Help me with industry sign banking alabama presentation secure
I'm mark Mullins I head up treasury management but I'm here to really introduce the the all-stars today these guys are here to to give you some really really good content to protect yourself let me see these they're a credentialed enough I need to read so Randi will burn he's on my team I actually worked for him that he heads up our senior product management area in fraud prevention solutions he's been with us for 25 years in the financial services area he graduated from Tuskegee got his MBA from the same place I got my undergraduate at Birmingham Southern and then he's got his marketing and management degree from the University of Colorado and banking so in just a second I'll have you up I'll introduce Randy Jeff raise your hand Jeff is the vice-president assistant director of our region's bank security team so before us he had a 26 year career with the United States Secret Service I'm sure he's got a couple of nice stories there he's special agent in charge of the Birmingham office but also spent time in st. Louis Dallas Washington DC London and Toronto very good graduated from the University of Tennessee with a Business Administration degree please give a warm welcome for Randy Wilburn Thank You mark and thank everybody for being here as well all right so before we get into this a little bit and we're going to the general just let me say that you know as much as we try and get out in front of clients and share information about what other clients have seen in terms of fraud losses this gives us a chance to tell you those same stories so that you won't become victims as well also it gives us and our product management team a chance to hear about what's going on at your company some of the problems that you have so that we can build better products as well so it's a give and take and so if you have some of those ideas or questions that come up please don't hesitate to share those with us during the question answer session or a couple of us will definitely be hanging around out there words to take that take any questions that you may have in terms of the agenda we'll spend a little bit of time just looking at background I want to talk a little bit about how we got to where we are today in terms of fraud you know got some research that we've had a chance to get our hands on from the American financial professionals we always lean on their research and it tells us what's happening in corporate America so we'll spend a little bit of time going over some of those and then we're going to look at some of the most popular fraudulent schemes that we've seen keep in mind when we're talking about these schemes these again if somebody wants that we've seen other clients who become victims of so we want to make sure you know that hey here's what clients are becoming victims up here's how it worked here's what you need to know about those so we're talking about bookkeeper fraud we'll talk about business email compromise ransomware which is when we're hearing a whole lot about cyber fraud check fraud intercourse electronic payments fraud as well and then I'll spend a little bit of time just talking about some of the most common solutions that are out there in the market so with that being said let's go ahead and get started in terms of a little bit of background in terms of where we are today the slot that I have here now just show some headlines of some data breaches that actually happened in 2018 we've seen a whole lot more that took place in 2019 but I want to call out just a few of these at the very top you see the one for Facebook in that particular case they had 29 million users who's had their is actually breached and that means that many of those users their usernames passwords their favorite friends the companies that they work for their job position all that information that we put out there on life at Regions was breached and fell into the hands of frosters and that was just one of the breaches that we talked about we know that Facebook had a separate one earlier this year as well another one that I'll call out Google 50 2.5 million winning we know that Google had a couple of those breaches as well so think about all the information that we put out there about ourselves on Google when we build our profiles so think about that and kind of stick a pin in that cuz I'm gonna come back to and then tie that to how this fraud has taken place as well not only is all of this fraud and data breaches taking place against internet-based companies like Facebook and Google we also see companies down there like Marriott hotels brick and mortars so you know all your preferences that you have your credit card information some folks don't like to be near elevators you know they want to have certain kind of pillows whatever it is all that type of information that you trust with the company ended up into the hand of frosters the point is data breaches have been taking place a long time they're continuing to take place I'll tell you about one that's even closer to home the Equifax data breach that we heard about guys you know we just heard recently wasn't going to cost him something like 700 million dollars to try and cure some of the damage that's being done and even what's dangerous about that that we don't think about the data that those fraudsters God we don't know where it is today we don't know if it's on the darknet someplace it could come up for sale next month next year five years from now it could be someone who's using that information to apply for credit in our names and we won't know about it so when that data is breached and gets them to the hands of frosters we're not sure what's going to happen so we have to be very vigilant to make sure it doesn't get breached in the first place now in terms of some trance that we've seen out there again I mentioned that we work closely with AFP and they conduct a survey every year and we always take a look at that information so we can get a good idea about how fraud is impacted the corporation's included a lot of the corporations that we serve in our footprint as well so there are a couple things I want to call out here you'll see that top yellow line and let me step back here this particular survey here represents companies that had fraud for the ones who actually responded to it they asked these companies have you had fraud number one yes or no and if you have had fraud what type of payment fraud was it so each one of those lines that you see up there represents a particular company that had payment fraud whether the perpetrator was successful or not with that in mind let's call out a couple of these at the very top you see that yellow line up there that particular one represents check fraud okay check fraud what that means is that for these companies who responded to that survey and they had fraudulent attempts against them the highest volume were fraudsters who tried to use check fraud to steal money from them counter Frant to counterfeit checks or for forfeitures of whatever but it was checked all that was being used that's in terms of volume okay not dollar amount we usually get that question since this represent dollars or volume amounts this represents volumes the next one I want to call out is that earns one that you'll see that represents wire-transfer you'll see that that number really start to take off in 2015 and that's related specifically to business email compromisers we're going to talk about a little bit more and we call that in the category of wire fraud but really we're talking about a froster who's trying to convince somebody to send a wire transfer to somebody else but we still kind of refer to this wire fraud as well the last thing I point out on this particular slide you'll see the ones that relate it to ACH and we separated them on this particular one between ACH debits and ACH credits but here's something take notice of if we actually combine the volume that we solve for