, the criminal requests that the money be deposited directly into a bank account under his control or he has the funds loaded onto a prepaid debit card. The scheme does not require that the refund is deposited into the taxpayer’s own account, so the criminal does not need to have compromised an existing account, he only needs to create a new one.
  4. The criminal withdraws the funds as soon as the tax refund has been credited to his account.

How to Detect Fraudulent Tax Refunds

This scheme will result in multiple suspicious credits to deposit accounts or to debit cards ­– in some cases hundreds of deposits to the same account – as criminals file many fraudulent returns at once. Suspicious characteristics could include large refunds to new accounts, identical deposit amounts to multiple accounts, or multiple deposits from the U.S. Treasury to the same account.

Also, many times the name on the tax return, i.e. the name under which the refund is issued, does not match the name on the deposit account or the debit card.

Guardian Analytics FraudMAP monitors ACH receiving files to detect unusual or suspicious patterns between originators and recipients, high-velocity deposits to the same account, or mismatches between the name in the ACH credit and the name on the account. FraudMAP detects unusual behavior by comparing activity not only to the account holder’s own historic behavior, but also to the behavior of the population as a whole, and to known fraudulent activity. It can detect suspicious credits without time consuming manual reviews and without writing and maintaining rules that result in a high volume of false positives.

Is this the year you’re going to step up to detecting these fraudulent deposits? We can help.

 

Leave a comment

How Enhanced Fraud Prevention Improves Competitiveness and Growth (part 2 in a 4-part series)

What is the strategic business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the business opportunities created by mitigating fraud risk plus the value of achieving the full potential of new and existing banking services.

There are four categories of value: enhanced compliance, improved competitiveness and growth, reduced fraud risk and losses, and increased operational efficiency. In this 4-part series, we’ll explore each of these topics. (Watch our video that introduces all 4.)

Part 2 of 4: Improved Competitiveness and Growth

Mitigating fraud risk enables FIs to innovate in order to grow market share, increase profitability, attract new customers and retain existing ones.

Expand Products and Service Levels – Consider the products and services you have held off on deploying due to concerns over increasing risk. What are the competitive opportunities associated with those new products?

Improve Competitiveness – Investing in improved fraud prevention mitigates the new risks associated with expanded offerings so an FI will not only avoid falling behind its competitors but can leap ahead with the products and services levels prospective account holders are looking for, attracting new clients and decreasing churn.

Here’s how it impacted one of our customers: “We’ve definitely held back on offering new features based on the associated risk. With FraudMAP in place, we have greater confidence in rolling out Pop Money and External Transfers.”

Increase Revenue – The FIs we talk to often comment about how they’re holding back on expanded mobile banking services due to risk, leaving money on the table. Expanding banking channels and offering a full complement of revenue-generating services both online and through mobile devices is made possible by mitigating associated fraud risk.

Improve Customer Service – The more you know about your clients, the better you will be able to provide them with excellent service. Behavioral analytics implemented to mitigate fraud risk also provides visibility into activities that help you to streamline service and anticipate needs. For example, seeing the activity that took place immediately prior to a call will provide customer service agents with context and help them understand the purpose of the call, and quickly address the client’s request.

Build Client Trust and Loyalty – Account holders want their FI to take responsibility for the security of their assets. In our own survey of business banking clients, 75% reported that it is their institution’s responsibility to secure their accounts. When one of our customers gets an alert about one of their account holders and proactively reaches out to the client to investigate the alert, the account holder typically is ecstatic that their FI is proactively monitoring their account and looking out for them. One response we received is typical: “I didn’t even know you were doing this. Thank you for investing in my security!”

Improving competitiveness and growth is only one contributor to high-level strategic value delivered by FraudMAP. We offer two options for learning about the full return that financial institutions will receive:

A short video (TRT: 4:22) Introduces the four strategic business goals supported by improved fraud prevention. Watch it now.

An in-depth write-up (PDF, 323KB) includes topics for internal discussion as you build your business case plus detailed proof points based on feedback from our customers. Download it now.

Watch for part 3 of this series next month.

