Auditing Wire Transfers and ACH Transactions - FMS · PDF fileAuditing Wire Transfers and ACH Transactions Tuesday, June 18, ... 800-ASK-4FMS. Today’s Agenda ... used stolen usernames

Auditing Wire Transfersand ACH Transactions

Tuesday, June 18, 2013 10:15 AM – 11:15 AM

Presented by:

John David McLeod, CPA, CISA, CITPManagerMcNair, McLemore, Middlebrooks & Co., LLC389 Mulberry St., Macon, GA 31202

Phone: (478) 330-5210Email: [email protected]

www.fmsinc.org | 800-ASK-4FMS

Presented by:

John David McLeod, CPA, CISA, CITPManagerMcNair, McLemore, Middlebrooks & Co., LLC389 Mulberry St., Macon, GA 31202


Today’s Agenda• FFIEC guidance

• Recent statistics on account takeover

• How account takeover works & examples

• Recent court cases

• Internal controls


• FFIEC guidance

• Recent statistics on account takeover

• How account takeover works & examples

• Recent court cases

• Internal controls

slide 2

FFIEC Guidance• Stated institutions should rely on “layered”

security approaches.

• Stated not all transactions have the same risk.

• Specifically required institutions to implementsolutions to (at a minimum):– Detect and respond to suspicious activity– Have better control of administrative functions


• Stated institutions should rely on “layered”security approaches.

• Stated not all transactions have the same risk.

• Specifically required institutions to implementsolutions to (at a minimum):– Detect and respond to suspicious activity– Have better control of administrative functions

slide 3

Recent Password Hacks

• Living Social - April 26, 2013 - 50 million customersincluding email addresses, passwords and DOB

• Yahoo - July 2012 - 400,000 accounts

• LinkedIn - June 2012 - 6 million accounts

• Zappos (online shoe store) January 2012 - 24 millionaccounts exposed, including passwords

• Dropbox - July 2012 - used stolen usernames & passwordsfrom other hacks to sign into accounts


• Living Social - April 26, 2013 - 50 million customersincluding email addresses, passwords and DOB

• Yahoo - July 2012 - 400,000 accounts

• LinkedIn - June 2012 - 6 million accounts

• Zappos (online shoe store) January 2012 - 24 millionaccounts exposed, including passwords

• Dropbox - July 2012 - used stolen usernames & passwordsfrom other hacks to sign into accounts

slide 4

Recent Password Hacks

• When you consider approximately 55% ofAmericans use the same login and passwordacross multiple platforms…


• When you consider approximately 55% ofAmericans use the same login and passwordacross multiple platforms…

Pass-word

slide 5

Examples of Layered Security

AnomalySoftware

Out-of-BandVerification

Out-of-WalletQuestions


Out-of-WalletQuestions

Login /Password

slide 6

Corporate Account Takeover

Corporate account takeover is a type ofbusiness identity theft in which a criminalentity steals a business’s valid online bankingcredentials.1

Usually results in a fraudulent wire/ACH.

1www.NACHA.org


Corporate account takeover is a type ofbusiness identity theft in which a criminalentity steals a business’s valid online bankingcredentials.1

Usually results in a fraudulent wire/ACH.

1www.NACHA.org

slide 7

What About Statistics?


slide 8

Monetary Losses to Fraud

55%22%

7%8% 8%


22%

< $100K $100K - $500K $500K - $2 million > $2 Million Not Sure

Source: 2012 Faces of Fraud Survey, ISMGslide 9

Non-Monetary Losses Due to Fraud

29%

37%

59%

No Loss

Reputation

Loss of Productivity


14%

26%

29%

Regulatory Scrutiny

Customer Accounts

No Loss

0% 10% 20% 30% 40% 50% 60% 70%Source: 2012 Faces of Fraud Survey, ISMG

slide 10

Origin of Breach Threats

30%

18%

7%5%

12%

Percent Most threats from Chinaare not monetarily driven.