ACH debits and credits ACH would be a much higher number than it is represented on here so again keep in mind that fraudsters when they get start out the easiest way for them to commit fraud against your companies is with paper checks from a volume perspective the trend that we've been seeing lately it's wire transfer related fraud on the business email compromise so then the question that we get is so why do frost this target our commercial accounts pretty simple we say that's what a hot balance checking accounts are I'll tell it to you another way you know if you look at a personal account my account and compared to your company's account there's a big difference in fact there's a very big difference there not only that you know the commercial accounts have some tools that we don't have on the consumer side they're commercial accounts that have tools like wire transfer the ability to send ACH we don't normally have those type of tools on our consumer accounts as well now there's something else that fraudsters will target your accounts and for at your company and it's really related to the data think about the laptops that you have at your jobs you could very easily have lists of customers list the vendors their first name last name their address their social security number all that payment information routing transit number bank account number all of this type of information could be on your desktop or your laptop at any particular time we know that fraudsters know that information is very valuable because they are try to get it selling on the darknet or try and use it to take money from your clients account or your vendors account so that's why they are targeting commercial accounts as well as the information and data that you have in light of all this taking place here's what we all agree on education is definitely the key to combating everything that we're seeing so at your company there should be somebody who's asking questions like are you losing revenue to fraud are you keeping information private or your vendors legitimate that's very important nowadays or your internal controls strong enough somebody at your company should be asking questions like that to make sure that you're protected from becoming a victim of fraud so we start going to fill these schemes that we're seeing out there before I get to those games one of the things that we see a lot has to do with document protection and when we're talking about document protection we're really just saying that there needs to be a business wide process in place to protect the documents that are at your company I'll give you an example here at the bank every associate pretty much has to traverse opticals at their workstation there's one that's black there's one that's blue for the black one we use that to just throw away regular trash that could probably be recycle or something like that it doesn't have any sensitive information on it but there's also a blue receptacle that's the one that may have some sensitive customer information on it for the black receptacle the normal cleaning crew crew will come through and they'll empty that at the end of the day okay and they have their process but for that blue one we have a company that we partner with who comes in to empty those particular trash cans they have to make sure that whatever is in those trash cans is destroyed in the right way okay and make sure it's totally destroyed because it could have sensitive information on it my point is you should have a process in place at your company to make sure that any information and documentation that you discard that you're managing is taking care of in the right way all right so now let's kind of shift gears a little bit and get to some of the payment fraud schemes that we've seen out there there are several that we're going to cover the first one we're going to take a look at it's going to be bookkeeper fraud this particular one arises from whenever we see one person at the company who has a tremendous amount of control in other words that person may be able to send a payment from beginning to end they can initiate the payment approve the payment they can also release that payment to the bank so they can be processed and we normally call that bookkeeper fraud when that type of thing takes place in fact what we've seen is that when bookkeeper fraud takes place 85 percent of people who actually commit it were actually trusted employee at that company in other words it's somebody who's been at that company a long time almost like family particularly with a lot of the mid-size and smaller companies where they just don't have a whole lot of resources are there we've seen some of these folks who would create a bogus account and began paying themselves we've seen them open up an account that could be in a company's name similar to the company that they work for and when they receive those checks then for accounts receivables instead of depositing that checks on to their employers account they would deposit those checks into another account we've seen some of them who would actually change set up someone that's uh one of their vendors and so when the vendor payments go out they would intercept those checks and pay themselves so we've seen a lot of bookkeeper fraud that take place as well one example that we had there was a CPA firm who was actually doing the books for a company and set up an employee and they basically continued to play this false employee for years and years over five years they paid over two hundred and fifty thousand dollars to that employee before they were finally caught once they caught up with him they did prosecute them and that person is now doing prison time for that we've also seen some red flags out there we've seen that a lot of times when it takes place this person usually lives beyond their means and a lot of times it could be someone who's had financial difficulties for example it could be one where there are two incomes in the household and one person loses their job and all of a sudden you just have that one income or it could be a case where they had a medical condition and they just couldn't bounce back from the expenses that come along with medical conditions we've seen that they're usually pretty closely associated with their vendors and they have excessive control issues as well but there are also a couple good practices that we seem to help prevent bookkeeper fraud never sign blank checks you know the fact that we even have to say that means that we have a lot of folks out there who are just signing blank checks and leaving them in the office that we need to make sure that folks aren't signing blank checks establishing dual control is always important as well and making sure that employees are aware of whatever process is in place and that you actually test that process from time to time and implement an approval process for new vendors I know here at the bank you know there's always someone who's in charge of the relationship for a vendor and we have to complete report on those vendors sometimes two and three times a year but it needs to be someone at the company who's done that for you as well with that being said I'm gonna turn it over to Jeff to come and talk to us a little bit about what's going on from a corporate security perspective thank you Andy just so you guys know we're corporate security I'm going to go over about five or six slides on this but this is a treasury management's presentation and they do a great job many times we I don't say we joke we talk in corporate security that we're the backstop there are the ones that take care of this problem and try to prevent the problem before it becomes a problem after the ball has gotten past the catcher that's when corporate security steps in and we try to we try to fix the problem or mitigate it I also want to thank all you in the room and mark Mullins for the introduction it's football time and Alabama and when he mentioned I was from the University of Tennessee none of you giggled I appreciate that corporate security we have a hundred and twenty-one associates throughout our footprint we're in 35 different offices throughout our footprint as well sixty-four investigators and we cover we're wide range of group we got federal investigators we got federal prosecutors we got former local a