 

Posted in Uncategorized | Leave a comment

Fraud Factor – January 2016

We regularly hear from financial institutions how much they appreciate information we share about the latest banking fraud activities. Towards that end, this post pulls together recent news stories across the spectrum of banking fraud developments.

We also distribute this as a monthly Fraud Factor email. If you’d like to be added to the distribution list, please go to our Contact Us page.

Time Again for Annual Predictions – A Look Ahead to 2016

How Online Fraud Will Evolve in 2016

In 2016 consumer-facing web and mobile apps are up against a much more sophisticated and prolific enemy as bad actors continue to evade traditional security defenses, leverage the latest mobile hacker tools to impersonate legitimate users and take control of consumer accounts en masse. Predictions for 2016 feature social media, ATO, and cloud-based attacks.

Attacks on Android and Large-scale Infections Are Among the Main Security Threats in 2016

The creation and spreading of new malware samples will continue growing at an exponential rate, just as was seen in 2015 where the number of new samples registered daily reached 230,000. Fraudsters will continue to use Exploit Kits as many current solutions aren’t capable of combatting this type of attack, which means its rate of infection is very high. For the same reason, malware on mobiles will also increase, especially for Android. Cybercriminals will look to take advantage of payment platforms on mobile devices as they could be easy ways for criminals to steal money directly.

Thar She Blows: Whaling Attacks (aka BEC) Likely to Rise in 2016

A recent study of IT execs found that fifty-five percent of the organizations surveyed showed an increase in whaling attacks in only the last three months (see our Business Email Compromise Scam write-up). The overwhelming majority of attacks come in the guise of the CEO (72 percent) or the CFO. The report notes, “the barriers to entry for this type of cybercrime are painfully low.”

Video Shows Business Value Delivered by Stopping Fraud

Considering the predictions above, your 2016 plans might include improving fraud detection. If so, we invite you to watch our new video that describes the higher-level strategic benefits to be realized from investing in preventing fraud.

Mobile Treats Cracks the Top 10 While Android Remains Prime Target

Mobile Banking Trojans: A Top-10 Threat for the First Time

In 2015, for the first time ever, mobile financial threats ranked among the top ten malicious programs designed to steal money. That finding, from Kaspersky Lab’s year-end summary, is perhaps somewhat expected given the ubiquity of mobile devices. Two families of mobile banking Trojans, Faketoken and Marcher, cracked the list.

Updated Mobile Malware Targets Android

The latest strain of dangerous Android malware called SlemBunk targets mobile banking application users by trying to trick users into sharing credentials. The app uses a fake screen to harvest authentication credentials when specified banking apps are launched.

New Attacks Defeat EMV Cards, Target PCs, and Feature New Exploit Kits

Hackers Can Disable EMV Transactions to Force a Swipe

Hackers have figured out how to get around chip card transactions at the point of sale. The video included in this article shows a device that can force a POS to accept a magstripe transaction in lieu of dipping.

Dell, Toshiba, and Lenovo PCs At Risk of Security Flaws

A trifecta of vulnerabilities has been found in software preinstalled on a number of Dell, Toshiba, and Lenovo consumer and enterprise PCs and tablets, affecting millions of users. The flaws could allow an attacker to run malware at the system level, regardless of what kind of user is logged in.

Neutrino, RIG Exploit Kits Kick Off 2016 with Shiny New Attacks and Payloads

The holidays are over and the world has gone back to work—and so have the cyber-criminals. Two exploit kit campaigns have been spotted in the wild sporting new tactics and significant improvements. Neutrino’s latest mutations include serving Kovter and Cryptolocker2, while the RIG exploit kit is now poisoning Google search results with malicious links.

Latentbot: A Ghost in the Internet

Threat actors have been using malware called Latentbot since mid-2013, and its multiple layers of obfuscation make it almost invisible. The malware is capable of taking complete control of systems, stealing data and surreptitiously watching its victims.

Breaches Continue to Expose Millions of Data Records

Database Configuration Issues Expose 191 Million Voter Records

A misconfigured database has led to the disclosure of 191 million voter records, believed to be data on every registered voter in the US. The database is just sitting in the public – waiting to be discovered by anyone who happens to be looking. Data includes a voter’s full name (first, middle, last), home address, mailing address, gender, date of birth, date of registration, phone number, and political affiliation.

