Security Officer and Fraud Prevention Workshop 2019

Presented by: Jim Rechel, President The Rechel Group, Inc. [email protected] 513-521-1860 I thought my comments were important……. Objectives

1. To challenge how you think about the role of security (physical and financial) today, tomorrow and for the future of your bank.

2. To provide information on the risks and opportunities to address current security issues.

3. To propose a business model that sees your bank in an “advocates role for your customers” when dealing with security issues.

4. To interest you enough today that you do not “doodle”!  Protecting the Bank: Convergence of Data Physical Security and Fraud and Prevention Opportunities Russian Funded Hedge Fund / Bank / Finance Co.

Russian Aligned Hedge Fund Bank Loan

$ 75 $ 125 Million Million

Finance Company 6 Small World

7 Your Background Let’s Take Your Pulse (Rank Top 2 Issues at Your Bank in Order: ie 1st and 2nd)

Our customers and/or partners lack sufficient We lack the in-house We lack the technology tools awareness to protect expertise to properly detect to properly detect and themselves from socially- and respond. respond engineered fraud schemes.

The anti-fraud controls we’ve Today’s fraud schemes evolve We are mired in manual deployed have also proven to too quickly for us to keep processes. impede the online customer pace. experience.

Fraudsters have too much Our employees lack sufficient valid customer information at awareness to protect their fingertips, so they get themselves from socially around our controls to engineered fraud schemes prevent account takeover and origination. Rate of Change Challenges What You See Ahead of Your Bank Fraud Detection

Anomaly: Looking for abnormal behavior (Transactional)

Mistake Normal Abnormal False Positive Fraud?

Predictive Analytics: Using historical data patterns to predict fraud (Behavioral)

Known Fraud Classify incoming data vs Predictive Model as potential fraud or Non Fraud Samples non-fraud

Reported: Using Tip Lines, Cust Service, Branches, Law Enforcement etc.

Fraud Reported Investigated Fed into Above Customer/LE etc. For Example: Account Takeovers

• Anomaly: Your internal fraud detection system detects deviation in deposit or withdrawal activity based on established parameters.

• Predictive Analytics: System establishes normal employee behavior related to customer searches, detects employee viewing abnormal number of customers, potential account takeover predictor.

Reported: Customer discovers transactions and is upset when discovered and reported.

Customers

Higher Risk Customers for Fraud Email Addresses of All Your Customers How Many are on the List of Compromised Emails?

https://haveibeenpwned.com/API/v2#AllBreaches

Fraudulent Act – Opportunity Missed

Debit Card Stolen

What the Ripples Look Like

Purse Stolen Illinois

Bank Branch: Indiana

Debit Card Protect the Account…. ….and the Customer! Amazon is Good! Amazon is Bad! “One of the things Amazon does better than us, they are more customer- centric than we are. They really are.

And one of my takeaways is that, by God, we're gonna become as customer-centric as Amazon. We're gonna import their passion about that.

……I love the passion these guys have around the customer. They put the customer first in everything they do and think backwards. And — we — we're gonna be the same way. Customer at the Center of Your Processes

• Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter

Know how Products ie: Amazon and Services Benefit Suggestions Customer

Can I Trust Do You You? Care?

Customer

Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate CustomerEfforts at the Center of Your Processes Matter Know how Products ie: Amazon and Services Benefit Suggestions Customer

Can I Trust Do You You? Care?

Customer

Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! “Can I Trust You?”

Your Bank’s Products and Services

Does your staff understand the difference between features and benefits of all of your products and services.

Develop product and service rollouts with challenge to staff to:

• Identify at least 2 features of every product and service

• Identify the benefits of the features

• Provide understanding of the intended benefits for your customers

• Encourage staff to solicit feedback from customers and report Fraud Schemes

Criminals place a wedge between the bank and the victim customer over time.

Mitigation Steps Your Staff Can Take:

Criminal Acts 1. Look out for customer’s best interest 2. Provide understanding of what steps they can take and “Can I 3. Encourage feedback from customers Trust You?” If the crook has compromised your customer:

Steps to Take While Interacting with Customer

1. Lead with “I May be wrong, but ….. 2. Provide third party resource information • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter Customer at the Center of Your Processes (Including Fraud Issues) Know how Products ie: Amazon and Services Benefit Suggestions Customer

Can I Trust Do You You? Care?

Customer

Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! Do You Care? • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter Customer at the Center of Your Processes (Including Fraud Issues) Know how Products ie: Amazon and Services Benefit Suggestions Customer

Can I Trust Do You You? Care?

Customer

Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter Customer at the Center of Your Processes (Including Fraud Issues) Know how Products ie: Amazon and Services Benefit Suggestions Customer

Can I Trust Do You You? Care?

Customer

Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! Cyber Security is a Shared Responsibility

35 Fraud Rings ID Thieves Hijacked Devices

Social Engineering Who are Your Adversaries?

Synthetic ID Thieves In Front of Your Bank…..One of Your Adversaries Fraud Today is Like an Amoeba

…a type of cell or organism which has the ability to constantly alter its shape,… Your Fraud Detection System May Be Looking for the Wrong Type of Fraud I recently came across an interesting post on one of the many underground They Know criminal websites I monitor daily. Us Better It is advice intended for fraud managers Than We but posted for fraudsters to read so Know Us they might understand what fraud managers are taught to look for in their work

In other words, fraudsters read what the good guys are looking for to stop fraud and adjust their techniques accordingly. View of Fraud in 2018

*SMG 2018 Faces of Fraud Survey

Cyber Crimes & Email Compromises: Consumer and Business Imperative

44 What is Cybercrime?

…crime that involves the internet, a computer system or computer technology. The computer may have been used in the commission of a crime, or it may be the target.

