Salvatore Scanio Cybercrime Webinar

Speaker Firms and Organization:
Cybint
Roy Zur
CEO and Founder
Thank you for logging into today’s event. Please note we are in standby mode. All Microphones will be muted until the event
starts. We will be back with speaker instructions @ 02:55pm. Any Questions? Please email: info@theknowledegroup.org
Group Registration Policy
Please note ALL participants must be registered or they will not be able to access the event.
If you have more than one person from your company attending, you must fill out the group registration form.
We reserve the right to disconnect any unauthorized users from this event and to deny violators admission to future events.
To obtain a group registration please send a note to info@theknowledgegroup.org or call 646.202.9344.
Presented By:
April 06, 2017
1
Sponsored by:
Ludwig & Robinson PLLC
Salvatore Scanio
Member
Kaufman Rossin , P.A.
Alejandro Mijares, CISA, CRISC, MSMIS
Manager, Risk Advisory Services
Partner Firms:

April 06, 2017
2
 Please note the FAQ.HELP TAB located to the right of the main presentation. On this page you will find answers to the top questions asked by
attendees during webcast such as how to fix audio issues, where to download the slides and what to do if you miss a secret word. To access this
tab, click the FAQ.HELP Tab to the right of the main presentation when you’re done click the tab of the main presentation to get back.
 For those viewing the webcast on a mobile device, please note:
o These instructions are for Apple and Android devices only. If you are using a Windows tablet, please follow the instructions for viewing
the webcast on a PC.
o The FAQ.HELP TAB will not be visible on mobile devices.
o You will receive the frequently asked questions & other pertinent info through the apps chat window function on your device.
o On Apple devices you must tap the screen anywhere to see the task bar which will show up as a blue bar across the top of the screen.
Click the chat icon then click the chat with all to access the FAQ’s.
o Feel free to submit questions by using the “questions” function built-in to the app on your device.
o You may use your device’s “pinch to zoom function” to enlarge the slide images on your screen.
o Headphones are highly recommended. In the event of audio difficulties, a dial-in number is available and will be provided via the app’s
chat function on your device.

April 06, 2017
3
 Follow us on Twitter, that’s @Know_Group to receive updates for this event as well as other news and pertinent info.
 If you experience any technical difficulties during today’s WebEx session, please contact our Technical Support @ 866-779-3239. We will post the
dial information in the chat window to the right shortly and it’s available in the FAQ.Help Tab on the right. Please redial into the webcast in case of
connectivity issue where we have to restart the Webex event.
 You may ask a question at anytime throughout the presentation today via the chat window on the lower right hand side of your screen. Questions
will be aggregated and addressed during the Q&A segment.
 Please note, this call is being recorded for playback purposes.
 If anyone was unable to log in to the online webcast and needs to download a copy of the PowerPoint presentation for today’s event, please send
an email to: info@theknowledgegroup.org. If you’re already logged in to the online Webcast, we will post a link to download the files shortly and it’s
available in the FAQ.Help Tab

April 06, 2017
4
 If you are listening on a laptop, you may need to use headphones as some laptops speakers are not sufficiently amplified enough to hear the
presentations. If you do not have headphones and cannot hear the webcast send an email to info@theknowledgegroup.org and we will send you
the dial in phone number.
 About an hour or so after the event, you'll be sent a survey via email asking you for your feedback on your experience with this event today - it's
designed to take less than two minutes to complete, and it helps us to understand how to wisely invest your time in future events. Your feedback is
greatly appreciated. If you are applying for continuing education credit, completions of the surveys are mandatory as per your state boards and
bars. 6 secret words (3 for each credit hour) will be given throughout the presentation. We will ask you to fill these words into the survey as proof
of your attendance. Please stay tuned for the secret word. If you miss a secret word please refer to the FAQ.Help tab to the right.
 Speakers, I will be giving out the secret words at randomly selected times. I may have to break into your presentation briefly to read the secret
word. Pardon the interruption.

