Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Transcription

1 Fraud Update: Why Fraudsters Love Wires and How to Stop Them Luis Rojas, Director, Product Management WesPay 2014

2 Competitive Pressures Drive Fraud and Operational Risk

3 Availability Of Information Creates Demise in Trust Malware Social Engineering Phishing Breaches Spear Phishing Icon Control accounts Usernames/passwords Bank account information Spoof devices, location Personal information Compromise

4 Availability Of Information Creates Demise in Trust Malware Social Engineering Phishing Breaches Spear Phishing Icon Control accounts Usernames/passwords Bank account information Spoof devices, location Personal information Compromise

5 Availability Of Information Creates Demise in Trust Your Customers Malware Corporation Social Engineering Phishing Breaches Spear Phishing Icon Control accounts Usernames/passwords Bank account information Spoof devices, location Personal information SMB Consumer Wire Room IT Compromise HR Your Employees

6 The Challenge With Wire Fraud Methods of Compromise Malware Social Engineering Phishing Vishing Smishing Spear Phishing Icon Points of Compromise Mobile Call Center Customers Methods of Wire Initiation Branch Call Center Fax Bank Wire System Multiple points of compromise Multiple channels for initiation Criminals use creative combinations Combinations difficult to predict and detect Compromise Bank Employee Bank Employee

7 Criminal Wire Activity Is Widespread and Successful Wire is still the favorite channel for criminals 76% of fraud attempts were wire based 14 out of 100 businesses have experienced wire fraud Increasing trend of criminals attacking bank wire systems

8 Wire Fraud Losses Are Significant Case Loss PATCO vs. Ocean Bank $580,000 Experia Metal, Inc. vs. Comerica Bank Village View Escrow, Inc. vs. Professional Business Bank Hillary Machinery vs. Plains Capital Bank Texas Bankcorp South vs. Choice Escrow and Land Title $561,399 $393,000 $229,000 $440,000 Large losses for banks plus reputation loss and high legal fees Fraud attacks happen at banks of all sizes Average wire fraud attempt $116K One incident would pay for fraud prevention solution

9 WIRE FRAUD SCENARIOS

10 Schemes We ll Cover Today Methods of Compromise Points of Compromise Methods of Wire Initiation Malware Social Engineering Phishing Vishing Smishing Spear Phishing Icon Compromise Mobile Call Center Customers Bank Employee Branch Call Center Fax Bank Employee Bank Wire System 1. Funeral scheme 2. Fake invoice scheme 3. Masquerading business social engineering 4. Bank employee scheme 5. call center combo 6. Live chat 7. template modifications

11 #1 Trickery/Funeral Scheme 1) Compromise victim s account 4) Funds transferred to criminal Wire Transfer 2) Monitor victim s account for financial relationships (bank, financial advisors, etc) 3) financial advisor requesting wire transfer citing funeral, large purchase, etc.

12 #2 Vendor/Business Compromise Fake Invoice Compromise Wire Transfer

13 #3 Masquerade Trick 1 Business Spoofing Target: Controller Becky Criminal creates fake domain, but very close to actual domain Fake sent looks CEO John to CFO Sally Criminal forwards fake from Sally to Becky to trick Becky into thinking it is a legitimate request

14 #3 Masquerade Trick 2 Business Account Takeover 1. Through phishing, social engineering, gain access to mail credentials 2. Take over at a small business (rather than spoofing) 3. Send from CEO/CFO to controller 4. Express urgency to get the transfer initiated

15 #4 Bank Operations Employee As The Target Compromise bank employee rather than account holder Direct access to wire system Scale to multiple accounts at once Criminal Social engineering Malware Bank Employee Wire system Customers $ $ $ Criminal Account

16 # 5 Social Engineering Call Center Agents 79% of banking executives report account takeover and social engineering represent the majority of their contact center fraud. 1) Call Center to social engineer call center to reset online credentials Wire $ 2) to Call Center compromise online banking, then social engineer call center agent to initiate transaction Wire $

17 #6 to Live Chat Agent Scheme Human fraudster successfully authenticates using user credentials Banking 1. Explores all accounts 2. Consolidates funds to checking account 3. Initiates chat session from online banking 1. Ask for general help 2. Then ask for help with wire transfer

18 #7 Using Victim As Key Actor in The Process Victim Fraudster Criminal compromised account Edit Wire Templates Criminal modifies template does not attempt transaction Legitimate user sends out wire to mule using modified template

19 Sweetheart Scam 2) Gains access to online banking Victim s existing or new account Used to set up mobile banking Check balance and transfer $ $ Mobile banking Check Account takeover victim 1) Lures victim through dating or social media site Sweetheart victim banking Victim bank 3)Funds the sweetheart victim s account Mobile RDC (stolen, counterfeit check) Check overnighted to the bank Transfer from another victim s account $ $ Third party money transfer $ 4) Victim sends money to the criminal banking transfer Wire Take cash to third party money transfer Send debit card

