the web seminar has not yet started - acamsfiles.acams.org/webcasts/20131121/2013-11-21 -...

Cyber Fraud: The New Financial Crime Wave

www2.acams.org/webinars

The web seminar has not yet started:

A sound check will be performed 5 minutes before the start time.

COPYRIGHT NOTICE – USE OF WEBEX LOGIN/PASSWORD FOR ACAMS WEB SEMINARS Each site license entitles registrant to one login: one phone connection (if accessing audio via teleconference) and one Internet connection for simultaneous Webcast, in one room where an unlimited number of listeners may participate. Providing your login instructions and password to another for their use, using your login ID/password more than once, or any simultaneous or delayed transmission, broadcast, re-transmission or re-broadcast of this event to additional sites/rooms by any means (including but not limited to the use of telephone conferencing services or a conference bridge, whether external or owned by the registrant) or recording is a violation of U.S. copyright law and is strictly prohibited


• Can you hear the sound check?

• It has begun




Q & A

To send a question:

Locate the Q & A box on the bottom right hand corner of the WebEx platform.

Type in your question and click send!


Welcome to the ACAMS Web Seminar

(Case study) Cyber Fraud: The New Financial Crime Wave

November 21, 2013

12:00 Noon– 1:00 pm ET

The web seminar has not yet started.



Welcome to the ACAMS Web Seminar

(Case study) Cyber Fraud: The New Financial Crime Wave

November 21, 2013

12:00 Noon– 1:00 pm ET




Sean Lonergan – RBC Royal Bank Mgr. Fraud Strategies & Initiatives

Brendan Brothers - Verafin Co-Founder & Dir. Product Marketing


Co-founded Verafin (BSA/AML Compliance & Fraud Detection software company) in 2003

Computer Engineer with background in analytics

Anti-financial crime subject matter expert with comprehensive technical expertise

Frequent speaker at industry conferences

Principal presenter for Verafin’s thought leadership webinar series

Verafin has more then 1100 financial institution customers across North America

BRENDAN BROTHERS Co-Founder Verafin



Manager, Fraud Strategies and Initiatives at RBC

Responsible for Online, Mobile and Telephone banking strategies

14 years with RBC – prior to current role spent 10 years in IT developing Fraud systems

RBC is Canada’s largest bank and 11th largest bank globally based on market capitalization

Operations in 46 countries

More than 15 million clients worldwide

SEAN LONERGAN Manager, Fraud Strategies and Initiatives RBC Royal Bank



The Perfect Storm…

3 ominous trends have culminated in…


Data Breaches


Data Breaches

Computer Malware


Organized Cybercriminals

Data Breaches

Computer Malware


Trend 1

Data Breaches


2013

Data Breaches (only breaches with more than 30k records shown)

# of breaches have INCREASED over time 2004


Data Breaches

Source: Open Security Foundation

1,611 data breaches in 2012

48% increase over 2011

134 breaches in average month


It’s no longer a possibility that you’ll be attacked, it’s become a probability and darn near a certainty.

Data Breaches

“ “

Source: CEO of Identity Theft 911


The type of PII (personally identifiable information) secured during these breaches lend themselves to committing particular types of fraud...

Data Breaches

…breaches beget fraud.

Source: Javelin Strategy & Research, Data Breaches Becoming a Treasure Trove for Fraudsters

“ “


more than half of all fraud victims are data breach victims

Data Breaches

criminals are relying more often on data from breaches to commit fraud

Source: Javelin Strategy and Research


Trend 2

Computer Malware


As of 2012

Computer Malware more than 128 million samples of malware in McAfee Labs malware “zoo”


Computer Malware

Malware shows no sign of changing its steady growth, which has risen steeply during the last two quarters.

“ “

Source: McAfee Threats Report, Q1 2013


Computer Malware

Account takeovers are most often achieved through the use of malicious software that can exploit just one entry point into a network to start the theft

“

“

Source: Federal Reserve Bank of Atlanta


Trend 3



Because of the Internet…there’s a radical distribution of labor and a

radically fast ability to recruit skills



Ten Specializations

Coders or Programmers

Distributors or Vendors

Techies

Hackers

Fraudsters

Hosters

Cashers

Money Mules

Tellers

Leaders


Cyber Schools

comprehensive course curriculum

advertised in the underground

carried out via Skype videoconferencing to promote interactivity

“professors” participate in Q&A sessions with students

offer ‘job placement’ for graduates with experienced criminals

vouch for star students to help them join underground communities they would otherwise not be able to access