d state law enforcement so we've covered the gamut and many times we might not have the answer to help you with your problem but based on our background we might be able to find the person who cannot be with your problem we say that a lot of times the value we'll bring to a situation it's not what we know but it might be our rolodex of who we know and how we can help you as you can see three hundred ninety seven cases last year the net lost over ten thousand dollars one of the things that's not on the slide but we also do a pretty good job of trying to recover money for our clients in twenty thousand two thousand eighteen we recovered over three hundred and eighty seven thousand dollars for our clients so we try to be involved in not only what we do to arrest perpetrators and work with our law enforcement we also want to try to get the money back for you business email compromised mark talked about this earlier the staggering numbers that go along with business email compromise what is it pretty simple it's fraudster trying to get access to the person at a company who has control of the checkbook now they can do that through bogus emails coming in malicious software they put on your computer they can do it by phishing scams where they try to get you to click on something on an email they send to you any way that they can try to gain access to your funds and try to trick you into sending funds to them I came to corporate security five years ago my first week on the job I learned of a case that we had just occurred to us just happened a CEO of a company takes a mission trip over to China while he's there were assuming that he must have had his phone hacked or something but while he's there the CFO of the company gets an email says look I've got a deal here in China that I'm working on I need you to wire me sixty thousand dollars and he said I've got a contact a lawyer that I want you to reach out and talk to and he'll tell you the details of that so they reached out talk to the you read the CFO reached out to this lawyer talk to them and negotiate a deal for sixty thousand dollars being wired over that's a bad story unfortunately that's not the end of the story three days later the CFO got another email saying that's great the first part of the deal has been taken care of let's complete the deal now why are six hundred thousand dollars over and we'll take care of this the CFO did follow those instructions about seven days later the CEO comes home CFO asked him how the deal go and you can kind of figure out what the rest of the story was from there and as much as we in corporate security will try to help out in something like that and try to get that money back seven days later foreign country probably not getting it back and they didn't get it back in this situation again how do they get access you can read them up there a and I think most of you probably know but even with that being the case we're all still we feel like we're all aware but keep in mind we're all capable of clicking on that email or that web link we're not supposed to so be careful and try to have safeguards in place you can see in my slide all the different ways try to set up protocols for how you respond to emails but you don't click on try to have your information security people set up channels and ways that these types of emails don't get through but the last item on there is the key one that I want to bring up don't rely on email alone okay if you take nothing else away from this take that back to your companies don't rely on email because in my example that I gave in of the fraud that took place when the CEO went to China if a phone call could have been made or even just talking to someone else within the company and say look I just got this they could have gone to extra channels extra methods to try to take care of this problem so don't rely on email alone you'll see the other one right before that says use forward instead of reply I learned this myself not too long ago anybody know why you'd do that well the reason why it's because when you use forward then you're put then you type an email in there and it comes from your contact list then so you might think you're replying to someone that you know that's on your contact list but if you put forward and then it comes from your known context and you have a better chance of it not taking place and keep in mind we talk about business email compromised this can happen to individuals as well we've had numerous instances where people will be going to a real estate closing and they'll end up getting an email for what they think is the closing attorney saying please send the payment for your clothes to this email or to this account please wire it and it ends up going to the boats account they show up at the closing said I sent I wired the money like you asked and then they find out that it wasn't take it didn't happen that way ransomware corporate security really will not probably get involved in ransomware because it's something that'll happen outside of our realm but again I mentioned this to you and I want to talk to you a little bit about it because it's something that we're seeing more and more of and as Jeff said it's probably a lot more than what we realized because no one wants to raise their hand and say I've been a victim of ransomware what is ransomware that's when an fraudster gets access to your data or your system and says unless you pay me usually in Bitcoin I'm not going to release that to you and we're seeing it more and more it's interesting in the United States the data says that about 3% of US companies will pay the ransom but in a place like Canada the data says that 75% of the people will pay them they'll pay the ransomware I don't know what that says about us as a as a country or but many times I think we and you will see this or will see it historically you'll see this you probably would have been better off paying the ransomware and I'll use an example of the city of Atlanta in March of 2018 they got a ransomware attack were the the fraudster demanded payment of fifty one thousand dollars and they would unlock the city of rent city of Atlanta's data city of Atlanta decided not to pay that ransomware and they ended up paying over seventeen million dollars to try to get the data replaced and get their system back to where it was before the attack but it's something that we see quite a bit again more prevalent than what you probably realize and it's the it seems to be where a business email compromise is kind of the crime of the day if you will that ransomware starting to move into that realm a friend of mine told me said when I told him I was gonna talk a little bit about ransomware he said well tell them if they're using Yelp and it says and they're putting in the Yelp search engine a financial forensics examiner said it's too late or if you're putting into Google how to purchase bitcoin it's probably too late because that's what they're going to use for payment and this is gonna be Bitcoin and they're gonna be you're gonna be going to a forensic computer analysis to try to get your your computer fixed but again it's gonna be too late by that time how do they set it up it's really it's very similar how they'll set up ransomware to a business email compromise they're gonna try to affect your system they're gonna try to get in by anybody they can malware malicious emails again protect what's coming into your company and protect what you click on helpful practice practices regarding ransomware the most important is back up your data many times if you backup your data it doesn't matter that they can lock