Day One: Panel 3 (ppt)

1,113 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,113
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Leading Threats Against Bank Deposit Accounts Debit Card Fraud (signature based) Customer Victimization Scams (fake check scams) Check Fraud — Deposit of Fraudulent Items Source: American Bankers Association
  • Sources of check fraud Return deposit items Forged signatures and endorsements Counterfeit checks New account fraud
  • On January 9, 2008, the Research Department of the Association of Financial Professionals (AFP) surveyed 3,950 corporate practitioner members about payments fraud and controls. The survey was sent to AFP corporate practitioner members with the following job titles: cash managers, analysts, directors, assistant treasurers and controllers. This year’s survey sought to reveal the gaps in payment systems defenses that resulted in financial liability for some organizations and the fraud control measures that other organizations use to prevent financial losses from payments fraud.
  • From August FedACH Risk Dashboard report (internal) FedACH has made it a priority to proactively contact all ODFIs moving toward the 1% unauthorized return threshold. FedACH has contacted all but three ODFIs with an unauthorized returns rate above .1% and more than 50 unauthorized returns on their primary routing transit number. The spreadsheet on pages 7 and 8 list all of the ODFIs that met this requirement in August 2008. We review this spreadsheet on a monthly basis and monitor ODFIs over multiple months. The list of ODFIs remain fairly static and rotates a only few ODFIs on and off each month. Two ODFIs contacted continue to communicate that they are reviewing processes that will move forward ACH items to Check 21. However, they have yet to do so. Another ODFI is planning to revert back to paper checks. All three ODFIs have high unauthorized return rates because of customers returning debits made to their accounts after signing up for a secured credit card.
  • ‘ digital value smurfing’—a term coined by the Asian Development Bank—represents a threat. In traditional money laundering, ‘smurfs’ or ‘runners’ deposit or place small amounts of illicit or ‘dirty’ money into financial institutions in ways that do not trigger financial transparency reporting requirements. Today, digital smurfs are able to bypass regulated banks & their financial reporting requirements & exchange dirty money for digital value in the form of stored value cards or mobile payment credits. (source: US State Department International Narcotics Control Strategy Report 2008 Released by the Bureau of International Narcotics & Law Enforcement Affairs March 2008 )
  • Day One: Panel 3 (ppt)

    1. 1. <ul><li>From Gateway to Gatekeeper: The Role of Private Industry Players in Detecting and Preventing Fraud </li></ul><ul><li>Moderator : </li></ul><ul><li>Tracey Thomas , Staff Attorney, Division of Marketing Practices, FTC </li></ul><ul><li>Panelists : </li></ul><ul><li>Jack Christin , Senior Regulatory Counsel, eBay/PayPal </li></ul><ul><li>Jane Larimer , General Counsel, NACHA – The Electronic Payments Association </li></ul><ul><li>Clifford Stanford , Assistant Vice President & Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta </li></ul><ul><li>James Paravecchio , Group Manager, Fraud Risk Management Operations, Verizon </li></ul><ul><li>Tim Cranton , Associate General Counsel, Microsoft Corporation </li></ul>Panel 3: 1:30 – 3:00 pm
    2. 2. Jack Christin <ul><li>Senior Regulatory Counsel </li></ul><ul><li>eBay/PayPal, Inc. </li></ul><ul><li>San Jose, CA </li></ul>
    3. 3. ACH Network Detecting and Preventing Fraud February 25, 2009 Jane Larimer EVP ACH Network Services General Counsel NACHA -The Electronic Payments Association
    4. 4. <ul><ul><li>NACHA is the administrator of the ACH Network, responsible for: </li></ul></ul><ul><ul><ul><li>Developing and maintaining the NACHA Operating Rules </li></ul></ul></ul><ul><ul><ul><li>Performing Network risk management </li></ul></ul></ul><ul><ul><ul><li>Administering the National System of Fines to enforce the Rules </li></ul></ul></ul><ul><ul><ul><li>Educating payment system participants </li></ul></ul></ul><ul><ul><li>Risk events are addressed proactively when they occur </li></ul></ul><ul><ul><ul><li>Risk events are managed to minimize the long-term effect on consumers and financial institutions. </li></ul></ul></ul><ul><ul><ul><li>Implementing NACHA’s risk strategy includes amending the NACHA Operating Rules , disseminating best practices and developing tools to manage the risk profile of the Network on an ongoing basis. </li></ul></ul></ul><ul><ul><li>Risk trends look positive for the ACH Network. </li></ul></ul><ul><ul><ul><li>As the ACH Network’s utility has been expanded, there has been great attention to risk and fraud mitigation. The ACH Network has experienced lower rates of return for unauthorized entries and other returns indicative of fraud. </li></ul></ul></ul><ul><ul><ul><li>The ACH has gained visibility from a regulatory perspective. Since 2006, the OCC has issued guidance on managing risk related to ACH activity twice (2006-39 and 2008-12) </li></ul></ul></ul><ul><ul><ul><li>Since 2001, debit unauthorized return rates reduced from .09% to .04%. </li></ul></ul></ul>The ACH Network …Risk Management is a Priority
