1 / 31

Protecting Money Movement: Cyber-Fraud Strategy

Learn how to bolster your cyber controls with fraud detection controls and implement a comprehensive fraud monitoring strategy to protect against bank heists and hacks.

stevenmiller
Download Presentation

Protecting Money Movement: Cyber-Fraud Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bank Heists and Hacks: Protecting Money Movement in a Cyber-Fraud Strategy Richard Tsai FLE-R03 Sr. Product Manager, Fraud & Authentication Management NICE Actimize

  2. WE STOP BAD PEOPLE FROM DOING BAD THINGS

  3. BY FINDING UNUSUAL BEHAVIOR EARLIER & FASTER

  4. Agenda Concerns raised by SWIFT attacks SWIFT security requirements Fraud: Bolstering a cyber plan … and more

  5. Agenda Educate + Learn = Apply • Identify whether you have fraud detection gaps in context of cyber plan • How to implement fraud monitoring • The role of fraud detection in SWIFT security requirements • What fraud detection should look for • Concerns raised by SWIFT attacks • Bolster your cyber controls by with fraud detection controls

  6. Please Read The font for this presentation is Calibri Light. If you do not have this font, it is acceptable to use regular Calibri. Line-spacing for bullets has been set for you. There’s no need to add an extra “carriage return” (Enter key) between bullets. Background art, fonts, and the color palette have been formatted for you in the Slide Master. Read the “Helpful Hints” provided in the Notes Page of this slide (under the “View” menu).

  7. Bangladesh Bank Heist – Summary of Transactions 35 orders worth 951 million USD placed SWIFT Network 5 orders executed 30 orders blocked Federal Reserve Bank 4 orders worth 81 million USD (RCBC, a bank in the Philippines) 1 order worth 20 million USD (via Pan Asia Banking Corporation) Intermediary Banks Sri Lankan NGO Eastern Hawaii Leisure Company (Casino) Bloomberry Resorts (Casino) Bloomberry Resorts (Casino) Beneficiary 31 million USD 29 million USD 21 million USD Recovered 15m USD Recovered Source: www.ft.com Losses

  8. Lessons Learned Since Bangladesh Since the Bangladesh Bank hit in February 2016, Actimize has been contacted by many FIs seeking a new kind of fraud coverage for unique challenges. Payment analytics as a key line of defense Even when cyber controls fail, payment analytics can detect anomalies which indicate an attack. FIs need a layered cyber-fraud approach Many institutions lack SWIFT fraud strategy FIs often don’t have fraud controls or strategy in place for SWIFT interfaces and transactions Complicated ecosystem leads to vulnerabilities FIs have a complicated web of applications that connect to the SWIFT interfaces. Creating a cyber-fraud plan requires inventory and assessment. FIs must work with SWIFT for coverage FIs want to combine their coverage with SWIFT network alerts.

  9. SWIFT: A Call to Action • Customer Security Programme (CSP) • Security Controls Framework describes a set of mandatory and advisory security controls

  10. What we’ve seen from SWIFT environment assessments 1

  11. What we’ve seen from SWIFT environment assessments 2

  12. What we’ve seen from SWIFT environment assessments 3

  13. Channel vs. Gateway Protection High Level Message Flow Inherent Risk: High Eximbills Client Server SWIFT Network C Global Trade • SWIFT Alliance Eximbills AS400 Trade SWIFT Message Manager* Transaction Application C Intake Channel Middleware SWIFT Access C G C High Level Message Flow Inherent Risk: High High SWIFT Network Cash management portal NSP / CopeStar • SWIFT Alliance C Intake Channel SWIFT Access Transaction Application

  14. Channel - Customer Initiated Focus on wire transfers typically associated with MT 100 and 200 series messages. Provides fraud risk scoring on single customer and multi-customer payments Scoring each “version” of the payment allows earlier detection of anomalies, better understanding of investigated incidents and quicker resolution Detecting suspicious outgoing transfers of high amounts, among large volumes of high amounts Integration with any channel application with analytics leveraging monetary, customer reference and channel data Customer Payments Payment Lifecycle Monitoring Dedicated Models for High Value Fraud Channel System Integration

  15. Gateway - SWIFT Monitoring Covers messages sent and received on the SWIFT network, with a focus on MT 100 & 200 messages. Coverage for treasury services activities including foreign exchange, securities transactions, commodities market Monitors traffic for any type of client (consumer, private wealth, small business, commercial, FI, non-banking FI’s, etc.) Provides fraud risk scoring on money-movement related to MT 200s, which are sent by the ordering institution or through correspondents, and for which the ordering customer is not a customer of the FI Detects suspicious outgoing transfers of high amounts, among large volumes of high amounts SWIFT Network Client and non-client monitoring Correspondent monitoring High Value Transactions

  16. Fraud Detection Analytics

  17. Monitoring Payments and Transfers Real-time fraud management for money-movement

  18. What is a Predictive Model? • What is a Model? • A model is mathematical calculation of risk • An algorithm combines calculations of risk to create a better outcome • Developing a model is both a science and an art • A predictive model enables fraud risk monitoring in real-time

  19. SWIFT Profiles ― Length and Strength of Relationships Profile FI Relationships Profile FIs on the Network Geography - Transaction - Historic Relationship - Time Period – High Focus Entities Ordering Customer Sender Receiver Beneficiary Correspondent

  20. Profile Aggregations ― Length and Strength of Relationships • Date of first payment • Date of last (most recent) payment • Count of payments • Average number of payments • Standard deviation of payments • Sum of payment amounts • Average of payment amounts • Standard of payment amounts • Maximum payment amounts • Minimum payment amount • Entities • Ordering customer • Sender • Intermediary • Receiver • Beneficiary • Source system • Time periods • Per day, week, month, quarter, year • Hour of day • Day of week • etc. Track many measurements, for example

  21. Predictive Features - sample 1 Time Customer Lists Monetary Location Beneficiary 2 Ratio 3 Frequency 4 Velocity 5 Magnitude 6 Context

  22. Creating an Intelligent Feedback Loop Fraud and Cyber Controls Inform Each Other Cyber Controls Fraud Monitoring Cyber controls produce alerts that must be fed into a fraud management hub and used in real-time detection models Payment-level analytics spot anomalies indicative of fraud – and attack. These alerts must be utilized to inform cyber teams

  23. Summary Concerns raised by SWIFT attacks SWIFT security requirements Fraud: Bolstering a cyber plan … and more

  24. Apply What You Have Learned Today • Next week you should: • Identify the systems that connect to the SWIFT network • In the first three months following this presentation you should: • Assess the risks of the identified systems and user access • Assess whether you have appropriate fraud controls for wire origination & SWIFT money-movement • Within six months you should: • Have already self-attested your compliance to the SWIFT CSP • Begin process to add fraud detection to SWIFT money movement

  25. Thank You Richard Tsai, Sr. Product Manager Fraud & Authentication Management Richard.Tsai@niceactimize.com

More Related