Texas Department of Banking United States Secret Service January 25, 2012

Similar documents
Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

ASSESSMENT LAYERED SECURITY

FDIC InTREx What Documentation Are You Expected to Have?

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Credit Card Data Compromise: Incident Response Plan

Cybersecurity and Data Protection Developments

Department of Homeland Security Updates

Identity Theft Policies and Procedures

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Regulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013

Information Security Incident Response Plan

NYDFS Cybersecurity Regulations

Information Security Incident Response Plan

Emerging Issues: Cybersecurity. Directors College 2015

DATA BREACH NUTS AND BOLTS

FFIEC CONSUMER GUIDANCE

The Cyber War on Small Business

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

FFIEC CONSUMER GUIDANCE

Standard CIP Cyber Security Critical Cyber Asset Identification

External Supplier Control Obligations. Cyber Security

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Standard CIP Cyber Security Critical Cyber Asset Identification

NOT-FOR- PROFIT SERVICES GROUP Client Information Bulletin

(U) Cyber Threats to the Homeland

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Cybersecurity The Evolving Landscape

Cybersecurity: Incident Response Short

ELECTRONIC BANKING & ONLINE AUTHENTICATION

COUNTERING IMPROVISED EXPLOSIVE DEVICES

CLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Cybersecurity and the Board of Directors

Regulation P & GLBA Training

Donor Credit Card Security Policy

Cyber Security Strategy

Red Flags Program. Purpose

Employee Security Awareness Training Program

SECURITY & PRIVACY DOCUMENTATION

IDENTITY THEFT PREVENTION Policy Statement

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Federal Reserve Bank of Dallas

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Checklist: Credit Union Information Security and Privacy Policies

Effective Cyber Incident Response in Insurance Companies

Red Flag Policy and Identity Theft Prevention Program

Cyber Security and Cyber Fraud

University of North Texas System Administration Identity Theft Prevention Program

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Identity Theft Prevention Policy

Business Continuity Policy

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

PTLGateway Data Breach Policy

Panda Security 2010 Page 1

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

LCU Privacy Breach Response Plan

GLBA, information security and incident response a compliance perspective

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Postal Inspection Service Mail Covers Program

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

SWIFT Customer Security Programme

Cyber Insurance: What is your bank doing to manage risk? presented by

WHO PROTECTS YOUR MAIL? MAILERS TECHNICAL ADVISORY COMMITTEE Guy Cottrell, Chief Postal Inspector

Table of Contents. Sample

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Ouachita Baptist University. Identity Theft Policy and Program

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Sage Data Security Services Directory

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

The CERT Top 10 List for Winning the Battle Against Insider Threats

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Welcome to Today s Web Seminar!

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Cybersecurity in Higher Ed

Incident Policy Version 01, April 2, 2008 Provided by: CSRSI

Data Breach Incident Management Policy

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

01.0 Policy Responsibilities and Oversight

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Cybersecurity and Examinations

Cybersecurity, safety and resilience - Airline perspective

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT

Number: USF System Emergency Management Responsible Office: Administrative Services

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Risk Outlook Anti money Laundering and Cybercrime. Steve Wilmott and George Hawkins

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

Prevention of Identity Theft in Student Financial Transactions AP 5800

Cyber Risks, Coverage, and the Board of Directors.

Transcription:

Texas Department of Banking United States Secret Service January 25, 2012

Presented by: Texas Department of Banking Banking Commissioner Charles G. Cooper Deputy Commissioner Bob Bacon Chief IT Security Examiner Phillip Hinkle United States Secret Service, Dallas Field Office Special Agent Steven Bullitt Co-sponsored by: Independent Bankers Association of Texas Texas Bankers Association Moderated by SWACHA Corporate Account Takeover is a crime carried out through all financial institutions, regardless of charter US Secret Service Jan 25, 2012 2

Introduction & Overview Description of Corporate Account Takeover and Money Mules Special Reviews by Department of Banking Standards & Practices for Risk Management of Corporate Account Takeovers Questions & Answers US Secret Service Jan 25, 2012 3

To Ask a Question Submit questions at any time using the chat feature on the left side of your screen. US Secret Service Jan 25, 2012 4