down your initial data because you've got a second copy that's the most important thing and again you'll see the other thing Oh remove unnecessary applications off your computer in your system many times you know as we know on our iPhones I'm using that as an example we'll download applications they'll stay on there forever you never use them anymore where companies do the same thing they have applications vendors that they're using but they don't remove them remove those cuz that's just another avenue where someone can get into your your corporations technology and next thing you know you're going through a ransomware okay so I wanted to spend a little bit of time just talking about cyber fraud we kind of hear this term a lot out there and and so I just want you to walk away having a better understanding about what's going on when we talk about this cyber fraud and a little bit understanding about that here's what here's what we know about that you know there's this malware and and we know they're viruses that get downloaded into your computers at your companies and sometimes your personal ones as well so the question that we we normally get is you know where is this malware coming from and who's creating it from what we've seen we see that this malware is created in parts of Russia we are also seeing that it's coming from some parts of China as well even more and more here lately and then what we know is that the people who design and build this malware they put it up for sale on the darknet shelf handle who else familiar with the darknet put it underground Internet I'm seeing about 10 to 15% of the people here I'm not sure what we're seeing out there the audience so I'll talk about it just a little bit when we were talking about the darknet you know you see that sentence on here that says Department Homeland Security FBI says that we're only really using about 10% of the Internet and that other 90% out there could potentially represent the darknet so think about it like this guys when when you we use our browsers chrome ie Firefox help me out what am I missing some of the other browsers that are out there it's only allowing you to search about 10% of the Internet that's out there that's because the producers of those browsers believe that the rest that the Internet is not safe is easy for you to pick up viruses and so forth and but that's also places where fraudsters and people go to sell Mara where and it can get on your computer really easy if you go there not only is that on that dark net place but for those sites out there that are selling viruses and malware they're also set a whole lot of other things that they were selling drugs they're selling guns they're silly so in hitmen whatever it is that you could think of a fraudsters needing is also for sale that's out there on the darknet and I'll tell you something else that's about it you know have a chance to hear some other folks speak a couple months back and so even though you know that people go out there and they hire hit men are you hear about a lot of times I might hire hit men but they were actually talking to an FBI agent or something like that what these guys are doing nowadays you just can't go to the darknet on day one and how our hit man you got to start out really small maybe you buy some credit card numbers or maybe you buy some drugs or something like that and they usually have a rating system kind of like they have on Amazon eBay where they say this buyer has a rating of 5 stars or whatever it is or this settled seller how's our rating of 4 stars but anyway as you're a rating go up then shopping on the darknet you're able to buy more and more dangerous types of things out there so there's a different world that's out there on the darknet you'll hear about that a lot of times that's where a lot of times that malware is for sale years ago folks who were buying things out there on the darknet they will use Bitcoin that's before a Bitcoin became as popular as it is now for those of you who follow Bitcoin pretty closely you know it's pretty close to impossible for knowing who the actual owner is of a share a Bitcoin that was one of the beauties of it you could actually go out and buy things and they wouldn't know who you were but they were doing a whole lot of that type of commerce on the darknet I'll say this as well you know a lot of people think that folks who are selling malware and things like that it's usually maybe some kids and a basement of things like that but here's what we've seen these guys are very sophisticated in some cases we know that if you are a froster and you've bought a virus and you can't get it to work right there is an 800 well don't know if it's an 800 number but there's a number you can call and they'll actually assist you to get your virus to work right the point is they're very sophisticated not like a lot of us think so that's that dark net that dark web that's out there as well so we know is that that we know it's prevalent we know it takes place a whole lot then the next question should be for these fraudsters who've gotten their hands on to this malware how is it that they get it onto our computers or onto the computers of our corporations from what we've seen they're using a lot of the tactics like spear fishing and fishing a lot of you guys have heard about those type of attacks that take place we know they also use some of those rotating banner ass they called malvert Eisen which is kind of like a combination of malware and advertising you'll see those paths always recommend that people do not click on it and those paths that you'll see on some of those sites if there's an ad and it has a product that you are really interested in I recommend you go to your address bar type in the address that goes directly to that company and then try and search for that particular product but do not click on those ads that you see out there keep in mind they're just basically trying to get you to click on some of those so they can get the malware onto your computer also what we've seen I know I was talking to someone earlier we were talking about emails that they've gotten we've had some clouds we've gotten emails that seem like they came from the IRS it could be an email that say we have not received your quarterly tax payment please click on the link below to get information about the payment we have not received and the potential penalty so you'll have a person who's really concerned now the sudden they already click on that link we've seen some other clients who've received emails that look like they came from UPS we have a package that if you don't claim it it's going to be returned in 24 hours click on this link to get more information about this particular package again they're trying to get you to click on that particular link not only have we seen them in emails that are going to corporations like yours we've also seen them on social media as well you know in your inbox or direct messenger DM as they call it where folks would hack into your friends account and they'll send you these pictures and videos and all those types of things my favorite ones too one where they sent to people and say hey here's some pictures from the party last night you know if you like me you probably know about the party deftly didn't get divided to the party but uh you want to see the pictures from the party last night right everybody wants to see pictures from the party last night so we've seen these fraudsters get really clever about trying to get people to click on those types of things and get that viruses downloaded into their system so just be real vigil about those things even on social network be about what you click on you know fraudsters but they know how to play our emotions guys they know what to do they know what they say they know what kind of things that really gets our attention so we know that that's how they try and get that software and malware downloaded to our computers so right here let's just assume that somebody at your company has received one of these emails and they've actually clicked on one of those links okay so we used to get this question so what happens how does that process look so I'm gonna try and take you through a little bit of that so assume that you're the client and and then there's an email that comes through we see a big sign there and attacked to that is a link in there when they click on that the rootkit begins to install it's a rootkit because it's not a whole lot of code it could be on a picture of video in it it immediately begins downloaded into your sub directories and your computer a lot of