13 Million Customers of a Mac App Exposed to Potential Data Breach

Records for more than 13 million MacKeeper users have been exposed by a security researcher without any difficulty, and without him even looking specifically for this information. The exposed data included usernames, passwords and other information.

Landry’s Restaurant Chain Suffers Data Breach

The Houston company acknowledged reports of unauthorized charges on cards used legitimately at some of its more than 500 properties. Magnetic stripe data from payment cards was exposed, including names, card numbers, expiration dates and verification codes. The company commented that it could take “weeks or even months” to determine the scope of a data breach.

 

Leave a comment

How Improved Fraud Prevention Enhances FFIEC and BSA/AML Compliance

What is the business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the strategic business opportunities plus the value of achieving the full potential of new and existing banking services.

There are four categories of value created by mitigating fraud risk: enhanced compliance, improved competitiveness and growth, reduced fraud risk and losses, and increased operational efficiency. In this 4-part series, we’ll explore each of these topics. (watch our video that introduces all 4.)

Part 1 of 4: Enhanced Compliance

There are two aspects of compliance that are supported by improved fraud prevention: conforming to the FFIEC’s expectation that FIs use anomaly detection, and complying with BSA/AML requirements.

FFIEC Guidance

The FFIEC’s 2011 Supplement explicitly sets the expectation that institutions have a layered security strategy that, at a minimum, contains the ability to “detect anomalies and effectively respond to suspicious or anomalous activity” and “improve control of administrative functions.”

It further defines the first expectation as processes designed to detect and effectively respond to suspicious or anomalous activity related to initial log-in and the initiation of electronic transactions involving the transfer of funds to other parties.

So support coming out so strongly in favor of anomaly detection, the Guidance goes on to state that, “Based upon the incidents the Agencies have reviewed, manual or automated transaction monitoring or anomaly detection and response could have prevented many of the frauds since the ACH/wire transfers being originated by the fraudsters were anomalous when compared with the customer’s established patterns of behavior.”

Guardian Analytics was founded on the idea that the best way to prevent banking fraud is to look for anomalous activity when compared to normal patterns of individual behavior. Rather than looking for specific malware, fraud indicators or fraud patterns, all of which are changing rapidly, behavioral analytics determines if exhibited behavior is expected and legitimate, or suspicious. Somewhere between login and logout a criminal will do something unexpected or abnormal, at which point FraudMAP will issue an alert and the institution can intervene before the money is gone.

Our solution also addresses the second FFIEC expectation, detecting when administrative roles are being tampered with, such as creating new users, changing passwords, or revising payment authorization roles or limits.

Our customers report that the fraud prevention portion of their audits go very smoothly when the examiner learns that they have FraudMAP in place. One of our customers offered, “FraudMAP is paramount in providing required security measures and fulfilling compliance requirements.”

BSA/AML

BSA/AML legislation includes requirements to monitor for and report suspicious payments. This includes outgoing payments, but also in-bound payments, such as ACH receiving files. A specific example that likely is just around the corner is fraudulent tax refunds that show up as in-bound credits. Financial institutions are required to be on the lookout for and report these and any other suspicious payments. (see our write-up of Fraudulent Tax Refunds.)

FraudMAP models payment activity to detect unusual or unexpected credits and debits in both origination and receiving files. We model the behavior of both the originator and the receiver, plus the historical relationship between the two, such as if an account holder has only received ACH payments from local originators, and then one shows up from across the country or overseas.

Enhancing compliance is only one contributor to high-level strategic value delivered by FraudMAP. We offer two options for learning about the full return that financial institutions will receive:

A short video (TRT: 4:22) Introduces the four strategic business goals supported by improved fraud prevention. Watch it now.

An in-depth write up (PDF, 323KB) that includes topics for internal discussion as you build your business case plus detailed proof points based on feedback from our customers. Download it now.

Watch for part 2 of this series next month: Improving Competitiveness and Growth.

 

1 Comment