Frisk Online brochure 2012

fraud and risk training experts
training brochure

2012

Achieving ongoing
compliance
through work
based learning

contents

About Frisk Online training Page 4

Course library (a-z) Page 15

Courseware price list Page 17

Case study: Takion work with Frisk Online Page 18

Annex - Definitions Page 19

Annex - Detailed overviews Page 20

3 | 53
www.frisk-online.com

about Frisk Online

Who are we?

Frisk Online is a training and consultancy firm based in Surrey (UK).
We specialise in interpreting best practice, regulation, as well as implementing
systems and controls to manage e-payment fraud and risk.

Frisk Online Training Highlights

Take charge of your employee training programme. Frisk Online provides clients with the
tools and expertise to achieve success:

üü Consistent and up-to-date training for regulated firms
üü Course administrator tracking and record keeping tools
üü Legal expertise to provide you assurance in the content we deliver
üü A mix of both face-to-face training and e-learning packages
üü Reflect your company policies in our training programmes
üü Packages to suit different learning needs and employee roles
üü Secure technology to safeguard your users personal details
üü Try before you buy and experience the quality of our e-courses
üü Conveniently access e-learning any place at any time

What we do best:1

ƒƒ PI/EMI compliance and registration
ƒƒ FSA & Gambling commission compliance
ƒƒ PCI/PA-DSS interpretation and support
ƒƒ e-course and face-to-face training

Click here to learn more about Frisk Online
company background.

1. Please see Annex – Definitions Page 19

4 | 53

What is different
about our training?
We deliver consistent and up-to-date training for regulated firms

Frisk Online ensures that regulated payment and In particular, the following
remote gaming firms understand and comply regulated firms benefit from our
with their responsibilities under the Money training packages:
Laundering Regulations, and are constantly
aligned with relevant regulatory requirements ƒƒ Payment Institutions
(e.g. FSA, HMRC and Gambling Commission). ƒƒ Money Service Businesses
ƒƒ Electronic Money Issuers
Frisk Online delivers upbeat and thorough ƒƒ Remote Gaming firms
training programmes in plain English that
captures the imagination of users, and clearly
maps to regulated firms legal requirements.
Subject areas can often prove difficult for
employees new to financial crime. We always
write courses in non-legalistic terms making it
easier to understand and digest.

5 | 53

What is different
about our training?
We provide course administrator tracking and record keeping tools

We recognise as a legal requirement that regulated firms must provide
entry-level training to all new staff, and regular on-going annual training for
existing staff to refresh their knowledge and understanding of fraud, e-payment
risk and Anti Money Laundering. Frisk Online can help you with these
requirements by offering the following training options:

ƒƒ Refresher training ƒƒ Tracking
Content is constantly updated with new Course administrators can login to their Frisk
case studies, latest trends, and changing Online account to report on group progress
legislation to assist this process. Alternatively, or await delivery of final results and reports
clients provide us with their own case studies by email.
which we integrate into e-course and face-to-
face training. ƒƒ Print certificate
Students can print their online certificate
ƒƒ Record keeping upon completion of their e-course to record
e-learning technology automatically their achievement and contribute towards
generates a report in the format required personal development.
by regulators to record your employee’s
progress (i.e. new starter, ongoing annual,
and refresher training programmes).

6 | 53

What is different
about our training?
Legal expertise to provide you assurance in the content we deliver
and a mix of both face-to-face training and e-learning packages

Legal expertise to provide you A mix of both face-to-face training
assurance in the content we deliver and e-learning packages

We believe the right mix of training is a blend
of both e-learning and face-to-face. Frisk
Online helps its clients build a training plan that
empowers and motivates staff.
Where appropriate, Frisk Online content is
reviewed by our solicitors Winton and Winton We use e-learning as a follow up to check
Limited, to ensure content is accurate. employees understanding of study areas
provided during face-to-face sessions. However,
For example: Our latest e-course ‘The Future of for overseas employees supporting your main
Data Protection’ (beta) features video clips of operation, an end-to end e-learning programme
Winton and Winton Ltd legal experts, providing could be more suitable. We can work with you
their view points on ‘How changes to Data to achieve and sustain compliance through
Protection law will impact firms in 2013’. appropriate training.

‘The Future of Data Protection’ discusses
guidance already released by the Information
Commissioner office on how the DPA 2013
will impact UK firms and related Information
Security best practice.

For more information on this new course please
contact info@frisk-online.com

7 | 53

What is different
about our training?
Reflect your company policies in our training programmes

See case study "Takion" on page 18

You will find us committed to providing high calibre and quality training that
reflects your key requirements. Our e-learning is dynamic and can be easily
customised or edited to adopt your company’s style, branding and policies.
For example:

ƒƒ Colour editing the e-course delivery to reflect We ensure your intellectual property and
your corporate brand. confidentiality is protected and we NEVER
ƒƒ Company logo included in e-course login and share any customised content with third parties.
course delivery screens. If you choose to use another training provider,
ƒƒ Hyperlink to your internal document storage we simply delete any content you have
areas (e.g. to your security policy). provided us if our relationship ends.
ƒƒ Adapt Frisk Online recommendations to
match your own internal policies. For more information on how we protect you,
ƒƒ Import your own questions to the final tests click here to visit our terms and conditions.
provided by Frisk Online.

8 | 53

What is different
about our training?
Packages to suit different learning needs and employee roles

Our courses take into consideration the diverse learning needs of your
employees. We have graded each module in our library by level (e.g. basic,
intermediate and advanced). Suggestions are also provided as to which
employees will benefit most.

Basic
Entry level courseware for employees with little experience of the subject area

Intermediate
For employees progressing from basic level to intermediate. Alternatively, senior
employees (e.g. director, manager and team leaders) will benefit most

Advanced
Content applicable to senior employees responsible for strategic planning

9 | 53

What is different
about our training?
Secure technology to safeguard your students’ personal details

Frisk Online has developed our solution to meet strict security and privacy
requirements including:

Security and continuity:

ƒƒ Encryption ƒƒ Backup
We encrypt users’ details when transmitted, We securely and regularly backup our system
processed and stored. to ensure your user details are protected.