April 06, 2017
5
 We need your insights -- We are conducting some special research to improve The Knowledge Group for you. Give us ten minutes on the phone
and we will give you six months of FREE CE webcasts. Please click the link found in the upper right “Chat Box” to sign up and participate. We look
forward to hearing from you.
Link to sign-up and participate: http://bit.ly/2nK1ZsB

April 06, 2017
6
LogRhythm, a leader in security intelligence and
analytics, empowers organizations around the globe to
rapidly detect, respond to and neutralize damaging
cyber threats. The company’s award-winning
platform unifies next-generation SIEM, log
management, network and endpoint forensics and
advanced security analytics. In addition to protecting
customers from the risks associated with cyber threats,
LogRhythm provides innovative compliance automation
and assurance, and enhanced IT intelligence.
Sponsored By:

Partner Firms:
April 06, 2017
7
Kaufman Rossin has represented Florida businesses for more than
50 years and serves international clients in dozens of countries. The
CPA and advisory firm is one of the largest in the U.S., providing
traditional accounting, audit and tax services, as well as business, risk
and forensic advisory services. The firm has won significant awards,
including repeat honors as the Best Accounting Firm to Work For
among large firms nationwide and locally. With more than 300 team
members, the firm prides itself on offering the resources of a
powerhouse, personally delivered. Go beyond the numbers at
kaufmanrossin.com.
Cybint specializes in providing smart solutions in the fields of cyber intelligence and cyber
security.
Our leading team at Cybint is composed of skilled, experienced, ex – military officers from elite
intelligence and technology units, specializing in the characterization of operational, intelligence
and business needs, and also in training-on and implementation of know-how.
Our team members have years of experience in the fields of military intelligence and business
intelligence, and their expertise in this world enables them to understand the inherent power of
knowledge and information and to convey these directly to the client.
Recently Cybint Partnered with a leading vocational training company in the U.S. (The BARBRI
Group) to provide assessment, training, and tools to dramatically increase online research,
analysis, and security skills for legal and financial businesses.

Partner Firm:
April 06, 2017
8
Ludwig & Robinson, founded in 1992, consists of lawyers with diverse
experience acquired at major law firms. The firm represents clients in
litigation and counseling throughout the United States and the world, and is
affiliated with a leading German law firm.
Whether as local, national or international counsel, the firm provides a range
of services in a manner that is insightful, responsive and cost-effective.
L&R’s clients include multinational corporations, insurers, banks and
financial institutions, air carriers, not-for-profit organizations, technology
start-ups, universities, foreign entities and nationals, and other individuals.
Applying insights gained in decades of trial and appellate litigation, including
novel and complex cases, the firm has an exceptional record of serving its
client’s interests while obtaining often precedent-setting results.

Brief Speaker Bios:
Alejandro Mijares, CISA, CRISC, MSMIS
Alejandro Mijares is Risk Advisory Services Manager at Kaufman Rossin where he provides internal IT audit, system validation, and
information security review services to financial institutions supervised by the FDIC, FRB, State of Florida, and OCC. He has
performed IT and Cybersecurity risk assessments, IT controls reviews, and evaluation of IT governance regulations and processes for
more than 25 banks and foreign agencies in Florida.
April 06, 2017
9
Roy Zur
Roy Zur, the CEO and founder of "Cybint solutions", has more than 12 years of experience in cyber and intelligence operations from
the Israeli security forces (Retired Major), and has developed cyber training programs and technology for financial institutions, law
firms and government agencies around the world. Prior to leading Cybint, he received his LLM and MBA from Tel-Aviv University and
served as a legal adviser in the Israeli Supreme Court, and as the chairman of the Israeli Legislation Research Center (OMEK
Institute), overseeing 150 researchers, who work with the Israeli Parliament (the Knesset).
► For more information about the speakers, you can visit: https://theknowledgegroup.org/event-homepage/?event_id=1945
Salvatore Scanio
Salvatore Scanio is a member of the Washington, D.C. law firm, Ludwig & Robinson PLLC, where his practice focuses on domestic
and international litigation involving banking, insurance, and other commercial disputes. He attended Tulane University where he
earned B.A., M.B.A., and J.D. degrees. Mr. Scanio has over 20 years of experience in financial litigation, and advises clients as to
liability, defenses and loss recovery on a wide range of bank and corporate fraud and cybercrime, including check fraud, credit and
debit card fraud, wire transfer and ACH fraud, Ponzi schemes, malware attacks, and data breaches.

