Current Trends in Fraud Prevention

9/29/2013 #bbcon Current Trends in Fraud Prevention 1

Current Trends in Fraud Prevention

PRESENTED BY MELANIE MORTON


• Title: Manager of Blackbaud Forms

• My educational background is in

philosophy. I’ve worked as an

academic, a Wall Street research

analyst, and a help desk manager.

• Hobbies: Anything artistic. I love

making things –bookbinding,

limestone sculpture, really good

bread, or quilts. My ideal vacation is a

cross-country bike trip.

• Contact me:

[email protected]

MELANIE MORTON

Download this presentation

with the bbcon mobile app

or from the post-conference

landing page at

www.bbconference.com

http://www.bbconference.com/


• Background

• Types of Payments Fraud

• The Fraud Prevention Matrix

• Procedural Controls

• Your Bank’s Requirements

• Other Fraud Prevention Tools

• Recommendations

• Further Reading

AGENDA


This talk focuses on how to manage vulnerabilities and liabilities to

common forms of payment fraud

Primary sources:

2012 Payments Fraud Survey by The Federal Reserve Board of

Minneapolis. 246 respondents in the upper Midwest, including 92%

financial institutions

2012 Report to the Nations on Occupational Fraud and Abuse by the

Association of Certified Fraud Examiners (ACFE)

2013 AFP Payments Fraud and Control Survey, March 2013,

Association for Finance Professionals. Survey had 625 respondents

representing corporate practitioner members and non-members of

AFP with the following job titles: cash managers, analysts and

directors.

BACKGROUND


90% of respondents to the Federal Reserve Board’s latest

survey suffered dollar losses due to payments fraud

For non-FI respondents, check fraud accounted for 78% of

their dollar losses

In the AFP survey, checks accounted for 69% of the cases

with financial loss due to fraud

The median loss to an incident of payments fraud was

$20,300

FRAUD IS WIDESPREAD


Industry check-related losses amounted to an

estimated

$893 million in 2010

-- American Bankers Association

This figure doesn’t include losses to account holders,

who bear a much higher proportion of the liability for

check fraud losses.

THE COST OF FRAUD


“One of the simplest and most prevalent ways to

commit a financial crime, to steal money, is to commit

some form of check fraud.”

“While we may never know the full costs of check

fraud across the financial industry, some of the

available information shows impacts that are

staggering.”

James H. Freis, Jr.,

Director, Financial Crimes Enforcement Network

U.S. Department of the Treasury

SIMPLE, PREVALENT, & STAGGERING


Credit and Debit Card Fraud

ACH, Wire Transfer & Corporate Account Takeover

(CAT) Fraud

Check Fraud

The ACFE estimates most fraud takes 18 months to

uncover. Timely review is essential!

TYPES OF PAYMENT FRAUD


• Forged signatures or endorsements

• Altered checks – amounts, payee, MICR (to slow

down clearing process)

• Counterfeiting – fabricating or duplicating

• Holder in Due Course (HDIC) claims

CHECK FRAUD


Holder in Due Course (HDIC) claims are a powerful part of the Uniform

Commercial Code which privileges the needs of the banking system

over consumer protections. These claims create a special area of check

fraud vulnerability for account holders.

A Holder in Due Course is anyone who accepts a check for payment.

This is usually a bank, but it can also be a merchant or check cashing

business. If they cash a check in good faith that is not suspiciously

irregular, then they are entitled to be paid, even if it later turns out

that the check is fraudulent.

• HDIC claims are superior to all other contracts, including stop

payments and Positive Pay

• HDIC rights can be sold

PRIVILEGED FRAUD:

CHECKS & HDIC CLAIMS


Robert Triffin buys “dishonored checks” and uses HDIC claims to sue for

payment. Here are three cases tried in the Superior Court of New

Jersey.

HDIC beats Stop Payments

Triffin v. Cigna Insurance Company

A check issued by Cigna was falsely claimed to be lost. Cigna issued a

stop payment and provided a new check. The first check was then

cashed at Sun’s Market, who presented it for payment through its bank.

Cigna’s bank dishonored the check. Mr. Triffin acquired the check and

filed an HDIC claim more than two years after the check was

dishonored. The court ruled in favor of Mr. Triffin.

Fraud prevention:

• Print expiration on the front of the check and don’t issue replacement

checks until after the original has expired

HDIC CLAIMS IN ACTION


Plausible Fraudulent Checks are Valid

Triffin v. Somerset Valley Bank

Mr. Triffin bought $9K worth of counterfeit, forged checks returned to a

check cashing business marked “Stolen check – Do Not Present Again.”

The payroll checks in question matched both the stock and the

signature stamp used by the account holder.

