O slideshow foi denunciado.

Mais Conteúdo rRelacionado

Fraud Protection Final 2 hour CPE- Hazan 122815

  1. 1. December 14, 2015 Steve Hazan Small Business Fraud
  2. 2. Who is SECU? • Maryland’s largest Credit Union • 22 Branches • Over 225,000 members • $2.8 billion in assets • …and yes, we bank MD businesses!
  3. 3. Overview 1. Who Pays For Fraud? 2. The Fraud “Triangle” 3. How Do I Protect My Business? 3
  4. 4. “If you make it easy for people to steal from you they will” -Frank Abagnale 4
  5. 5. Catch Me If You Can 5
  6. 6. Who Pays for Fraud? • We All Do – Higher prices for goods & services – Higher interest rates – Lost time & Resources – Reputational Risk • Target, Home Depot breaches 6
  7. 7. Sobering Statistics • 5% of All Revenues are lost to fraud* • World wide $3.7 trillion lost in revenues* • Companies with<100 Employees are particularly vulnerable* • Small businesses make up 31.8% of fraud, highest percentage of any business category* • Median small business loss of $155K vs. $120K loss for larger businesses* – *Source: Association of Certified Fraud Examiners (ACFE) – **Bureau of Justice Statistics 7
  8. 8. The Fraud “Triangle” Motive Opportunity Rationalization 8
  9. 9. Motive • Greed • Financial Pressure • Employee Disenfranchisement • Entitlement to more compensation 9
  10. 10. Opportunity • Employees may yield to temptation when faced with personal financial stress • Ex. Drug, Divorce, Gambling • 87% of perpetrators have never been charged with or convicted of a fraud related offense 10
  11. 11. Rationalization • Many people rationalize fraud by telling themselves that they will only “temporarily” borrow the money and eventually return it • Attitude created by management or owners can create rationalization. 11
  12. 12. Why are small businesses a target? • Lack of security • Longer shelf life • Lack of preparation • Unaware of the risks 13
  13. 13. Check Fraud • 82% business owners indicated that checks were targeted at their companies* • Checks were the payment instrument with the highest average value of unauthorized transactions in 2012** • The average unauthorized check transaction was $1,221 in 2012** *2014 AFP Payments Fraud and Control Survey by JP Morgan **Federal Reserve Payments Study 14
  14. 14. Check Fraud Schemes • Altering Checks • Counterfeit Checks • Forged Signatures • Checks drawn on closed accounts 15
  15. 15. How do I Protect My Business from Check Fraud? • Destroy unused checks from closed accounts • Separate responsibilities for employees handling checks • Verify and reconcile bank statements and transactions frequently • Store check stock in secured and locked area 16
  16. 16. Small Business Credit Card Fraud • 43% of financial business owners were exposed to debit / credit card fraud attacks in 2013* • Credit / Debit cards were the payment instrument with the second highest average value of unauthorized transactions in 2012* *2014 AFP Payments Fraud and Control Survey by JP Morgan 17
  17. 17. How do I Protect My Business from Credit Card Fraud? • Starting October 2015, merchants must upgrade their systems to “chip and signature” aka EVM • Companies who fail to adopt EVM will be held liable • Laws transfer the risk to the business owner from the banks 18
  18. 18. How is the Chip Card Method More Secure? A unique one-time code is generated behind the scenes that is needed for the transaction to be approved, a feature that is very difficult to replicate in a counterfeit card. 19
  19. 19. Cyber Crime • 83% of Small Businesses have no formal measures against cyber threats* • About 50% of all attacks are aimed at Small Businesses* • 44% of fraud incidents involved cybercrime in 2013 and 2014** • Courts seldom hold banks liable for cyber attacks, burden of responsibility is on business owner to protect themselves • *Forbes Entrepreneurs • **Price Waterhouse Cooper 20
  20. 20. Types of Cyber Crime • Phishing • Spoofing • Corporate Account Take Over • Theft of sensitive information or client information • Theft of intellectual property 21
  21. 21. Phishing Emails • Emails that appears to come from a legitimate business requesting “verification” of information and warning of some adverse consequence if it is not provided • The email usually contains a link to a fraudulent web page 22
  22. 22. Phishing Email Examples 23
  23. 23. Phishing Email Examples 24
  24. 24. Spoofing • A malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls • Most commonly done by hacking an account and making it appear as though an email came from a legitimate source 25
  25. 25. Target Hacking Incident • Target HVAC sub-contractor was hacked • Hackers installed malware onto the contractor’s computer, who had access to Target computer system • Hacking software was actively collecting data from live customer transactions at Target • Hackers stole the credit card numbers and other personal information of up to 70 million customers. • Target agreed to a $39 million settlement with several U.S. banks* *Money.cnn.com 26
  26. 26. How Do I Protect My Business from Cyber Crime? 1. Identify and shape up weak points 2. Designate a banking only computer 3. Back Up Information 4. Educate Employees 5. Get Insured 27
  27. 27. How Do I Protect My Business from internal fraud? • Institute Policies to segregate accounting duties or outsource functions to 3rd parties • Conduct background checks/review credit history before hiring employees with access to cash or accounting duties • Dual Signatures for payments over a certain threshold 28
  28. 28. How Do I Protect My Business from internal fraud? • Vacation Policy • Positive Pay • ACH Blocks/Filters • Migrate payments to Purchasing Card Platform • Code of Conduct/Policies in place • Employee Assistance Program for those struggling with emotional, health or financial issues 29
  29. 29. Combating Business Fraud 1. Be Proactive 2. Establish Hiring Procedures 3. Train Employees to identify fraud 4. Conduct Regular Audits 5. Call in an expert 30
  30. 30. Strike Back! • The IRS considers embezzled funds as income. Failure to report it constitutes tax evasion. • Issue 1099 to perpetrators 31
  31. 31. Resources • Your Financial Institution • Your CPA • www.abagnale.com • www.irs.gov • www.sba.gov • www.aicpa.org • www.forbes.com • www.bankofamerica.com • Association of Certified Fraud Examiners (AFCE) www.acfe.com • www.visa.com • www.pwc.com • www.jpmorgan.com 32
  32. 32. Questions? 33
  33. 33. Certificate of Completion This Certifies That ___________ Attended the 2 Hour Seminar Small Business Fraud ________ _________ Date Presenter *Note: It is the primary responsibility of each licensee to fulfill the requirements of the law (CPE) and to be able to document, to the Board’s satisfaction, such fulfillment. All active licensees must maintain, for 4 years, records sustaining (proof of attendance, course outline & expertise of instructor) the continuing education credits claimed by them as a prerequisite for renewal of their license. For more information PLEASE refer to Continuing Education Policies from the State Boards (410) 333- 6322 34

Notas do Editor

  • Opened since 1951
    Field of Membership originally State Employee’s; Has expanded so nearly all of Maryland can qualify for membership
    All products and services of a traditional bank, including online, mobile, ATM network, deposit and loan products, business banking
    Core Values: Service, Education, Commitment, Understanding
    Mission: Promote the financial well being of those we service
  • If employees believe management has unfair compensation or benefits, they will assume the company can do away with a “small amount”
  • Lack of security
    Often do not have anti-fraud practices in place.
    Longer shelf life
    Takes a long time for consumers to become aware a small business has been hacked, resulting in longer usage by hackers of consumer information.
    Small businesses often do not reconcile bank statements in a timely manner.
  • Identify and shape up weak points
    Take time to come up with complex passwords and change them regularly
    Do not use same passwords for all or most accounts

    Designate a banking only computer
    Computers not used for other activities such as email or web surfing are much harder for hackers to gain access to.
    Review bank transactions daily to detect fraud in real time
    3. Back Up Information
    Cyber attacks can contribute to lost of data as well as money
    Ex. Cloud Computing, Drop Box, Carbonite
    4. Educate Employees
    Negligent employees are the most common cause of data breaches
  • Be Proactive
    Establish Anti-fraud Hotline
    ACFE found that roughly 42% of fraud cases reported were via hotlines
    Anti-fraud policy and code of conduct
    Implementing systems that actively monitor and analyze company data

    5. Call in an expert
    Enlist the expertise of a Certified Fraud Examiner
  • ×