ƒƒ Strong passwords ƒƒ Availability
We force all users to create strong In the event of disruption, we can fail-over to
passwords to prevent someone guessing our backup server, to ensure continuity and
their login credentials and gaining access to quality of service.
personal data.

ƒƒ Lockdown
Our servers are protected and we maintain
the highest levels of security at all times.

10 | 53

What is different
about our training?
Secure technology to safeguard your students’ personal details

Frisk Online has developed our solution to meet strict security and privacy
requirements including:

Data protection and privacy:

ƒƒ Edit account Notes:
Users can easily update their personal details
if inconsistencies exist via their learning We are happy to register users on your
account (e.g. amend address details). behalf, and encourage companies to send a
spreadsheet of user details in a zipped (AES
ƒƒ Preferences encrypted) file protected by a strong password.
Users can subscribe and unsubscribe to If a company collects employee data and passes
mailing options or securely delete their to Frisk Online, it is the company’s responsibility
accounts. to perform certain obligations under the Data
Protection Act 1998.
ƒƒ Cookies
Our terms and conditions explain how we use Alternatively, you can instruct your employees
cookies and how to control use of cookies at to register a Frisk Online account on their own
our site. behalf and agree to our terms. Then we can give
permission to a company ‘group owner’ within
ƒƒ Anonymous groups your organisation who can add and remove
Companies are given the option to create students from groups he or she creates.
anonymous groups of users identified
by a unique reference only, to negate any For more information on cookies, privacy and
responsibility for data protection over our terms click here to learn more. Alternatively
their users’ details (see ‘Notes’ for more please contact us, and we will be happy to
information). provide guidance over the phone or by email.
E: info@frisk-online.com T: + 44 (0) 800 7566377.

11 | 53

What is different
about our training?
Try before you buy and experience the quality of our e-courses

Individuals and companies can make use
of the following demo e-learning facilities:

ƒƒ Free trial ƒƒ Group trial
All registered users can choose to gain Companies can set up a trial account for a
access to a trial e-course. group and run a training programme using a
For more information and to register click demo module to review the learning portal
here. features.

ƒƒ Quick demo To organise a group trial, please contact us and
All users can take a quick demo of modules we will be happy to provide guidance over the
in our library. phone or by email.
For more information and to take a demo E: info@frisk-online.com T: + 44 (0) 800 7566377.
click here.

12 | 53

What is different
about our training?
Conveniently access great value e-learning at any time

Our e-courses are priced on par with nationwide recognised professional
training (e.g. e-courses offered by public bodies or regulators in the
e-payments industry).
We do not over inflate the course prices, and starting at £15 per module, we
believe that pricing should be completely transparent and accessible by all
types of business. The pricing list can be downloaded from our site.

Accessible ‘bite-size’ training
on the fly:

It can often be challenging to organise training ƒƒ Bite-size training
when faced with the busy schedules of your Frisk Online Courses are broken down into
employees, so Frisk Online incorporates the a number of easy to digest modules and
following features to enhance accessibility and associated topics. Users can click on the
support the user learning experience: home icon to re-start each module at any
time. Modules usually take approximately 1-2
ƒƒ Accessibility tools hours to complete.
Firms have a responsibility to provide
accessible training. Frisk Online works with ƒƒ Bookmarking
Ability Net to ensure that its courseware is We have developed our e-courses to
accessible. remember where you exited the course so
upon next login you restart where you last
For example: We have designed tools for finished.
users to increase and decrease text size
within our e-courses. Our e-courseware is ƒƒ Deadlines
designed to be user friendly, comprehensive We set deadlines for all individuals and
and easy to navigate. companies taking our courses for one month
after an e-course is assigned. Course access
Moreover, UK firms should be aware that the will expire upon completion of a test or when
Special Education Needs and Disability Act the deadline is exceeded.
2001 amended to Disability Discrimination
Act 1995, makes unjustified discrimination by ƒƒ Auto reminders
education providers against disabled pupils, All users receive reminders to complete their
students and adult learners unlawful. course in time before a deadline exceeds.

Visit www.direct.gov.uk for more information.

13 | 53

What is different
about our training?

ƒƒ Tools ƒƒ Resources
Frisk Online has created our own e-learning Users have a library of fraud and risk
tools to enhance the user learning experience resources at their disposal. To enhance
which include: learning, visit Frisk Online resource pages
where you will find a database of keywords,
Note creator – Users can access a note factsheets, guides and useful URLs.
creator to record notes. Simply save the
notes and email a copy or print off at the end ƒƒ Interactive case studies
of your training session as a record. Our courses contain case studies with
problematic scenarios. Each scenario
Audio narration – We have integrated high engages the user to apply problem solving
quality digital audio to accompany e-courses. skills. Feedback is provided dependent on the
As users progress a voice over provides user’s decisions. Case studies are related to
hints and tips. Audio script is available in text each industry type we work with.
format, if the user prefers to switch off sound.

14 | 53

Course library (a-z)
Our course library consists of both face-to-face and
e-learning courses.

Fraud Awareness
Module title Reference code Content level Medium Country Industry Read more
editions sector
Fraud matters FAIGAMING 1 Basic e-course UK Remote read more
gaming
Fraud types FAIGAMING 2 Basic e-course UK Remote read more
gaming
Identity FAIGAMING 3 Advanced e-course UK Remote read more
management gaming
Scenarios FAIGAMING 4 Intermediate e-course UK Remote read more
gaming
Communication FAIGAMING 5 Basic e-course UK Remote read more
gaming
Fraud FAIGAMING 6 Advanced Workshop All Remote read more
management gaming
Fraud FAPSP 1 Advanced Workshop All PSP read more
management
Fraud FAECOMM 1 Advanced Workshop All PSP read more
management

Information Security

editions sector
Information ISALL 1A Basic e-course UK All firms read more
Security
Awareness
Information ISALL 1B Basic e-course US All firms read more
Security
Awareness
Information ISALL 2 Basic Workshop UK All firms read more
Security
Awareness
The future of Data ISALL 3 Intermediate e-course UK All firms read more
Protection

15 | 53

Course library (a-z)
Our course library consists of both face-to-face and
e-learning courses.