Source: https://en.wikipedia.org/wiki/Cybercrime

45 The Cost of Cybercrime Cyber-crime Costs are Unprecedented

@ $22 Million per Year Organized criminals are exceptionally well- 90,909 NFL Quarterbacks funded;

the cost of cybercrime 48,000 miles cost $499B in 2016 dollars is expected to reach $2 trillion

this year. Could replicate 4x over with cyber losses

Source: http://www.gartner.com/newsroom/id/2828722; https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#47a242633a91 Photo: sportingnews.com By SPUI - National Atlas, Public Domain, https://commons.wikimedia.org/w/index.php?curid=945257

46 Who is Behind Cybercrime? ....What are Their Motivations?

Org Crime/Fraudsters Hacktivists Nation-States

Theft Disruption Destruction

47 Social Media

48 Issues You Face

Online Identity Threats are More Regulations Education Theft Sophisticated

49 50 Identity Fraud Reached an All-time High in 2017… Continued in 2018

16.7 8% # of identity fraud victims in the U.S. MILLION

For the first time ever, SSNs (35%) were compromised more 35% than credit card numbers (30%) in breaches

$16.8 Amount stolen from U.S. consumers due to identity fraud BILLION

Business Wire - Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study: https://www.businesswire.com/news/home/20180206005363/en/Identity-Fraud-Hits-Time-High-16.7-Million

This Photo by Unknown Author is licensed under CC BY-NC-ND This Photo by Unknown Author is licensed under CC BY-SA-NC

51 2017 Cybersecurity Timeline Yahoo! reveals breach impacted all 3 billion of its users

NotPetya Equifax credit ransomware attack bureau announces Uber disclosed 2016 Apache Struts emerges globally; data breach impacting breach and payment to remote code execution total losses could 143 million consumers; hackers to delete vulnerability reported exceed $1B Apache Struts is cause stolen data

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

WannaCry Honda motor plant Blueborne KRACK WiFi ransomware worm first shutdown due to Bluetooth vulnerabilities $600 billion struck; most notably WannaCry vulnerabilities first disclosed; enables forcing some UK disclosed; exposed attackers to bypass lost to cybercrime hospitals to shut down. nearly all operating WPA2 WiFi security globally in 2017 systems to risk

Lesson learned: The importance of timely patching

Sources: 2017 Year in Review: Cyber-Security Faces Challenges Old and New: http://www.eweek.com/security/2017-year-in- review-cyber-security-faces-challenges-old-and-new Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data: https://www.nytimes.com/2017/11/21/technology/uber-hack.html

52 https://www.consumerreports.org/digital-security/facebook-data-breach-exposed-personal-data-of-millions-of-users/

Recent Issues

53 54 Credential Stuffing – ID Theft

55 Synthetic ID Fraud

SSN Overlap 6.5M New Adults 20 Million

No Victim to Misclassification Report by FI’s as Credit SSN/Fraud Loss

56 Identifying Synthetic Identity Fraud

Credit Non Credit Compare: Credit files easier to manipulate than File Identifiers Non Credit ID files

Analyze: Same SSN on Identity Identity Analyze: Same trade 2 people in market in two Consistency Uniqueness info for hundreds of multiple addresses in Address vs different names/SSN’s your database? Consistent? Intersection

How Did Identity Research: Transaction Identity Transactions behavior. Emerge

57 Professional License

Source of Property Records Identity Factors: School Registrations

Not Bankruptcy Generally Fraud Voter Registration

Boat Registration

58 Credit Bureau Header - New

Source of Deceased Identity

Factors: Non Confirmed DL Info

Fraud Input DOB after Issue Date of Indicators SSN (After June 25, 2011 – Random)

Consumer on One Credit Bureau Only

59 Synthetics Can’t Attend Family Reunions

No parent Multiple apps with New address No Sibling same SSN, and with short No child multiple addresses credit history

60 Synthetic ID

61 Business Email Compromise (BEC) Diverting the Money

1. An employee of a business has their email hacked Often this is a vendor/partner of entity in control of funds

2. Email accounts of high-level business executives are compromised Hackers know nuances of target’s behavior, grammar, schedule, etc

3. A business is asked to wire funds for invoice payment to an alternate, fraudulent account

Verifying wire by bank is not enough, must confirm “credit to” information

62 Email Compromises: The New Form of “Identity Theft”

Spoofing Hacking

Business Vendor Business Email Email/Invoice Email Hacking Hacking Spoofing

@reche1group.com @rechelgroup.com @hpdata.com Business Email Compromise (BEC) Red Flags of Deception

17% increase in BEC attacks last year

Average number of people targeted in an organization; 13 Attacks are typically low in volume, but more people are being targeted across more units and more identities are being spoofed

of BEC messages contain the word “payment” in the subject line; 33% (Most attacks are designed with wire transfer fraud in mind)

of all email fraud attacks use “fake email chain” messages, to give 11% a realistic experience and appear more credible

