1 / 36

Mitigating Payment Fraud

Mitigating Payment Fraud. North Carolina Local Government Investment Association. July 23, 2014. A perspective on recent fraud experience and best practice approaches for reducing the risk of payment fraud. Avoiding the Headlines ….

cyma
Download Presentation

Mitigating Payment Fraud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mitigating Payment Fraud North Carolina Local Government Investment Association July 23, 2014 A perspective on recent fraud experience and best practice approaches for reducing the risk of payment fraud

  2. Avoiding the Headlines … Source: Fraud Advisory for Business: Corporate Account Takeover

  3. Where Are We Now? A look at current state metrics

  4. Are Things Improving?% of Organizations with Attempted/Actual Payment Fraud 2014 AFP Payments Fraud and Control Survey

  5. Continuing Increase in the Number of AttemptsBecoming More Concentrated? Net Increase in Attempts • 2013 • 27% of organizations reported an increase in attempted fraud • 16%reported a decrease • 57% reported similar activity +13% +10% +8% +11% +11% 2009 2010 2011 2012 2013 2014 AFP Payments Fraud and Control Survey

  6. Continued Prevalence of Check-based FraudAren’t Check Volumes Declining? Total Checks Written1 2003 37.3B 2012 18.3B 12013 Federal Reserve Payment Survey 22014 AFP Payments Fraud and Control Survey (actual and attempted)

  7. Increasing ImpactAverage Fraud Losses Continue to Grow 2013 $23,100 2012 $20,300 2011 $19,200 2010 $18,400 2009 $17,100 2014 AFP Payments Fraud and Control Survey

  8. Fraud Impact by Payment TypePayment Method Responsible for Largest Dollar Loss ACH Credit 1% 2014 AFP Payments Fraud and Control Survey

  9. Fraud Impact by Payment TypeAverage Value of Unauthorized Transaction ($) 2013 Federal Reserve Payment Survey

  10. Source of Fraud Who and Why?

  11. Sources of Attempted Payment FraudWho is initiating? A difference of opinion?2 “72% of those surveyed have been hit by a fraud involving at least one insider in a lead role” within … 32% involved a senior or middle manager 12014 AFP Payments Fraud and Control Survey 22013/14 Kroll Global Fraud Report

  12. Check-based Fraud LossesOrganizations Suffering Loss from Fraud Attempt Identified Reasons For Loss Processed by Check Cashing Agency (38%) Lack of Timely Recon or Positive Pay Review (28%) Internal Fraud (21%) Lack of Positive Pay Utilization (17%) Lack of Timely Check Return (10%) Lack of Post No Check Services on EFT Acct (10%) 2014 AFP Payments Fraud and Control Survey

  13. ACH Fraud LossesOrganizations Suffering Loss from Fraud Attempt Identified Reasons For Loss Lack of Debit Block or Filter (50%) Lack of Timely Reconciliation (38%) Lack of Timely Return (38%) Lack of ACH Positive Pay Utilization (38%) Internal Fraud (13%) 2014 AFP Payments Fraud and Control Survey

  14. Card Fraud LossesOrganizations Suffering Loss from Fraud Attempt 2014 AFP Payments Fraud and Control Survey

  15. Card Fraud LossesPurchasing and Travel Cards 12012 RPMG Purchasing Card Benchmark Survey 22013 RPMG Corporate Travel Card Benchmark Survey

  16. Internal Processes Best Practice Activities for Creating a Strong Control Environment

  17. Organizational (Internal) FraudPrimary Fraudulent Disbursement Activities Association of Certified Fraud Examiners (ACFE): 2012 Global Fraud Study-Report to the Nations on Occupational Fraud & Abuse

  18. Internal Control Foundation E < 5 2 6 A/P Masterfile Control Sourcing and Invoice Processing Segregation of Duties Confirmation of Beneficiary Changes Approval and Execution Timely Reconciliation

  19. External Support Services and Solutions to Mitigate Payment Fraud Risk

  20. Primary Methods of Check Fraud% of Organizations that Suffered Attempted Check Fraud Positive Pay Positive Pay Positive Pay Payee Positive Pay 2014 AFP Payments Fraud and Control Survey

  21. Primary Procedures to Guard Against Check Fraud 12014 AFP Payments Fraud and Control Survey

  22. Primary Procedures to Guard Against ACH Fraud Reconcile Accounts Daily, Identify and Return Unauthorized Debits (78%) Block ACH Debits Except on a Single Account With ACH Debit Filter/ACH Positive Pay (64%) Block ACH Debits on All Accounts (31%) Consumer Debit Block and Commercial Debit Filter (24%) Separate Account for all 3rd Party Debits (18%) 12014 AFP Payments Fraud and Control Survey