ime unbeknownst to you and once it there it actually sends the message back to the control server and say hey I'm here someone has clicked on the link in the email that you sent go ahead and download the rest of the code for the virus okay and so now this root kiss began to build out in where the virus is begins to receive the rest of the code so they can do some things there as well many times we've seen that when that virus is downloaded to your computer at your company there's usually like icon that's in your cradle that will make it seem like your system is protected but we know that sometimes those viruses can actually disable that little icon so it looks like you're protected but you really are not mean while you're still sitting there working is downloading onto your system we've seen some cases where a very popular one is to call a keylogging software so the way that particular one works is basically it basically measures and monitors all of the keys that you type in and sends it back to the froster so think about this guy so if you go to the address bar and you type in wwa BC bank.com that information is going back to the froster so Keylong it's logging all your keystrokes in real time you tap down and you type in your username it goes to the froster tap down type in your password it goes to the froster as well so in pretty much real-time a froster who's marketing what's going on you can see that hey that guy who clicked on the link the keylogging software is doing what it's supposed to do he just went to a bank site here's the information that he used to log in he knows this in just about real-time and what he can do if he's able he can actually go through that same site and use your credentials and log on ass you now a lot of times you know banks I know that we have and some others have as well try to use some things that make sure that you have dual authentication or at least multi-factor authentication so that not only do you need your username and password but you have to use another device to confirm that you are who you are when you're logging on so that you can try and get around cases like that but we know that that takes place but if you're not being vigilant and the froster is able to get control of your account a couple things you need to keep in mind that fraudsters gonna be able to use any rights and privileges that are assigned to you so think back to that example where I talked about bookkeeper fraud that one person who has the ability to send a wire approval wire and release a wire if he gets into your system using your credentials and you have all those rights assigned to you that froster can do all of those things same thing with ACH back when we talked about dual control we're talking about having more than one person - all those have at least two or three in those three steps that I just talked about then once they're get in they try to move money that's the big thing they try to do and they try and move those funds to the account that belongs to the money Moo show of hand who's familiar with their money meal one here okay so that means we got to talk about it so money news are are these people who actually take part in that process of stealing money from your company's account to get into the accounts belonging to the froster sometime is they are aware of it sometimes they may not be aware and so these are also guys who kind of respond to some of these asks that you may see on some of these sites like monster.com Careerbuilder and I know there are some legitimate jobs out there at Wells but we don't we also know that Frost us use these sites too and there'll be those ass that say hey you know make twenty thousand dollars a week from your home doing nothing and you have this person who says yes that's the job I pray for and so they would get those jobs the froster we basically contact them and say hey I'm gonna have some money sent to your account you keep 5,000 of its and the rest of it to this account in China of where it is and now that money is out of the country these are the money Muse now the peculiar thing about the money move and and Jeff can speak to this better than I can is you know by the time we start doing an investigation to figure out the money left your business account it goes to the money meal then it's gone to China or someplace like that they start to interview the money me you they asked him hey you know why did she participate in this fraudulent scheme do you know what you were doing they say no you know I just got this job and I love it do you know what you were doing you know and they have to figure out that this person will fully participate in a scheme or for someone who's just gullible you know so they could press charges and so forth but those are the my name you so let's make sure we know who those people are in terms of some helpful practices to avoid some of these schemes dual-control you know I mentioned a couple of times but let's make sure we understand what I'm talking about that when we're talking about that payment process that takes place at every company in here we know that there are usually three steps there's someone who's going to initiate that payment that's where they're going to enter the first name last name routing them account number if we were just there paying or if it's a vendor we know that someone has to approve it and we know that someone has to release it to the bank releasing it to the banks and hey Regents or ACH or ABC bank we want you to take this payment request and process it sent a wire or a CH or whoever it is dual-control says instead of having one person in charge of all three of those steps maybe have two or three if you can one person to initiate it a separate person to approve it and a third person if possible to release it or use that first person as long as there's more than just one that can apply for wires and ACH daily reconcilement that's important you know if there are some checks that poster your account last night and you log on that next morning and you don't recognize those accounts those checks the best thing you can do is let the bank know as soon as possible because the sooner no the better position that we are and to help prevent a loss from taking place okay so David reconcilement is critical somebody at your company know what transactions are taking place against your account a secure environment we've seen some clients who find it important to just have one computer that's used for initiating payments here at the bank you know for example web surfing you know there are a lot of sites that we cannot go to as employees many times if you go to a site that you're not supposed to go to you'll see this big green hand and you know the first time you'll see the green hand but there's some language on a neat that that says you know if you really need to get here to this site let us know but at the end of it says you know subject determination and anytime you see that you start hitting escape immediately so the point is you need to have something in place you don't have to have a green hand but you need to have something in place user strong passwords we always recommend eight digit password after numeric that are changed at least every 60 days do not use birthdays in a pet names a quick quiz for everybody and for some of you I know who know the answers to this because you've heard me ask before please don't answer but uh what do you think's - the number one use password that's out there today password yeah okay what's number two one two three four we on a row number three ABC it was that it was close it's QWERTY those keys at the top level on your keyboard those are the top three password that are being used here's the thing about that we know that now the frost us also know that so when you use passwords make sure you aren't using any of those any passwords that are easy to guess here's the other thing that Frost us know about us they know that we use the same password over and over again so earlier when I talked about that data breaches that took place that places like Facebook and Google and Marriott hotels in a variable to get passwords and there are somehow able to find out from Facebook that I am the Accounts Payable manager at BC company and they know that we have a tendency to use the same password over and over again there are algorithms out there once they have your email address and it's easy to get that any time you sign up for some of these conferences and you give me your email address and you know they can get that information online there are algorithms that can just ping different companies website and assume that this person who uses password for their password at Facebook may also use password for their password at work to try and get into their systems so let's not use easy passwords as well and then of course making sure that we don't click on links when we see those a little bit on check fraud the only thing I want to call out here is that if what we've seen a lot of losses take place are around alterations and counterfeits so when we're talking about alterations we're talking about a check that was written $400 and someone changes it to a thousand or that check was made payable to Randy will born and someone changes it to Randy will born or a John Doe in terms of counterfeit checks where we've seen losses there too we're talking about people who are just basically creating a check that looks just like a check that your company would issue you know if you think about it if you were still paying people with check when you hand that check to the pizza guy or whoever it is you're giving them an idea of what your check stock looks like you're giving them your account number you're giving them your router and transit number you're giving them an idea of what the signature looks like on that check - so right now it's kind of easy to go down to Office Depot or some of those places and buy a color printer - color printer or even order a check stock online you can avoid anything online nowadays and recreate a check that looks like it comes from your company so when we saw that chart at the very beginning that said check fraud in terms of volume was higher than any of those other payment methods that's one of the reasons why it's really easy to do and these are two other reasons why it take place show of hands who knows what positive pay is oh good I'm so happy we saw a lot of hands in here just quickly I won't go through all these but you know the end of the day positive pay is doing nothing more than come hearing the payee name the dollar amount that you say and also the check serial number clients tell us those information we compare them if they're different we'll tell them hey there's an exception but positive pay is one of the best tools that you use in the industry to help prevent check fraud like I just talked about a couple helpful practices that we talked about converting paper to electronic in other words instead of paying someone with a paper check we recommend using ACH when you can securely storing those checks not leaving them on an open desk using stop payments when you have to use in services like piles to pay for checks and for ACH as well and also employee education you know it's important to have people like you here to hear about some of the things that we're seeing but it's even more important to have some of the folks who are at your job who play an important role in this process every day to know about the fraudulent techniques that are taking place out there too a little bit on an electronic payment fraud we kind of talked about the wire piece already when Jeff talked about business email compromised but that piece I wanted to call out here was around ACH fraud and we're really talking about unauthorized devis against your account you know guys keep in mind that when it comes to ACH you the two critical pieces are really the account number and their routing transit number where you find that information that's right on the cheque that information is on the cheque that is the critical information for ACH transactions and a lot of people have that information so make sure you have something in place to make sure that you're not gonna put yourself in a position to become a victim electronic payment frauds help for practices using solutions like debit blocks and filters using separate accounts for deposit versus disbursements ACH posit pay is a good one as well you know on this other side you see the ones about using dedicated pcs you know for some of the smaller companies that may make sense but we we understand that some of the bigger companies that's not always easy to do we always talk about dual control always have to really reiterate that one as well now in terms of electronic payment like the ACH I don't the rise Davis I talked about most of your banks are going to have us Alou that allows you to know what debtors hid your account so that you can review those and let them know if they're some of those are fraudulent we have those types of solutions I know many other banks do as well and then here at the end we have a lot of clients who would say well now that we've covered a whole lot of information here what do I need to do and so I kind of put together this checklist so that you can take it back with you and basically go through this and get with a group of people at your companies and just ask yourself some of these questions about your company if it's not already taking place you know do you sign blank checks do you restrict employees to accounting systems do you click on links and suspicious emails do you use positive pay all of these types of questions are designed to help you think through that process to see if you're really prepared to not become a victim of something fraud schemes that we are see out there we've covered a whole lot of information pretty quickly here I want to try and save some time for some questions we do have one question every time there is fraud does it mean that I have malware on my machine in other words can i still be a b ec victim if my system is clean okay I'll take it so obviously you can because many times it can be done through social engineering they could be someone calling in and gaining the trust of the employee it doesn't have to be something on the through the internet or through an email that is the most common but it doesn't have to be know right and Jeff the only thing I'll add to that under the business email compromise umbrella you know we're starting to see more and more at least here about more and more of these companies who have employees who do not receive their checks on pay day so in other words it's been a case where someone else has somehow gotten a hold of their information contact their HR department and basically said I want to change or I've changed banks that I'm you know getting my pay on could you please begin sending my future payments to this new bank account number and routing transit memory not only are we seeing them using other banks we're also seeing them in some case using gift cards if you will to receive that in fact about 65% of the folks who were saying they were victims of the business email compromise on the consumer side has said that gift cars had been used in a lot of those cases but yeah Jeff is absolutely right just because they have that on their computer does not mean that that's the case let me remind everyone if you have a question text of that question to TM product at two two three three three I think Randy covered that in the housekeeping another question Randy we have is you talked about positive pay but can you share any insight in terms of how new technology may impact how positive pay works sure positive pay has been around for a while you know I had a slide up that showed there's several different flavors that that we have and each one of those flavors have kind of evolved Jeff based on customers need you know when a more recent one was the one that we call no cheque positive pay because there were clients who basically said we had accounts that we don't write checks on but if there's a fraudulent check or a counterfeit check that hits this account we just want you to turn it and that actually came from group
like this and that was called out no check positive pay but what we were starting to see is that because of Technology some clients may not always want to send us what's called a check issue file which is something that's critical so that we know what checks are being issued so that we can do that comparison I talked about a little while ago where I say we compared the check serial number the dollar amount and the painting there are some clients who don't want to do that so we've seen some things such as some of them will use like a QR code on the front of their checks and so instead of printing the mickr information at the bottom that has the account number the routing transit number that I referenced a little while ago that information would be in that QR code so the client will know what's on that check in the bank of the receiving institution would be able to read and interpret that QR code so if you give that check to the pizza guy I'm not picking on Pizza guys here but if you give that check to the pizza guy whoever it is they won't be able to look at it with their eyes and know what your account number is I know what that routing transit number is on that particular check or to originate that unauthorized ACH debit against your account like I talked about a little while ago my point is that's one example of what we're starting to see become popular out there on the market and product development we're always looking for to see you know what's going to be some good technology that we can use so to be easier for the customers to do business with us and it used the product so that they won't become victims of fraud that's a great question another question is for Jeff Jeff what read when regions clients have been victimized what are some of the most important things that they need to do first first thing they do is get in touch with their their bank representative if they can go to a branch talk to the branch manager or someone who can look into their account and then make the call to us so the corporate security can get involved is that the I think that's the answer they're looking for I think the first one is the - one of the the tools that we put in place is to call our to call our client services group first and make sure that that they are able to to log that case and get the process started and once they get to us then we can take the ball and run with it it will make the contacts will help them if they have to complete an affidavit with law enforcement whatever we can do to help out to try to get the judicial process taken care of and the investigation started not only by us but by the local law enforcement run another question Randy is how does the ACH positive pay work question in fact so think about when I talked about positive pay we talked about the three things that we compared to make sure none have been changed but it's a little bit different with the ACH deposit pay again that's the industry type product that helps client B not have losses related to unauthorized debits against their account through ACH basically the way that one works is your bank or in this case regions would send you a listing of all the debits through email that posted to your account that previous night and then the client would have a chance to look at all of those debits and they would say hey these are ones that are legitimate but here's one that is not legitimate and we were returning it back to the bank in other words say to the bank hey this is not a legitimate debit please return to keep in mind the bank you know we've got 24 hours we've got some regular some federal regulations that we have to abide by and so the sooner that the client can let us know that it is an unauthorized debit then we can return it to the bank of first deposit and they would have to receive it Jeff most of the solutions that I've seen out that the market they're pretty flexible in terms of ACH positive pay the first question costs may ask is I do not want to receive a notification about all the ACH debit step posted to my account I only want to see the ones that are above five thousand dollars or twenty thousand dollars whatever the number is or we've seen some cases where they say this particular vendor is only allowed to debit my account once a month so if they debit my account twice I want to receive an alert about that one so I will know to receive it but over the years we've seen that that become more and more popular even growing faster than the paper positive pay because we know that the criminals are pretty swiftly when it comes to using ACH network they're trying to originate on authorize ACH debit so you talked a little bit about dual control can you explain a little about how that process works for for our Treasury and the way that that those permissions can be established within our Treasury sure and I'll talk about at a high level you know in MO cases you know with our Treasury and it may be similar other banks too for a new customer you know all of the rights may be given to what we call an admin and in that particular case the admin is responsible for assigning rights to other people at their company who would have the ability to originate a liar and ACH file but of course again with dual control like I mentioned earlier if that man is going to assign somebody responsibility for originating the wire you know we always recommend that that one person can't complete that entire task because if their credentials are compromised and you've assigned this one person the ability to send a wire transfer from beginning to end then of course the froster would compromise that person log on if they - whatever that application is and they'll be able to complete that particular task you know fortunately you know several years ago we moved to an out-of-band authentication process and most other banks there - every now and then I run into a bank who who still use tokens who are remembering tokens with this six digit yeah so we know that those are still used as well but fortunately moved to out of an indication that makes sure that if there's a person who that's their business in a wire ACH they have to provide some up indication outside of just entering their username and their password speaking of passwords people of course nowadays have so many different systems that they log into any suggestions about how to maintain this litany of passwords and then the any way to manage that yeah that's a great question I wish I have a great answer but I'll tell you what I can't say here's what we've seen we've seen some clients who did a really good job with passwords and so a little while ago I talked about using eight digit after numeric numbers and all that kind of stuff and they'd have all these passwords and they write I'm gonna put them on a spreadsheet and they'll put a lock it with the password you know some code or whatever it is to lock that Excel spreadsheet then they'll print that spreadsheet and lay it right on the desk right and and it has anybody doing that anybody none so we've seen that but Jeff