Despite the fact that they were unauthorized, the fraudulent check

documents were deemed to be valid “negotiable instruments.” The

Court reasoned that in order to preclude liability from a holder in due

course claim, “it must be apparent on the face of the instrument that it is

fraudulent.” The court ruled in favor of Mr. Triffin.

SCARIER HDIC CLAIMS IN ACTION


High Security Checks Can Beat HDIC Claims

Triffin v. Pomerantz Staffing Services, LLC

Pomerantz Staffing used high security checks with a warning banner on

the front that stated “This Check Has Heat Sensitive Ink to Confirm

Authenticity.”

Someone made copies and cashed 18 checks worth $7,000 at Friendly

Check Cashing. Pomerantz’s bank returned the checks unpaid. Mr.

Triffin bought the checks and claimed HDIC status. Since Friendly had

the means to determine authenticity, the court ruled against Mr. Triffin.

Fraud prevention:

• Use preprinted, high security check stock with features that verify

authenticity to limit HDIC claims

DEFENDING AGAINST HDIC CLAIMS


THE FRAUD PREVENTION MATRIX


The best defense involves a combination of tactics

• Procedural controls

• Check fraud prevention

• Transaction screening

• Fraud protection services

THE FRAUD PREVENTION MATRIX


Reconcile both bank and card-related accounts daily

Segregate accounts by payment type and purpose to easier identify

exceptions & enable use of transaction filters & blocks

Report potential fraud occurrences to your bank in a timely manner

Offer Employee Support with documented procedures & training

Enforce security procedures with

Authentication/authorization controls in payment process such as

strong passwords & security token or key fob that generates one-

time-use passwords

Physical access controls to payment processing

PROCEDURAL CONTROLS 1


Enforce security procedures (cont’d)

Logical access controls to network and payment apps

Dedicated computer for financial institution transactions or

restrictions on staff use of Internet on your network

Transaction limits for payment disbursements & corporate card

purchases

Separate duties in payment process (submitting bills, approvals,

signing checks, and reconciliation)

Internal and external audits

Employee hotline to report potential fraud

Organizations with some form of hotline in place saw a much higher likelihood

that fraud would be detected by a tip (51%) than organizations without such a

hotline (35%).” - ACFE



Maintain authorized signers documentation with your bank

For checks:

Don’t leave blank spaces in the payment or payee areas

Print expiration on front of check

Keep secure – lock up check stock & signature stamps

Use Stop Payments & close the bank account if you discover a check with a

fraudulent payable amount

Report stolen checks to check verification companies such as Telecheck and

Certegy, so other businesses will refuse the stolen checks

The most commonly used techniques are not

necessarily the most effective



Small organizations

Had far fewer anti-fraud controls

Were victimized by fraud more frequently

Suffered disproportionately large median loss of

$147,000

FRAUD IN SMALLER ORGANIZATIONS


The most effective general controls are:

Planned and surprise internal audits

Employee support programs

Hotlines

These three were correlated with the greatest

decreases in financial losses

Organizations lacking these controls experienced

median fraud losses approximately 45% larger than

organizations with the controls in place

BEST CONTROLS


• External audits of financial statements — the most

commonly implemented control among the victim

organizations in the ACFE study — showed the least

impact

• Nothing

When asked to describe which weakness had led to

the fraud occurrences at victim organizations, “an

outright lack of controls” was the most frequently

cited factor

WORST CONTROLS


YOUR BANK’S REQUIREMENTS


Ordinary Care is a legal term that means the requirement to act

with the same watchfulness, attention, caution and prudence as

a reasonable person in the same circumstances. Failure to meet

this standard constitutes negligence.

Your bank legally gets to define ordinary care as it pertains to

your company and their security standards.

• Learn how your bank defines your firm’s responsibilities to

prevent fraud

• Be aware of the liability arrangements spelled out in your

banking agreement

• Review periodically for changes

YOUR BANK DEFINES “ORDINARY CARE”


FRAUD PREVENTION TOOLS


The Best Defense Is A Great Defense

FIGHT CHECK FRAUD


High security checks are better than regular checks because they are more

resistant to tampering and they make evidence of tampering more apparent.

They present more difficult and numerous technical challenges to the criminal.

Because of this, high security checks are your first line of defense against check

fraud. Added benefits:

• A strong defense means fewer challenges

• Protect from some HDIC claims when they include authentication features that

survive duplication

• Demonstrate “Ordinary Care”

HIGH SECURITY CHECKS


When we made the decision to offer High Security checks, we selected

the paper supplier who offered the fullest number and range of robust

security features. While our competitors typically offer only 10 to 16

security features, Blackbaud Forms offers much more.