What is Corporate Account Takeover? Impacts Businesses, Communities, and Banks First significant incident in 2008 Complex and varied techniques Increasing frequency and size of thefts US Secret Service Jan 25, 2012 5

Texas Bankers Electronic Crimes Task Force Senior operational executives from diverse group of statechartered banks IBAT, TBA, and SWACHA Banking Department s Chief IT Security Examiner Secret Service s Electronic Crimes Task Force Special Agent Representatives from Texas Department of Public Safety Focused on Corporate Account Takeover www.ectf.dob.texas.gov US Secret Service Jan 25, 2012 6

Task Force Actions Developed Best Practices to Reduce Risks Developed Tools & Resources Recommended issuances of the practices to the banking industry Department of Banking issued Supervisory Memorandum 1029 US Secret Service Jan 25, 2012 7

FFIEC Supplemental Guidance on Authentication in an Internet Banking Environment issued June 2011 Task Force recommendations include the expectations of the FFIEC Supplemental Guidance, Task Force recommendations more specific to Corporate Account Takeover Special Reviews will begin in March 2012 US Secret Service Jan 25, 2012 8

Investigations 1865 - established within Treasury Department to suppress counterfeiting during U.S. Civil War Protection 1902 - formally authorized to protect presidents after 1901 assassination of President McKinley US Secret Service Jan 25, 2012 9

US Secret Service Jan 25, 2012 10

US Secret Service Jan 25, 2012 11

Recruitment Utilize Command & Control network to recruit Money Mules and Target victim companies Target - Small to midsized business and organizations Infiltration Attackers utilize numerous tactics to gain access to your network or computer, Banking Trojans Exfiltration - Transferring electronic funds out of your account(s) through coordinated effort Money Mules Victims or Suspects/Money laundered. US Secret Service Jan 25, 2012 12

DOES THIS SCHEME WORK? THE WORLD WIDE WEB BOTMASTER MONEY MULE S BANK Money Mule s Bank TSPY_SPYEYE.EXEI VICTIM COMPANY BOTNET www.bank.com Victim Company s bank

BOTMASTER COMMAND & CONTROL US Secret Service Jan 25, 2012 14

VICTIM COMPANY COMMAND & CONTROL TSPY_SPYEYE.EXEI US Secret Service Jan 25, 2012 15

VICTIM COMPANY VICTIM COMPANY s BANK TSPY_SPYEYE.EXEI BOTNET www.bank.com US Secret Service Jan 25, 2012 16

MONEY MULE BOTNET www.bank.com Victim Company s Bank Money Mule s bank US Secret Service Jan 25, 2012 17

MONEY MULE COMMAND & CONTROL US Secret Service Jan 25, 2012 18

DOES THIS SCHEME WORK? THE WORLD WIDE WEB BOTMASTER Money Mule s Bank COMMAND & CONTROL TSPY_SPYEYE.EXEI VICTIM COMPANY BOTNET www.bank.com Victim Company s bank

Target Foreign and domestic criminals who are utilizing a series of banking botnets and malware to compromise Online banking accounts Utilize the banking system against the criminals Utilize the anonymity of the internet against the cyber criminals Disrupt the organized market the cyber criminals control US Secret Service Jan 25, 2012 20

Special Reviews begin in March Review implementation efforts on the 19 standards of Protect, Detect, and Respond Reviews conducted in phases US Secret Service Jan 25, 2012 21

Initial phase Determine if banks have begun working on a risk management program Determine if banks have begun working on a risk assessment Determine if Board of Directors have been informed Answer questions about the standards & practices Later phases will measure progress Progress will be evaluated on a case by case basis US Secret Service Jan 25, 2012 22

Supervisory Memorandum 1029 (Standards for Risk Management of Corporate Account Takeovers ) Recognized need for banks to Identify, develop, and implement appropriate risk management measures Establishes 19 minimum standards Included in examination program Best Practices can assist in meeting the 19 standards www.ectf.dob.texas.gov US Secret Service Jan 25, 2012 23

Protect, Detect, and Respond Co-developed by USSS to help businesses Best Practices are cross referenced to SM 1029 using Protect, Detect, and Respond Page 3 of SM outlines the elements of the Protect, Detect, and Respond framework US Secret Service Jan 25, 2012 24

