ACH/Wire Fraud Technology Update

Internet Fraud and Risk Update

Bethany Arnold M&T Bank Vice President, Treasury Management Consultant

Member FDIC Agenda

• Understanding Payment Fraud and liability

• Understanding corporate account takeover fraud and the threat it presents

• How to protect yourself, and your company

• Questions & Answers Disclaimer

• This presentation is intended for information purposes • Customers should contact their Information Technology provider to determine the best way to safeguard the security of their computers and networks • Customers should familiarize themselves with their institution’s account agreement and understand their liability for fraud as ACH and Wire transactions are regulated under the Uniform Commercial Code Understanding the Risk Key Findings from the AFP Payments Fraud Survey 60% of organizations experienced attempted or actual payments fraud

Of those impacted by payment fraud…

…82% reported that checks were targeted

…43% reported that commercial cards were targeted

…27% reported that the number of fraud incidents increased

The typical loss due to Payments Fraud was $23,100 HIGHLIGHTS

Source: 2014 Association for Financial Professionals Payments Fraud and Control Study Payment Fraud Risks

Check Fraud • Counterfeit checks and alteration of stolen checks

ACH Fraud • Unauthorized Automatic Clearing House or Electronic Funds Transfers

Wire Fraud • Account Take Over • Email Compromise

Payment Fraud Liability • Uniform Commercial Code (UCC)

5 The Internet Today 1.8 Billion Users and Growing

Western Europe North America

Russia / Eastern Europe Asia

Radio: 38 years to reach 50 million people Facebook: 2 years to reach 50 million people Cyber Fraud

Crimeware • Zeus, Clampi, Gozi, Spynet: - Fast-growing family of crimeware in use today by organized crime rings

• Crimeware can act like a virus, but has advanced features: trojan horse, keystroke logging, remote control, screen capture, instant messaging.

7 Crimeware infection - Spear Phishing Malware Delivery Disguised as ACH Warning

Malware Download Corporate Account Takeover Fraud How to Protect Yourself and Your Business “Don’t be scared, just be aware” • Ensure your internal staff is aware of the risks and operates with safe computing best practices in mind • Be aware what your banking sites normally look like • Run up-to-date Endpoint/Internet Protection Software • Run up-to-date host based firewall software • Patch third-party software – Adobe, Java, QuickTime • Activate a “pop-up” blocker on Internet browsers to help prevent web-based intrusions How to Protect Yourself and Your Business

• Review your credit report/banking transactions regularly • Use fraud prevention and detection services offered by your Bank: Payee Positive Pay, ACH block, etc. • Limit staff Administrative access to privileges on the PC and bank products used to conduct transactional activity • Use a stand-alone PC for banking transactions • Add “Dual Administration” for money movement applications to reduce internal fraud with better control over user permissions and transaction auditing • If you accept credit/debit card payments, become and remain compliant with Payment Card Industry standards Questions, Answers and Useful links

• browsercheck.qualys.com

• www.ic3.gov The 21st Century Holdup

• Questions?