Sample Course Offerings Beginners’ Cybercrime - basics of online financial fraud

School of Carding (subject with highest demand) – basic and advanced curriculum

Payment Card Fraud (one course per payment card type) - different ways to use payment cards in fraud scenarios

Anonymity and Security (theory and practical section) - how to erase digital “fingerprints”

Becoming a Mule Herder – how to open a mule recruitment “business”

Special One-on-One Tutorials and Consultations - problem solving sessions


ACH Credit/Wire Fraud

ACH Debit Fraud

ATM Cash-Out

Database Breach

Malware

Distributed Denial of Service (DDoS)

Source: FDIC, June 2013

Cyber Fraud Threats


DDoS Attacks

Cybercriminals can use DDoS attacks to disguise account takeover attacks.

$900,000 was wired out of the bank accounts of a California construction company in a DDoS attack that occurred over the 2012 Christmas holidays.

The DDoS attack disabled the bank’s website while money was transferred to 62 money mules.

The company could not access its account information through their bank and become aware of the activity.


A few real-life examples…

…of a rapidly growing number of cyber fraud cases


first example…


An Internet fraud ring comprised of at least 7 individuals worked together across 3 continents in an effort to steal millions of dollars…

…they used a number of interconnected crimes to execute their meticulously organized game plan


they used phishing attacks and bogus websites to trick unwitting consumers into giving up their online usernames and passwords


“D”

“B”

“G”

“C” “A”

“F” “E”


“A”, “E” and “G” were provided with stolen identifiers by “B” “B” received the stolen identifiers from “C” “C” worked with “F” and others to deploy phishing websites across the Internet

“A”, “B”, “E”, and “G”, and others used the stolen identifiers to make unauthorized withdrawals from victims’ accounts


Some of the stolen identifiers were used to create fake driver’s licenses, with which conspirators could impersonate victims at bank branches


the scheme also used the stolen identifiers to gain access to the victims’ online accounts, where “A”, “B”, and “G” could view victim signatures on check images and then forge checks and withdrawal slips to make fraudulent withdrawals


“C” and others added fake employees to victim companies’ payrolls and then caused paychecks to be issued to those fake employees

In a second variation of the scheme…

…”C” used stolen identifiers to gain access to payroll accounts at “XYZ” (payroll processor)


“B”, “C”, “G”, and others then withdrew the fraudulent payroll amounts using both stolen identifiers and unwitting intermediaries (“mules”)


As part of the scheme, more than $300,000 in fraudulent payroll was wired to “D” who impersonated a European woman interested in romantic relationships to dupe mules into wiring the proceeds of the scheme overseas


this organized fraud ring attempted to obtain $3.5 million in fraudulent withdrawals…


“Bank 1”, “Bank 2”, “Payroll Processor 3” and “Bank & Trust Co. 4” together lost $1.5 million to the fraud ring


27 criminal charges


“E” is in custody on unrelated federal charges in Georgia

“B” and “G” have both pleaded guilty and are awaiting sentencing

“D” is detained in Nigeria pending extradition

“C” and “F” are at large

“A” was convicted


some more examples…


ACH Fraud Is Payroll’s Newest Headache

Online banking through the Automated Clearing House network has generated a new cyber crime - ACH fraud

Payroll which makes abundant use of the ACH network for direct deposits and transactions is particularly vulnerable to ACH fraud

According to the FBI - this fraud is growing - new victims and cases opened every week

Source: Payroll Management


Eskola $130,000

Patco Construction $588,000

Sign Designs $99,000

Lifestyle Forms & Displays $1,200,000

Village View Escrow $465,000

Family Smile Zone $205,000

Genlabs $437,000

Ferma Corp $447,000

DKG Enterprises $100,000

Golden State Bridge $125,000

McFadden Law $250,000

Just a few of the many faces of Corporate Account Takeover


New types of cyber fraud, such as commercial account takeover fraud, may result in losses that can exceed the required capital of the financial institution.

“

“

Source: FDIC Supervisory Insights, Summer 2013


Source: Financial Times

In most past cases of high-frequency transfers to new places, “if banks had taken what we would consider a cursory look at transactions, they would have seen that the money going out the door was completely anomalous”. (Jeffrey Kopchik, FDIC)

FDIC and Federal Reserve have told lenders to stop relying on tokens, passwords and cookies - and instead embrace layered security including software that flags unusual behaviour – e.g. multiple transfers within minutes to new recipients.


one last example…


“Cashout” (a.k.a. “PIN cashing” or “Carding”)


US Attorney Loretta E. Lynch

Cybercrime Organization Indicted in $45 Million Cybercrime Campaign

In the place of guns and masks, this cybercrime organization used laptops and the Internet