Anti Money Laundering
editions sector
Anti Money AMLIGAMING 1 Basic Workshop UK Remote read more
Laundering gaming
Anti Money AMLPSP 1 Basic Workshop UK PSP read more
Laundering
Systems and LCPSP 4 Advanced Workshop UK PSP read more
Controls

ePayments
editions sector
ePayment risk EPAYPSP 1 Intermediate Workshop All PSP read more
management

Legal and Compliance

editions sector
Payment Service LCPSP 1 Advanced Workshop UK PSP read more
Regulations 2009
Electronic Money LCPSP 2 Advanced Workshop UK PSP read more
Regulations 2011

Definitions:
PSP (Payment Service Providers) – Includes Payment Institutions, Electronic Money Issuers and Money Service Businesses.

Remote gaming – Gaming firms operating online (e.g. sports betting, casino, bingo and exchange).

UK/US edition – Courses are customised to reflect legislation in different jurisdictions.

16 | 53

Courseware price list
Face-to-face training services:

We will visit your firm and provide in-house workshop style training. If you
want a specific course delivered, tell us your requirements and we will produce
the content

Delivery of training: Pricing:

Each student will be given a CD containing On-site
copies of course materials and presentation Our daily rate is £750 (excl. VAT) for training
packages. We book learning groups for up to delivered at your work place. Additional
10-12 persons per session. We also host training charges will apply for the course literature,
at our London based conference rooms in CDs, travel and accommodation costs
Liverpool Street. incurred (outside London).

Off-site
Additional charges apply for training sessions
external to your work place (i.e. £850 per day
booking fee PLUS daily rate of £750 = £1600).

One-to-one coaching can also be provided at
our office in Guildford, Surrey.

E-courses:
To view all e-modules and prices, please click
here to demo and buy courses via
www.frisk-online.com.

Note:
Frisk Online reserves the right to make
changes to the content, structure, and prices
of our courseware.

17 | 53

Case study
Frisk Online delivered intermediate level ISA e-courses to Takion
in 2012

We customised the delivery of this course using our white labelling tool.
Additional questions to emphasise secure coding principles were added to
this course to suit the employee roles and responsibilities at Takion.

Takion Technologies S.L. ISA e-course customised for Takion:
Frisk Online works with global clients by
supplying e-courses to assist their compliance
with regulations and standards (e.g. PCI-DSS).

In January 2012, Frisk Online delivered
a customised version of the e-course
‘Information Security Awareness’ (ISA) for
Takion Technologies S.L. Takion is an expert
professional services company in Payment
technology and based in Madrid.

Frisk Online ISA e-courses help firms promote ƒƒ Colour editing - to reflect Takion corporate
IS awareness, protect confidential data, and colour scheme.
comply with the EU Data Protection Directive, by ƒƒ Logo - appears in every slide of e-course.
implementing IT controls, business continuity ƒƒ Case studies - customised to review software
and physical security measures (e.g. PCI-DSS). risks in developing payment software
technology.
Demo ALL e-course modules now by visiting ƒƒ Test questions – more advanced content
www.frisk-online.com ƒƒ covering secure coding and software
vulnerabilities (e.g. SQLi).

Our developers really enjoyed taking this course

Frisk Online Award and the results are very noticeable in the way our
staff work.
of Excellence The final test was especially good, with 20
questions, serving as an intense training session.

Miguel Lozano (Director)

18 | 53

Annex - DeFinitions

Please visit our resource pages (key words a-z) for more information on the
definitions used in this brochure

Go to: www.frisk-online.com then click on ‘Resources’.

Electronic Money Issuer (EMI)

Financial Services Authority (FSA)

Her Majesty Revenue & Customs (HMRC)

Money Service Business (MSB)

Payment Application Data Security Standard (PA-DSS)

Payment Card Interface Data Security Standard (PCI-DSS)

Payment Institution (PI)

Payment Service Provider (PSP)

Structured Query Language Injection (SQLi)

Thank you for taking the time to read this brochure. We look forward to welcoming you to the
Frisk Online community of learners.

19 | 53

Fraud
awareness
Frisk Online Fraud Awareness courses
are aimed towards customer facing and
back office employees in the UK remote
gaming industry. Advanced content is
suited towards employees responsible for
anti-fraud strategy, systems and controls.

Main objective:
To help all individuals and firms recognise,
mitigate and effectively report Customer
Not Present (CNP) fraud scenarios and
risks.

Content can be edited to suit all company
policies and jurisdictional regulatory
requirements.

Course options:
ƒƒ eCourse modules: 5
ƒƒ Workshops: 3
ƒƒ Country editions: UK / Worldwide
ƒƒ Sectors: All
ƒƒ Audience: All

Demo modules now by visiting

20 | 53

Fraud Awareness
eCourses
Frisk Online Fraud Awareness courseware contains a comprehensive set of
training solutions to raise awareness of Customer Not Present (CNP) fraud in
the remote gaming industry (UK).

Main objective:

The main objective is to help employees and individuals recognise, mitigate and
report the types of fraud experienced by your firm.

Jurisdictions:

ƒƒ United Kingdom

Audience:

ƒƒ All employees working in the remote gaming industry (i.e. customer facing and back office)
ƒƒ Senior compliance/anti-fraud employees can benefit from advanced modules

Sectors:

ƒƒ Remote gaming

eCourse benefits:

ƒƒ Gambling commission compliance
Under the Money Laundering Regulations 2007, remote gaming firms are required to provide
employees ongoing training (new starters and annually for refreshers). Frisk Online Fraud
Awareness courseware perfectly complements your Anti Money Laundering compliance
programme, and can be used annually as part of your refresher training.

ƒƒ Avatars
The Fraud Awareness animated e-courses use ‘avatars’ to demonstrate fraud case scenarios. If a
firm wants a special bespoke training course delivered that identifies key individuals within their
organisation (e.g. Fraud Manager or Money Laundering Reporting Officer), we can include these
characters within the animation using real life images.

21 | 53

ƒƒ Fraud aware employees
As a result of taking this training, your employees will be more fraud aware and protect your
company, shareholders and assets from internal and external fraud risks.

ƒƒ Refresher training
We update this course annually with new ‘anti-fraud’ case studies to ensure your training is
regularly refreshed. Buy any of the modules or the complete set to support your ongoing
refresher training. For a full break down of fees, go to: courses > buy courses (via www.frisk-
online.com).

ƒƒ Final test
This e-course has 5 modules and each of them contains a ‘Check your understanding’ and
‘Module summary’. When each module is completed, the user is presented with a final test,
which is recorded and can be reported on via our Learning Management System (LMS) to
satisfy regulatory requirements i.e. generate a report card of your group final score results and
transfer to Microsoft Excel ® for internal record keeping purposes.

ƒƒ Customise
We can modify text to make the course reflect the legislation and regulations in your own
remote gaming jurisdiction (e.g. Gibraltar and Malta etc). If you want to add your own
statements or policies as PDF downloads, this is possible (e.g. set up a resource page).

Delivery:

ƒƒ Case studies: based on ‘real-life’ scenarios, including fraud money used to fund terrorism
ƒƒ Source references: with links to relevant legislation and key stakeholders
ƒƒ Quizzes and games: fun games with entertaining animation
ƒƒ Check Your Understanding: x3 questions per module
ƒƒ Final test: 20 questions

22 | 53

Module overview
Module 1: Fraud matters – Basic - £35

Ref: FAIGAMING 1

Duration: 1 hour

Introduction:

In this module, you will identify the key stakeholders unified in the global fight against fraud. You will
learn more about the impact fraud has on the UK economy and how fraud risk can be mitigated.

Topics:

What is internet safety?
Information rich topic with detailed explanations relevant for firms on the following:

1. Protecting personal data
2. Avoiding online threats
3. Computer security

Fact or fiction?
Animated game to raise awareness of fraud concepts and techniques e.g. recent statistics (2012) from
UK Payments Administration on Customer Not Present (CNP) fraud.

Key industry stakeholders
Slideshow of key UK stakeholders supporting the remote gaming industry to prevent fraud.

Learning outcomes:

ƒƒ Describe the Fraud Act 2006 and related case studies
ƒƒ Discuss internet safety key concepts and techniques
ƒƒ Understand more about fraud concepts, trends and prevention
ƒƒ Identify key stakeholders in the fraud prevention industry

23 | 53

Module 2: Fraud types – Basic - £25

Ref : FAIGAMING 2

Duration: 1 hour

Introduction:

In this module, you will learn how your industry experiences different types of Customer Not Present
fraud (i.e. Customer Not Present refers to all types of online/e-payments).

Topics:

Card Not Present fraud
Learn more about how chargebacks happen and methods fraudsters use to steal a victim's card details
and authorise a Customer/Card Not Present transaction.

Cheque fraud
Understand different types of cheque fraud and what the payments industry is doing to prevent it.

Account takeover
Learn how cyber criminals takeover a gaming account and how stolen funds may be laundered e.g. via
an off shore poker room or an e-wallet.

Bank wire fraud
Understand the difference between UK domestic and international bank transfers and how a fraudster
gains access to a victims account.

False account
Discover the different types of false accounts fraudsters register to facilitate fraud, money laundering
and promotion abuse (e.g. ID theft, fictitious and Synthetic ID).

Learning outcomes:

ƒƒ Understand how CNP payments are authorised, charged back and defrauded
ƒƒ Evaluate different types of cheque fraud scenarios and related 2012 trends
ƒƒ Identify how fraudsters hack online accounts and launder profits using e-payment systems
ƒƒ Differentiate between fraud types associated with domestic and international bank payments
ƒƒ Distinguish between different types of fictional and genuine identity theft account set-ups

24 | 53

Module 3: Identity management – Advanced - £45

Ref : FAIGAMING 3

Duration: 1-2 hours

Introduction:

In this module, you will learn more about identity fraud prevention concepts. You will complete an
‘identity exercise’ to explore techniques that prevent specific fraud types.

Topics:

What is an identity?
Overview the key attributes of an identity (both company and individual).

Key concepts
In-depth topic explaining what tools and mitigating factors (e.g. KYC, risk based approach and
verification techniques) are available for the remote gaming industry to help prevent fraud.

Identity exercise
Play a ‘drag and drop’ game to learn more about fraud types and appropriate verification techniques.

Learning outcomes:

ƒƒ Differentiate identifiable attributes between an individual and a business
ƒƒ Recognise low, medium and high risks customers
ƒƒ Apply fraud modelling techniques to prevent fraud
ƒƒ Develop a risk based approach to ‘Know Your Customer’ exercises
ƒƒ Identify which customers require enhanced due diligence
ƒƒ Classify ‘Systems and Controls’ to mitigate various fraud types
ƒƒ Review and select appropriate controls to mitigate indicated fraud types

25 | 53

Module 4: Scenarios – Intermediate - £35

Ref: FAIGAMING 4

Duration: 1 hour

Introduction:

In this module, you will work through several ‘fraud case’ scenarios. You will gain insight into each
case and recommend actions to resolve the problem. Case studies are ‘sanitised’ and based on real
life situations.

Topics:

Chip dumping
Work through a scenario explaining the concept of chip dumping, and how applying Know Your
Customer (KYC) procedures can prevent this fraud type.

Terrorist financing
Sanitised version of case study where fraud money was laundered through sports betting sites, via
e-wallets and precious metal exchanges, then used to finance terrorism.

Beattie’s bingo
Help a fraud analyst dispute a chargeback request and collect supporting evidence.

Learning outcomes:

ƒƒ Understand how fraudsters set up multiple identities in a poker room to launder fraud proceeds
ƒƒ Evaluate how cybercriminals use fraud money to finance terrorism online
ƒƒ Work through a chargeback request and apply new learning in the workplace

26 | 53

Module 5: Communication – Basic - £15

Ref: FAIGAMING 5

Duration: 1 hour

Introduction:

In this module, you will overview the elements of a ‘fraud reporting’ strategy. You will learn which
information must be included in a fraud report. This module helps you communicate effectively as a
team.

Topics:

Communication strategy
Work through a communication strategy to help you communicate fraud within your firm within the
constraints of the Data Protection Act 1998.

