Transcript
Page 1: ACH Payments - Banking Fraud

Using Anomaly Detection to Prevent ACH Payments FraudTiffany Riley – Vice President, MarketingEric LaBadie – Vice President Sales and Customer Success

Page 2: ACH Payments - Banking Fraud

Guardian Analytics: The Leader in Fraud Prevention

"Guardian Analytics…has a proven and effective fraud detection risk-scoring engine."

“FraudMAP allowed us to shift from being reactive to proactive giving us confidence to expand our online and mobile offerings

“Minimum expectations for layered security include the ability to detect and respond to anomalous activity”

Page 3: ACH Payments - Banking Fraud

Criminals Turning Focus to ACH

“It seems that from some of the data, the criminals are shifting from wires in

many respects to ACH to exfiltrate funds”

– Bill Nelson, FS-ISAC (July 2012)

“It seems that from some of the data, the criminals are shifting from wires in

many respects to ACH to exfiltrate funds”

– Bill Nelson, FS-ISAC (July 2012)

Page 4: ACH Payments - Banking Fraud

Two Recent Examples

“In the second week of July, I spoke with three different small companies that had just been hit by cyberheists.” - Brian Krebs, Krebs on Security (Aug 12)

Example 1: Business: Georgia fuel supplierBank: $123M Community bankStory: Criminals attempted to transfer $1.67 million out of the company’s accounts. When that failed, they put through a fraudulent payroll batch totaling $317,000, which the victim’s bank allowed.

Example 2: Business: Tennessee contracting firmBank: $270M community bankStory: Trojan stole controllers login info and one-time password and redirected user to “site down” webpage. Meanwhile, the attackers used that browser session to put through a batch of fraudulent payroll payments for $328,000 to at least 50 “money mules.”

Page 5: ACH Payments - Banking Fraud

Criminals Better At Defeating Authentication

Human

Automated

Steal Credentials

Twishing Phishing

Spear phishing Vishing

Zeus SpyEye Ice IX Gameover Citadel Shylock

AccessOnline Banking

Fraudster machine

Proxy/RDP through victim machine

Leprechaun

TransferMoney

“Operation High Roller” attacks

Set Up Fraud

ACH, Wire, Bill Pay, Check Fraud… Zitmo

Ice IX Spitmo Gameover

Change personal info Call/phone forwarding

Validate Transaction

s

Page 6: ACH Payments - Banking Fraud

Customers and Profits Are At Risk

1

2

3

4

FRAUDULENT FILE

ROGUE RECIPIENTS

BALANCED BATCHES

TAMPERED TRANSACTIONS

• Fraudster submits a new completely fraudulent ACH batch file

• May or may not exceed caps/limits

• Existing batch file• New fraudulent payments• Changes volume of transactions and batch amount• May or many not exceed caps/limits

• Existing batch file• Criminal adds new credit transactions• Criminal balances file amount by adding debits• Likely not to exceed caps/limits or violate rules

• Existing batch file• Edits portions of transactions only (account

number, routing number)• Transactions and amount typically the same• Likely not to exceed caps/limits or violate rules

Progressive levels of fraud infiltration Effort to find fraud with traditional rules-based monitoring and reports

Fraudster takes over corporate account

Progressive levels of fraud infiltration Effort to find fraud

Criminals

Business

In 73% of corporate account takeovers, money was successfully transferred. Increasing effectiveness

at defeating caps. rules, limits

Page 7: ACH Payments - Banking Fraud

Customers and Profits Are At Risk

1

2

3

4

FRAUDULENT FILE

ROGUE RECIPIENTS

BALANCED BATCHES

TAMPERED TRANSACTIONS

• Fraudster submits a new completely fraudulent ACH batch file

• May or may not exceed caps/limits

• Existing batch file• New fraudulent payments• Changes volume of transactions and batch amount• May or many not exceed caps/limits

• Existing batch file• Criminal adds new credit transactions• Criminal balances file amount by adding debits• Likely not to exceed caps/limits or violate rules

• Existing batch file• Edits portions of transactions only (account

number, routing number)• Transactions and amount typically the same• Likely not to exceed caps/limits or violate rules

Progressive levels of fraud infiltration Effort to find fraud with traditional rules-based monitoring and reports

Fraudster takes over corporate account

Progressive levels of fraud infiltration Effort to find fraud

Criminals

Business

In 73% of corporate account takeovers, money was successfully transferred.

