Which type of fraud is described as a “Technologically advanced form of electronic crime involving explotation of businesses of all sizes, especially those with limited computer safeguards or disbursement controls for online business banking?”
Corporate Account Takeover
Which type of fraud occurs when cyber theives gain access to a company’s computer system to steal confidential banking information to then impersonate the business and initiate fraudulent electronic transfers to unauthorized accounts?
Malicious software can automate many elements of this type of fraud by circumventing forms of multi-factor authentication.
Corporate Account Takeover
What are the types of Deposit Account Fraud?
- Check Kiting
- Closed Account Fraud
- Paper-Hanging
- New Account Fraud
What is Paper-Hanging?
Customer purposely writing checks on closed accounts, as well as reordering checks on closed accounts.
What is DDoS an acryonym for and what is it?
Distributed Denial of Service which is a type of fraud tied to an attack on a public website.
This type of fraud is designed to slow website response times, preventing customers from accessing the website and/or online services, and adversely affecting back office operations. It may also serve as a diversion by criminals to commit fraud with stolen customer/employee login credentials to initiate fraudulent electronic payments (Wire, ACH).
Distributed Denial of Service (DDoS)
What types of risk can a financial institution face as a result of a DDoS attack?
Operational and Reputation risk if the attack is coupled with any fraud attempts. If any of those fraud attempts result in financial losses to the bank then they could also experience Liquidity and Capital risks.
What type of fraud increases following a natural disaster?
Forged Checks
What are common characteristics of Altered checks?
- Ink that smears when rubbed
- Numeric vs. written dollar amounts are different
- Different color pen ink
- Inconsistent spacing where the numeric portion has been altered
- Inconsistent font from different printers/typewriters
- MICR line altered to delay clearing
What are common characteristics of Counterfeit checks?
- Poor quality paper stock
- Absence of on serated edge or the check printer’s name/trademark
- Misspelled printed information
- Inconsistent or out of range check numbers
- MICR line missing, crooked, shiny or not machine readable
- Check number in wrong position of MICR line
What type of fraud is based on the creation of demand drafts?
Telemarketing
What are the general methods for a financial institution to deter all types of payments fraud?
- Know Your Customer
- Teller Training
- Full extent prosecution
- Review customer ID thoroughly
- Maintain seperation of functions
- Maintain permanent signature cards and appropriate business documentation
- Advise customer to destroy checks for unused or closed accounts
- Properly close accounts
- Be engaged with financial services industry conferences and work groups
What are paper security features?
- Watermarks
- Copy void/Chemical void
- High Resolution Micro-printing
- Three dimensional
- Security Links
- Bar codes
- Optical Variable Ink (OVI)
- Thermo-chromatic ink
What are Image-surviavable Security Features (ICSF) and what are the two primary purposes?
ICSF are security features through the use of cryptographic techniques and security marks that remain effective after imaging to:
1. authenticate an original document, and
2. deter fraud by thwarting different methods to alter or replicate checks.
What are the six types of retail payments risk outlined by FFIEC?
- Strategic Risk
- Credit Risk
- Reputation Risk
- Operational Risk
- Legal (Compliance) Risk
- Liquidity Risk
S.C.R.O.L.L.
What is FFIEC an acrynym for?
Federal Financial Institutions Examination Council
What is the FFIEC?
- Formal interagency body that perscribes uniform principles, standards, and report forms for the federal examination of financial institutions, and
- makes recommendations to promote uniformity in the supervision of financial institutions.
What are the various agencies that support the FFIEC?
- the Board of Governors of the Federal Reserve Bank
- the Federal Deposit Insurance Corporation (FDIC)
- the National Credit Union Administration (NCUA)
- the Office of the Comptroller of the Currency (OCC)
- the Consumer Financial Protection Bureau (CFPB)
What are the steps of Money Laundering?
- Placement - introduce illegal funds in the the financial system without attracting attention of financial institutions or law enforcement.
- Layering - moving funds around the financial system through a complex series of transactions to create confusion and complicate the paper trail.
- Integration - create the appearance of legality through additional transactions.
What does USA PATRIOT Act stand for and when was it enacted?
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism - 2001
What is included in the BSA/AML Examination Manual?
- Suspicious Activity Reporting (SAR)
- Currency Transaction Reporting (CTR)
- Foreign Correspondent Account Recordkeeping
- Correspondent Accounts (Foreign)
- Bulk shipments of Currency
- Automated Clearing House (ACH) Transactions
- Third-Party Payment Processors
What are four key steps in establishing and supporting an effective operational risk management program?
- Risk Identification
- Risk Measurement
- Risk Mitigation
- Risk Monitoring and Reporting
FFIEC Guidance to Information Security 2016
What is recommended as effective IT governance?
Governance is generally found in the IT Handbook’s Management booklet, but specific topics related to Information Security are:
* Implementation and promotion of security culture
* Assignment of responsibilities and accountability
* Effective use of resources
FFIEC Guidance to Information Security 2016
What actions increase risk and potential adverse effects for a business?
- Disclosure of information to unauthorized individuals
- Unavailability or degradation of services
- Misappropriation or theft of information services
- Modification or destruction of systems or information
- Records that are NOT timely, accurate, complete, or consistent
FFIEC Guidance to Information Security 2016