28%18%

China Romania United States Bulgaria Russia Other

slide 11

Attack Techniques

32%

54%

72%

Social

Malware

Hacking


1%

9%

18%

Error

Physical

Misuse

0% 10% 20% 30% 40% 50% 60% 70% 80%

slide 12

70%

40%

50%

60%

70%

80%

% of ATO Where Funds Left the Institution


32%

12%9%

0%

10%

20%

30%

40%

2009 2010 2011 2012Source: 2012 FS-ISAC Survey (1/2 of 2012)

slide 13

More Statistics

65%

26%

9%

82%91%

14%9%4%

40%50%60%70%80%90%

100%


65%

No Monetary TransactionTransaction StoppedFunds Left Institution

82%91%

0%10%20%30%40%

2012 2011Wires ACH Other

Source: 2012 FS-ISAC Survey (1/2 of 2012)slide 14

Reasons for Decrease?

• Customer Education

• Temporarily shutting down affected online customeraccess

• Manual review of ACH/Wire transactions over a specificdollar amount

• Analysis of customer login patterns

• Interrogation of customer sessions to detect anomaloustraffic


• Customer Education

• Temporarily shutting down affected online customeraccess

• Manual review of ACH/Wire transactions over a specificdollar amount

• Analysis of customer login patterns

• Interrogation of customer sessions to detect anomaloustraffic

slide 15

How Does ATO Work?• Thieves mimic an institution’s website

• Malware or viruses are installed oncustomers’ computers

• Social engineering attacks to gain logincredentials


• Thieves mimic an institution’s website

• Malware or viruses are installed oncustomers’ computers

• Social engineering attacks to gain logincredentials

slide 16

How Does ATO Work?• Malicious document attached to an email

• Links within an email to an infected website

• Employees visiting legitimate websites anddownloading infected/malicious files

• Introduction of other devices (flash drives)


• Malicious document attached to an email

• Links within an email to an infected website

• Employees visiting legitimate websites anddownloading infected/malicious files

• Introduction of other devices (flash drives)

slide 17

Who Are The Players?• Organized Criminals – often overseas

• Commercial Customers – usually a smallbusiness

• Financial Institutions

• Money Mules


• Organized Criminals – often overseas

• Commercial Customers – usually a smallbusiness

• Financial Institutions

• Money Mules

slide 18

The Criminals…where they shop


slide 19

What is a Money Mule?• Someone who moves stolen funds from one

account to another.• Recruited via email/phone/online• Often out-of-work

– Scammer will say “we found you oncareerbuilder.com” or some other job search site

• Offer “work from home” jobs with no priorexperience


• Someone who moves stolen funds from oneaccount to another.

• Recruited via email/phone/online• Often out-of-work

– Scammer will say “we found you oncareerbuilder.com” or some other job search site

• Offer “work from home” jobs with no priorexperience

slide 20

What is a Money Mule?• Money mules receive the funds in their bank

account.– The money mule then forwards the funds to

another account, usually overseas.• They keep a small portion of the funds as

payment.– Most money mules only receive about $5K-$10K

to transfer, so their fee is rather small.


• Money mules receive the funds in their bankaccount.– The money mule then forwards the funds to

another account, usually overseas.• They keep a small portion of the funds as

payment.– Most money mules only receive about $5K-$10K

to transfer, so their fee is rather small.

slide 21

How Does It WorkThief

recruitsmoney mule

Thief hackscustomeraccount

Money muleredirects

funds


Thief hackscustomeraccount

Thiefsubmits

wire/ACH

Institutionprocesseswire/ACH

Money muleredirects

funds

Customerrealizes

theft

slide 22

Example #1 - Details• When - January 2013

• Institution - $1 billion community bank

• Customer - small business

• How - thief hacked customer email


• When - January 2013

• Institution - $1 billion community bank


• How - thief hacked customer email

slide 23

1. Thiefhacks

companyemail

2. Emailsbank

requestingacct.

information

3. Bankemails thief5 acct #’s

w/balances

4. Thiefrequests$7K wiretransfer

5. Bankprocesses& sends

wire

Example #1 - Details


1. Thiefhacks

companyemail

2. Emailsbank

requestingacct.

information

3. Bankemails thief5 acct #’s

w/balances

4. Thiefrequests$7K wiretransfer

5. Bankprocesses& sends

wire

slide 24

Example #1 - Result• Bank contacted customer after-the-fact and

learned request was fraudulent

• Contacted receiving institution and got a holdplaced on funds

• Bank ultimately recovered the $7K….after 3months


• Bank contacted customer after-the-fact andlearned request was fraudulent

• Contacted receiving institution and got a holdplaced on funds

• Bank ultimately recovered the $7K….after 3months

slide 25

• Bank didn’t follow its own procedure– Wire requests via email were not allowed by

institution policy

• Board more concerned with getting $7Kback than with the breach.

