WIXLIB

Use a Layered Approach for Wires & ACH Dual Factor Authorization (“something you have (token), and something you know”) “Out of Band” Authentication (text msg from bank with password for that specific wire) Tokens Transactional Alerts via Text E-mail Voice call back (human confirmation)

“Physical” Attacks –“Skimmers” in credit/debit card devicesInfected flash/thumb drives

Fraudsters Targeting BanksFacebook1 Billion Users

Hi Greg,Frank sent you a message on FacebookTo reply to this message follow the link belowhttp://www.facebook.com/n/?inboxFAKE URLDon’tClickHere

Ramnit Worm Threatens Online AccountFacebook Targeted by Fraudsters Seeking Log-in Credentials

10 Tips to Fight Insider ght-insider-fraud-a-4550

nsider-fraud-a-4550

ProtectPasswords

112345621234531234567894Password5qwertyFBI:10 MostPopularPasswords

6trustno17abc1238monkey9letmein10dragonFBI:10 MostPopularPasswords

CrackingPasswords

2009 Online games service RockYou.com hacked 32 Million plain-text passwords stolen 14 Million unique passcodes were posted Overnight, the way hackers crackedpasswords changed!

RockYou.com list confirmed nearly allCAPITAL LETTERS come at the beginningof a password. Nearly all PUNCTUATIONand NUMBERS are at the end.RockYou list revealed a strong tendency touse first names followed by years:Christopher1965 or Julia1984

Passwords Posted on the WebLast Year100,000,000

5 Years AgoThe Time it Took a Hacker toRandomly Guess Your Password numbers andsymbolsLengthlowercase Uppercase6 Characters 10 Minutes 10 Hours 18 Days7 Characters 4 Hours23 Days4 Years8 Characters3 Years 463 Years4 Days9 Characters 4 Months 178 Years 44,530 YearsFive years ago: 8 Characters, all lower case 4 daysToday: 8 Characters, all lower case 12 hours

TodayIt Takes a Hacker 12 Hours to RandomlyGuess Your 8-Character PasswordThis 12,000 computercontaining 8 AMD RadeonGPU cards can brute forcethe entire keyspace for anyeight-character passwordin 12 hours.

Track Your Kids

Track Your KidsKeystrokes(without them knowing, ever.)

Kids keep 2 Facebook Accounts(Mom only sees one)

Track Your Kids’ Keystrokes

Track Your Kids’ KeystrokesSpector Pro: Track your child’s keystrokes,emails, MySpace, Facebook, IM, websitesvisited with Spector Pro (spectorsoft.com).eBlaster forwards incoming and outgoingemails to your email address.

Spectorsoft.com/mobile

www.NoSlang.comInternet Text and Drug SlangTranslator & Dictionary

www.NoSlang.com

Sexting Slang TermsSexting cancreateseriouslong-termlegalconsequencesfor yourchild.www.NoSlang.com

What is Snapchat?Snapchat is the fastest way to share a moment on iPhone andAndroid. You control how long you want your friends to view yourmessages. We'll let you know if we detect that they've taken ascreenshot!Is there any way to view an image after the time has expired?No, snaps disappear after the timer runs out. You can save snapsthat you capture by pressing the save button on the previewscreen.What if I take a screenshot?Screenshots can be captured if you're quick. The sender will benotified if we detect you have taken a screenshot.

What is Snapchat?Snapchat is the fastest way to share a moment on iPhone andAndroid. You control how long you want your friends to view yourmessages. We'll let you know if we detect that they've taken a ,xsipdscreenshot!s en tosddneoseceusdbn0a1ntainhas expired?t c the etimeiensarpiIs there any way to view an imageafterhactrersppeeaghst.tiandout. Youyntimer runse)be”No, snaps disappear afterthecansavesnapsemyptaklcegrncinsofo“u(qnx savevbuttone previewdamipewpthat you t opanperscreen.esyrgrA ve ng porno becau angry paydin’trusleecvnoit d a screenshot?oaitrsWhatifItakeseUnle rned ovtuScreenshots can be captured if you're quick. The sender will benotified if we detect you have taken a screenshot.

Texting app

Texting appesgasesmg.tnxitextendeter’s.)ycoetthets,tkidi ntharypwbSwT,s ed n’t knoTuAp,oonapdzrisratlepuren , eg. VoappytersVer , so th airracneeilhtffoseut’nDoes

Check Fraud

Check FraudWhy talk about Check Fraud?