Guardian Plus checks have 28 security features including Controlled

Paper Stock, Foil Hologram, Thermochromic Ink, True Watermark and

other state‐of‐the‐art security measures. This check is extremely

difficult to replicate or alter without leaving evidence. The holographic

foil provides 3 different security features and is extremely difficult to

scan or copy – proving authenticity that should survive the slackest

check cashing clerk.

Guardian checks have 25 security features, which include everything

but the holographic foil used for our Guardian Plus checks

NOT ALL HIGH SECURITY CHECKS ARE

THE SAME


“Positive pay, ACH filters and daily reconciliations are among the best

methods to identify exception items that may include fraudulent

transactions or errors.” -- AFP

Highly recommended and often required by your bank, these services

are your most powerful fraud prevention tool. But there are criticisms:

• 15% of the AFP survey respondents say that managing the payments

exceptions is time-consuming, as well as costly to research and to resolve

• Execution errors can cause the bank to reject valid checks or clear check

meant to be rejected

• Not bulletproof: HDIC claims take precedence over Positive Pay

• Can miss scams where additional payee names are added above or next to the

original name

• Since banks sell these services, some complain they are paying the bank to

reduce the bank’s own liability

TRANSACTION SCREENING SERVICES


Positive Pay & ACH Positive Pay - This bank service compares check numbers

(or transaction ids) and amounts without regard to payee against check run

reports supplied by you. If discrepancies exist, you are notified so you can

authorize or reject the payment.

Payee Verification/Payee Positive Pay - An enhancement to traditional Positive

Pay & ACH Positive Pay– this add-on service reports payee name exceptions

Reverse Positive Pay - A pared down version of Positive Pay, the account

holder reviews the list of checks presented for payment to self-identify

discrepancies

Post No Checks - prevents check debits from selected accounts dedicated to

electronic payments or depository

ACH Blocks - prevent all ACH credit and/or debit activity from posting to an

account and returns all those transactions to the originating bank

ACH Debit Filter - allows only authorized ACH transactions

TYPES OF TRANSACTION SCREENING

SERVICES


Thanks to HDIC claims and scams that manage to defeat transaction screening,

some vulnerability remains. Fraud protection services have emerged recently to

fill this gap or provide an alternative to the other prevention tools. The value,

scope & costs of these different plans vary widely.

If fraud gets through your defenses, you need expert help to deal with it

effectively. We like FraudArmor’s protection service for the scope & value of

services they provide. They work on your behalf to aggressively defend your

interests.

FraudArmor protection provides a remediation and recovery service for financial

and non-financial fraud affecting your checks and associated accounts, as well

as monitoring for identity theft, and more.

• Sold with a specific run of checks

• Provides coverage for 12 months from shipment date

• Costs 3¢ per check

• Not a form of insurance - FraudArmor does not reimburse for fraud

FRAUD PROTECTION SERVICES


FraudArmor responds to different types of fraud

• Forged, altered or counterfeit checks

• Credit or debit card fraud

• ACH fraud

• All other identity theft, including financial and non-financial fraud such

as employment fraud, medical fraud, Internet fraud, etc.

FraudArmor service includes:

• A number of professional services to assist in recovering from identity

fraud, including making claims to financial institutions and other

entities for reimbursement of funds lost due to fraud

• Free replacement checks

• FraudArmor logo printed on check for deterrence and to signify

eligibility

HOW IT WORKS


FraudArmor specialists are the most highly credentialed in the industry.

They have:

• FCRA/FACTA – Fair Credit Reporting Act /Fair and Accurate Credit Transactions Act

Certified allows them to work directly with credit bureau data

• CITRMS – Certified Identity Theft Risk Management Specialist by the Institute of

Consumer Financial Education

• Licensed Private Investigators – Equips the Fraud Specialist to better spot clues that

may lead to the identification and arrest of the perpetrator. The Fraud Specialist also

maintains a detailed case file which helps with the prosecution of the perpetrators.

• Members of AMCRIN’s CrimeDex – Provides access to a national database of criminal

information, including identity theft rings and scams, which is shared and regularly updated

among law enforcement

• Crisis Counseling Trained

• Limited Power of Attorney – Work with for the victim, utilizing a LPOA, to do most of the

legwork for the victim

SPECIALIST CREDENTIALS


BEST PRACTICES


• Implement strong internal controls which incorporate

your bank’s requirements

• Use high security check stock

• Limit risk with an appropriate mix of transaction

screening services

• Manage fraud claims effectively with FraudArmor

FRAUD PREVENTION BEST PRACTICES


Download this presentation through the

bbcon 2013 mobile app

or

visit www.bbconference.com to download

from the post-conference landing page

• Contact me:

[email protected]

THANK YOU!

http://www.bbconference.com/

Economy & Finance

Current Trends in Fraud Prevention