Example #1 –Lessons Learned


• Bank didn’t follow its own procedure– Wire requests via email were not allowed by

institution policy

• Board more concerned with getting $7Kback than with the breach.

slide 26

Example # 2 – Details• When – December 2012

• Institution - $375 million community bank

• Customer – municipality (pop. 15,000)

• How – type of man-in-the-middle attack


• When – December 2012


• Customer – municipality (pop. 15,000)

• How – type of man-in-the-middle attack

slide 27

Example # 2 – Details• City controller logged into online banking

website and received a denial page.• Thief on the other end now has login

credentials. Submits two ACH transactions($250K).

• Other city employee logs into online bankingand approves both ACHs.– After approving, went to talk with City controller.


• City controller logged into online bankingwebsite and received a denial page.

• Thief on the other end now has logincredentials. Submits two ACH transactions($250K).

• Other city employee logs into online bankingand approves both ACHs.– After approving, went to talk with City controller.

slide 28

Example # 2 – Details• City contacted the bank who did not process

the ACH - no loss.

• ISO for the bank visits city offices todetermine what happened.

• No firewall or anti-virus in use


• City contacted the bank who did not processthe ACH - no loss.

• ISO for the bank visits city offices todetermine what happened.

• No firewall or anti-virus in use

slide 29

• Bank needed to improve customer educationinitiatives

• Implemented call-back procedures on alltransactions for this customer account.

• 3 months later, still no firewall / anti-virus– City was “in negotiations” with a vendor

Example # 2 –Lessons Learned


• Bank needed to improve customer educationinitiatives

• Implemented call-back procedures on alltransactions for this customer account.

• 3 months later, still no firewall / anti-virus– City was “in negotiations” with a vendor

slide 30

Example # 3 – Details• When - January 2012



• How - fraudulent fax request


• When - January 2012



• How - fraudulent fax request

slide 31

Example # 3 – Details• Customer receives fax request from “Equifax”

– It really wasn’t Equifax

• Request was for updated credit referenceinformation, including bank references

• Customer supplied all data, including accountnumbers & faxed it back…with a signature


• Customer receives fax request from “Equifax”– It really wasn’t Equifax

• Request was for updated credit referenceinformation, including bank references

• Customer supplied all data, including accountnumbers & faxed it back…with a signature

slide 32

Example # 3 – Details• Bank receives wire request from “customer”

for a wire to Russia for $27,000.

• Bank checked signature on fax to signaturecard and processed the wire. No call-backprocedures were performed.

Customer had never wired to Russia before.


• Bank receives wire request from “customer”for a wire to Russia for $27,000.

• Bank checked signature on fax to signaturecard and processed the wire. No call-backprocedures were performed.

Customer had never wired to Russia before.

slide 33


• Good customer - bank took the $27,000 loss

• Small town - bank worried about reputation

• Going forward bank began performing anddocumenting call-backs on any wireoriginated other than “in-person”


• Good customer - bank took the $27,000 loss

• Small town - bank worried about reputation

• Going forward bank began performing anddocumenting call-backs on any wireoriginated other than “in-person”

slide 34

Example # 4 – Details(Same bank as in Example #3)

• When - June 2012 (6 months later)



• How - fraudulent ACH submission


(Same bank as in Example #3)

• When - June 2012 (6 months later)



• How - fraudulent ACH submission

slide 35

Example # 4 – Details• Customer controller gets email from “U.S.

Postal Service” telling of an undeliveredpackage.

• Clicks on a link and gets a variant of the ZeusTrojan virus installed on PC.

• Thieves successfully submit ACH payrollbatch for $317K.


• Customer controller gets email from “U.S.Postal Service” telling of an undeliveredpackage.

• Clicks on a link and gets a variant of the ZeusTrojan virus installed on PC.

• Thieves successfully submit ACH payrollbatch for $317K.

slide 36

Example # 4 – Results

• Bank customer was contacted by an ITsecurity blogger and informed that theiraccount was being taken over.

• Customer then contacted the bank which wasable to retrieve almost $260K.


• Bank customer was contacted by an ITsecurity blogger and informed that theiraccount was being taken over.

• Customer then contacted the bank which wasable to retrieve almost $260K.

slide 37

• Red Flags (per bank personnel)– Normal ACH for this customer was $200K.