  23. Powerful Bank Services to Mitigate Payment Fraud < : O O Positive Pay ACH Positive Pay ACH Debit Block Post No Checks

  24. Are Physical Check Security Features Still Needed? Copy Void Pantograph Image Survivable Barcode Thermochromatic Ink Warning Bands Dual Image Numbering Secure Name Font Chemical Reactive Paper Fourdrinier Watermark F Abignale Fraud Bulletin – Vol 12

  25. Online Banking Best Practice Activities for Securing Information and Controlling Payment Execution

  26. Account Take-overDissecting an Attack u v w x y : Target Victims Install Malware Operator Logon Capture Login Data Initiate Funds Transfer Fraud Advisory for Businesses: Corporate Account Take Over - United States Secret Service, FBI, IC3, and FS-ISAC.

  27. How Would You React to This Email? Dear Valued Customer: We noted that your account transferred $10,000 to Nigerian financial institution on June 15, 2014. Given the suspicious nature of this transaction, we have frozen all transaction activity on your account. Please access the link below to verify your credentials, review this transaction and restore your account to an active state: http://pncbankUSA.com/suspendedaccount/secureverification Once you have completed this, PNC’s Fraud team will work to promptly restore these funds. Thank you for doing business with PNC! PNC Bank USA Pittsburgh, PA Member FDIC 2014

  28. Gone Phishin … Phishing- attempt to acquire information such as user name, passwords, and other financial details by masquerading as a trustworthy entity … in electronic form Spear Phishing Waterholing Whaling Clone Phishing Social Engineering

  29. Account TransferPay Close Attention to Wire Transfer Activity Per 1000 Commercial Customers have experienced an account take-over Of fraudulent transfers involved Wires 2.11 82% Of all account take-overs resulted in funds being transferred 9% Fraud Advisory for Businesses: Corporate Account Take Over - United States Secret Service, FBI, IC3, and FS-ISAC.

  30. Controlling the Risk of Cyber Fraud E $ < : + Education and Awareness Insulate Workstation Separate Approval Station Malware and Virus Protection FFIEC Authentication Mobile Threat Vectors

  31. Card Usage Best Practice Activities for Managing Commercial Card Programs

  32. What are Other Organizations Doing?Primary Controls Utilized 2012 RPMG Purchasing Card Benchmark Survey

  33. Controlling Commercial Card Activity . L : O P Point of Sale Controls Online Submission and Approval Receipt/Proof of Purchase Card Security Audit and Inspection Other

  34. Who has Borne Card Losses?Parties that Suffered Loss on Commercial/Corporate Card Fraud Sponsoring Organization (31%) Issuing Bank (44%) Merchant (14%) 2014 AFP Payments Fraud and Control Survey

  35. Expected Improvement from Migration to EMV Standard • EMV(Europay, Mastercard, Visa) – global standard for integrated chip-based card design • Unlike other countries, the US continues to be dominated by magnetic stripe POS terminals • Estimated cost of upgrades > $12B • Merchant Processing • When mag-stripe cards are swiped at POS terminal, data, such as primary account number and expiration date, are transmitted to the card issuer • The data—known as static data—remains the same for each transaction • EMV relies on dynamic authentication - use of changing variables unique to each individual card transaction • PIN vs. Signature authentication • Liability Shift • Effective October, 2015 liability will shift for domestic and cross-border counterfeit card-present POS transactions • Fuel selling merchants have until 2017 • Shift from issuing bank to accepting merchant • Will not immediately extend to web and phone-based purchases • Expected to positively impact POS card fraud No Reduction 8% 12014 AFP Payments Fraud and Control Survey

  36. Disclaimer This presentation was prepared for general information purposes only and is not intended as legal, tax or accounting advice or as a recommendation to engage in any specific transaction, including with respect to any securities of PNC, and does not purport to be comprehensive. Under no circumstances should any information contained in this presentation be used or considered as an offer or commitment, or a solicitation of an offer or commitment, to participate in any particular transaction or strategy. Any reliance upon the presentation is solely and exclusively at your own risk. Please consult your own counsel, accountant or other professional advisor regarding your specific situation. Any opinions expressed in this presentation are subject to change without notice.

More Related