Supervisory Memorandum 1029 Risk Management of Corporate Account Takeovers The minimum standards for a risk management program to mitigate the risk of Corporate Account Takeover are as follows: PROTECT Implement processes and controls to protect the financial institution and corporate customers. P1. Expand the risk assessment to include corporate account takeover. P2. Rate each customer (or type of customer) that performs online transactions. P3. Outline to the Board of Directors the Corporate Account Takeover issues. DETECT Establish monitoring systems to detect electronic theft and educate employees and customers on how to detect a theft in progress. D1. Establish automated or manual monitoring systems. D2. Educate bank employees of warning signs that a theft may be in progress. RESPOND Prepare to respond to an incident as quickly as possible (measured in minutes, not hours) to increase the chance of recovering the money for your customer. R1. Update incident response plans to include Corporate Account Takeover. R2. Immediately verify if a suspicious transaction is fraudulent. R3. Immediately attempt to reverse all suspected fraudulent transactions. US Secret Service Jan 25, 2012 25

P1. Expand the risk assessment to incorporate Corporate Account Takeover. The risk assessment should include risks of Corporate Account Takeovers and be reviewed/updated at least annually for threats and risks related to online payment services. After the risk assessment is updated, an analysis should be made to identify the bank s existing controls that need to be updated or controls that need to be implemented to achieve compliance with regulatory guidance. A sample Corporate Account Takeover risk assessment is available electronically on the Electronic Crimes Task Force page of the Texas Department of Banking website, www.ectf.dob.texas.gov. An effective risk management assessment should: 1. Define the scope and complexity of the institution s payment and online banking services, noting any changes since the prior risk assessment; 2. Identify what functionality is offered or has changed regarding: 3. Assess if transaction limits have been set within the automated system and if those limits are appropriate; 4. Present a clear understanding of the bank s: Customer segmentation; Customer utilization of online banking; and Expected pmnt volumes 5. Assess reliance on third-party service providers for electronic payment processing and delivery 6. Determine and assess on-going customer education and training practices; 7. Identify and assess all automated pass-through payment processing activities 14. Assess the need for electronic theft insurance. US Secret Service Jan 25, 2012 26

Broad Objectives: P1. Include CATO in Risk Assessment P2. Identify Higher Risk Customers P3. Brief Board on CATO P4. Communicate basic security practices P5. Provide CATO security education to customers P6. Enhance Bank Controls P7. Review customer agreements P8. Contact Vendors US Secret Service Jan 25, 2012 27

Broad Objectives: D1. Establish monitoring Systems D2. Educate Bank Employees D3. Educate Account Holders US Secret Service Jan 25, 2012 28

Broad Objectives: R1. Update Incident Response Plan R2. Immediately verify suspicious transactions R3. Immediately reverse fraudulent transactions R4. Send Fraudulent File Alert R5. Immediately notify receiving bank(s) R6. Suspend use of compromised accounts R7. Contact LE and regulators R8. Document recovery efforts US Secret Service Jan 25, 2012 29

Appendix A: Resources for Corp Customers Appendix B: Deceptive Contact Techniques Appendix C: Incident Response Plans Appendix D: InfoSec Laws Affecting Businesses Appendix E: Sample Fraudulent File Alert Request Tools and Resources webpage US Secret Service Jan 25, 2012 30

US Secret Service Jan 25, 2012 31

Small community banks have said they are looking for help to comply with FFIEC Supplemental Guidance Bankers have said that following the broad goals of the Best Practices will assist. FinCEN requires filing of SAR for attempted Account Takeovers (FIN 2011-A016) US Secret Service Jan 25, 2012 32

Questions? Submit questions using the chat feature on the left side of your screen. Questions that we don t have time to address during this session will be answered and posted on the Department of Banking website with the final webinar materials. Additionally, you may contact Chief IT Security Examiner Phillip Hinkle with questions after this presentation via phone or email: (817) 640-4050 or itex@dob.texas.gov US Secret Service Jan 25, 2012 33

Thank you for joining us! Contact Department of Banking via email at itex@dob.texas.gov U.S. Department of Homeland Security United States Secret Service US Secret Service Jan 25, 2012 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback