Financial Crimes, Trends and Best Practices for Detectionresources.gabankers.com/PDFs/2020/Financial...

© 2017 Jack Henry & Associates, Inc.®1© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®

Financial Crimes, Trends and Best Practices

for Detection

Presented by: Rene Perez – Financial Crimes Consultant

Date 02/28/2020

© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®

Rene Perez – My Background

• 19 Years in Financial Crimes

• 13 Years at Jack Henry & Associates

• Former BSA/Fraud Officer at a Top 20 bank

• Jack Henry & Associates Subject Matter Expert on FC

• Sit on the Federal Reserve Bank Fraud Board

• Speaker at local, state, national and global conferences


Hot Topics – Lets talk about them!

• Fraud Trends

• Human Trafficking

• Synthetic ID

• Data Breaches

• Business Email Compromise

• Artificial Intelligence and Machine Learning


What existing channel almost

DOUBLED in attempted fraud from

2016 – 2018?

Hint:

People think it’s a dying channel?


Check Fraud Attempts

$8.5 B

$15.8B

Check Fraud


$1B

$3B

$5B

$6B

$7B

$7B

$16B

$17B

$26B

$32B

$50B

0 10 20 30 40 50 60

PTP Fraud

New Account

ATO

Synthetic Fraud

Auto Fraud

Check Fraud

Identity Fraud

Mortgage Fraud

Online Fraud

Card Fraud

Wire Fraud

2019 TOP FRAUD TYPES BY LOSSES


What is social media’s affect on fraud?

• HUGE!!! – Raising new generations of fraudsters

• Teejayx6 on YouTube– 78,000 Subscribers

– 15 Million views

– “The Rise of Scam Rap in Hip-Hop”

• Fraud bible does exist!– 38 GB file of fraud tutorials


Human

Trafficking - 2018

It happens

EVERYWHERE!


Demographics


How about here in GA?

• Victims Identified

1249

• Traffickers Identified

267

• Trafficking Businesses

121


What to look for?

• Travel spending patterns

– Frequent gas stations

– Frequent hotels

– More than average train, bus or plane tickets

• Business red flags

– Hide their vendors

– Distributing credits and debits to unknown companies

– Transactions not coinciding with the business


Synthetic ID - What is it?


Who is the most common Victim?


Causes

• 1936 Social Security Administration went to a universally

used identifier

– These do not change over your lifetime

• These numbers were then used by corporate entities to

identify their customers

• Data Breaches

• Social media explosion

• Credit Privacy Numbers (CPN’s)


Why it will become bigger in 2020

• Synthetic ID Fraud is not new, getting more sophisticated

• Financial Institutions

– Reluctant, don’t understand it or can’t stop it

– More than 50% of fraudsters pay their bills

• Credit Bureaus

– Can’t stop it, they have credit reporting requirements

• Consumers

– Convinced its legal!


What can Financial Institutions do?

• Put a warning on applications!

– Only use SS#

– NO CPN’s

– VALIDATE!

• Stop piggybacking authorized users

– Also called Credit Rental

• Educate the consumers!


Data Breaches

What was the estimated amount of records stolen in data

breaches in 2019?

• 6 Billion Records

• 20% increase over record breaking year, 2017


Data Breach Numbers

• Average cost of a data breach?

– $3.92 Million

• Most Expensive?

– $8.19 Million

• Average size of data records stolen?

– 25,575 records per theft

© 2019 Jack Henry & Associates, Inc.®19

✓ Separating Information Security & IT Operations

✓ Application Whitelisting

✓ Spam Filter Testing and Tuning

✓ Web Filter Testing and Tuning

✓ Security Awareness Training

✓ Principle of Least Privilege

✓ Applied Threat Intelligence

✓ 24/7 security monitoring

✓ SSL Deep Packet Inspection

✓ Breach Detection – Sandbox technology

✓ SIEM

(Security Information & Event Management)

✓ Multi-Factor Authentication

✓ Rapid System Patching

✓ Ongoing Vulnerability Scanning

✓ Disaster Avoidance Architecture

✓ Virtual Desktop Infrastructure

✓ Offsite Backups

✓ Regular Testing of Backups

✓ Business Continuity Planning and Testing

Cybersecurity Risk Mitigation Techniques


What’s the fastest growing fraud trend?

Business

Email

Compromise!


June 2016 – July 2019


Why does it happen?

• People are the weakest link!

– Too busy

– Not detailed

– Scared to question authority


What do you need to do?

• Educate, Educate, Educate

– URL in email based on actual company

– Do not supply PII or credentials via email

– Beware of misspellings

• Use secondary channels or two factor authentication

• Keep software patches up to date


Bad Trends in Financial Institutions

• FI’s are not increasing their spending on Financial

Crimes.

• Moving traditional fraud funds to cybersecurity

– Further exposes the institution to traditional fraud

• No overall Financial Crimes strategy


AI & MLA

nal

ytic

s

Big Data

Compute Power

Algorithms

Expert Rule Systems


What is Machine Learning?

Data

Analyze & Results

Human Interaction


What is Artificial Intelligence?

Data

Analyze & Results

System makes

changes


Have you ever

experienced this?

• Predictive Analytics

• Prescriptive Analytics

• Image Recognition

• Speech Recognition

• Learning Associations


Data Analytics

Descriptive Analytics provides insight into

the past and answers, “What has happened?”

Predictive Analytics is used to understand

the future and answers, “What could happen?”

Prescriptive Analytics advises on possible

outcomes and answers, “What should we do?”


Developing an Enterprise Analytic Strategy

PEOPLE PROCESS TECHNOLOGY

DATAOBJECTIVES


Enabling Analytics


Analytic Inhibitors


BehavioralAnalytics

▪ Use case based detection

▪ Anomaly Detection

PredictiveDetection

Prescriptive

Financial Crimes Analytics Maturity Curve

Data-awareInvestigations

▪ Data enrichment & summarization

▪ Multi-dimensional triangulation

▪ Iterative results drive auto refinements

▪ Supervised machine learning

▪ Holistic risk models from alerts & features (AI)

▪ Operational analytics for investigative efficiency (AI)

Basic Rules

▪ Basic Thresholds

▪ Above/Below amounts


Questions or Comments?

My Contact:

[email protected]


Resources

• https://www.ibm.com/security/data-breach

• https://frankonfraud.com

• https://fedpaymentsimprovement.org/wp-content/uploads/frs-synthetic-identity-

payments-fraud-white-paper-july-2019.pdf

• https://www.imf.org/external/pubs/ft/fandd/2019/09/the-art-of-money-laundering-and-

washing-illicit-cash-mashberg.htm

• https://polarisproject.org/myths-facts-and-statistics/

• https://www.bleepingcomputer.com/news/security/business-email-compromise-is-a-

26-billion-scam-says-the-fbi/

https://www.ibm.com/security/data-breach

https://frankonfraud.com/

https://fedpaymentsimprovement.org/wp-content/uploads/frs-synthetic-identity-payments-fraud-white-paper-july-2019.pdf

https://www.imf.org/external/pubs/ft/fandd/2019/09/the-art-of-money-laundering-and-washing-illicit-cash-mashberg.htm

https://polarisproject.org/myths-facts-and-statistics/

https://www.bleepingcomputer.com/news/security/business-email-compromise-is-a-26-billion-scam-says-the-fbi/

Financial Crimes, Trends and Best Practices for Detectionresources.gabankers.com/PDFs/2020/Financial...

Documents

Transcript of Financial Crimes, Trends and Best Practices for Detectionresources.gabankers.com/PDFs/2020/Financial...