Over the past few years, the financial services industry has been a favorite target of cyber criminals, who are not only trying to gain direct
access to money, but are also going after sensitive data that they can use for identity theft and hold hostage in ransomware attacks.
The breaches at JPMorgan in 2014 and Bangladesh’s Central Bank in 2016, which both resulted into millions of dollars in losses,
illustrate the dangers posed by cybercrime to banks and other financial institutions. Cyber security is no longer an IT issue; it is a
business risk that bank leadership needs to pay attention to.
The industry is doing what it can to mitigate the risk of exposure to malicious cyber attacks; however, a recent study found that it often
takes months for a company to detect such an attack. By that time, hackers have likely already stolen large amounts of sensitive data.
In this two-hour LIVE Webcast, a panel of distinguished professionals and thought leaders will discuss how cybercrime is affecting the
financial services industry and how bank leadership can create a robust information security program to mitigate the risk of a cyber
attack.
Key topics include:
• A Review of Recent High-Profile Cases
• Key Weaknesses in the Financial Sector
• Cyber Crisis Management
• Strengthening the Network and Minimizing Threats
• Regulatory Framework of Cybersecurity Enforcement
April 06, 2017
10

Featured Speakers:
April 06, 2017
11
SEGMENT 1:
Alejandro Mijares, CISA,
CRISC, MSMIS
SEGMENT 3:
Salvatore Scanio
Member
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

Introduction
Alejandro Mijares is Risk Advisory Services Manager at Kaufman Rossin where he provides internal IT audit, system
validation, and information security review services to financial institutions supervised by the FDIC, FRB, State of Florida,
and OCC. He has performed IT and Cybersecurity risk assessments, IT controls reviews, and evaluation of IT governance
regulations and processes for more than 25 banks and foreign agencies in Florida. Alejandro’s work experience also
includes analyzing and evaluating information technology security risks and internal controls, process mapping, system
validation, SSAE 16 review services, and providing Sarbanes-Oxley external and internal audits for clients in a variety of
industries, including financial services companies, healthcare, retail and technology. He is a Certified Information Systems
Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), with a Master’s degree in Management
Information Systems and a Bachelor’s degree in Accounting and Information Systems.
April 06, 2017
12
SEGMENT 1:
CRISC, MSMIS

April 06, 2017
13
SEGMENT 1:
CRISC, MSMIS
Cybercrime:
Maximizing
Opportunities and
Minimizing Threats
for Financial
Institutions

Today’s Agenda
 The Dark Web & Cyber Threats
 Regulatory framework of cybersecurity
 FFIEC information security booklet (Sept. 2016)
 Control Environment Vulnerabilities
 Most common weaknesses and controls
 Strengthening the network and minimizing the potential impact of threats
 Networks Controls
 Indicators of Compromise (IOC)
April 06, 2017
14
SEGMENT 1:
CRISC, MSMIS

April 06, 2017
15
SEGMENT 1:
CRISC, MSMIS

April 06, 2017
16
SEGMENT 1:
CRISC, MSMIS

April 06, 2017
17
SEGMENT 1:
CRISC, MSMIS

Regulatory framework of cyber security
April 06, 2017
18
SEGMENT 1:
CRISC, MSMIS

FFIEC Info Sec 2016
 Updated in September 2016
 Incorporates cybersecurity language
 Reduced redundancy regarding management material
 Refocuses on IT/IS Risk
 Introduce risk management cycle
• Identify
• Measure
• Mitigate
• Monitor & Report
 Update of information security processes
 Includes revised examination procedures
 Use the word “should; and “may” more than 500 times
April 06, 2017
19
SEGMENT 1:
CRISC, MSMIS

FinCen (FIN-2016-A005)
 The Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 25, 2016,
advising banks to report cyber attack activity
 In the advisory, FinCEN also clarified the responsibilities of financial institutions as outlined in the
Bank responsible for anti-money laundering oversight
 Guidance provided on details to include in SAR narratives
 Focus on information sharing between departments
April 06, 2017
20
SEGMENT 1:
CRISC, MSMIS