– Fraudulent ACH was submitted in the afternoon -normal for this customer was in the morning.

– Customer was normally an ACH debit customer,but this was an ACH credit batch



• Red Flags (per bank personnel)– Normal ACH for this customer was $200K.

– Fraudulent ACH was submitted in the afternoon -normal for this customer was in the morning.

– Customer was normally an ACH debit customer,but this was an ACH credit batch

slide 38

• After two attacks in six months, the bank:Hired a law firm to re-write all online bankingagreements.Began performing and documenting call-backs on allwires other than “in-person” wires.Engaged a third-party software company to monitorthe ACH batches for unusual attributes.Hosted a lunch-and-learn for their businesscustomers concerning online security.



• After two attacks in six months, the bank:Hired a law firm to re-write all online bankingagreements.Began performing and documenting call-backs on allwires other than “in-person” wires.Engaged a third-party software company to monitorthe ACH batches for unusual attributes.Hosted a lunch-and-learn for their businesscustomers concerning online security.

slide 39

Who is The Weak Link?


CCUSTOMERUSTOMER

slide 40

Why The Weak Link?

Expertise• Lack trained IT professionals

Money

• Usually do not have the budget for the neededtechnology


Education• Users are not educated about the risks

Audit• Small businesses don’t have IT audits/regulations

slide 41

Recent Court CasesPATCO Construction

• Hacked into companynetwork/stole onlinebanking ID

• Series of wires and ACH• 3 year legal battle• Out of court settlement

(Dec. 2012)• Bank had to reimburse

customer for loss of$345,000

Choice Escrow, LLC• Hacked into company

network/stole onlinebanking ID

• Single wire transfer• 3 year legal battle• Judge’s decision (March

2013)• Customer had to bear

loss of $440,000.



• Series of wires and ACH• 3 year legal battle• Out of court settlement

(Dec. 2012)• Bank had to reimburse

customer for loss of$345,000


• Single wire transfer• 3 year legal battle• Judge’s decision (March

2013)• Customer had to bear

loss of $440,000.

slide 42

Choice Escrow, LLC

• “because the company is small, with only ahandful of staff, we didn’t choose to use thebank’s dual control settings for ACH and wiretransactions.”

(Choice Escrow’s manager of business development)


• “because the company is small, with only ahandful of staff, we didn’t choose to use thebank’s dual control settings for ACH and wiretransactions.”

(Choice Escrow’s manager of business development)

slide 43

InternalControlsInternalControls

RiskMitigationStrategiesfor the FI



CustomerEducationCustomerEducation



slide 44

• Common Wire Transfer Internal Controls:– Wire Transfer Policy– Dual Control– Rekey of Wire Dollar Amount– Transaction Limits– Customer Agreements– Security Procedures– Independent Reconciliation (Segregation of Duties)

– Internal Audit Coverage

InternalControls


• Common Wire Transfer Internal Controls:– Wire Transfer Policy– Dual Control– Rekey of Wire Dollar Amount– Transaction Limits– Customer Agreements– Security Procedures– Independent Reconciliation (Segregation of Duties)

– Internal Audit Coverage

slide 45

• Wire Transfer Policy– Approved by the board annually, or when there are

significant changes in the wire process, systems, etc.

– Should address the following:• Wire software used;• Types of wires (domestic vs. international, customer vs. non-customer);

• Use of security procedures & customer agreements;• Approval of an administrator; and• Wire limits.

InternalControls


• Wire Transfer Policy– Approved by the board annually, or when there are

significant changes in the wire process, systems, etc.

– Should address the following:• Wire software used;• Types of wires (domestic vs. international, customer vs. non-customer);

• Use of security procedures & customer agreements;• Approval of an administrator; and• Wire limits.

slide 46

• Dual Control– Usually controlled by the wire software.

– Be aware: on some systems you can disable dual control.

– Audit dual control by reviewing system parameters andhistory logs of previously initiated wires.

– Not an area of frequent examiner comments.

InternalControls


• Dual Control– Usually controlled by the wire software.

– Be aware: on some systems you can disable dual control.

– Audit dual control by reviewing system parameters andhistory logs of previously initiated wires.

– Not an area of frequent examiner comments.

slide 47

• Transaction Limits– The board of directors and/or senior management

regularly reviews and approves funds transfer limits.(source: FFIEC Wholesale Payment Systems booklet p. A-6, Examination Procedures)

– Usually reviewed annually when approving the wirepolicy.

