eWire/GFT Wire Fraud Module

May 24, 2017Jane Brandi, Product Line Manager

Agenda

2

• The wire fraud landscape

• Business email compromise

• Other wire fraud threats

• How can you protect your customers’ wire

transfers

– eWire/GFT Wire Fraud Module

The Fraud Landscape

3

• Payment fraud on the rise

– Check fraud is on the rise for the first time in years

– Wire fraud is on the rise

– ACH debit fraud rising - suspect new type of fraud

• In 2015, wire fraud became the second most common payment method for fraud

– Surpassed credit/debit card fraud for the first time

• In the 2017 AFP survey,

– 36% of respondents reported an increase in fraud attempts

– 74% were targets of payment fraud

– 46% of attacks were wire fraud

Up from 27% in 2014 and 14% in 2013

Down from 48% in 2015

– 75% reported no financial loss

Up from 72% in 2015

• Business email fraud is the most prevalent – 50%

Source: 2017 AFP Payments Fraud and Control Survey sponsored by J.P. Morgan

Trends in Payment Fraud ActivityPercent of Organizations that Experienced Attempted and/or Actual Payments Fraud

4

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2009 2010 2011 2013 2013 2014 2015 2016

Checks Credit/Debit Cards ACH Debits

Wire Transfers ACH Credits

Source: 2017 AFP Payments Fraud and Control Survey sponsored by J.P. Morgan,

• Increase in wire volume

– 2014 - .6%

– 2015 – 5.7%

– 2016 – 3.8%

• 2015 Increase in BEC

– 224% in number of cases

– #17 in number of internet fraud cases

reported

– #1 in total dollar losses

• 2016 Increase in BEC

– 183% in number of attempts

Source: FRB, 2014 & 2015 FBI

Internet Crime Annual Report

Business Email Compromise (BEC)

5

• Fraudsters profile their victims

• Target companies working with foreign suppliers and those with substantial wire volume

• Most of the funds go to Asian banks located in China and Hong Kong

• Scams are sometimes preceded by scareware or ransomware events

• Between 2015 and 2016, FBI issued four press releases with BEC warnings

• 1,300% increase in BEC exposed losses in 2016

• $3B in exposed losses in 2016

Source: FBI

BEC Timeline

6Source: FBI

Threat Profile

7

Business email Compromise

Overview Tactics Often compromise CEO or

CFO email, wait until execs

are traveling or on vacation

Compromise vendor/supplier

email and attempt to modify

their bank accounts

Utilize social engineering &

malware to gain access

Conduct substantial

reconnaissance after

compromise

Utilize wire transfers

Mitigation Verify changes in payment

instructions with verbal

confirmation

Limit employees that can

authorize wire transfers

Use out of band

authentication for executive

approvals (PIN, phone call)

Require dual approval of wire

transfers exceeding set

criteria

Share information with other

financial entities

BEC is payment fraud

where legitimate business

e-mail accounts are

compromised & used to

conduct an unauthorized

wire transfer.

After a business e-mail

account is compromised,

actors use the compromised

account to send wire

transfer instructions.

The funds can be sent all

over the world.

Source: FS-ISAC 6/16/2016

BEC Fraud Bank Example

8

• Mid-sized Belgian bank targeted in January 2016, losing over 70 million euros (around $75.8

million)

• Theft perpetrated by cybercriminals and discovered by internal audit

• CEO BEC fraud

• The BEC order usually comes with a reason why it should be executed immediately and kept

quiet from other employees in the department and organization

• Scammers are betting that employees will execute the order

• Law enforcement agencies and security companies around the world have been warning

businesses about BEC scams for over a year, but companies and some banks are still falling