Note: This topic contains a template that can be used to import your own contact details (i.e. for all
employees and customers to report fraud internally and externally).

Learning outcomes:

ƒƒ Identify who to report fraud to within your firm internally and externally
ƒƒ Evaluate the 8 principles of the Data Protection Act 1998
ƒƒ Vet external requests for confidential information accordingly
ƒƒ Report fraud promptly and efficiently in the workplace

Please click here to view all available e-courses and face-to-face training that Frisk Online offers.

For more information about this e-course or if you would like Frisk Online to customise a specific
course for you, contact us and we will be more than happy to tailor any courses for you on demand.
Email: info@frisk-online.com. Tel: +44 (0) 800 756 6377.

27 | 53

Fraud Awareness
worksh0ps
Enrol on our face-to-face half day refresher advanced level workshop to learn
more about advanced fraud management techniques.

Purpose:

To enable communication, team building and continuous improvement of end-to-end work processes
within a fraud management team.

Training objective:

The objective of this course is to help fraud management teams update and refresh their knowledge
and skills by sharing fraud profiling techniques, case studies and best practice team management
methods.

Jurisdictions:

ƒƒ This course is generic and applies to fraud analysts worldwide. References can be adapted to
clients various regulatory requirements as required.

Who is this training workshop for?

This course is suitable for fraud/risk analysts and managers working in the remote gaming,
ecommerce and e-payments industries.

Note: Content is tailored to discuss different fraud types and patterns experienced by your industry
(e.g. remote gaming versus Money Service Business or Payment Institution/e-wallet case studies).

How is the course delivered?

The course is delivered face-to-face using presentation and work shop style techniques. An
information pack is provided.

Workshop benefits:

ƒƒ Start-ups
This workshop is especially suitable for new Payment Institutions (PIs), Electronic Money
Institutions (EMIs), Money Service Businesses (MSBs) and remote gaming firms. Information
helps start-ups build a fraud management system that satisfies regulatory requirements.

28 | 53

ƒƒ Established firms
The training workshop is advanced and complements the basic training Fraud Awareness and
Information Security e-courses available to your employees. For more information on our
e-courses, visit www.frisk-online.com (go to: courses > buy courses).

ƒƒ Team building
Training is a great opportunity for your employees to take a step back and evaluate how to
improve the processes and policies your firm has in place to prevent fraud. Support is provided to
employees during the workshop to overcome specific issues experienced by your firm (e.g. high
chargeback rates).

Workshop overview

Ref: FAIGAMING 6/ FAPSP1/ FAECOMM 1

Duration: Half day workshop

Topics:

Introduction to fraud management
Round table discussion covering fraud types experienced by your firm and counter measures in
place.

Anti-fraud systems and controls
Review advanced systems and controls firms implement to prevent internal and external fraud.
Perform a SWOT analysis of current systems and tools utilised by your firm and summarise any gaps.

Identify fraud reporting communication procedures
Discuss effective communication structures in place to govern and coordinate anti-fraud controls (e.g.
whistle blowing).

The fraud prevention manual
Identify the information and guidance a firm must provide employees as part of an advanced fraud
management programme.

Check your understanding
A round of 10 questions is presented to check your understanding.

Summary

29 | 53

Learning outcomes:

ƒƒ Review fraud types in the e-payments industry
ƒƒ Analyse historical fraud cases experienced by your firm
ƒƒ Evaluate anti-fraud systems and controls
ƒƒ Identify fraud reporting communication procedures


Email to: info@frisk-online.com. Tel: +44 (0) 800 756 6377.

30 | 53

Information
Security
Frisk Online Information Security courses
are aimed towards firms responsible for
processing sensitive information over the
internet and offline (e.g. personal details
and payment records).

Main objective:
To protect confidential data, and comply
with the UK Data Protection Act 1998, by
implementing IT, business continuity and
physical security measures (e.g. Payment
Card Interface Data Security Standard).

Course options:
ƒƒ eCourse modules: 3
ƒƒ Workshops: 1
ƒƒ Country editions: UK / US
ƒƒ Sectors: All
ƒƒ Audience: All


cloud

31 | 53
Smishing www.frisk-online.com

eCourses
Frisk Online Information Security courseware is aimed towards ALL firms
responsible for processing sensitive information over the internet and offline
(e.g. personal details and transaction hard copies).

Main objective:

The main objective is to help firms protect confidential data, and comply with
the UK Data Protection Act 1998, by implementing business continuity, IT and
physical security controls (e.g. PCI-DSS).

Jurisdictions:

ƒƒ United Kingdom
ƒƒ United States

Audience:

ƒƒ Software developers

Sectors:

ƒƒ All firms

Note: All industries processing confidential information will benefit from this training.

eCourse benefits:

ƒƒ New starters
Provide your new starters with Information Security awareness training in compliance with
PCI-DSS requirements, or as a general induction to your security policy.

ƒƒ Refresher training
We update this course annually with new ‘Data breach’ case studies to ensure your training is
regularly refreshed.

32 | 53

ƒƒ Security aware employees
As a result of taking this training, your employees will be more security aware, and protect your
confidential information from exposure.

ƒƒ PCI/PA-DSS compliance:
PCI-DSS and PA-DSS require all employees and those developing payment applications to be
security aware. PCI/PA-DSS principles are reflected within this awareness training to sustain
ongoing compliance. This training serves as a basic introduction to information security and
secure software development.

ƒƒ Record keeping
Clients utilise the Frisk Online record keeping tools to report on users’ progress, and produce
evidence during PCI/PA-DSS assessments, that employees are trained in accordance with the
standards i.e. generate a report card of user scores (pass and fail results).

ƒƒ Customise
Firms can provide us with content, case studies and questions which we will integrate into
information security e-courses as part of your unique training programme. For example: We can
include a topic on your ‘Security policy’ and outline each policy within the course.

ƒƒ Conformation of compliance
Frisk Online provides the ability to ask users to confirm understanding of a firm’s own security
policies, by referring to in-house policies, and generating a receipt which must be checked in
compliance. By enrolling your employees onto an e-learning course and asking them to complete a
final test conformation is compulsory. Without requiring an employee to complete a final test that
is recorded, you can never be sure that the message is understood.