Cyber Security
• (FIN-2016-A005) guidance defines the following terms:
– Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic
systems, services, resources, or information
– Cyber-Enabled Crime: Illegal activities (e.g., fraud, money laundering, identity theft) carried out
or facilitated by electronic systems and devices, such as networks and computers
– Cyber-Related Information: Information that describes technical details of electronic activity
and behavior, such as IP addresses, timestamps, and Indicators of Compromise (IOCs). Cyber-
related information also includes, but is not limited to, data regarding the digital footprint of
individuals and their behavior
April 06, 2017
21
SEGMENT 1:
CRISC, MSMIS

Cyber Security
• (FIN-2016-A005) provides guidance in the following areas:
– Reporting cyber-enabled crime and cyber-events through Suspicious Activity Reports
– Including relevant and available cyber-related information (IP addresses with time stamps etc.) in
SAR narratives
– Collaborating between BSA/AML units and in-house cyber-security units to identify suspicious
activity
– Sharing information among financial institutions to guard against and report money laundering,
terrorism financing, and cyber-enabled crime
*It is important to note that even if no transactions occur a SAR may still be filed if the acts are,
“intended to be part of an attempt to conduct, facilitate, or affect an unauthorized transaction or
series of unauthorized transactions aggregating or involving at least $5,000 in funds or assets.”
April 06, 2017
22
SEGMENT 1:
CRISC, MSMIS

Cyber Risk Management Program (based on FFIEC)
April 06, 2017
23
SEGMENT 1:
CRISC, MSMIS
•In line with
Board’s risk
appetite
•Control Testing
•Regular updates to
the Board and
senior
management
•Likelihood
•Potential Impact
•Inventory
•Threats
Risk
Identification
Risk
Measurement
Risk Mitigation
Risk
Monitoring &
Reporting

Cybersecurity Program
April 06, 2017
24
SEGMENT 1:
CRISC, MSMIS
IT/IS
Internal Controls
Independent
Testing
CISO/ISO Training
SENIOR MANAGEMENT
Implementation of policies and procedures | Allocation of resources | Sets risk
tolerance
BOARD OF DIRECTORS
Responsible for internal control structure | Sets risk appetite

Cyber Risk Management Program
April 06, 2017
25
SEGMENT 1:
CRISC, MSMIS
With an understanding of risk tolerance, Banks can
prioritize cybersecurity activities, enabling organizations to
make informed decisions about cybersecurity expenditures.
Risk Appetite Risk Tolerance
The amount of risk, on a broad level,
that an entity is willing to accept in
pursuit of its mission
The acceptable level of variation that
management is willing to allow for any
particular risk as the enterprise pursues
its objectives
Defined by the board Defined by management

What do Regulators Expect?
 Board of directors and audit committee have sufficient knowledge to provide oversight of cyber
risks
 Comprehensive understanding of enterprise cyber risk
 Authority and autonomy of CISO
 Sufficient resources are allocated to cyber compliance
 Ownership of the audit process resides with the audit committee
• Robust independent testing
• A comprehensive audit scope
• Findings and conclusions are clearly stated
• Supporting documentation is clear, detailed, and organized
April 06, 2017
26
SEGMENT 1:
CRISC, MSMIS

Control Environment Vulnerabilities
April 06, 2017
27
SEGMENT 1:
CRISC, MSMIS

Cyber Security Weaknesses
• People
• Lack of a strong cyber risk program
• Oversight
• Policies
• Control
• Lack of investment in cyber security
April 06, 2017
28
SEGMENT 1:
CRISC, MSMIS
• Reactive mentality instead
of a proactive mentality
• Ignore signs of a cyber
attack (i.e., being
targeted)
• Incident response program
without forensic vendors

Cyber Security Controls
• Define risk appetite and risk tolerance
• Develop a cyber risk management program
• Training including phishing, vishing, penetration
testing (including physical)
April 06, 2017
29
SEGMENT 1:
CRISC, MSMIS
• Train board of directors
• Implement preventive and detective controls
• Design IOC as KRIs
• Identify a forensic team

Strengthening the network
April 06, 2017
30
SEGMENT 1:
CRISC, MSMIS

Network Segmentation
What is it?
• Splitting a computer network into subnetworks, each being a network segment
April 06, 2017
31
SEGMENT 1:
CRISC, MSMIS
What are the benefits?
• Improve performance
• Increase traffic efficiency
• Reduce network problems
• Limit your exposure to security threats
• Improve users’ access control
• Increase reliability and efficiency of the
network