This Photo by Unknown Author is licensed under CC BY-NC-ND

64 Insider at Heart of $1.8 Billion Fraudulent Transfer

Recent Headline – Risks Inside Your Bank

65 Internal Fraud and Cyber Security

• Typical organizations lose 5% of revenues each year to internal fraud • The higher the perpetrator’s level of authority, the greater fraud losses tend to be • Most fraud attempts go undetected for an average of 18 months • 87% of occupational fraudsters have never been charged or convicted of a fraud-related offense • Organizations with hotlines are much more likely to catch fraud by a tip

66 Finance Director 16 Month Embezzlement 20 Yr Employee No Prior Issues Detected by Bank

Internal On-Line Banking Scam November 2018

This Photo by Unknown Author is licensed under CC BY-SA

67 Internal Fraud

• Typical organizations lose 5% of revenues each year to internal fraud • The higher the perpetrator’s level of authority,  Separation of Duties the greater fraud losses tend to be • Most fraud attempts go undetected for an average  Reconciliation Functions of 18 months

• 87% of occupational fraudsters have never been  Analyze Resumes charged or convicted of a fraud-related offense • Organizations with hotlines are much more likely to catch fraud by a tip  Establish referral process

68 69 FFIEC, FINRA, SEC, FTC

70 Customer Due Diligence FinCEN’s final rule on CDD became effective July 11, 2016, with a compliance date of May 11, 2018.

The rule codifies existing supervisory expectations and practices related to regulatory requirements and therefore, nothing in this final rule is intended to lower, reduce, or limit the due diligence expectations of the federal functional regulators or in any way limit their existing regulatory discretion.

71 72 Fraud Prevention and Your Customers

Devices Up to date patches and virus/spyware, Register similar domain names

Passwords Unique passwords for FI, Password Managers

Web DO NOT access confidential sites via public networks

Social Networks Limit distribution of personal information (DOB, SSN, plans)

Email Accounts Delete emails with financial data after use, separate personal and FI email

Financial Accts Review statements regularly, do not click on links, avoid money movement patterns

73 Fraud Prevention and Your Staff

Client Educate customers with consistent updates from your staff, risks of 3rd Education parties

Staff Education Educate staff about cyber perils as part of a regular program

Web DO NOT access client information via public networks Access

Company Networks Limit access authority, review password protocols, delete former employees

Accounts Limit the authorizations to move money and systems are secure

Fraud Utilize tools (people and tech) to monitor for suspect transactions Detection

74 Cyber Insurance

75 Loss Mitigation Services

Cyber insurance can provide services that include:

Incident response services: Breach coaching, legal fees, forensics, notification costs, credit monitoring, public relations

Cyber insurance can provide protection for:

Ransom/extortion Business interruption/loss of profits Social engineering Network liability: Failure to prevent transmission of viruses, etc. Privacy liability: Failure to protect private information Regulatory proceedings Media liability

76 Email Spoofing and Bogus Instructions Usually Not Covered - Advise Your Business Customers to Ask About Coverage for Employees Being Duped into Transferring Money to Fraudsters

This Photo by Unknown Author is licensed under CC BY-SA-NC

77 Know the Details Your Coverage Aqua Star versus Travelers Insurance – 9th Circuit Court

78

Account Takeovers – Debit Cards and…. Informed Delivery New Debit Card Fraud Hit ATM’s From North to South Within Minutes of Texts Suspects Arrested From Miami Another Exploitation of new technology – Informed Delivery

Informed Delivery Informed Delivery Credit Freeze Can Stop Enrollment? July 2, 2018 Debit Card “Reported Fraud” Log Reviewed

High Volume of Cash Withdrawals

Common Point of Use at ATM in Warren, MI Video from Before the Earliest Date of Customer Using ATM and Customer Reporting Fraud

June 29, 2018 Deep Insert Skimmer (Shimmer) Deep Insert Skimmers June 29, 2018 White Male #2 Removing the Skimmer Counterfeit Cards Used One Day After the Skimmer is Removed

182 Different Debit Cards and PIN’s Compromised

55 of 182 Used in a 1 Week Period What Does Skimming Look Like to Your Branch Personnel?

Opened New Ckg Acct in Actual Name with Police Chase –Lose the Out of State DL Suspect But Get the Used Debit Card to Issued a Debit Card License Plate Rent Hotel in Nevada

Skimmer Detected by Branch Personnel

Rented a Car and Used Debit Card to Pay for Rental Police Stake Out ATM

Deposited Cash to New Account Began Skimming on ATM’s in the Area What Skimming Looks Like to Customer When They Complain to You

https://local12.com/news/local/dozens-of-park-national-bank-customers-report-fraudulent-activity Media Jumped on “Hacking” Story...Not Skimming

97 Fraud Targeting Your Elderly Customers

98

Published January 29, 2019 Potential Victims at Your Bank

Red Flags: Which Accounts Will be Victimized? UNDERSTANDING FRAUD Red Flags They Generate

Phony Bank Examiner Scam Acronym “Word Cloud” Acronym “Word Cloud”

Elder Financial Exploitation……………………………….. EFE Elder Financial Abuse………………………………………… EFA Adult Protective Services……………………………...….. APS Area Agency on Aging ………………………………………. AAA Financial Industry Regulatory Authority…….……… FINRA Federal Trade Commission…………………………...….. FTC Consumer Financial Protection Bureau..…………… CFPB Financial Crimes Enforcement Network……..…….. FinCEN Suspicious Activity Report ……………………………..… SAR Email Account Compromise …………………………….. EAC Business Email Compromise ……………………………. BEC Red Rover Targeting the Weakest Link

Phantom Riches Promise of unforeseen riches made to victim: (“You have been chosen…)

Reciprocity Offering to do a small favor for the victim in return for a How Do large favor. Fraudsters Source Credibility Building credibility by claiming to be with a reputable Con firm or having credentials.

