ACH Payments - Banking Fraud

Embed Size (px)

DESCRIPTION

The trillions of dollars moving through the ACH banking channel is attracting the attention of fraudsters. Learn how cyber criminals insert new ACH batches and modify existing files to complete fraudulent payments. Also, learn how financial institutions can use originator and recipient behavior to quickly detect fraudulent ACH payments without tedious, manual reviews of long ACH reports.

Text of ACH Payments - Banking Fraud

  • 1. Using Anomaly Detection to Prevent ACHPayments FraudTiffany Riley Vice President, MarketingEric LaBadie Vice President Sales and Customer Success
  • 2. Guardian Analytics: The Leader in Fraud Prevention Minimum expectations for layered security include the ability to detect and respond to anomalous activity FraudMAP allowed us to shift from being reactive to proactive giving us confidence to expand our online and mobile offerings "Guardian Analyticshas a proven and effective fraud detection risk-scoring engine."
  • 3. Criminals Turning Focus to ACH It seems that from some of the data, the criminals are shifting from wires in many respects to ACH to exfiltrate funds Bill Nelson, FS-ISAC (July 2012)
  • 4. Two Recent Examples In the second week of July, I spoke with three different small companies that had just been hit by cyberheists. - Brian Krebs, Krebs on Security (Aug 12) Example 1: Business: Georgia fuel supplier Bank: $123M Community bank Story: Criminals attempted to transfer $1.67 million out of the companys accounts. When that failed, they put through a fraudulent payroll batch totaling $317,000, which the victims bank allowed. Example 2: Business: Tennessee contracting firm Bank: $270M community bank Story: Trojan stole controllers login info and one-time password and redirected user to site down webpage. Meanwhile, the attackers used that browser session to put through a batch of fraudulent payroll payments for $328,000 to at least 50 money mules.
  • 5. Criminals Better At Defeating Authentication Fraudster machine Proxy/RDP through victim Spear phishing machine Change personal info Vishing Leprechaun Call/phone forwarding Access ValidateHuman Steal Set Up Transfer Online TransactionsAutomated Credentials Fraud Money Banking ACH, Wire, Bill Pay, Twishing Zeus Check Fraud Operation High Roller Zitmo Phishing SpyEye attacks Ice IX Ice IX Spitmo Gameover Gameover Citadel Shylock
  • 6. Customers and Profits Are At Risk Fraudster takes ove Criminals Effort to find fraud with traditional corporate account Progressive levels of fraud infiltration Progressive levels of fraud infiltration rules-based monitoring and reports fraud Effort to find Business 1 FRAUDULENT FILE Fraudster submits a new completely fraudulent ACH batch file May or may not exceed caps/limits ROGUE RECIPIENTS 2 Existing batch file New fraudulent payments Changes volume of transactions and batch amount May or many not exceed caps/limits BALANCED BATCHES 3 Existing batch file Criminal adds new credit transactions In 73% of Criminal balances file amount by adding debits corporate Likely not to exceed caps/limits or violate rules account takeovers, TAMPERED TRANSACTIONS money was Existing batch file 4 successfully Edits portions of transactions only (account transferred. Increasing effectiveness number, routing number) Transactions and amount typically the same at defeating caps. rules, Likely not to exceed caps/limits or violate rules limits
  • 7. Customers and Profits Are At Risk Fraudster takes ove Criminals Effort to find fraud with traditional corporate account Progressive levels of fraud infiltration Progressive levels of fraud infiltration rules-based monitoring and reports fraud Effort to find Business 1 FRAUDULENT FILE Fraudster submits a new completely fraudulent ACH batch file May or may not exceed caps/limits Lose confidence after 1 ROGUE RECIPIENTS fraud attack 2 Existing batch file New fraudulent payments Changes volume of transactions and batch amount May or many not exceed caps/limits Took their business elsewhere BALANCED BATCHES 3 Existing batch file following Criminal adds new credit transactions a fraud In 73% of Criminal balances file amount by adding debits In 73% of attack. corporate Likely not to exceed caps/limits or violate rules corporate account account Banks takeovers, TAMPERED TRANSACTIONS takeovers, sharing money was Existing batch file