Firewall Controls (based on FFIEC)
 Network perimeter defense tools (e.g., border router and firewall) are used
 Firewall rules are audited or verified at least quarterly
 Firewall logs are used for correlations with other evets (e.g., network, application)
 Automated tools detect unauthorized changes to critical system files, firewalls, IPS/IDS, or other
security devices
 Access control list are implemented
April 06, 2017
32
SEGMENT 1:
CRISC, MSMIS

Network Assessments
 Perform independent audits
 Independent testing (including phishing, penetration testing, and vulnerability scanning) is conducted
according to the risk assessment for external-facing systems and the internal network
 Independent penetration testing is performed on Internet-facing applications or systems before they
are launched or undergo significant change
April 06, 2017
33
SEGMENT 1:
CRISC, MSMIS

Key Risk Indicators (KRI)
Indicators of Compromise (IOC)
Indicators of Attack (IOA)
April 06, 2017
34
SEGMENT 1:
CRISC, MSMIS

Comparison
April 06, 2017
35
SEGMENT 1:
CRISC, MSMIS
IOC
 Help answer the
question “What
happened?”
 Reactive in nature
 Point in time
KRI
 Are the prime risk
monitoring
indicators for the
Bank
 Cannot be
expected to
capture all
potentials losses
IOA
 Help answer the
question “What is
happening and
why?”
 Proactive in nature
 Real Time

KRI Support
 Risk appetite
 Risk identification
 Risk mitigation
 Risk culture
 Risk measurement and reporting
 Regulatory compliance
April 06, 2017
36
SEGMENT 1:
CRISC, MSMIS

KRI Benefits
 Provide early warning
 Provide backward-looking view on risk events
 Enable documentation and analysis of trends
 Provide an indication of risk appetite and tolerance
 Increase the likelihood of achieving strategic objectives
 Assist in optimizing risk governance
April 06, 2017
37
SEGMENT 1:
CRISC, MSMIS

April 06, 2017
38
SEGMENT 1:
CRISC, MSMIS

April 06, 2017
39
SEGMENT 1:
CRISC, MSMIS
30.0%
12.0%
67.6%
18.1%
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
% of Employees Opening emails % of Employees Clicking on Link
Bank vs. DBIR Benchmark
Q1 2017 Results
DBIR Benchmark

April 06, 2017
40
SEGMENT 1:
CRISC, MSMIS
Targets Q1 2017
% of
Targets Q4 2016
% of
Targets
Targets Passed 172 81.9% 261 96.7%
Targets Failed 38 18.1% 9 3.3%
TotalTargets Tested 210 100.0% 270 100.0%
Break downof targets that failed Q1 2017
% of
Targets Q4 2016
% of
Targets
First time clickingonphish 37 97.4% 9 100.0%
Repeat offender* 1 2.6% - 0.0%
TotalFailed Targets 38 100.0% 9 100.0%
* A repeat offender is anemployee who clicked ona link duringa prior campaign.

IOC/IOA
 Indicators of Compromise (IOC) / Indicators of Attack (IOA) are pieces of forensic data, such as data
found in system log entries or files, that identify potentially malicious activity on a system or network
 Improve incident response and computer forensics
 Helps organizations and individuals share information among the IT/IS community
April 06, 2017
41
SEGMENT 1:
CRISC, MSMIS

IOC as KRI examples
• Log-In Red Flags (i.e. after hours)
• Unusual Outbound Network Traffic
• Creation of new accounts specially admin accounts
• Anomalies in Privileged User Account Activity
• Geographical Irregularities
April 06, 2017
42
SEGMENT 1:
CRISC, MSMIS

Introduction
Roy Zur, the CEO and founder of "Cybint solutions", has more than 12 years of experience in cyber and intelligence
operations from the Israeli security forces (Retired Major), and has developed cyber training programs and technology for
financial institutions, law firms and government agencies around the world. Prior to leading Cybint, he received his LLM and
MBA from Tel-Aviv University and served as a legal adviser in the Israeli Supreme Court, and as the chairman of the Israeli
Legislation Research Center (OMEK Institute), overseeing 150 researchers, who work with the Israeli Parliament (the
Knesset).
April 06, 2017
43
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
44
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint
"It's The End Of The World As We Know It"

April 06, 2017
45
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
46
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
47
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint
K n o w
b e t t e r ,
Do better.

April 06, 2017
48
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
49
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
50
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
51
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint
Good things come for free?

April 06, 2017
52
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
53
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
54
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
55
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
56
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
57
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
58
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
59
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
60
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
61
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
62
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
63
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
64
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
65
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
66
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
67
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
68
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
69
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
70
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
71
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
72
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint
What’s in common – Digital Traces

Introduction
Salvatore Scanio is a member of the Washington, D.C. law firm, Ludwig & Robinson PLLC, where his practice focuses on
domestic and international litigation involving banking, insurance, and other commercial disputes. He attended Tulane
University where he earned B.A., M.B.A., and J.D. degrees. Mr. Scanio has over 20 years of experience in financial
litigation, and advises clients as to liability, defenses and loss recovery on a wide range of bank and corporate fraud and
cybercrime, including check fraud, credit and debit card fraud, wire transfer and ACH fraud, Ponzi schemes, malware
attacks, and data breaches. He regularly publishes articles in the area of payment fraud and cybercrime. His prior
experience includes serving as in-house counsel with a large commercial bank, now part of Capital One Bank. He currently
is a member of the Federal Reserve System’s Secure Payment Task Force, advising the Fed on payment security matters.
For more information on Mr. Scanio’s experience and publications, please refer to his firm’s website at:
http://www.ludwigrobinson.com/attorneys/salvatore-scanio
April 06, 2017
73
SEGMENT 3:
Salvatore Scanio
Member

Financial Institution Exposure for Cybercrime
April 06, 2017
74
SEGMENT 3:
Salvatore Scanio
Member

Financial Institution Exposure for Cybercrime
April 06, 2017
75
SEGMENT 3:
Salvatore Scanio
Member
● Legal Regime for Allocating Liability for Unauthorized Funds Transfers
● Wire Transfers
● Automated Clearing House (“ACH”) Transactions
● SWIFT (Society for Worldwide Interbank Financial Telecommunication)
● Uniform Commercial Code Article 4A
● Key/Recent Cases
● Recent Developments on Reporting Cybercrime
● Reducing Legal Risk
● Shifting Liability for Payment Card Fraud/Data Breaches

Legal Regime for Allocating Liability for Unauthorized Funds Transfers (EFTs)
April 06, 2017
76
SEGMENT 3:
Salvatore Scanio
Member
• Consumer ACH
• Electronic Funds Transfer Act/Reg. E
• $50 Consumer Liability
• Wire Transfer/Non-Consumer ACH
• Uniform Commercial Code Article 4A
• SWIFT
• Correspondent Banking Agreements
• UCC Article 4A

UCC Article 4A Loss Allocation
April 06, 2017
77
SEGMENT 3:
Salvatore Scanio
Member
• UCC § 4A-204: receiving bank bears strict liability (plus
interest) for unauthorized EFTs, where either:
• The “security procedure” provision was not met under
UCC § 4A-202; or
• The customer was not the source of the security leak
under UCC § 4A-203

§ 4A-202: “Security Procedure”
Defense to Strict Liability
April 06, 2017
78
SEGMENT 3:
Salvatore Scanio
Member
Five Elements:
1. Bank and Customer agreed to a “security procedure”
2. “Security Procedure” is “commercially reasonable”
3. Bank complied with the “security procedure”
4. Bank complied with customer’s written instructions
5. Bank processed the EFT in “good faith”

Security Procedure
April 06, 2017
79
SEGMENT 3:
Salvatore Scanio
Member
• Security Procedure is:
• “procedure established by agreement” of bank and customer
• to verify “that a payment order . . . is that of the customer” or to
detect error
• Security Procedure may require “algorithms or other codes, identifying
words or numbers, encryption, callback procedures or similar security
devices.”
• Security Procedures are not internal bank procedures