Victims? Social Consensus Leading the victim to believe that other savvy investors have already invested.

Scarcity Creating a false sense of urgency by claiming limited supply. Fraud Committed by Strangers Grandparent Scam Senate Hearing January 2019 If You Want to Listen In to Understand How Persistent The Con Artists Are…. Fraud Committed by Family/Caregivers 1980 Median Age 30

2000 Median Age 35.3

2016 Median Age 37.9 Customers

At Risk Customers in Law Enforcement Your Bank

Cross Other Financial Institutions Organizational Intelligence Regulatory Agencies Physical Disabilities (Mobility, as well as hearing) Risk Factors: Cognitive Decline (Aging or disease) Elderly Customers Isolation (Limited interaction)

Loss of Loved Ones (Spouse, Children, Caregiver) Fluid intelligence enables us to hold multiple distinct pieces of information in our mind and to apply rules or logic to them to reach a decision.

Fluid Thus, a decline in fluid intelligence Intelligence* can make it more difficult to manage money and make financial decisions.

This explains why the elderly are at risk of prey to financial exploitation.

*Joyce Lee, Penn Memory Center, Federal Reserve Challenge Financial Leaders to Take Steps to Protect Wealth of Older Adults, penn MeMory center, http://www.whealthcare.org/ FinCEN Added “Elder Financial Exploitation in 2011

SAR Reporting of Elder Financial Exploitation

• Suspicious activity is selected by category of suspicious fraud transaction

• Potential victim should not be listed as “Subject”

SAR Narrative

• Use this portion of the SAR to describe transactions and include the term “elder financial exploitation” in the narrative CFPB Added Advisory in 2016

Recommendations • Develop, implement, maintain procedures

• Train management and staff

• Detect elder financial exploitation by harnessing technology

• Report suspicious activity as required

• Protect older account holders

• Collaborate with other stakeholders In 2017 Red Flags

Two General Areas of Activity

– Account Activity

– Behavioral Activity Account balance: Is the account decreasing? Considering past activity does the speed of change make sense?

Account access: Have new individuals been granted access to the customer’s account?

Uncommon transaction types: Are they banking via methods that are unusual given their past activity?

Odd spending behavior: Based on their past activity, has their spending changed?

4 Common Red Flags of EFE Additional Red Flags Operational Issues

Erratic or unusual banking transactions, or changes in banking patterns:

• Frequent large withdrawals, including daily maximum currency withdrawals from an ATM; • Sudden Non-Sufficient Fund activity; • Uncharacteristic nonpayment for services, which may indicate a loss of funds or access to funds; • Debit transactions that are inconsistent for the elder; • Uncharacteristic attempts to wire large sums of money; • Closing of CDs or accounts without regard to penalties. Additional Red Flags Retail / Behavior Issues

Interactions with customers or caregivers: – A caregiver or other individual: • shows excessive interest in the elder's finances or assets, • does not allow the elder to speak for himself, or • is reluctant to leave the elder's side during conversations; – The elder: • shows an unusual degree of fear or submissiveness toward a caregiver, or • expresses a fear of eviction or nursing home placement if money is not given to a caretaker; Interactions

THE FINANCIAL INSTITUTION IS UNABLE TO SPEAK A NEW CARETAKER, RELATIVE, OR FRIEND DIRECTLY WITH THE ELDER, DESPITE REPEATED SUDDENLY BEGINS CONDUCTING FINANCIAL ATTEMPTS TO CONTACT HIM OR HER; TRANSACTIONS ON BEHALF OF THE ELDER WITHOUT PROPER DOCUMENTATION; Interactions

The customer moves away The elderly individual's The elderly customer lacks from existing relationships financial management knowledge about his or her and toward new associations changes suddenly, such as financial status, or shows a with other "friends" or through a change of power of sudden reluctance to discuss strangers; attorney to a different family financial matters. member or a new individual; Tip From A Bank Who Established a New Role to Screen for EFE Customer / Victim Concerns

• Fear That Reporting Will Lead To Loss Of Legal Or Financial Control;

• Feeling That Reporting Wouldn’t Make A Difference;

• Threats And Intimidation From The Perpetrators;

• Loss Of Esteem Or Prestige In A Victim’s Social Group;

• Concern That Reporting May Culminate In A Family Member Or Friend Being Arrested; Or Sent To Prison, Which Is Particularly Concerning If The Individual Is Dependent On The Exploiter;

• Lack Of Confidence In The Ability Of Authorities To Respond Tips for a Customer Centered Approach

• Express empathy and understanding • Acknowledge inconvenience beyond the incident • Provide comments that acknowledge power of persuasion tactics used by scammers. • Do not talk to victim as “stupid” • Provide assistance beyond bank’s “silo” INFORMED DELIVERY Informed Delivery Fraud Checklists and Resources Oher Assistance and Resources