Check FraudProduces more Lossesthan all other types of payment fraudCOMBINED!

In 1762 Price sued Neal for check fraudPrice v. Neal, England(The FIRST Check Fraud Lawsuit)

Plaintiff, Price, argued that:Defendant, Neal, was indebted to him for 80 for money hadand received: and damages were laid to 100 . Plaintiff shouldrecover back the money he paid them by mistake believing“that these were true genuine bills.”

Plaintiff, Price, argued that:Defendant, Neal, was indebted to him for 80 for money hadand received: and damages were laid to 100 . Plaintiff shouldrecover back the money he paid them by mistake believing“that these were true genuine bills.”Plaintiff “could never recover it against the drawer, because nodrawer existed;

Plaintiff, Price, argued that:Defendant, Neal, was indebted to him for 80 for money hadand received: and damages were laid to 100 . Plaintiff shouldrecover back the money he paid them by mistake believing“that these were true genuine bills.”Plaintiff “could never recover it against the drawer, because nodrawer existed; nor against the forger, because he is hanged.”

Plaintiff, Price, argued that:Defendant, Neal, was indebted to him for 80 for money hadand received: and damages were laid to 100 . Plaintiff shouldrecover back the money he paid them by mistake believing“that these were true genuine bills.”Plaintiff “could never recover it against the drawer, because nodrawer existed; nor against the forger, because he is hanged.”The jury found a verdict for the Plaintiff; and assessed damagesof 80 and costs 40s.

Check fraud has continuedunabated for 250 years!

Check fraud has continuedunabated for 250 years!but with fewer public hangings.

AFP 2014 Payments Fraud SurveyIn 201370% of organizationsstill issued checks.Check fraud will never go away!

AFP 2014 Payments Fraud Survey“ checks continue to be the dominantpayment form targeted by fraudsters,”with 82% of affected organizationsreporting that their checks were targeted.”

Fraudulent Payments by Method(Respondents were hit multiple ways; total 100%)100CHECKS 82%80Cr edit/DebitCards 43%60ACH Debits22%40WireTransfer s 14%ACH Credits9%200Percentage

Fraud Losses by MethodHow Dollars were actually lost100CHECKS 57%80Credit/DebitCards 23%60ACH De bits10%40WireTransfers 9%ACH Cre dits1%200Percentage

Frank AbagnaleCatch Me If You CanTechnology is making Frank Abagnale’s“gift” achievable by mere mortals

Boston’s #1 Seller

The EvolutionofCheck FraudandBanker Solutions

Counterfeit Checks(since 1762) Banks developed Positive Pay

Altered Payees Banks developed Payee Positive Pay

Added Payee NamesChecks blow right through Payee Positive Pay!

Typical Check LayoutOpen Areas Where Forgers Add A New Payee NameAdded Payee printed 2 lines above original namewill not be detected by Payee Positive Pay

Multiple Payees:If it doesn’t say AND,it is “ambiguous” and legally means“OR”A forward slash [virgule, vər-gyül “/” ] OR

Strategies to PreventduarFkcehC

Don’t Write Checks! Use Commercial Purchase Cards Pay electronically (ACH)

Commercial Purchase Card Benefits1. Reduces check writing and check fraud risk2. Does not expose the checking account number3. Terminating a card is easier than closing achecking account4. Reduces bank per-item fees5. Potential for Rebates or Rewards

ACH Payment Benefits1. Reduces check writing and check fraud risk2. Does not expose the checking account number3. Reduces mailing expense and bank fees4. Pay 1 invoice at a time, or5. Pay multiple invoices and email remittance detail

But, if you’re going towrite checks

1#H.higeSuctirCyehskc

Effective check fraudprevention strategies beginwith a high security check.

AFP 2014 Payments Fraud SurveyTypes of Check Fraud Alterations:1. Payee Name Alterations 52%2. Dollar Amount Alterations 37%

AFP 2014 Payments Fraud SurveyTypes of Check Fraud Alterations:1. Payee Name Alterations 52%2. Dollar Amount Alterations 37%This is up from 49% and 22% respectively,in the 2013 Survey .