Security Procedure
April 06, 2017
80
SEGMENT 3:
Salvatore Scanio
Member
• Experi-Metal, Inc. v. Comerica Bank, 2010 U.S. Dist. LEXIS 68149 (E.D. Mich. July 8,
2010) (security procedure is the secure token technology)
• Chavez v. Mercantil Commercebank, N.A., 701 F.3d 896 (11th Cir. 2012) (rejecting catch-
all clause in its customer agreement that the bank “may use . . . any other means to verify
any Payment Order or related instruction”)
• Banco Del Austro, S.A. v. Wells Fargo Bank, N.A., 2016 U.S. Dist. LEXIS 144477
(S.D.N.Y. Oct. 18, 2016) (security procedures did not include BSA/Patriot Act required
fraud detection policies and procedures)

“Commercially Reasonable” Security Procedure
April 06, 2017
81
SEGMENT 3:
Salvatore Scanio
Member
• Question of law for court (compliance is fact question)
• Two Separate Methods to Establish:
1. Customer declined “commercially reasonable” security procedure offered by
the bank and agreed in writing to another security procedure (focus on bank
customer agreement)
• Choice Escrow and Land Title, LLC v. BankcorpSouth Bank, 754 F.3d 611
(8th Cir. 2014)
• Experi-Metal, Inc. v. Comerica Bank, 2010 U.S. Dist. LEXIS 68149 (E.D.
Mich. July 8, 2010)

“Commercially Reasonable” Security Procedure
April 06, 2017
82
SEGMENT 3:
Salvatore Scanio
Member
2. Complex Four-factor test:
1. “wishes of the customer expressed to the bank”
2. “circumstances of the customer known to the bank, including the size, type, and
frequency of payment orders normally issued by the customer to the bank”
3. “alternative security procedures offered to the customer”
4. “security procedures in general use by customers and receiving banks similarly
situated”
• Patco Constr. Co., Inc. v. People’s United Bank, 684 F.3d 197 (1st Cir. 2012)
• The First Circuit emphasized that the bank’s adoption of a “one-size-fits-all” $1
threshold for all customers, to target universally low-dollar fraud, violated “Article 4A’s
instruction to take the customer’s circumstances into account.”
• The court also based its conclusion on the fact that the bank did not utilize other
security measures “not uncommon” in the industry.

“Commercially Reasonable”
Security Procedure:
Banking Agency Guidelines
April 06, 2017
83
SEGMENT 3:
Salvatore Scanio
Member
• Federal Financial Institutions Examination Council (“FFIEC”), Authentication in an Internet
Banking Environment (Oct. 2005)
• FFIEC, Supplement to Authentication in an Internet Banking Environment (June 2011)
• FFIEC, Cybersecurity Assessment Tool (June 2015)
• FFIEC, IT Examination Handbook, Information Security (Sept. 2016)
• New York State Department of Financial Services, Cybersecurity Requirements for
Financial Services Companies, 23 NYCRR pt. 500 (Effective Mar. 1, 2017)

Bank Acted in Good Faith Requirement
April 06, 2017
84
SEGMENT 3:
Salvatore Scanio
Member
• Good Faith = “honesty in fact and the observance of reasonable commercial
standards of fair dealing”
• Mixed subjective/objective test
• Experi-Metal, Inc. v. Comerica Bank, 2011 U.S. Dist. LEXIS 62677 (E.D. Mich.
June 13, 2011)
• Choice Escrow and Land Title, LLC v. BankcorpSouth Bank, 754 F.3d 611 (8th
Cir. 2014)
• Banco Del Austro, S.A. v. Wells Fargo Bank, N.A., 2016 U.S. Dist. LEXIS
144477 (S.D.N.Y. Oct. 18, 2016)

Other Major Defenses
April 06, 2017
85
SEGMENT 3:
Salvatore Scanio
Member
• Customer Proves It Was Not the Source of the Security
Leak
• Internal Investigations
• Criminal Investigations
• UCC One-Year Notice Rule (UCC § 4A-505)

Reducing EFT Fraud Risks
April 06, 2017
86
SEGMENT 3:
Salvatore Scanio
Member
• Deposit/Online Services Agreements
• Define Security Procedure
• Customer Acknowledgment as to Commercially Reasonable Security Procedure
• Provision for Offered But Rejected Security Procedures
• Address Other Written Customer Instructions (“The bank is not required to follow a written
instruction that violates a written agreement with the customer or notice of which is not received
at a time and in a manner affording the bank a reasonable opportunity to act on it before the
payment order is accepted.”)
• Indemnification for Attorneys’ Fees (Choice Escrow)
• Update Information Security Program
• Assessment Follow-up