Assess the victim’s need for referral to other professionals, including: • Federal Trade Commission • Adult Protective Services; • Legal aid or other civil attorneys; • Not-for-profit consumer credit counseling; • Mental health support; and • Medical care or evaluation, especially if there are concerns about a victim’s physical or mental capacity.

https://www.bulkorder.ftc.gov/publications/identity-theft-recovery-plan

Identity Theft Resources

• Annual Credit Report (free) www.annualcreditreport.com

• Federal Bureau of Investigation www.fbi.gov/investigate/white-collar-crime/

identity-theft

• Federal Trade Commission’s IdentityTheft.gov www.identitytheft.gov

• Identity Theft Resource Center www.idtheftcenter.org

• Internal Revenue Service Identity Protection Specialized Unit

www.irs.gov/uac/identity-protection (800) 908-4490

• National Crime Prevention Council Identity Theft Prevention

http://archive.ncpc.org/topics/fraud-andidentity-theft.html Identity Theft Resources

• National Identity Theft Victims Assistance Network www.nitvan.org

• National Opt-Out Hotline www.ftc.gov/privacy/protect.shtm (888) 5-OPT-OUT

(888) 567-8688

• OnGuardOnline.gov www.onguardonline.gov

• Social Security Administration Fraud Hotline

www.ssa.gov/fraudreport/oig/public_fraud_ reporting/form.htm (800) 269-

0271 | (866) 501-2101 (TTY)

• U.S. Postal Inspection Service Identity Theft Site

https://postalinspectors.uspis.gov/ investigations/MailFraud/fraudschemes/

mailtheft/IdentityTheft.aspx http://victimsofcrime.org/our-programs/financial-crime-resource-center/fraud-resources Fraud Reporting / Prevention Resources

• Hotline for Seniors to Report Fraud www.aging.senate.gov | (855) 303-9470

• AARP Fraud Watch Network www.aarp.org/fraudwatchnetwork

• Better Business Bureau BBB Scam Tracker www.bbb.org/scamtracker BBB Scam Tips www.bbb.org/scamtips

• Consumer Financial Protection Bureau (CFPB) www.consumerfinance.gov

• Elder Justice Initiative, U.S. DOJ www.justice.gov/elderjustice | (800) 677- 1116

• FTC Complaint Assistant www.ftccomplaintassistant.gov (877) 438-4338

• Financial Fraud Enforcement Task Force www.stopfraud.gov

• FINRA: finra.org/seniorhelpline

• Internet Crime Complaint Center www.ic3.gov Fraud Reporting / Prevention Resources

• National Adult Protective Services Association www.napsa-now.org/get-

help/help-in-your-area (202) 370-6292

• National Center for Victims of Crime www.victimsofcrime.org

• National Center on Elder Abuse https://ncea.acl.gov

• National Crime Victim Bar Association www.victimbar.org | (844) LAW-HELP

• National Consumers League www.fraud.org | (800) 876-7060

• OnGuardOnline.gov www.onguardonline.gov

• Public Investors Arbitration Bar Association www.piaba.org

• VictimConnect Resource Center www.victimconnect.org | (855) 4-VICTIM Fraud Prevention and Mitigation

Today Near Future Future Goal

Channel Multi-Channel Omni-Channel Monitoring Monitoring Monitoring

. Alerts for transactions in . Alerts for transactions in . Monitoring across all aspects of channel silo. multiple channels. customer relationship

. Some customer data used to . Some customer data used to . Some customer data used, combined resolve. resolve, with limited use of 3rd with outside intelligence. party intelligence. View of Your Customer Demographics Date of Birth

Customer Svc Data Marital Status

Mobile/Online Data Family Contacts

Transactions Preferred Communications KEEPING UP WITH CUSTOMERS’ LIVES – Science Soft

1. Determine frequently used fields.

Default customer profiles usually include a number of fields that employees may never use. Instead of trying to fill in all the fields, it’s better to focus on the most valuable customer data and try to keep it up to date.

2. Implement constant checks of customer data.

Every time a bank gets a new letter, e-mail or any other form of incoming data from customers, bank consultants should take the opportunity to compare information in customer e-mail signatures or addresses with the data in CRM. Even if there are no changes, employees should update the last review date.

3. Inform sales force to update CRM.

Apart from optimizing operational processes, an up-to-date CRM system can facilitate sales process and thus increase commissions of a bank’s sales representatives. Therefore, banking executives should clearly communicate their sales team the necessity of keeping CRM data squeaky clean. Integrating Systems – Enterprise Wide View

Detection System

Session initiated Preauthorized Unusual amt of Wired deposits Unusual # of calls Signor added to from Suspicious IP Draft Posts to Debit Card use from multiple inquiring on DDA Signor related DDA accts acct

Internet Checks ATM’s Wires Calls Employees

Account Touchpoints and Channels Resources for Staying Current with Changing Fraud Dynamics

146 https://myonlinesecurity.co.uk/ Transition to Physical Security Issues

Physical Fraud Security Dealing with Active Threats: From a Bank Perspective Prepare Before an Event Objectives

1. Learning from Active Shooter Incidents

2. Preparing for Active Threats

3. Responding to an Active Shooter

4. Coping with an Active Shooter Incident

Armageddon Event at Bank Immediate Statement What is an Active Shooter Incident?

