Financial Crimes, Trends and Best Practices for Detectionresources.gabankers.com/PDFs/2020/Financial...
Transcript of Financial Crimes, Trends and Best Practices for Detectionresources.gabankers.com/PDFs/2020/Financial...
© 2017 Jack Henry & Associates, Inc.®1© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Financial Crimes, Trends and Best Practices
for Detection
Presented by: Rene Perez – Financial Crimes Consultant
Date 02/28/2020
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Rene Perez – My Background
• 19 Years in Financial Crimes
• 13 Years at Jack Henry & Associates
• Former BSA/Fraud Officer at a Top 20 bank
• Jack Henry & Associates Subject Matter Expert on FC
• Sit on the Federal Reserve Bank Fraud Board
• Speaker at local, state, national and global conferences
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Hot Topics – Lets talk about them!
• Fraud Trends
• Human Trafficking
• Synthetic ID
• Data Breaches
• Business Email Compromise
• Artificial Intelligence and Machine Learning
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What existing channel almost
DOUBLED in attempted fraud from
2016 – 2018?
Hint:
People think it’s a dying channel?
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Check Fraud Attempts
$8.5 B
$15.8B
Check Fraud
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
$1B
$3B
$5B
$6B
$7B
$7B
$16B
$17B
$26B
$32B
$50B
0 10 20 30 40 50 60
PTP Fraud
New Account
ATO
Synthetic Fraud
Auto Fraud
Check Fraud
Identity Fraud
Mortgage Fraud
Online Fraud
Card Fraud
Wire Fraud
2019 TOP FRAUD TYPES BY LOSSES
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What is social media’s affect on fraud?
• HUGE!!! – Raising new generations of fraudsters
• Teejayx6 on YouTube– 78,000 Subscribers
– 15 Million views
– “The Rise of Scam Rap in Hip-Hop”
• Fraud bible does exist!– 38 GB file of fraud tutorials
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Human
Trafficking - 2018
It happens
EVERYWHERE!
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Demographics
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
How about here in GA?
• Victims Identified
1249
• Traffickers Identified
267
• Trafficking Businesses
121
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What to look for?
• Travel spending patterns
– Frequent gas stations
– Frequent hotels
– More than average train, bus or plane tickets
• Business red flags
– Hide their vendors
– Distributing credits and debits to unknown companies
– Transactions not coinciding with the business
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Synthetic ID - What is it?
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Who is the most common Victim?
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Causes
• 1936 Social Security Administration went to a universally
used identifier
– These do not change over your lifetime
• These numbers were then used by corporate entities to
identify their customers
• Data Breaches
• Social media explosion
• Credit Privacy Numbers (CPN’s)
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Why it will become bigger in 2020
• Synthetic ID Fraud is not new, getting more sophisticated
• Financial Institutions
– Reluctant, don’t understand it or can’t stop it
– More than 50% of fraudsters pay their bills
• Credit Bureaus
– Can’t stop it, they have credit reporting requirements
• Consumers
– Convinced its legal!
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What can Financial Institutions do?
• Put a warning on applications!
– Only use SS#
– NO CPN’s
– VALIDATE!
• Stop piggybacking authorized users
– Also called Credit Rental
• Educate the consumers!
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Data Breaches
What was the estimated amount of records stolen in data
breaches in 2019?
• 6 Billion Records
• 20% increase over record breaking year, 2017
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Data Breach Numbers
• Average cost of a data breach?
– $3.92 Million
• Most Expensive?
– $8.19 Million
• Average size of data records stolen?
– 25,575 records per theft
© 2019 Jack Henry & Associates, Inc.®19
✓ Separating Information Security & IT Operations
✓ Application Whitelisting
✓ Spam Filter Testing and Tuning
✓ Web Filter Testing and Tuning
✓ Security Awareness Training
✓ Principle of Least Privilege
✓ Applied Threat Intelligence
✓ 24/7 security monitoring
✓ SSL Deep Packet Inspection
✓ Breach Detection – Sandbox technology
✓ SIEM
(Security Information & Event Management)
✓ Multi-Factor Authentication
✓ Rapid System Patching
✓ Ongoing Vulnerability Scanning
✓ Disaster Avoidance Architecture
✓ Virtual Desktop Infrastructure
✓ Offsite Backups
✓ Regular Testing of Backups
✓ Business Continuity Planning and Testing
Cybersecurity Risk Mitigation Techniques
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What’s the fastest growing fraud trend?
Business
Compromise!
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
June 2016 – July 2019
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Why does it happen?
• People are the weakest link!
– Too busy
– Not detailed
– Scared to question authority
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What do you need to do?
• Educate, Educate, Educate
– URL in email based on actual company
– Do not supply PII or credentials via email
– Beware of misspellings
• Use secondary channels or two factor authentication
• Keep software patches up to date
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Bad Trends in Financial Institutions
• FI’s are not increasing their spending on Financial
Crimes.
• Moving traditional fraud funds to cybersecurity
– Further exposes the institution to traditional fraud
• No overall Financial Crimes strategy
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
AI & MLA
nal
ytic
s
Big Data
Compute Power
Algorithms
Expert Rule Systems
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What is Machine Learning?
Data
Analyze & Results
Human Interaction
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
What is Artificial Intelligence?
Data
Analyze & Results
System makes
changes
© 2019 Jack Henry & Associates, Inc.®29
Have you ever
experienced this?
• Predictive Analytics
• Prescriptive Analytics
• Image Recognition
• Speech Recognition
• Learning Associations
© 2019 Jack Henry & Associates, Inc.®30
Data Analytics
Descriptive Analytics provides insight into
the past and answers, “What has happened?”
Predictive Analytics is used to understand
the future and answers, “What could happen?”
Prescriptive Analytics advises on possible
outcomes and answers, “What should we do?”
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Developing an Enterprise Analytic Strategy
PEOPLE PROCESS TECHNOLOGY
DATAOBJECTIVES
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Enabling Analytics
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Analytic Inhibitors
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
BehavioralAnalytics
▪ Use case based detection
▪ Anomaly Detection
PredictiveDetection
Prescriptive
Financial Crimes Analytics Maturity Curve
Data-awareInvestigations
▪ Data enrichment & summarization
▪ Multi-dimensional triangulation
▪ Iterative results drive auto refinements
▪ Supervised machine learning
▪ Holistic risk models from alerts & features (AI)
▪ Operational analytics for investigative efficiency (AI)
Basic Rules
▪ Basic Thresholds
▪ Above/Below amounts
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Questions or Comments?
My Contact:
© 2017 Jack Henry & Associates, Inc.®© 2020 Jack Henry & Associates, Inc.®
Resources
• https://www.ibm.com/security/data-breach
• https://frankonfraud.com
• https://fedpaymentsimprovement.org/wp-content/uploads/frs-synthetic-identity-
payments-fraud-white-paper-july-2019.pdf
• https://www.imf.org/external/pubs/ft/fandd/2019/09/the-art-of-money-laundering-and-
washing-illicit-cash-mashberg.htm
• https://polarisproject.org/myths-facts-and-statistics/
• https://www.bleepingcomputer.com/news/security/business-email-compromise-is-a-
26-billion-scam-says-the-fbi/