Upload
varun-reddy
View
217
Download
0
Embed Size (px)
Citation preview
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
1/14
Corporate Security &
Business Continuity
DB Staff BriefingFraud Awareness ProgramDated: Oct 2006Recognize it, Report it, Stop it!
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
2/14
CSBC date page 2
Corporate Security & Business Continuity
Introduction
Purpose
To raise DB staffs awareness on the recent fraud trends and provide
advisory on fraud prevention measures. Stopping fraud before it happens is the ultimate goal of a successful
prevention and awareness program .
Agenda Revisiting Fraud.
Impact on the Bank.
Recent Fraud Scams.
Countermeasures against Fraud.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
3/14
CSBC date page 3
Corporate Security & Business Continuity
Revisiting FraudWhat is Fraud?
Fraud consists of any false representation of a matter of fact whether by words, orby conduct, by false or misleading allegations or by concealment of that whichshould have been disclosed, which deceives or is intended to deceive another sothat he shall act upon that information, or attempts to do any of the above.
(Source - DB Group Anti Fraud Policy)
Fraud can be accomplished through the aid of fraud objects.
Fraud Objects
Forged Letters of Credit.
Forged Banks Guarantee.
Altered Cheque.
Skimming (Credit Card / ATMs).
Internet Scams.
Forged Invoices / Signatures.
Identity Thefts (Personal / Corporate).
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
4/14
CSBC date page 4
Corporate Security & Business Continuity
How does this impact the Bank?
Fraudulent schemes present a substantial risk to the bank and itscustomers.
Millions of dollars could be lost to fraudsters. To combat fraud, programs are developed to educate staff and
customers about fraudulent schemes and how to avoid them.
Implementing appropriate security controls to help mitigate the risks
associated with frauds, e-mails and Internet-related fraudulent schemesare necessary.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
5/14
CSBC date page 5
Corporate Security & Business Continuity
Where is information available?
Information Source
Credit card applications.
Loan applications.
Bank statements.
Employment records.
Medical records.
Education records.
Data warehouses.
Internet.
Vishing - Telephony.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
6/14
CSBC date page 6
Corporate Security & Business Continuity
Recent Fraud Scams Phishing.
Vishing.
ATM Skimming.
Fake Letters of Credits/ Banks Guarantee.
Altered Cheque / Cashiers Order.
Credit Card Fraud.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
7/14
CSBC date page 7
Corporate Security & Business Continuity
Phishing
Artificial Word from Password Fishing.
Attack on personal information for identity theft.
Emails are used to direct users to spoofed websites or solicit forinformation.
Attacks on user-ids, data, PINs, TANs etc.
Not a new kind of attack but with increasing perfection.
Industry experts predict there will
be86,00086,000global attacks this year!!
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
8/14
CSBC date page 8
Corporate Security & Business Continuity
PhishingCounter-measures
Never provide personal financial information, including yourSocial Security number, account numbers or passwords, overthe phone or the Internet if you did not initiate the contact.
Never click on the link provided in an e-mail you believe isfraudulent. It may contain a virus that can contaminate yourcomputer.
Install a firewall & anti virus protection on your homecomputer.
Do not be intimidated by an e-mail or caller who suggestsdire consequences if you do not immediately provide or verifyfinancial information.
If you believe the contact is legitimate, go to the companysweb site by typing in the site address directly or using a pageyou have previously bookmarked, instead of a link provided inthe e-mail.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
9/14
CSBC date page 9
Corporate Security & Business Continuity
Vishing
Vishing or Voice Phishing is the act of leveraging a new technology calledVoice over Internet Protocol (VoIP) in using the telephone system to falsely claimto be a legitimate enterprise in an attempt to scam users into disclosing personal
information. Government, financial institutions, as well as online auctions and theirpayment services, can be targets of Voice Phishing.
Methods of transmission: Typically an incoming recorded telephone messageuses a spoofed (fraudulent) caller ID matching the identity of a misrepresentedorganization. The message uses an urgent pretext to direct unsuspecting users
to another telephone number. The victim is invited to punch their personalinformation on their telephone keypad. Criminals capture the key tones andconvert them back to numerical format
Critical information is at risk, attacks on user-ids, data, PINs etc.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
10/14
CSBC date page 10
Corporate Security & Business Continuity
VishingCounter-measures
As a general rule, be suspicious when receiving anyunsolicited incoming communication.
Never provide personal financial information, including yourSocial Security number, account numbers or passwords, overthe phone to non-validated sources.
Never rely solely on your telephone caller ID function.
Do not be intimidated by an e-mail or caller who suggestsdire consequences if you do not immediately provide or verifyfinancial information.
If you believe the contact is legitimate, go to the companys
web site by typing in the site address directly or using a pageyou have previously bookmarked, instead of a link provided inthe e-mail.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
11/14
CSBC date page 20
Corporate Security & Business Continuity
Credit Card Fraud
Continues to be a menace especially in developingcountries.
A professional, international business run by resourcefulsyndicates with industry insiders on their payrolls.
A counterfeit card is one thats been either printed,embossed, or encoded without permission from theissuer, or one that has been validly issued and thenaltered or re-coded. Cards can be reprogrammed withthe details of any card with a small and cheap magneticstrip reader and writer apparatus available at computerand electronic shops.
Most counterfeit fraud cases involve skimming thefraudster electronically copies the genuine data on acards magnetic stripe onto another without thelegitimate cardholders knowledge. Card details can alsobe obtained by chipping a card reader at a legitimatepoint of sale.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
12/14
CSBC date page 21
Corporate Security & Business Continuity
Credit Card FraudCounter-measures
Remain vigilant when making payment with your credit card.
Be careful supplying your credit card details when making onlinepayments. Ensure that the payment site is secured.
Reduce the number of credit cards you actively used.
Contact your credit card company if you suspect foul play or your
details might have been skimmed.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
13/14
CSBC date page 22
Corporate Security & Business Continuity
Whistleblower Program
Presently, employees of DB can submit open, confidential oranonymous complaints regarding accounting, internal accounting
controls or auditing matters via the Global Compliance homepage.
8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009
14/14
CSBC date page 23
Corporate Security & Business Continuity
CSBC Strategy
The Prevention & Mitigation within CSBC aims to act asa focal point for identifying, classifying & responding tocriminal activities against DB.
Coordinate and conduct investigation into externalfrauds.
Development of counter-measures.
Define training standards and provide training on fraudawareness.
Leverage on technology to investigate fraud moreefficiently.
Cooperate with the financial industry to identify and
correct systemic weaknesses. Respond to business requests as required.