• An Active Shooter Incident is an incident that involves an individual that is actively engaged in killing or attempting to kill people in a confined and populated area and there is no pattern or method to their selection of victims. • Active Shooter Incidents are very dynamic events that are usually over in 15 minutes. • Active Shooter events usually end upon the death of the Active Shooter either by suicide or police engagement. • 98% of Active Shooter Incidents are carried out by one attacker. • Less than 1/3 of Active Shooter Incidents occur at a school • Over 1/2 occur in the workplace. Law Enforcement Response

•During an Active Shooter event, the primary goal of Law Enforcement is to stop the Active Shooter. •Police officers will bypass injured people and anyone that is not a threat until the threat is eliminated. •Officers will likely be shouting orders and may push you towards the exit or the ground. • Remain calm and follow instructions • Keep your hands open and visible • Avoid approaching the Officers unless directed Perils to Employee Safety

Customer Robberies Conflicts

Terror/Civil Unrest Employees Employees

Domestic Mental Illness Violence

Drugs Alcohol •Fantasy Stage THE FIVE STAGES •Planning Stage OF AN ACTIVE •Preparation Stage SHOOTER •Approach Stage •Implementation Stage FANTASY

Stage 1 Fantasy •During this stage the shooter pictures himself doing the shooting. He fantasizes about the headlines he will receive. He fantasizes about the news coverage. •He might draw pictures of the event and make Web site postings. • Would-be Active Shooters in the Fantasy Stage will often discuss their desires with friends and foes alike. •If news of these fantasies is passed on to law enforcement, police intervention can take place prior to the suspect acting on them. In this case there will be zero casualties. Stage 2 Planning Stage

In this stage the shooter is deciding on the "who, what, when, where and how" of his day of infamy.

He will often put his plans down in writing.

PLANNING He will quite often discuss his plans with others.

He will plan the time and location to ensure the most victims, or in some cases to target specific victims.

He will determine the weapons he will need and where he will get them.

He will decide how to travel to the target area and how to dress to conceal his weapons without arousing suspicion. Stage 3 Preparation Stage •During this stage the shooter will buy, beg, borrow and steal items that he needs for the event. •He might buy guns and ammo. •He might purchase materials for explosives, which when observed separately look innocuous, but when combined is deadly. •He often steals what he cannot buy, often PREPARATION stealing from family members. •He will assemble his improvised explosive devices and train with his weapons. He may detonate some explosives to insure that they will work. •The active shooter will visit the sites he will attack and do drawings and schematics of the areas. He will conduct reconnaissance as if he is is preparing for a military operation. OCT 18, 2018

Saw Something….Said Something …During Stages 1-4

Police caught up with Jarrell as he was pulling out of his driveway.

He had a gun, more than 200 rounds of ammunition, a 100-round high capacity magazine, a Kevlar vest and a detailed plan of attack on two school districts -- Anderson County Schools and Shelby County Public Schools.

Police said evidence suggested Jarrell was heading to a school Stage 4 Approach Stage

•When the subject is approaching the target, he will be very dangerous, because he has his eyes on the prize. APPROACH •He has made his plans, armed himself and he has made his decision to kill. •He may be walking, riding, or driving to the target carrying his implements of death. Stage 5 Implementation Stage

•When the active shooter opens fire immediate action needs to be taken. •The ingredient that ties all of these incidents together is the IMPLEMENTATION active shooter will continue to shoot until: • he runs out of victims or ammunition, or •is stopped by his own hand or •an effective and efficient act of courage. Perils to Your Employees’ Personal Safety

Criminal Perpetrators Customer Conflicts

Terror/Civil Domestic Unrest Violence Bank Spillover Employee

Co-Worker Mental Illness Conflict

Drugs Alcohol Perils to Your Employees’ Personal Safety

Customer Conflicts Criminal Perpetrators

Terror/Civil Domestic Unrest Bank Violence Employee Spillover

Co-Worker Mental Illness Conflict

Drugs Alcohol Perils to Your Employees’ Personal Safety

Criminal Customer Perpetrators Conflicts

Terror/Civil Domestic Violence Unrest Bank Spillover Employee

Co-Worker Mental Illness Conflict

Drugs Alcohol Perils to Your Employees’ Personal Safety

Criminal Customer Perpetrators Conflicts

Terror/Civil Domestic Unrest Violence Bank Spillover Employee

Mental Illness Co-Worker Conflict

Drugs Alcohol Alison Parker and Adam Ward – Murdered in 2015 Revenge Victims of 2013 Fired Employee Perils to Your Employees’ Personal Safety

Criminal Customer Perpetrators Conflicts

Terror/Civil Domestic Unrest Violence Bank Spillover Employee

Co-Worker Mental Illness Conflict

Drugs Alcohol Perils to Your Employees’ Personal Safety

Criminal Customer Perpetrators Conflicts

Terror/Civil Domestic Unrest Violence Bank Spillover Employee

Co-Worker Mental Illness Conflict

Drugs Alcohol Perils to Your Employees’ Personal Safety

Criminal Customer Perpetrators Conflicts

Domestic Terror/Civil Unrest Violence Bank Spillover Employee

Co-Worker Mental Illness Conflict

Drugs Alcohol Employees Not Sure What to Do

Back of the Bank Hostages Held in Right Corner SWAT Storms Branch Unusual interest in information about security measures