Regulatory Reporting of Cybercrime
April 06, 2017
87
SEGMENT 3:
Salvatore Scanio
Member
• Department of the Treasury, Financial Crimes Enforcement
Network, Advisory to Financial Institutions on Cyber Events
and Cyber-Enabled Crime (Oct. 25, 2016)
• Suspicious Activity Reports
• NY State Dept. of Fin’l Services
• 72-Hour Notice of Cybersecuity Event, 23 NYCRR
500.17(a)

Payment Card Fraud Liability Shifting
April 06, 2017
88
SEGMENT 3:
Salvatore Scanio
Member
• EMV Card Network Liability Shift Oct. 1, 2015 from Issuer to Acquirer/Merchant:
1. counterfeit magnetic stripe card copied from chip card used at non-chip terminal;
2. Lost or stolen chip-and-PIN card processed as (a) magnetic stripe or (b) signature chip-
card at non-PIN terminal
• Claims by Issuing Banks Against Merchants for Data Breaches
• Card Network Loss-Allocation Assessments
• In re Target Corp. Cust. Data. Sec. Breach Litig, 64 F. Supp. 3d 1304 (D. Minn. 2014)
(motion to dismiss), 2016 U.S. Dist. LEXIS 63125 (D. Minn. May 12, 2016) (settlement)
• In re The Home Depot , Inc. Cust. Data. Sec. Breach Litig, 2016 U.S. Dist. LEXIS 65111
(N.D. Ga. May 18, 2016) (motion to dismiss); Doc. 327, No. 1:14-MD-02583 (N.D. Ga.
Mar. 8, 2017) (settlement motion)
• First Choice Fed. Credit Union v. The Wendy’s Co., 2017 U.S. Dist. LEXIS 20754 (W.D.
Pa. Feb. 13, 2017) (motion to dismiss)

April 06, 2017
89
Contact Info:
CRISC, MSMIS
E: amijares@kaufmanrossin.com
T: 305.498.3336
Salvatore Scanio
Member
E: sscanio@ludwigrobinson.com
T: 202.289.7605
Roy Zur
CEO and Founder
Cybint
E: Roy.zur@barbri.com
T: 929.351.6091

► You may ask a question at anytime throughout the presentation today. Simply click on the question mark icon located on the floating tool bar on the bottom right side of your screen. Type
your question in the box that appears and click send.
► Questions will be answered in the order they are received.
Q&A:
April 06, 2017
90
SEGMENT 1:
CRISC, MSMIS
SEGMENT 3:
Salvatore Scanio
Member
SEGMENT 2:
Roy Zur
CEO and Founder
Cybint

April 06, 2017
91
ABOUT THE KNOWLEDGE GROUP
The Knowledge Group is an organization that produces live webcasts which examine regulatory
changes and their impacts across a variety of industries. “We bring together the world's leading
authorities and industry participants through informative two-hour webcasts to study the impact of
changing regulations.”
If you would like to be informed of other upcoming events, please click here.
Disclaimer:
The Knowledge Group is producing this event for information purposes only. We do not intend to
provide or offer business advice.
The contents of this event are based upon the opinions of our speakers. The Knowledge Group does
not warrant their accuracy and completeness. The statements made by them are based on their
independent opinions and does not necessarily reflect that of The Knowledge Group‘s views.
In no event shall The Knowledge Group be liable to any person or business entity for any special,
direct, indirect, punitive, incidental or consequential damages as a result of any information gathered
from this webcast.
Certain images and/or photos on this page are the copyrighted property of 123RF Limited, their
Contributors or Licensed Partners and are being used with permission under license. These images
and/or photos may not be copied or downloaded without permission from 123RF Limited

Salvatore Scanio Cybercrime Webinar

Recommended

Recommended

More Related Content

Similar to Salvatore Scanio Cybercrime Webinar

Similar to Salvatore Scanio Cybercrime Webinar (20)

Recently uploaded

Recently uploaded (20)

Salvatore Scanio Cybercrime Webinar

Editor's Notes