– Review your insurance policy to ensure the limits you setdon’t violate the policy.

InternalControls


• Transaction Limits– The board of directors and/or senior management

regularly reviews and approves funds transfer limits.(source: FFIEC Wholesale Payment Systems booklet p. A-6, Examination Procedures)

– Usually reviewed annually when approving the wirepolicy.

– Review your insurance policy to ensure the limits you setdon’t violate the policy.

slide 48

• Customer Agreements– You need written agreements with your repeat wire

customers.

– Usually only see these when wires are initiated by phone,fax or email (not “in person” requests).

– Authoritative Sources• FFIEC Wholesale Payment Systems Booklet (p.A-4)

• Insurance Requirements• Uniform Commercial Code Article 4A (UCC 4A)

InternalControls


• Customer Agreements– You need written agreements with your repeat wire

customers.

– Usually only see these when wires are initiated by phone,fax or email (not “in person” requests).

– Authoritative Sources• FFIEC Wholesale Payment Systems Booklet (p.A-4)

• Insurance Requirements• Uniform Commercial Code Article 4A (UCC 4A)

slide 49

• Customer Agreements Should:– Describe the security procedures to be followed when

verifying the authenticity of a wire request.– Include waivers from the customer if they opt-out of

the security procedures. Get customer signature.– Establish cut-off times for receiving, transmitting,

amending and cancelling wire transfer requests.– Identify individuals authorized to request wire transfers.– Define the methods by which a wire transfer request

can be initiated (phone/fax/email).

InternalControls


• Customer Agreements Should:– Describe the security procedures to be followed when

verifying the authenticity of a wire request.– Include waivers from the customer if they opt-out of

the security procedures. Get customer signature.– Establish cut-off times for receiving, transmitting,

amending and cancelling wire transfer requests.– Identify individuals authorized to request wire transfers.– Define the methods by which a wire transfer request

can be initiated (phone/fax/email).

slide 50

• Security Procedures (as defined in UCC 4A-201)

– A procedure agreed to by the institution and the customerfor the purpose of verifying a wire request is authentic.

– “A security procedure may require the use of algorithmsor other codes, identifying words or numbers, encryption,call-back procedures, or similar security devices.Comparison of a signature on a payment order orcommunication with an authorized specimen signature ofthe customer is not by itself a security procedure.”

InternalControls


• Security Procedures (as defined in UCC 4A-201)

– A procedure agreed to by the institution and the customerfor the purpose of verifying a wire request is authentic.

– “A security procedure may require the use of algorithmsor other codes, identifying words or numbers, encryption,call-back procedures, or similar security devices.Comparison of a signature on a payment order orcommunication with an authorized specimen signature ofthe customer is not by itself a security procedure.”

slide 51

• Common Security Procedures

– PINs or Passwords (phone requests)– Call-back procedures (fax and email requests)

• Documentation– You should document performance of the security

procedure (include date, time, customer name,what was confirmed, etc.)

InternalControls


• Common Security Procedures

– PINs or Passwords (phone requests)– Call-back procedures (fax and email requests)

• Documentation– You should document performance of the security

procedure (include date, time, customer name,what was confirmed, etc.)

slide 52

Actual Bank Insurance Policy


slide 53

• Independent Reconciliation (Segregation of Duties)

– Wire administrator should not have wire create or verifycapability (limits should be set to $0).

– Due from account used for wire settlement should bereconciled by someone independent of wire operations.

• May be difficult in some institutions due to limited staff.

– Supervisors should review reconcilements of fundstransfer activity on a regular basis.

InternalControls


• Independent Reconciliation (Segregation of Duties)

– Wire administrator should not have wire create or verifycapability (limits should be set to $0).

– Due from account used for wire settlement should bereconciled by someone independent of wire operations.

• May be difficult in some institutions due to limited staff.

– Supervisors should review reconcilements of fundstransfer activity on a regular basis.

slide 54

• How to Combat the Internal Fraud Threat

– Perform background checks on employees in wire/ACHdepartments

– Review access levels regularly (job transfers, terminations)

– No temporary employees in wire/ACH operations– Employees subject to unannounced rotation of

responsibilities– Review of employee accounts (deposit and loans)

– Consider the role of relatives within the institution

InternalControls


• How to Combat the Internal Fraud Threat

– Perform background checks on employees in wire/ACHdepartments

– Review access levels regularly (job transfers, terminations)

– No temporary employees in wire/ACH operations– Employees subject to unannounced rotation of

responsibilities– Review of employee accounts (deposit and loans)

– Consider the role of relatives within the institution

slide 55

• Internal Audit Coverage – Who Performs It?