Each receipt serves as a record and can be reported on by group owners i.e. a company can add
subscribe as a ‘group owner’ and manage the e-learning training programme remotely.

Delivery:

ƒƒ Case studies: Information Security incidents within a firm that may result in a data breach
ƒƒ Content: this course is rich in information with links to key stakeholders in the IS community
ƒƒ Final test: 20 questions

33 | 53

Module overview
Note: The overview below is extracted from the Information Security Awareness (ISA) UK edition.
The US content (Beta) is the same format; however key stakeholders and laws focus on the United
States or equivalent worldwide best practice.

Module 1: Information Security Awareness – Basic - £35.00

Ref: ISALL 1A (UK) – e-course
Ref: ISALL 1B (beta) – e-course

Duration: 1-2 hours

Introduction

In this module, you will learn more about Information Security (IS) risks, and how to implement
security controls in your work place to help prevent data breaches.

Topics:

IS corporate governance
In this topic, you will identify the different components of an Information Security corporate
governance program including: security policies, fraud prevention, business continuity, internal
audit, risk assessment, Information Security training policies, and Security Incident Response
Planning.

Case studies
In this topic, you will review ‘information security’ case studies you may encounter at work e.g.
SQL injection, internal fraud and Man In The Middle Attacks. Case studies focus on software
development vulnerabilities such as SQL injection and Man In the Middle Attacks.

What is internet safety?
Learning how to use the internet safely is a vital step for all internet users. By educating yourself,
your organisation and customers, you can mitigate the impact of online fraud. In this topic, learn
more about: protecting personal data, avoiding online threats and computer security.

Key stakeholders
This topic introduces you to key stakeholders supporting, regulating and advising firms with a
responsibility to enforce Information Security measures in your jurisdiction and worldwide.

34 | 53

Learning outcomes:

ƒƒ Identify the components of an IS corporate governance initiative
ƒƒ Review Information Security case studies you may encounter at work
ƒƒ Protect personal data, enforce computer security and avoid online threats
ƒƒ Explore key stakeholders involved in the fight against information security breaches



35 | 53

workshops
Enrol new starters and existing employees onto an Information Security face-
to-face workshop to increase awareness of your security policy.

Purpose:

Enable your employees to recognise the importance of protecting confidential information within your
workplace and mitigate the risk of data breaches.

Training objective:

Provide your employees with access to key concepts related to Data Protection, then discuss the
importance of protecting confidential information, by overviewing real life ‘data breach’ case studies.

Jurisdictions:

This course is aimed towards a UK audience. References are made to the Data Protection Act 1998;
however this can be adapted to suit any applicable jurisdiction and regulatory environment. The main
content related to mitigating data breaches is generic (worldwide).


This course is generic and applies to ALL employees responsible for processing confidential
information both online and offline.



Workshop benefits:

ƒƒ New starters
Provide your new starters with Information Security awareness training in compliance with
PCI-DSS requirements, or as a general induction to your security policy.

ƒƒ Security aware employees
As a result of taking this training, your employees will be more security aware, and protect your
confidential information from exposure.

36 | 53

ƒƒ Conformation of compliance
Frisk Online will provide employees a final test to ensure compliance and understanding of basic
information security principles. A record of their achievement will be supplied as ‘conformation
of compliance’.

Workshop overview

Ref: FAIGAMING 6/ FAPSP1/ FAECOMM 1


Topics:

Introduction to Data Protection
Review key definitions related to Data Protection including: data, personal data, sensitive data data
processor, data controller and data subject.

Real life data breach case studies
Discuss data loss or security incidents (e.g. physical and logical). Presentation involving ‘real life’
scenarios and how firms implement controls to prevent data breaches.

Security incident typologies
Refer to Information Security classifications provided by key stakeholders such as the Information
Security Commission and National Institute of Standards and Technology.

How to report a security incident
Discuss effective communication structures in place to govern and coordinate Information Security
controls (e.g. whistle blowing).


Summary

Learning outcomes:

ƒƒ Review key principles and terms related to Data Protection
ƒƒ Evaluate ‘real life’ data breach scenarios and associated mitigating controls
ƒƒ Classify types of ‘best practice’ security incidents and definitions
ƒƒ Identify information security communication and whistle blowing procedures

37 | 53

Anti Money
Laundering
Frisk Online Anti Money Laundering (AML)
courses are aimed towards all employees
working in the UK remote gaming and
payments industry. Advanced content is
suited towards employees responsible for
AML strategy and associated systems and
controls.

Main objective:
To help individuals and firms recognise,
mitigate and effectively report Money
Laundering activity experienced by your
firm, and comply with regulatory AML
training requirements.

requirements.

Course options:
ƒƒ Workshops: 3
ƒƒ Country editions: UK
ƒƒ Sectors: All
ƒƒ Audience: All


38 | 53

Anti Money Laundering
Workshops
Enrol on our face-to-face half day refresher basic level workshop to learn more
about complying with the Money Laundering Regulations 2007 (MLRs).

Purpose:

To provide foundation knowledge of the MLRs and a practical understanding of how these legal
requirements are applied in your workplace.

Training objective:

The objective of this course is to ensure your firm complies with MLRs, by providing adequate training
to all employees, in order that each individual understands their obligation to comply with both your
firm’s financial crime policies and legal responsibilities for example:

1. AML company policy
2. MLRs legal requirements
3. Gambling Commission regulations

Jurisdictions:

ƒƒ United Kingdom


The course is suitable for all personnel working in the UK remote gaming industry which includes:
casino, exchange betting, sports book and bingo.

Note: As required, we tailor the course to your firm’s company policy, jurisdiction regulatory
requirements (e.g. Malta) and specific case studies/typologies.


The course is delivered face-to-face using presentation and workshop style techniques. An

39 | 53

Workshop benefits:

ƒƒ Start-ups
This workshop is especially suitable for new remote gaming firms as key fundamentals and
concepts related to Money Laundering are explained in non-legalistic terms.

ƒƒ Ongoing compliance
Regulated firms are required to provide all new employees and existing employees with
annual training in Anti Money Laundering. This training workshop will help your firm meet the
Gambling Commission requirements and comply with the MLRs.