for it

Source: Help Net Security, posted 1/26/2016

BEC vs Other Fraud

9Source: FBI 2015 Internet Crime Report

$42M

$43M

$49M

$51M

$57M

$119M

$121M

$203M

$246M

Credit Card Fraud

Personal Data Breach

419/Overpayment

Advanced Fee

Identity Theft

Investment

Nonpayment/Nondelivery

Confidence Fraud/Romance

Business Email Compromise

Most Vulnerable Companies to BEC

10

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

All AnnualRevenue

Less Than$1B

AnnualRevenue atLeast $1B

AnnualRevenue atLeast $1Band FewerThan 26PaymentAccounts

AnnualRevenue atLeast $1Band MoreThan 100PaymentAccounts

Source: 2016 AFP Payments Fraud and Control Survey sponsored by J.P. Morgan

• Organizations with annual revenue

less than $1B saw the largest

increase in in fraud activity over

2014

– 46% vs 41% for the rest of the groups

• Change in 2015 was even more

pronounced

– 26% vs 10%

• Financial loss to a smaller

organization has more impact

Most Targeted Employees

11Source: FBI

CEO31%

President17%

All Others52%

Email sender

CFO40%

Finance Director

10%

All Others50%

Email recipient

Other Wire Fraud Threats

12

• Employee (internal)

– Company

– Bank

– 65% of attempts are from external

sources

• Hacking/phishing/malware

– Commercial Account Takeover

• Fake vendor invoice

• Unexpected check/contact

from overseas

• Bank network compromise

– Bank of Bangladesh

Overview Tactics

Custom Malware

Obtained legitimate

credentials

Intercepted Messages

Manipulated data

Hid the evidence

Laundered the funds through

multiple routing

Mitigation

SWIFT continues to urge its

users to ensure they have

all preventative and

detective measures in place

to secure their environment

Regulation on user access

Policies on credential

requirements

Consider segmenting

SWIFT transaction functions

from regular business

functions (email, web

browsing, etc.)

SWIFT provides messaging

services that are used and

trusted by more than 11,000

financial institutions in more

than 200 countries

Allows FIs to securely transfer

funds

Bangladesh Bank Heist

Additional attacks reported

SWIFT’s Network not actually

compromised

Phishing Lures

13

Mitigate Wire Fraud with the

eWire/GFT Wire Fraud Module

If you use the FIS eWire or GFT Solution:

14

• Wire Fraud Module

– Available in eWire

– Available in GFT

– Scans wires coming from BeB/OLB/Fed file capture

– Scans incoming wires

– Scans manually entered wires

• Rules-based wire fraud detection

– System level rules

– Account level rules

• Supplements BeB Transaction Monitoring

– Another layer of security

• Six months of historical data

What your bank can do to protect your customers’ wire transfers

eWire/GFT Wire Fraud Rules

15

• Rules are easy to configure

• Streamlined implementation

• Special Fraud Review queue to aid in

review

• Flexible user entitlements for better control

– Rule set-up

– Review of suspects

• Ability to escalate the review of a suspect

to a supervisor for resolution

• Full audit trail of history, including

approvals

Benefits

eWire/GFT Wire Fraud Module

16

• System level rules

– First wire for a beneficiary

– First wire from an originator

– Account inactivity

– Maximum wires for a day

– Maximum transaction amount

– Maximum total debit for a day

– Maximum wires for the month

– Maximum debit for the month

– Payment outside the amount pattern(%)

System rules

eWire/GFT Wire Fraud Module

17

• Account level rules

– Maximum wires for a day

– Maximum transaction amount

– Maximum total debit for a day

– Maximum wires for the month

– Maximum debit for the month

– Payment outside the amount pattern(%)

– Account open date

Account rules

Final Thoughts

18

• Your bank is the last line of defense for your customers in stopping fraud

• Wires are the perfect vehicle for fraudsters

– Immediate

– High dollar

– Limited ability to retract

• Banks must have tools and layers of security to identify potential wire fraud

– Avoid financial exposure

– Mitigate reputational risk for your customers and your bank

• Bank employees must be educated on BEC and direct customers accordingly

– It’s not enough to monitor and report potential fraud

– Bank employees must be advocates for the customer with the customer

Thank youJane Brandi, Product Line Manager

Jane.Brandi@fisglobal.com

phone: 617-201-8061

©2017 FIS and/or its subsidiaries. All Rights Reserved. FIS confidential and proprietary information.