20 Bypassing Common Controls Dual Controls Take over one account to initiate transfer Use administrative privileges of first account to create a new account Modify entitlements Change submit and approval limits Bypass alerts Change address (altogether or just slightly) Disabling alerts Delete alerts from compromised accounts OOB Reroute/forward phone number Malware on mobile phones to re route text messages Proactively call in and pretend to be the user checking on their payment Launch TDoS attack against victim Tokens Criminals use malware to grab token codes

21 Lessons Learned Fraud doesn t always look like fraud, detection difficult To the you To your customers You can t educate your way out of the problem It doesn t hurt, but it s not the answer Criminals can get past many controls They will defeat what they can study

22 FRAUD PREVENTION CONSIDERATIONS

23 Need For Enhanced ACH Risk Management Drive for faster processing Volume of wire payments rising Wire Fraud Risk Ongoing Average ACH fraud attempt $116 Wire fraud attempts increasing Lawsuits continuing Regulatory Pressures Growing FFIEC expects anomaly detection Recent reports of regulators giving short timeframes for ACH monitoring Operational Pressure Increasing Need for New ACH Risk Management Strategy More transactions at risk Fraud harder to detect Less time to find fraud Manual protections or rulesbased approaches costly and miss fraud Limits address part of the problem Can t place the burden on customers Competitive Pressures Wire services critical to competitiveness Customers want frictionless experience Customers expect protections Customers want speed

24 A New Approach Behavioral Analytics Originator Name Account ID Code Originator FI Sender FI Instructing FI OBI Transaction Direction Amount Transfer Type Business Code Type/Subtype Beneficiary Name Account ID Code Receiver FI Beneficiary FI Intermediate FI Frequency Wire Transaction Data Each user has a unique behavioral fingerprint User behavior changes with malicious activity Behavioral changes are unavoidable and detectable Need user centric behavioral analytic tools to automatically detect anomalous activity and account abuse

25 How Wire Behavioral Analytics Works Originator Name Account ID Code Originator FI Sender FI Instructing FI OBI Transaction Direction Amount Transfer Type Business Code Type/Subtype Data Fields and Text Wire Behavioral Analytics Originator Model Individual Beneficiary Model Population level Models Are the customer s wire actions normal? (timing, velocity, type, accounts, direction) Are the transactions typical? (type, amount, originator/ beneficiary history) Beneficiary Name Account ID Code Receiver FI Beneficiary FI Intermediate FI Frequency Fraud/Threat Models Are the transactions being made to a risky or safe beneficiary? (beneficiary history, suspected mule)

26 Integrating Automation Into Your Wire Workflow Customers Wire Transfer Methods Fax Call Center Wire Behavioral Analytics FRAUDMAP Wire RISKAPPLICATION Fraud Analyst Branch FRAUDMAP Wire RISKENGINE Review High Risk Alerts Criminals Automated Wire Request Auto Release/ Hold Manual Release / Cancel Wire Management System/Queue Send To Fed

27 Typical Wire Processes Expensive and Ineffective Growing volumes to review driving higher staff costs and overtime Time & Costs Increasing Cutoff window Manually hunt for similar accounts, payees, amounts Manually look for suspicious online activity Manually hunt through old wires to identify previous payments, payees Look at each wire individually Low Fraud Detection Missed fraud Manual processes cant sort through all transactions False positives defocus reviews on wrong batch entries Reviews prone to human error Focus on larger dollar amounts that may not be fraud Miss smaller dollar amounts that are fraud Extra pressure and mistakes around cut off times

28 Wire Behavioral Analytics Changes The Dynamics Typical Processes Wire Behavioral Analytics High Time & Costs Low Fraud Detection Lower Time and Costs Focus few high risk alerts Instant context Visibility to all batch and transaction details One click comparison to prior batches and transactions Enhance Fraud Detection Behavioral Analytics

29 Why Banks/CUs Invest in FraudMAP Support competitive objectives and business imperatives Reduce fraud losses and fraud risk Increase operational efficiency and scale processes Enhance compliance Gain confidence to Speed processing time Increase wire limits Offer international services Key sale message position best protections Increase customer service Reduce callbacks Identify high risk wires Stop wires before they leave the bank Focus on the critical few Reduce cutoff crunch pressure Reducing manual efforts and time Move free staff time to other projects Increase processing speed Meet FFIEC expectations for anomaly detection Demonstrate resilient solution for managing wire risks Know your customers

30 Summary Wire fraud growing and evolving New solutions needed to address the problem Better solutions can increase fraud detection effectiveness and reduce costs Better controls allow for more competitive services and service levels

31 Q & A

32 Thank You For Attending! We will send a copy of the slides and the recording Sign up for our Fraud Factor and Fraud Informers at info@guardiananalytics.com If you are interested in learning more about behavioral analytics to protect customer or employee access or payments, contact us at info@guardiananalytics.com

33 Thank You!