ƒƒ Fresh look at compliance
It’s essential we explore the obstacles preventing your firm to comply with the MLRs and
overcome these issues through raising awareness, and by educating your employees to be
compliant.

Workshop overview

Ref: AMLREMOTE GAMING 1


Topics:

About Money Laundering
Round table discussion gauging individuals level of knowledge, covering money laundering case
studies experienced by the remote gaming industry, best practice and key stakeholders in the Anti
Money Laundering worldwide community.

Key definitions
Back to basics, this topic uncovers the key definitions related to Money Laundering 2007 and the
Proceeds of Crime Act 2002 including:

1. Proceeds of crime
2. Money Laundering
3. Main offences
4. Suspicious Activity Reporting

Typologies
A detailed perspective is provided discussing global money laundering trends, typologies and case
studies experienced by the e-payments and remote gaming industries.

40 | 53

Communication
Define how a firm effectively collates Suspicious Activity Reports, through categorisation of
offences, and then reports these cases externally to the authorities (e.g. SOCA), within the
constraints of the Money Laundering Regulations 2007 and the Data Protection Act 1998.


Summary

Learning outcomes:

ƒƒ Identify the main purpose and goals of the MLRs
ƒƒ Understand each of the main ML offences and related examples
ƒƒ Evaluate the core principles of Know Your Customer and your application of such strategies
ƒƒ Discuss types of money laundering activity experienced by your firm
ƒƒ Identify the suspicious advice reporting channels within your firm
ƒƒ Review key points from the training day in a summary exercise



41 | 53

Legal and
Compliance
Frisk Online Legal and Compliance courses
are aimed towards all Senior Directors
working in the payments industry. Content
covers basic, intermediate and advanced
concepts related to the following: Payment
Service Regulations 2009 and Electronic
Money Regulations 2011.

Main objective:
To enable firms to interpret their
compliance obligations and develop a
supporting internal control framework in
compliance with e-payment law.

Course options:
ƒƒ Workshops: 2
ƒƒ Country editions: UK / Worldwide
ƒƒ Sectors: All
ƒƒ Audience: All


42 | 53

Electronic Money Regulations
2011 workshops
Enrol on our face-to-face half day workshop to learn more complying with the
EMRs 2011.

Purpose:

To provide foundation knowledge and skills required by a firm seeking FSA registration and/or
authorisation under the MSRs as a small or fully authorised Electronic Money Institution.

Training objective:

The objective of this course is to advise senior management on ‘how to’ implement an internal control
framework and corporate governance program to comply successfully with the EMRs 2009.

Jurisdictions:

ƒƒ United Kingdom


The course is suitable for firms in the payments industry operating/or planning to register as an
Electronic Money Institution in compliance with FSA requirements.



Workshop benefits:

ƒƒ Start-ups
This workshop is especially suitable for Electronic Money Institutions (EMIs) commencing their
Financial Services Authority (FSA) licence application. Firms will gain insight into the Electronic
Money Regulations 2011 and ‘the approach’ taken by the FSA in terms of regulation.

43 | 53

ƒƒ Balancing legal, commercial and financial effort
The Electronic Money Regulations 2011 impacts many areas of your business. This course helps
your firm form a ‘joined up approach’ to understanding and interpreting the EMRs, and allocating
tasks to key personnel in order to manage ongoing compliance (e.g. complaints management,
financial crime, corporate governance and financial risk management)

Workshop overview

Topics:

Ref: LCPSP 2

Duration: half day workshop

Introduction to EMRs
Learn more about the main scope, purpose and goals of the Electronic Money Regulations 2011 and
how European Law (Electronic Money Directive) is transposed into a UK regulatory framework (i.e.
EMRs).

Who is my regulator?
Identify which regulators in the UK, are responsible for authorising, registering and supervising
payment firms, in compliance with the Electronic Money Regulations 2011 and the Money
Laundering Regulations 2007.

How do we become authorised?
Examine the authorisation process in detail and learn more about the following: FSA decision
making time frames, applicant conditions (e.g. legal structures and director background checks),
and documents required to support your application and shape your ongoing compliance
programme.

About senior responsibility
Investigate how the FSA authorises each individual with senior responsibility within an Electronic
Money Institution (e.g. fit and proper assessment), overview the accompanying application forms
and then study ‘how to’ complete these forms.

Conduct of Business
Overview Conduct of Business requirements (e.g. information requirements, rights and obligations).
Learn how a firm must provide key information within fee schedules and terms and conditions in
order to promote a transparent service to its customers.

44 | 53

Treating Customers Fairly
Identify the purpose and structure of a Treating Customers Fairly policy and how to satisfy regulator
expectations.


Summary

Learning outcomes:

ƒƒ Identify the purpose and main goals of the Electronic Money Regulations
ƒƒ Understand FSA responsibilities under the Electronic Money Regulations
ƒƒ Describe how FSA registration and authorisation is made in a timely manner
ƒƒ Identify conditions and supporting material required by the FSA to facilitate the application
ƒƒ Evaluate factors considered by the FSA when individuals responsible for carrying out activities
under the EMRs are assessed during the authorisation process
ƒƒ Interpret the main purpose of Conduct of Business terms and requirements
ƒƒ Understand the implications of ‘Treating Customers fairly’ in accordance with regulator
expectations



45 | 53

Payment Service Regulations
2009
Enrol on our face-to-face half day workshop to learn more complying with the
Payment Service Regulations (PSRs) 2009.

Purpose:

To provide foundation knowledge and skills required by a firm seeking FSA registration and/or
authorisation under the PSRs as a small or fully authorised Payment Institution.

Training objective:

The objective of this course is to advise senior management on ‘how to’ implement an internal
control framework and corporate governance program to comply successfully with the PSRs 2009.

Jurisdictions:

ƒƒ United Kingdom


The course is suitable for all personnel working in the UK e-payments industry which includes: non-
bank merchant acquirers i.e. payment gateways; e-wallets; money transmitters; and bill payment
service providers.