what we've seen a work really well lately has been a lot of apps out there that we've heard folks have really good experience with and a lot of times those apps can't be accessing using the retina or your fingerprints and things like that so you can actually get into the phone or get into the application before they can get to that list of passwords I don't have any that I would recommend I recommend anybody do some good research on that but that seems test worked pretty well from what I've seen and I hope that kind of ask you a question but yeah that's a really good question because people have so many passwords that we're trying to keep up with the question that we also get along that ones they say hey do you trust when your computer says do you want me to store this past that you've just created you know I'm just not a big fan of that you know use the Alpha try to memorize it don't use the spreadsheet but use something else on those so so Jeff maybe a better answer a person answer this question if I pay the ransom relative to ransomware what guarantee do I have that they will release my data that's a great question and I should have mentioned this in my presentation before you pay that ransom you need to make sure that you are in communication with the person that's making the demand and make sure you are 100 percent sure that they can release that information release that data and there are ways that they can say here's an example of how I can get the data back to you but you do need to verify that they are going to give you that that what they are providing you will unlock the data no that's a great question can you explain Randy a kind of the difference between the relationship between malware and business email compromise that that while they are connected you can still be a victim of business email compromised without having malware on your on your computer sure I'll definitely try the magic with business email compromise isn't always so much about putting malware on your computer but it's actually acting on our human instincts and so in some cases we've seen where with business email compromised where a froster could for example hack into the email system of your vendor and send email to you at your company so I'm at least your company and say hey we have a new banking relationship our future payments need to come to this Bank a routing transit number and dis account now keep in mind even in that particular case you're the customer malware it's not on your computer it may be on the computers of your vendors but they're acting on acting on our human tendencies by sending an email to you and you react to it now to add on to that little bit you have a lot of people became really aware what was going on and so what we saw the froster start doing in those cases where they actually hacked into an email application that could be owned by our vendor we've seen them actually monitor email traffic between your company and one of your vendor for weeks and months in some cases before they would actually interject themselves into the conversation so think about this if you're talking to one of your vendors and you know you say hey we're gonna send the payment soon for the inventory that we bought we've got a game this weekend I hope your team wins how are the kids all those types of things and that's fine a couple three weeks go by and you've had this type of conversation back and forth with somebody that this vendor company that you work with for a long time and then the vendor sends an email to you saying hey by the way we have a new banking relationship here's the new payment information and by the way I saw the game last week y'all did really good this sounds just like somebody that you talked to you know really well on a regular basis through email and they say here's my new banking information so you go ahead and you change that information without even question it without picking up the phone to call them or checking the email like Jeff was just talking about earlier he would do that with all that being said that was the cases where you as a client don't necessarily have malware on your computer or on your servers but you have a fraudster who is smart enough to play on our human tendencies and they can figure out a way to get you to begin sending money to their account in the future and let me just say this I know we're wrapping up from what we've seen a lot of times when that takes place the client may not realize that they've been sending money to the wrong account until 60 or 90 days pass so think about that so you sent you've been sending here but you made that your payment changes okay and it's 30 days and then it goes 60 days and this friendly vendor that I was just talking about says well there you always pay on time that's been 60 days I'll give him another week or two then you know 80 days go by and you call him up your vendor cause you say hey we didn't receive that payment for the inventory that we bought three months ago and he said sure I did we sent it to you just like we always did in fact we sent it to that new bank that you're banking with and at that point they realized that they'd been sending that money to the vendor at least to a defroster and they start getting into a big rush you know I want to get all the other guys in ball to try and track that money down but who knows that money could be in China or Russia somewhere that time but again about 60 to 90 days before they realize it and the scary part is those guys could actually watch that communication that's email traffic that's taking place before they can inject themselves into the conversation so any other questions from the audience that that we want to try to take today well let me thank you my name is Jeff Taylor let me thank you so much for your for your time today for you investing your time in this threat we have a lot of opportunity that that is available to you on our vanity page called Regis comm slash stop fraud if you want to go to that page look at the videos that we have there look at the information that that we have available to you that you can share within your groups and with your the folks in your company education and awareness is the most important thing by you being here today you've taken that first step toward creating a ripple effect of Education amongst the folks in your organization so thank you again so much for being here if you have any questions please direct those to your local treasury management officer or let us know and we're happy to help and do anything we can to help you yes ma'am I'm sorry sure any suggestions on how to verify the legitimacy of a vendor other than utilizing the IRS is Tim matching system you mentioned that is one of the precautions for prevention yeah well from the legitimacy of the vendor I mean I think that's a good way you know I think I think what I think I think the best thing that that I've seen taking place is again just have a good program in place for that you know meeting with the particulars of new vendors meeting with them in some cases face-to-face doing all the normal due diligence that you would do on a vendor making sure that there is making sure making sure that there is somebody who is responsible for managing that particular vendor relationship making sure that that vendors relationship is evaluated at least annually based on the spin that you had with that vendor it may need to take place on a quarterly basis we know that things happen to different companies you know their finances could get in a negative position we know that management and leadership could change a lot of types of things that may point that fact that you may not want to do business with that vendor again or it may point to the fact that they do could be done some fraudulent things so not only creating the relationship with them but the ongoing monitoring of that vendor is very critical you're welcome thank you again for being here have a great rest of your day