“ “


Cyber Fraud Campaign

Used sophisticated intrusion techniques

Hacked into systems of global financial institutions

Stole prepaid debit card data

Eliminated withdrawal limits

Disseminated stolen card data worldwide

Casher cells made fraudulent ATM withdrawals across globe

8 defendants & co-conspirators targeted New York City

NY cell withdrew $2.8 million in less than 24 hours


Route of One New York Cell Member (5 ½ hours)


Images seized from a NY cell member’s iPhone…


hacking “operation” eliminates withdrawal limits - cybercrime organization can access virtually “unlimited” criminal proceeds

2 “Unlimited Operations” (cyber underworld lingo)


“Unlimited Operation 2” 36,000 transactions worldwide

casher cells in 24 countries

$40 million ATM withdrawals

10 hours

New York City - $2.4 million - nearly 3,000 ATM withdrawals

“Unlimited Operation 1” (dress rehearsal?)

4,500 transactions

casher cells in 20 countries

$5 million ATM withdrawals

New York City - 750 transactions - $400,000 - 140 ATM locations (2 hours 25 minutes)


Protecting A Financial Institution Against Cyber Fraud


Fraudsters have multiple access points to rob a bank account


Deploy layered fraud prevention… in particular, fraud prevention systems that provide user or account behavioral profiling and entity link analysis are useful in these cases.

Source: Gartner

”

“


[email protected]



Verafin / RBC Cyber Fraud Webinar

RBC Fraud Management

November 2013


The Fraud Management team is part of the Banking Operations department and serves

both RBC domestically in Canada and the enterprise as a whole.

The Fraud Management team is structured as follows:

National Office: Responsible for supporting our business partners, leading initiatives and

developing strategy.

Analytics: Responsible for advanced analytics including rule development and modelling.

Centres: 2 fraud centres, 1 in Montreal responsible for Credit Card and Credit Products and 1 in

Toronto responsible for Deposits, Cheques, Debit Card, Telephone, Online and Mobile banking.

Investigations: Responsible for investigations including intelligence gathering, asset recovery and

working with law enforcement.

Fraud Management within RBC


Detection Prevention

Post Fraud

“Root Cause”

Analysis

Intelligence Investigation

Prosecution

Asset Recovery Customer Satisfaction

Fraud Value Chain


Recent Trends and Risks in Online Fraud


Spear Phishing: Targeted e-mails sent in an attempt to compromise Online banking

credentials, client information and/or distribute malware.

Malware Attacks (Man-in-the-Browser, Man-in-the-Mobile): Malicious Software that when

installed on a computer has the capability to key log (capture key strokes) and/or

highjack or manipulate a client session.

Fraud as a Service (FaaS): Underground networks offering their services to sell

compromised credentials or launch fraud campaigns on behalf of a 3rd party.

Corporate Account Takeovers (ACH and Wires) Risk: An increased focus on Corporate

account takeovers (using techniques described above) to launch low volume, high dollar

attacks.

Online and Mobile Fraud Trends


Corporate Liability Shift: Recent court cases in the US have set precedent that banks

can be held liable in fraud cases where insufficient controls are in place.

Hactivism, Nation-state and/or Industrial Espionage/Sabotage: Cyber attacks against

corporations, nation-states or other groups (e.g. al-Qassam and the recent DDoS attacks

against US Financial Institutions) with the intent to steal IP from or disrupt these

organizations.

Ransomware: Malware that restricts access to a computer or files on that computer until

a ransom is paid to the creator of the malware. Once the ransom is paid a key to

“unlock” the files/computer will be provided.

Market Manipulation: Market activity with the purpose to create artificial buying pressure

and inflate the security price.

Online and Mobile Fraud Trends


The key to providing a secure Online and/or Mobile banking experience is a layered

fraud controls infrastructure.

Gartner outlines their ‘Five Layers of Fraud Prevention’ as follows:

Layered Fraud Controls Approach


Gartner’s ‘Five Layers of Fraud Prevention’



If you have additional questions for today’s experts or

suggestions for future web seminars,

please send those to:

[email protected]

Thank you for joining us today!

mailto:[email protected]


Future Web Seminar


DEC 04 – FREE Previewing the One-Day ACAMS AML Risk Management

Conference

Level: All

Noon to 1:00pm EDT

DEC 09 – FREE ACAMS Live Chat: 2013 End-of-the-Year Review

Level: All

Noon to 1:00pm EDT

the web seminar has not yet started - acamsfiles.acams.org/webcasts/20131121/2013-11-21 -...

Documents