In 73% of corporate account takeovers, money was successfully transferred.

Lose confidence after 1 fraud attack

Took their business elsewhere following a fraud attack.

Banks sharing losses with their customers

Page 8: ACH Payments - Banking Fraud

Courts Favoring Businesses

Comerica – Experi Metal – Bank Did Not Act in Good Faith

Ocean Bank – Patco – Bank Did Not Have Reasonable Security

Bancorp South– Choice Escrow – Contract Not Valid• "Long story short, the court ruled that UCC 4A pre-empted the

indemnification clauses being used by the bank in their counterclaim,”

• The ruling suggests that a bank's contract with a customer that contradicts the spirit of the UCC could be nullified by the courts when legal disputes over fraud arise.

Page 9: ACH Payments - Banking Fraud

Investments in Addressing This Problem

“Behavioral analytics is a big area of spending we're seeing, both to ward off the threats as well as to comply with the FFIEC (Federal Financial Institutions Examination Council) guidance.”

Julie McNelley, Aite Group

58% of FIs implemented anomaly detection and cited it as effective in reducing Account Takeover Fraud.

FS-ISAC ABA 201 Account Takeover Survey

Page 10: ACH Payments - Banking Fraud

FFIEC Guidance, RMAG Sound Business Practices

Page 11: ACH Payments - Banking Fraud

Behavior-based Fraud Prevention Solutions

Instant, 100% coverage, no adoption issues

Stops widest array of fraud attacks

Not threat specific

Individual behavioral analytics

Maximum detection, minimum alerts

SaaS Offering

Fast time to security with no customer impact

No IT maintenance

No rules to write/maintain

Easy to deploy and manage

Most complete protection

Proven Approach

Dynamic Account ModelingTMDynamic Account ModelingTM

Retail Business

Page 12: ACH Payments - Banking Fraud

Introducing FraudMAP ACH Best protection against sophisticated criminal

attacks• Automatically analyzes ACH origination files for

suspicious activity

• Dynamic Account Modeling™ determines risk based on individual originator behavior

Eliminate manual file review and streamline investigation • Prioritize highest risk batches and transactions

• Risk reasons inform investigations

• Rich behavioral history provides context

Fast time to security, low ongoing maintenance• Rapid implementation

• No rules required

FRAUDMAP® ACH RISKENGINE

FRAUDMAP® ACH RISKAPPLICATION

Page 13: ACH Payments - Banking Fraud

• Customer Account• File date• File time• File ID modifier• …

• Transaction Code• Amount• Destination Account• Receiver name• …

•Company Name•Effective Entry Date•Batch/credit amount•Standard Entry Class Code

•…

Behavior-Based Anomaly Detection for ACH Files

File TransactionBatch

Are the transactions being made to a risky receiver? (confirmed/suspected mule)

Are the customer’s ACH actions normal? For this time in history? (occurrence, frequency, sequence, timing, type amounts, number)

Are the transactions typical? Given past relationship between customer/ receiver? (type, amount)

FRAUDMAP® RISKENGINE

Page 14: ACH Payments - Banking Fraud

FraudMAP ACH DEMO

Page 15: ACH Payments - Banking Fraud

FraudMAP ACH Customer Story

"The customer e-mails us to tell us the total amount of the batch, but with hundreds of transactions in one batched file, Burris says it's impossible to catch everything with a manual review.”

“With FraudMAP, the review of ACH files will be completely automated, detecting if any payees, for instance, have been changed or if line-item amounts in the batch are atypical.”

"We know the threats aren't going away, and there is only so much you can do to educate your customers."

“And even if we covered a loss, we could run the risk of losing the client. We have not had any account takeovers in the past, but we consider ourselves lucky. Many banks and credit unions our size have been hit."

Page 16: ACH Payments - Banking Fraud

For More Information

[email protected] - Monthly Fraud Factor and ongoing Fraud Informers

www.guardiananalytics.com - Copy of the Business Banking Trust Study or the Operation High Roller Report

[email protected]

[email protected]

Page 17: ACH Payments - Banking Fraud

Thank You


Recommended