InternalControls

IT Auditors

Be sure you know whateach group is reviewing.

Be alert for overlap orredundant procedures.

Audit report shouldinclude the proceduresperformed.


State ACHOrganizations

InternalAuditors

Be alert for overlap orredundant procedures.

Consider expertiseof the auditor.

slide 56

• Internal Audit Coverage – What to Include?– Funds transfer requests

– Customer agreements

– Payment processing & accounting (reconciliations)

– Logical & physical security

– Contingency plans

– Segregation of duties

InternalControls

A thorough audit should includetesting samples of transfer

requests & customer agreements.

A thorough audit should includetesting samples of transfer

requests & customer agreements.


• Internal Audit Coverage – What to Include?– Funds transfer requests

– Customer agreements

– Payment processing & accounting (reconciliations)

– Logical & physical security

– Contingency plans

– Segregation of duties

slide 57

• Pre-Audit Checklist– Review status of findings from prior audits

– Review user access privileges & limits• Be alert for terminated or transferred employees• Ensure limits in the system agree to those approved

– If on FedLine, review audit logs on software

– Account for all customer agreements

– Review wire and ACH system parameters

InternalControls


• Pre-Audit Checklist– Review status of findings from prior audits

– Review user access privileges & limits• Be alert for terminated or transferred employees• Ensure limits in the system agree to those approved

– If on FedLine, review audit logs on software

– Account for all customer agreements

– Review wire and ACH system parameters

slide 58

Actual ACH Settings


slide 59

Actual Online Banking Settings


slide 60

• Customer Security Awareness

– What is your institution’s biggest challenge to fraudprevention?

• 68% - Lack of Customer Awareness1

– The customer is an extension of the institution’s security.

– Customer education is critical with today’s threats.

– Customers aren’t bankers or IT security professionals.

CustomerEducation


• Customer Security Awareness

– What is your institution’s biggest challenge to fraudprevention?

• 68% - Lack of Customer Awareness1

– The customer is an extension of the institution’s security.

– Customer education is critical with today’s threats.

– Customers aren’t bankers or IT security professionals.12012 Faces of Fraud Survey, ISMG

slide 61

• Customer Education Program Should Include:

– Explanation of protections provided and not provided.– Discussion of when the institution may contact a customer

and request electronic banking credentials.– A suggestion that online banking customers perform a

risk assessment and controls evaluation.– List of alternative risk control mechanisms.– List of institution contacts for customers with concerns

about suspicious account activity or other events.

CustomerEducation


• Customer Education Program Should Include:

– Explanation of protections provided and not provided.– Discussion of when the institution may contact a customer

and request electronic banking credentials.– A suggestion that online banking customers perform a

risk assessment and controls evaluation.– List of alternative risk control mechanisms.– List of institution contacts for customers with concerns

about suspicious account activity or other events.

slide 62

• Customer Education Opportunities:

– “Lunch and Learn” session with business customers andIT professionals.

– Some larger institutions are offering free anti-virussoftware for one year.

– Notes in statements or on online banking websiteregarding security.

– Newsletters / whitepapers in a “fraud resource center”• See https://www.bankofthewest.com/security-center-small-

business.html

CustomerEducation


• Customer Education Opportunities:

– “Lunch and Learn” session with business customers andIT professionals.

– Some larger institutions are offering free anti-virussoftware for one year.

– Notes in statements or on online banking websiteregarding security.

– Newsletters / whitepapers in a “fraud resource center”• See https://www.bankofthewest.com/security-center-small-

business.html

slide 63

Future Outlook / ThreatsMore

SophisticatedAttacks

Attacks onInstitutions

Directly


MobileDevices

slide 64

Questions?


Your companylogo here

John David McLeod, CPA, CISA, CITP

Manager


slide 65

Documents

Auditing Wire Transfers and ACH Transactions - FMS · PDF fileAuditing Wire Transfers and ACH Transactions Tuesday, June 18, ... 800-ASK-4FMS. Today’s Agenda ... used stolen usernames