Counterfeit Money and Fraud Prevention

Debra Smith, Senior VP, Director of Deposit Operations Erica Fernald, Assistant VP, Bank Security Officer Fraud in General What is Fraud?

• Fraud is the intentional deception or misrepresentation made for the unlawful or unfair personal gain or to damage another individual. • Almost all organizations have been victims of fraud at one time or another, even if they don’t admit it. • Employee Fraud – Driven by motive and opportunity • Criminal Fraud – Criminals’ sophistication and technology advances will continue to increase.

It’s not a matter of if, but when and how… (3) Fraud Trends

• Checks continue to be the payment method most often exposed to fraud because they are still the most frequently used payment method. • Wire transfers were the second most popular vehicle for payments fraud. • A majority of organizations were exposed to Business Email Compromise (BEC) scams in 2015. • BECs target corporate email systems in an effort to trick employees into making payments to fraudulent accounts. • 64 percent of respondents to the 2016 AFP Survey reported they have been exposed to BEC, with wire transfers as the payment method most impacted. • More than 7,000 U.S. companies reported being victims of BEC to the FBI’s Internet Crime Complaint Center from October 2013 to (4) August 2015. Sources: 2016 AFP Payments Fraud & Control Survey www.ic3.gov How do Fraudsters Benefit?

• Monetarily • Goods • Services • Favors • Information

(5) What Causes People to Commit Fraud?

• It was owed to me • Lack of supervision • I was only borrowing it • Poor internal controls • I was underpaid; my • Poor record keeping employer cheated me

• A gambling or drug habit • Personal debt or poor credit • Peer or family pressure to succeed (6) Counterfeit Money Counterfeit Money • The U.S. government periodically redesigns Federal Reserve notes to make them easier to use but more difficult to counterfeit. Because U.S. currency has been redesigned over the years to stay ahead of counterfeiters, we have different “styles” of notes.

• The $20 bill is the most frequently counterfeited note.

• Quick Ways to Authenticate • Feel • The note should feel slightly rough to the touch • Does it feel overly soft or overly stiff? Thicker or thinner than usual? Unusually glossy or smooth? • Tilt • Tilt the note back and forth and observe the color-shifting ink, which is found on denominations $10 and higher. $100 note also includes a 3-D Security Ribbon and color-shifting Bell in the Inkwell. • Check with Light (8) • Notes $5 and higher have two security features that can be checked by holding the note to light: the watermark and security thread. Source: USCurrency.gov Counterfeit Money

(9) Counterfeit Money

(10) Counterfeit Money

(11) Check Fraud • Counterfeit • Fabricating/Duplicating a check • Red Flags: • Misspellings • Multiple Font Variations • Stolen • Forgery • Issuing check without proper authorization • Altered • Amount Changed

71% of companies that experienced attempted or actual payments fraud in 2015 were victims of check fraud.

Check Fraud and ACH or Wire Fraud can all be interrelated (12) Best option is to close account and reopen

Source: 2016 AFP Payments Fraud & Control Survey Fraud Prevention Municipalities and Fraud

• Municipalities have a large number of financial transactions and can have large amounts of cash in multiple accounts. • Administration turnover can result in a temporary lapse in oversight of long-term employees. • Not all elected officials are familiar with the complexity of municipal finances. • Multiple accounts and complex finances make municipalities susceptible to external fraud such as Business Email Compromise, cyber fraud, and malware.

(14)

Source: MunicipalFrauds.com Protecting Against Fraud

• Segregating duties • Using pre-numbered accounting forms • Requiring at least two signatures • Monitor audit trails • Review processes and procedures • Rotate key personnel

(15)

Source: DFND Analytics Case Study – Town of ABC

• The account information of Town of ABC was fraudulently intercepted by an individual unknown to be associated with the Town in any way. • Over 80 fraudulent ACH debits were originated against Town of ABC’s account to pay various credit card and utility companies over a span of nearly two years. • Discrepancies in reconcilement were identified on monthly balance sheets; however, no subsequent investigations were completed by the Town.

(16) Case Study – Town of XYZ

• The Town of XYZ discovered a virus had infected the computer network at the XYZ Town Hall. A computer hacker had gained access, apparently through an infected email, to the Town’s network and launched a Cryptoware ransomware virus which then encrypted most of the Town Hall files. The hacker demanded a ransom from the town in exchange for unlocking the files.

• After numerous attempts were made to unlock the Town’s files, it was determined paying the ransom was the most expedient option for the Town. The Cryptoware virus had infected the backup system as well.

• The Town of XYZ paid the ransom of one half a bitcoin, equivalent to three hundred dollars ($300 USD), as directed by the hackers. Once the ransom was paid, the hackers provided the Town with a software key to begin the process of unlocking the files. (17) Lessons Learned

• Reducing risk with more robust anti-virus software • Removing all mapped drives • Restricting access to USB drives • Dual control verification procedures in place • Frequent reconciling • Minimizing manual processes • Be vigilant of any unusual transactions (micro-transactions) • Prioritization

(18) How To Protect Your Accounts

• Regularly view your online banking secure messages and alerts. • Monitor all ACH or wire transactions initiated through online banking. Check intraday activity to confirm the authenticity of scheduled transactions before the end-of-day cut-off time. • Establish a workstation for conducting online financial transactions exclusively. It should not be used for general web browsing. • Divide duties among two or more people so no one person has too much access or control. • Verify that deposits made with remote deposit capture technology accurately post to the account. • Do not include sensitive personal/company information in email unless it is sent securely. • Be suspicious of emails asking for sensitive personal/company information. Be selective when providing your email address. • Do not respond to emails that appear to be from your financial institution asking you to access a website to update your user ID or password. • Make sure servers and computers are up-to-date with the latest Microsoft patches‚ many of which prevent or correct security issues. • Be vigilant about Man-in-the-Browser (MITB) malware, such as the ZeuS Trojan, which aims to steal a user’s online banking credentials by intercepting online banking sessions. • Perform a bank statement reconciliation at least once a month and preferably more often. A reconciliation will identify stolen, lost, or altered checks and unauthorized transactions. (19) • Limit use of memory sticks or thumb drives. Using these devices to exchange data between business and home systems increases the risk of transferring viruses to your business network. Rockland Trust Offerings

Positive Pay Positive Pay helps guard against fraudulent check transactions and gives you greater control over disbursements. We compare checks presented for payment against a file of issued checks that you provide. If any item such as check number or dollar amount does not match, the check is flagged for your review. You decide whether to pay or return the check. As an added measure of protection, checks presented for cash payment at any of our teller lines are compared against your check-issued file and only those matching the information you provided will be honored.

Electronic Debit Block While Positive Pay safeguards your account against check fraud, Electronic Debit Block protects it against unauthorized ACH debits. You may choose to block all electronic debits, or set up a filter that allows only authorized payees to debit your account.

Account Reconciliation Services Account Reconcilement provides you with a detailed statement that includes checks paid, checks outstanding, stops, debits, and credits. Your reconcilement statement can be prepared at any time through Rockland Trust’s Online Banking system. (20) Online Banking Alerts Online Banking Alerts notify you of important account information regarding transactions or security events. Conclusion

• Everyone in an organization is responsible for fighting fraud. • Be alert to potential fraud. • Report any suspicions to your organization.

(21)