High Security Checks1. Thwart forgers’ attempts to replicate oralter the check2. Deter the forger(psychological warfare)3. Provide legal protection from some Holderin Due Course claims (UCC § 3-302)

What makes a checksecure?10 10 safety features

Important Security Features Controlled Check Stock Dual-tone True Watermark Thermochromatic Ink (reacts to heat) Warning Bands worded correctly Toner Anchorage Copy Void Pantograph Chemical-reactive Ink Paper Inventory Control Number on Back (laser) UV Ink UV Fibers Microprinting Laid Lineswww.safechecks.com

Controlled Check Stock Is a critical security feature Checks should be unique in some way to every otherorganization’s check stock No two organizations should have the exact, identicalcheck stockwww.safechecks.com

Uncontrolled Check Stock Is NOT uniquely designed or customizedfor each end-user It is often sold entirely blank to countlessentities / organizations, and fraudsters, byprint brokers all over the USAwww.safechecks.com

Who Sells Blank, Uncontrolled Checks? Virtually ALL accounting / check writing SoftwareVendors Virtually ALL check printers1. Large, national printers2. Small print brokers that buy from wholesalers

Ask your check supplier this question:Has your check stock ever been soldentirely blank to other companies?

Obtaining Controlled Check Stock1.Custom-manufacture checks using anORIGINAL design, true-watermarked paper,and at least 10 security features, OR2.Buy from a supplier that sells controlledcheck stock that has never been replicatedor used in a check fraud scam.SAFEChecks.com

2#eeyaP.isoPPevitya

Positive Pay.a powerful tool!PositivePay.net

However . Positive PayProvides NO PROTECTION Against

However . Positive PayProvides NO PROTECTION AgainstAdded Payee Names!

LawsuitCincinnati Insurance Companyv.Wachovia Bank 154,000 Lossfrom anAltered Payee

FactsPrior to the 154,000 loss, Schultz Foods hadthree (3) separate check fraud events.

FactsPrior to the 154,000 loss, Schultz Foods hadthree (3) separate check fraud events.Wachovia Bank covered their losses; told Schultzto use Positive Pay or close their account.

FactsPrior to the 154,000 loss, Schultz Foods hadthree (3) separate check fraud events.Wachovia Bank covered their losses; told Schultzto use Positive Pay or close their account.Each time Schultz closed their account, butnever implemented Positive Pay.

FactsSchultz buys check fraud insurance fromCincinnati Insurance.

FactsSchultz Foods issues 154,000 check payable toAmerada Hess Corporation.Check is stolen.Payee Name altered.Name changed to “Kenneth Payton”Kenneth Payton, a minister, deposits 154,000check into TCF Bank and wires 150,000 toSingapore to help a South African refugee family.

Facts6 weeks later, Schultz Foods notifies Wachovia ofaltered payee; demands repayment.

Facts6 weeks later, Schultz Foods notifies Wachovia ofaltered payee; demands repayment.Wachovia won’t pay until it recovers from TCF.

Facts6 weeks later, Schultz Foods notifies Wachovia ofaltered payee; demands repayment.Wachovia won’t pay until it recovers from TCF.Schultz files a claim with Cincinnati Insurance;Cincinnati pays the claim and sues Wachovia.

Facts6 weeks later, Schultz Foods notifies Wachovia ofaltered payee; demands repayment.Wachovia won’t pay until it recovers from TCF.Schultz files a claim with Cincinnati Insurance;Cincinnati pays the claim and sues Wachovia.Under UCC § 3-119, TCF Bank (the liable party) hiresattys to defend Wachovia, using Wachovia’s signed“deposit agreement” against Cincinnati Insurance.

Wachovia’s Deposit Agreement(Contract)“You agree that if you fail to implement any of theseproducts or services, or you fail to follow these andother precautions reasonable for your particularcircumstances, you will be precluded from assertingany claims against [Wachovia] for paying anyunauthorized, altered, counterfeit or otherfraudulent item that such product, service, orprecaution was designed to detect or deter, and wewill not be required to re-credit your account orotherwise have any liability for paying such items.”

Because of the signed depositagreement,Wachovia Bank Wins!This case demonstrates you can have a greatrelationship with your bank and still lose a lawsuit!

FactIf Schultz Foods had used Positive Pay, the check maynot have paid and there may not have been a loss!