Workshop benefits:

ƒƒ Start-ups
Institutions (EMIs), Money Service Businesses (MSBs) commencing their FSA licence
application. Firms will gain insight into the Payment Service Regulations 2009 and ‘the approach’
taken by the FSA in terms of regulation.

46 | 53

ƒƒ Balancing legal, commercial and financial effort
The Payment Service Regulations 2009 impacts many areas of your business. This course helps
your firm form a ‘joined up approach’ to understanding and interpreting the PSRs, and allocating
tasks to key personnel in order to manage ongoing compliance (e.g. complaints management,
financial crime, corporate governance and financial risk management)

Workshop overview

Ref: LCPSP 1

Duration: half day workshop

Topics:

Introduction to PSRs
Learn more about the main scope, purpose and goals of the Payment Service Regulations 2009 and
how European Law (Payment Services Directive) is transposed into a UK regulatory framework (i.e.
PSRs).

Who is my regulator?
Identify which regulators are responsible for authorising, registering and supervising payment
firms in compliance with the Payment Service Regulations 2009 and the Money Laundering
Regulations 2007.

How do we become authorised?
Examine the authorisation process in detail and learn more about the following: FSA decision
making time frames, applicant conditions (e.g. legal structures and director background checks),
and documents required to support your application and shape your ongoing compliance
programme.

About senior responsibility
Investigate how the FSA authorise each individual with senior responsibility within a Payment
Institution (e.g. fit and proper assessment), and overview the accompanying application forms and
‘how to’ complete.

Conduct of Business
Overview Conduct of Business requirements (e.g. information requirements, rights and obligations).
Learn how a firm must provide key information within fee schedules and terms and conditions in
order to promote a transparent service to its customers.

47 | 53

Treating Customers Fairly
Identify the purpose and structure of a Treating Customers Fairly policy and how to satisfy regulator
expectations.


Summary

Learning outcomes:

ƒƒ Identify the purpose and main goals of the Payment Service Regulations
ƒƒ Understand FSA responsibilities under the Payment Service Regulations
ƒƒ Describe how FSA registration and authorisation is made in a timely manner
ƒƒ Identify conditions and supporting material required by the FSA to facilitate the application
ƒƒ Evaluate factors considered by the FSA when individuals responsible for carrying out activities
under the PSRs are assessed during the authorisation process
ƒƒ Interpret the main purpose of Conduct of Business terms and requirements
ƒƒ Understand the implications of Treating Customers fairly in accordance with regulator
expectations



48 | 53

E-Payments
Frisk Online e-payment courses are aimed
towards all employees working in the
payments industry. Content covers basic,
intermediate and advanced concepts
related to the following: e-payment
methods, Payment Institution and
Electronic Money Institution business
models and risk management.

Main objective:
To enable firms to perform a risk
assessment against their e-payment
methods, business model and mitigate
perceived risks by implementing robust
systems and controls.

requirements.

Course options:
ƒƒ Workshops: 1
ƒƒ Country editions: Worldwide
ƒƒ Sectors: All
ƒƒ Audience: All


49 | 53

e-Payment risk management
workshops
Enrol on our face-to-face full day refresher basic level workshop to learn more
about the e-payment environment and associated risks.

Purpose:

Enable firms to perform a risk assessment against their e-payment methods and mitigate perceived
risks by implementing robust systems and controls.

Training objective:

Identify key influences in the e-payments industry, by analysing various e-payment options and
payment processing business models. Further examine how associated risks are offset by market
potential. A key output of this training is to produce a SWOT analysis of a payment firm’s business
model and payment methods to support an FSA PI/EMI application.

Jurisdictions:

ƒƒ United Kingdom


The course is suitable for all personnel working in the UK e-payments industry which includes: non-
bank merchant acquirers i.e. payment gateways; e-wallets; money transmitters; and bill payment
service providers.



Workshop benefits:

ƒƒ Start-ups
Institutions (EMIs), Money Service Businesses (MSBs) commencing their FSA licence application.
Firms will gain insight into the risks their firm may be exposed to and adjust their business model
plan as required.

50 | 53

ƒƒ Market perspective
Marketing professionals will benefit from taking this course. The workshop focuses on exciting
innovations in the e-payments industry (e.g. smart card readers), and how new product
development must also support effective risk management.

ƒƒ School for thoughts
A key driver behind this workshop is to generate new ideas and add value to your business plan.
This is very much a ‘brainstorming’ opportunity, and all professionals commencing a payment
product launch will gain invaluable insight across the e-payment landscape.

Workshop overview

Ref: EPAYPSP 1

Duration: full day workshop

Topics:

What is a Payment Service Provider (PSP)?
Identify various categories of Payment Service Providers including:

ƒƒ Payment Institutions
ƒƒ Money Service Business
ƒƒ Bill Payment Service Providers
ƒƒ Electronic Money Issuer

What is a payment service?
Identify different categories of payment services e.g. cash payments/withdrawals, credit transfers
and payments made from a handheld device.

How do PSPs differentiate?
Review payment options available to online merchants e.g. card processing, mobile pre-paid, gift
vouchers etc.

What are the associated risks?
Overview the main risks and mitigating strategies associated with payment processing.


Summary

51 | 53

Learning outcomes:

ƒƒ Describe how electronic payments are remotely processed
ƒƒ Analyse different payment models e.g. e-wallets, payment gateways and bill payments
ƒƒ Review options available to merchants using various payment models e.g. automated card
processing, Virtual Mail Order Telephone Order, mobile pre-paid, gift vouchers etc.
ƒƒ Identify the main risks and mitigating strategies associated with payment processing
ƒƒ Perform a SWOT analysis of the market environment against your associated business model



52 | 53

Frisk Online is a private limited company incorporated
and registered in England and Wales with company number
06534650, whose registered office is at The Granary Hones
Yard, 1 Waverley Lane, Farnham, Surrey, England GU9 8BB.
VAT Registration Number 974411806.

© 2012 Frisk Online Limited. All rights reserved.

Frisk Online brochure 2012

Recomendados

Recomendados

Mais conteúdo relacionado

Destaque

Destaque (18)

Semelhante a Frisk Online brochure 2012

Semelhante a Frisk Online brochure 2012 (20)

Último

Último (20)

Frisk Online brochure 2012