8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

1/14

Corporate Security &

Business Continuity

DB Staff BriefingFraud Awareness ProgramDated: Oct 2006Recognize it, Report it, Stop it!

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

2/14

CSBC date page 2

Corporate Security & Business Continuity

Introduction

Purpose

To raise DB staffs awareness on the recent fraud trends and provide

advisory on fraud prevention measures. Stopping fraud before it happens is the ultimate goal of a successful

prevention and awareness program .

Agenda Revisiting Fraud.

Impact on the Bank.

Recent Fraud Scams.

Countermeasures against Fraud.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

3/14

CSBC date page 3

Corporate Security & Business Continuity

Revisiting FraudWhat is Fraud?

Fraud consists of any false representation of a matter of fact whether by words, orby conduct, by false or misleading allegations or by concealment of that whichshould have been disclosed, which deceives or is intended to deceive another sothat he shall act upon that information, or attempts to do any of the above.

(Source - DB Group Anti Fraud Policy)

Fraud can be accomplished through the aid of fraud objects.

Fraud Objects

Forged Letters of Credit.

Forged Banks Guarantee.

Altered Cheque.

Skimming (Credit Card / ATMs).

Internet Scams.

Forged Invoices / Signatures.

Identity Thefts (Personal / Corporate).

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

4/14

CSBC date page 4

Corporate Security & Business Continuity

How does this impact the Bank?

Fraudulent schemes present a substantial risk to the bank and itscustomers.

Millions of dollars could be lost to fraudsters. To combat fraud, programs are developed to educate staff and

customers about fraudulent schemes and how to avoid them.

Implementing appropriate security controls to help mitigate the risks

associated with frauds, e-mails and Internet-related fraudulent schemesare necessary.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

5/14

CSBC date page 5

Corporate Security & Business Continuity

Where is information available?

Information Source

Credit card applications.

Loan applications.

Bank statements.

Employment records.

Medical records.

Education records.

Data warehouses.

Internet.

Vishing - Telephony.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

6/14

CSBC date page 6

Corporate Security & Business Continuity

Recent Fraud Scams Phishing.

Vishing.

ATM Skimming.

Fake Letters of Credits/ Banks Guarantee.

Altered Cheque / Cashiers Order.

Credit Card Fraud.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

7/14

CSBC date page 7

Corporate Security & Business Continuity

Phishing

Artificial Word from Password Fishing.

Attack on personal information for identity theft.

Emails are used to direct users to spoofed websites or solicit forinformation.

Attacks on user-ids, data, PINs, TANs etc.

Not a new kind of attack but with increasing perfection.

Industry experts predict there will

be86,00086,000global attacks this year!!

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

8/14

CSBC date page 8

Corporate Security & Business Continuity

PhishingCounter-measures

Never provide personal financial information, including yourSocial Security number, account numbers or passwords, overthe phone or the Internet if you did not initiate the contact.

Never click on the link provided in an e-mail you believe isfraudulent. It may contain a virus that can contaminate yourcomputer.

Install a firewall & anti virus protection on your homecomputer.

Do not be intimidated by an e-mail or caller who suggestsdire consequences if you do not immediately provide or verifyfinancial information.

If you believe the contact is legitimate, go to the companysweb site by typing in the site address directly or using a pageyou have previously bookmarked, instead of a link provided inthe e-mail.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

9/14

CSBC date page 9

Corporate Security & Business Continuity

Vishing

Vishing or Voice Phishing is the act of leveraging a new technology calledVoice over Internet Protocol (VoIP) in using the telephone system to falsely claimto be a legitimate enterprise in an attempt to scam users into disclosing personal

information. Government, financial institutions, as well as online auctions and theirpayment services, can be targets of Voice Phishing.

Methods of transmission: Typically an incoming recorded telephone messageuses a spoofed (fraudulent) caller ID matching the identity of a misrepresentedorganization. The message uses an urgent pretext to direct unsuspecting users

to another telephone number. The victim is invited to punch their personalinformation on their telephone keypad. Criminals capture the key tones andconvert them back to numerical format

Critical information is at risk, attacks on user-ids, data, PINs etc.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

10/14

CSBC date page 10

Corporate Security & Business Continuity

VishingCounter-measures

As a general rule, be suspicious when receiving anyunsolicited incoming communication.

Never provide personal financial information, including yourSocial Security number, account numbers or passwords, overthe phone to non-validated sources.

Never rely solely on your telephone caller ID function.

Do not be intimidated by an e-mail or caller who suggestsdire consequences if you do not immediately provide or verifyfinancial information.

If you believe the contact is legitimate, go to the companys

web site by typing in the site address directly or using a pageyou have previously bookmarked, instead of a link provided inthe e-mail.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

11/14

CSBC date page 20

Corporate Security & Business Continuity

Credit Card Fraud

Continues to be a menace especially in developingcountries.

A professional, international business run by resourcefulsyndicates with industry insiders on their payrolls.

A counterfeit card is one thats been either printed,embossed, or encoded without permission from theissuer, or one that has been validly issued and thenaltered or re-coded. Cards can be reprogrammed withthe details of any card with a small and cheap magneticstrip reader and writer apparatus available at computerand electronic shops.

Most counterfeit fraud cases involve skimming thefraudster electronically copies the genuine data on acards magnetic stripe onto another without thelegitimate cardholders knowledge. Card details can alsobe obtained by chipping a card reader at a legitimatepoint of sale.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

12/14

CSBC date page 21

Corporate Security & Business Continuity

Credit Card FraudCounter-measures

Remain vigilant when making payment with your credit card.

Be careful supplying your credit card details when making onlinepayments. Ensure that the payment site is secured.

Reduce the number of credit cards you actively used.

Contact your credit card company if you suspect foul play or your

details might have been skimmed.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

13/14

CSBC date page 22

Corporate Security & Business Continuity

Whistleblower Program

Presently, employees of DB can submit open, confidential oranonymous complaints regarding accounting, internal accounting

controls or auditing matters via the Global Compliance homepage.

8/4/2019 DB2010-DOC22 CSBC Training Fraud Awareness 2009

14/14

CSBC date page 23

Corporate Security & Business Continuity

CSBC Strategy

The Prevention & Mitigation within CSBC aims to act asa focal point for identifying, classifying & responding tocriminal activities against DB.

Coordinate and conduct investigation into externalfrauds.

Development of counter-measures.

Define training standards and provide training on fraudawareness.

Leverage on technology to investigate fraud moreefficiently.

Cooperate with the financial industry to identify and

correct systemic weaknesses. Respond to business requests as required.