FactIf Schultz Foods had used Positive Pay, the check maynot have paid and there may not have been a loss!(Exception: Added Payee Names)

Preventing Altered Payees High-security checks 14 point font for Payee Name High-quality toner Hot laser printer Payee Positive PayFrank Abagnale’s Fraud Bulletin on Laser Check Printing

What about Added Payee Names?It Is A Fact:Payee Positive Pay systems are not detectingAdded Payee Names printed 2 lines above the original payee name.There is NO banker solution!

Typical Check LayoutOpen Areas Where Forgers Add A New Payee Name

Fix it: Use a Secure Name FontSecure Name Font printed above original payee namehelps eliminate Added Payee Name RiskSecure Name Font

Leaves No Room for Adding Bogus PayeeSecure Name Font printed above original payee namehelps eliminate Added Payee Name RiskNo room for an Added Payee

Deterrence: Add Text to the Check

Deterrence: Encrypted barcode

Barcode contains:1.Drawer2.Payee Name3.Dollar Amount4.Issue Date5.Check Number6.Account Number7.Routing/Transit Number8.Date and Time Check was printed9.Laser Printer used10. The employee that printed the check

Barcode is createdby aPrinter Driver

Printer driver can:1. Accumulate check data for Positive Pay2. Change Font size3. Add Barcode, Secure Name & Number fonts4. Be configured to send Pos Pay files to thebank automatically5. Reposition Check Placement

Typical Check Layout –Check is on top and shows thru window envelopePrinter Driver can Reposition the Check

8934 Eton AvenueCanoga Park, CA 91304Payee Name, Address, is printed in TOP white panel.Check is re-positioned to the bottom.Check isZ-folded with TOP PANEL showing thru windowIt is not obvious the envelope contains a check.

Identical data is printed on both checks.Which check would forgers prefer to attack?

Holder inDue CourseWeb: FraudTips.net

Holder in Due Course An innocent party who accepts a check for goods or servicesNo evidence of alteration or forgery, or knowledge of fraud byrecipientStatute of Limitations 10 years from date of issue Three (3) years from date of return A Holder in Due Course can sell his/her rights

Holder in Due Course Trumps Stop Payments Trumps Positive PayTrump (n.) To get the better of an adversary or competitorby using a crucial, often hidden resource.

Holder in Due CourseFederal Appellate CourtLawsuits

HIDC & Stop PaymentsRobert Triffin v. Cigna Insurance Two year old check; payment stopped No “expiration date” printed on checkUCC: Check valid for 10 years or 3 years Print on checks: “This check expires and is void25 days from issue date” Don’t re-issue check until first -2071.pdf

Someone who accepts anexpired InstrumentHas No Legal Standing!As a Holder in Due Course

HIDC & Controlled Check Stock Robert Triffin v. Somerset Valley Bank and HauserContracting Company 80 counterfeit checks totaling 25,000 onauthentic-looking check stock Bank returns them as counterfeit Triffin buys 8,800 in returned checks from fourcheck cashing stores, and as a HIDC, sued Hauserfor NEGLIGENCE for not controlling his check -appellate-division/1315264.html

HIDC & Controlled Check Stock Lower court rules in favor of Triffin, saying thechecks looked “genuine” Hauser appealed; claimed he never had possessionof the checks or authorized their issuance. Federal Appellate Court UPHELD lower court;ruled the checks looked “genuine” Hauser Contracting ordered to pay Triffin 8,800 Solution: Use controlled, high security -appellate-division/1315264.html

HIDC & Controlled Check StockRobert Triffin v. Pomerantz Staffing Services 18 counterfeit checks drawn on Pomerantz’ acctcashed at check cashing store. All checks under 400. Each check had a PRINTED warning: “THE BACK OFTHIS CHECK HAS HEAT SENSITIVE INK TOCONFIRM AUTHENTICITY.” Check casher cashed the checks without examiningthe te/a2002-02.opn.html

HIDC & Controlled Check StockRobert Triffin v. Pomerantz Staffing Services Counterfeit checks looked authentic on face, but had noheat-sensitive ink on the back Because casher failed to verify heat-sensitive ink onback, it co

Corporate Hacking. Phishing Emails Can look legitimate Lead to account takeovers. Cyber Crime “Phishing”Attack: v. 560,000 Loss CFO responded to phishing email with his bank login. Lawsui