Observing public safety response

Discreet use of cameras, sketching, and note taking

Pre-Attack Repeated visits (may try to disguise Indicators appearance)

Attention to or avoidance of security systems

Inappropriate clothing for the season

Tactical gear Two Points to Decide What to Do

Action Point

•The moment an individual recognizes a red flag •Talk to the person •Report to your supervisor and/or police

Fantasy Planning Preparation Approach Implementation

Flash Point • The moment the violence occurs • Too late for prevention • Often someone identified indicators, but never reported them Training Should Emphasize Survival Mindset

1. Awareness

2. Preparation

3. Rehearsal

Run

• If you can escape, do so. • Exit the kill zone using cover and concealment. 9:06:19 • Direct others to evacuate, but do not try to convince them • Keep your hands visible to Law Enforcement and follow their instructions. • Do not interfere with Law Enforcement • Do not attempt to move wounded 9:06:35 people • Call 911 when safe to do so Hide

• If safe evacuation is not possible, find a place to hide. • Be out of shooter’s view (concealment) • Provide protection if shots are fired (cover) • Not trap you or restrict your options for movement • Blockade the door • Remain quiet and silence your cell phone • Call 911 if safe to do so • Be wary of letting anyone else in Cover and Concealment

Cover is anything which is capable of physically protecting an individual from gunfire.

Concealment is an object or area which only affords being hidden from view. Fight

• You may have to fight for your life. • Use Speed, Surprise, and Violence of Action • Use weapons or improvised weapons • Use the Buddy System • Commit to your actions until the Active Shooter is no longer a threat. Quick Recap

STAGES Criminal Customer Perpetrators Conflicts Fantasy Stage Planning Stage Domestic Terror/Civil Preparation Stage Violence Unrest Approach Stage You Spillover Implementation Stage

Mental Co-Worker Illness Conflict

Drugs Alcohol

Action Points and Flash Points The Rechel Group, Inc.

Active Threat Facilities Overview The Rechel Group, Inc.

III. Considerations

The suggestions and ideas for consideration should not be taken as recommendations, but rather concepts for implementation consideration based upon further detailed review of the ideas, their feasibility, applicability and effectiveness. The Rechel Group, Inc.

IV. Ideas for Discussion

The following ideas have been developed for discussion purposes only, and are not presented in any order of significance, and as previously indicated, the ideas presented should not be considered as recommendations for implementation by ABC Bank.

The Run, Hide, Fight model principles include evacuation as the primary first response, followed by hiding, and if necessary, fighting.

Identified secured areas suggested in this report are designated as being more secure relative to being in the open area of the facilities and are not designated as being secure from the totality of threats. This distinction should be included in any training provided to employees.

It should also be noted that having multiple secured areas available, if possible, is important relative to the threat of a disgruntled employee, or ex employee who may use their “inside knowledge” to try to block access to a single secure area as part of an active shooter event. The Rechel Group, Inc.

IV. Ideas for Discussion

1. Establish, all evacuation options for Main Office personnel, and conduct walk through. 2. Provide training on “Shelter in Place", also referred to as “Hide” locations, for all personnel. 3. Establish numbering system for rooms and exterior doors. 4. Establish communications protocol for reporting “red flag” behavior of potential violent acts. 5. Evaluate communication options for emergency scenarios for both locations. 6. Create “Crimewatch” or “SafetyWatch” Network with Neighbors 7. Establish enhanced physical security options at various branch: • Teller Line Iron Work • Add Exit Door to Back • Reconfigure Door Lock at Teller Line to Use Vault as Shelter Area 8. Distribute inside locking devices for feasible shelter in place locations The Rechel Group, Inc.

1&2. Evacuation and Shelter in Place (Hide) Guidance The Rechel Group, Inc.

3. Establish Numbering System for All Rooms The Rechel Group, Inc.

4. Establish Communications Protocol for Reporting “Red Flag” Behavior The Rechel Group, Inc.

Communications Protocol of Potential Threats

• It is important that ABC Bank employees understand the importance of reporting behavior that could be classified as suspicious or of potentially violent behavior.

• Customers making veiled or direct threats • Co-workers exhibiting “red flag” behavior as detailed in the following slides

• Establish method to report the behavior and protocols to alert all necessary personnel, at Main Office and at various branches. The Rechel Group, Inc.

5. Evaluate Communication Options for Emergency Scenarios The Rechel Group, Inc.

Considerations for All Locations

Improved Communications of Active Threat Conditions

Issue: The Main office is constrained in communicating an active threat to other employees in the building, due to its size and configuration, while the various office would have difficulty observing suspicious activity prior to entry into the small branch.

a. There are some communication options available, with features that would address the Main Office configuration, while being ineffective for the various Branch. These options are identified below, and further explained in the table on the following page.

Text message from ABC Bank Security Officer Standardized Message Call to All Employees Cell Phones Automated Phone App Active Threat Pull Box Alarm (similar to Fire Alarm Box) The Rechel Group, Inc.

Communications Options

Item Comments

Main variou PROS CONS Office s

Text Effective for communicating detailed/specific information, Time consuming to gather accurate information before sending Messaging such as: text alert messages. Alert System • Initiate Lock Down of Building Centralized process required is not effective for locations • Initiate Run, Hide, Fight Protocols without centralized monitoring. • Shots fired in Bookkeeping Area– 2nd Floor XX • Active Threat on Mezzanine – Main Office Employees must have access to phones while working at • Remain Quiet – Set Phones to Silent assigned location and/or position. • Police Have Been Contacted Texts may be received in public areas if employee is not working.

Voice Mail Effective for communicating detailed/specific information, as Same as above with added disadvantage related to the Alert indicated for text messaging. requirement that all employees must take steps to answer Message their phones with additional steps or alerting perpetrators if May be easier for some to use than text messaging system. the employees have not placed phones on silent. XX

May be monthly or annual subscription fees.

Phone App Effective for decentralized notification of active threat. Initial notification is general in nature ie “Active Shooter” in (ie. All Clear Eliminates the delay or inability of affected employees to building. System) notify centralized text/VM personnel. Monthly subscription cost. More flexibility in managing messages during a crisis. XX Allows for accounting of personnel during the crisis.

Active Alert system can be implemented with All Clear entry and exit procedures to eliminate physical signal inefficiencies.

Pull Box Effective for large, more complex office configurations Alerts can only be initiated at pull alarm stations, which may Alarm not be readily accessible during event. Alerts all occupants of the building of an active threat condition without the need for other device such as cell phone. Requires significant physical installation issues be addressed X N/A during installation of wiring and pull boxes.

Is not effective for monitoring changing conditions during emergency, or for branch locations. The Rechel Group, Inc.

Communications Options (Sample of Vendor Options) The Rechel Group, Inc.

Consider Utilizing Pilot of “All Clear” at various

http://www.allclearsystem.com/ The Rechel Group, Inc.

Pull Box Alarm for Active Threat The Rechel Group, Inc. Consider Use of Video Surveillance Sign as Potential Additional Deterrent

• While Active Shooters with a suicidal mindset are not concerned with video, other categories of threats such as robberies and some workplace violence scenarios may be prevented with the presence of video surveillance, and prominent signage to inform potential perpetrators. The Rechel Group, Inc.

6. Create “Crimewatch” or “SafetyWatch” Network with Neighbors The Rechel Group, Inc.

Considerations for Both Locations

Coordinated Commercial Block Watch – “SafetyWatch” with Adjacent Stakeholders Issue: All locations are vulnerable to potential perpetrators using adjacent properties to surveil, stage, and use as escape routes. a.To create an extended “deterrence halo” around each of your locations, it may be of benefit to create a personal connection with your commercial neighbors as part of a crime prevention “blockwatch”, one in which employees of adjoining properties take ownership for the safety of theirimmediate neighbors via an organized program. It could be marketed as “SafetyWatch” or something similar, that has the managers of the nearby businesses sharing contact information in the event they need to share information about suspicious behavior in the immediate area around their buildings as well as the bank.

Text messages could be immediately exchanged and/or short monthly meetings utilized to connect with commercial neighbors on a variety of security related issues all neighbors may be experiencing. Creating an informal name for the program serves to unite the parties, as well as providing the context to what employees should and can watch for. All of this would be coordinated with the local police department, and activity that rises to a level of needing police response and involvement would be established. The bank may want to sponsor an annual small reward program that recognizes the efforts to prevent a crime, as opposed to the Crimestoppers program which provides rewards after the crime. The “Safety Watch” program would compliment Crimestoppers, not eliminate it, as both concepts are important in overall crime reduction. The Rechel Group, Inc.

7. Establish Enhanced Physical Security Option at various Branches: The Rechel Group, Inc.

Options – Add Exit Door or Add PIN Lock to Teller Side of Door The Rechel Group, Inc.

Add Monitor to Office to Observe Exterior Place on wall to be used by lobby personnel as well as office occupant. The Rechel Group, Inc.

8. Utilize Creative Locking Supplements for Designated Safe Rooms The Rechel Group, Inc.

Examples of Creative Locks to Supplement Door Locks

• Wooden wedge • Poles • Clasp locks • Door Bull Locks (or similar) on inward opening doors on Certain Designated Hiding Places https://thedoorbull.com/products/the-door-bull The Rechel Group, Inc. The Rechel Group, Inc.

IV. Ideas for Discussion (cont’d.)

A. Considerations for Both Locations Place “Time Delayed Vault Door” Signage Issue: Both locations could improve the deterrent value of the time delay vault system by extending the notification by adding additional signage on day gate located at each branch.

Time Delay Vault Bank Robbery Roundtable 5508 Bank Branches per FDIC Years 2000-2017 No Matter what your branch looks like… the perils remain… but the risks evolve as technology advances Risk Management Cycle

1. ID THE PERILS

4. REVIEW YOUR 2. ESTABLISH WHAT SECURITY NEEDS TO BE MEASURES AND PROTECTED AND SECURITY PLAN YOUR ANNUALLY VULNERABILITIES

3. ID THE MEASURES AVAILABLE TO REDUCE RISK (SECURITY IMPROVEMENTS/SECURITY PLANS ) Branch Security Features

Robbers Encounter Locked Doors Bank Manager Holds Door Shut on robber A Risk When Conducting Mock Robberies Thank You

Jim Rechel The Rechel Group, Inc. Cincinnati, Ohio 45224

513-521-1860 [email protected]

225