    5. 5. <ul><li>The rate of unauthorized transactions in the ACH Network has been historically low. The peak for unauthorized transactions in the Network was realized in 2002 with telemarketing abuse of the TEL application. Since than, NACHA and the Operators’ attention to Network risk management shows in a consistently declining return rate for transactions returned as unauthorized. </li></ul>ACH Network Unauthorized Debit Rate – 2001-2008 … Continuing To Decline
    6. 6. <ul><li>The ACH Network is safe and secure. Proactive work on initiatives outlined on the risk quality continuum include developing rules and managing risk at NACHA and across all network participants to result in a low risk payment network. </li></ul>NACHA Risk Management Initiatives …Significant progress has been made along a Risk – Quality Continuum
    7. 7. <ul><li>“ Traditional” fraud included telemarketing fraud, credit repair, and membership clubs. </li></ul><ul><li>The Internet provided a new vehicle for companies who would perpetrate fraud and could use the anonymity provided by the Internet. The traditional frauds are present, plus key logging and phishing attacks were added to the arsenal. </li></ul><ul><li>OCC 2006-39: list of high risk originators include: </li></ul><ul><ul><li>Online payment processors </li></ul></ul><ul><ul><li>Credit repair services </li></ul></ul><ul><ul><li>MOTO companies </li></ul></ul><ul><ul><li>Internet gambling </li></ul></ul><ul><ul><li>Offshore businesses </li></ul></ul><ul><ul><li>Adult entertainment </li></ul></ul>Fraud Trends
    8. 8. <ul><li>September 2007, Capital Credit Alliance, Inc. and Consumer Credit Services, Inc. (CCA/CCS) filed suit against NACHA. </li></ul><ul><li>CCA/CCS sought: </li></ul><ul><ul><li>Temporary restraining order (TRO) against NACHA due to “NACHA’s arbitrary, capricious, and unwarranted imposition of monetary fines” against CCA/CCS. </li></ul></ul><ul><ul><li>Declaratory judgment that they are not and have never been in violation of the NACHA Operating Rules. </li></ul></ul><ul><ul><li>Reimbursement for fines assessed. </li></ul></ul>Litigation
    9. 9. <ul><li>Nevada Attorney General filed an amicus brief in support of NACHA’s opposition to the TRO. </li></ul><ul><li>January 2008, the US District Court of Nevada denied CCA/CCS’ Motion for Preliminary Injunction and TRO. </li></ul><ul><li>The Court found that CCA/CCS failed to demonstrate a likelihood of success on the merits. In assessing this the Court stated: </li></ul><ul><ul><li>even a cursory review of the transcripts and authorization forms…demonstrate that Plaintiff’s method of attaining authorization for debit transactions is deceptive, and in violation of the NACHA Operating Rules. </li></ul></ul>Litigation
    10. 10. <ul><li>The Court stated further: </li></ul><ul><ul><li>the public has a strong public interest in the enforcement of the NACHA Operating Rules, as unauthorized transactions create significant problems for consumers whose bank accounts are improperly debited, and for financial institutions forced to incur the expense of investigating and correcting unauthorized transactions. </li></ul></ul><ul><li>February, 2008 CCA/CCS voluntarily dismissed their lawsuit against NACHA. </li></ul>Litigation
    11. 11. Clifford Stanford <ul><li>Assistant Vice President & Director Retail Payments Risk Forum Federal Reserve Bank of Atlanta Atlanta, GA </li></ul>
    12. 12. A Catalyst for Collaboration
    13. 13. <ul><li>The views expressed in this presentation are those of the presenter and do not necessarily reflect the views of the Federal Reserve Bank of Atlanta or the Federal Reserve System. </li></ul>
    14. 14. The Environment: Some Key Challenges <ul><ul><li>Check payments still highest driver of fraud despite volume decline </li></ul></ul><ul><ul><li>Potential movement of fraud from checks to ACH </li></ul></ul><ul><ul><li>Ever increasing occurrence of ecommerce </li></ul></ul><ul><ul><ul><li>Consumer personal and financial information more vulnerable </li></ul></ul></ul><ul><ul><ul><li>More transactions processed without customer and merchant physical interaction </li></ul></ul></ul><ul><ul><li>Increased interest in protection of consumer information </li></ul></ul><ul><ul><ul><li>Reputation risk of possible data breach </li></ul></ul></ul><ul><ul><li>Slow to implement cross channel fraud monitoring </li></ul></ul><ul><ul><li>Proliferation of prepaid cards with fraud vulnerabilities </li></ul></ul><ul><ul><ul><ul><ul><li>Source: “A summary of the roundtable discussion on retail payments fraud”, Federal Reserve Payments System Policy Advisory Committee, March 2007 </li></ul></ul></ul></ul></ul>
    15. 15. Noncash Payments Increased at Annual Rate of 4.6% from 2003 to 2006 *CAGR is compound annual growth rate. Source: Federal Reserve Bank of Boston [2007 Federal Reserve Payments Study]
    16. 16. Distribution of Noncash Payments – Value vs. Number (2006) Source: The 2007 Federal Reserve Payments Study Payment Type Percentage (Number) Percentage (Value) Checks paid 33% 55% ACH 16% 41% EBT 1% 0% Debit card 27% 1% Credit card 23% 3%
    17. 17. Check Fraud Increasing Despite Decrease in Check Volume <ul><li>Check Volume </li></ul><ul><ul><li>30.6 billion checks paid in 2006 (down 6.4% since 2003) 1 </li></ul></ul><ul><li>Check Fraud </li></ul><ul><ul><li>Counterfeit checks resulted in loss of $271 million for banks in 2006 2 </li></ul></ul><ul><ul><ul><li>160% increase from 3 years prior </li></ul></ul></ul><ul><ul><li>Check-related fraud overall – $969 million in 2006 2 </li></ul></ul><ul><ul><ul><ul><ul><li>Source: 1 The 2007 Federal Reserve Payments Study; 2 2007 ABA Deposit Account Fraud Survey Report </li></ul></ul></ul></ul></ul>
    18. 18. 2007 ABA Deposit Account Fraud Survey <ul><li>CHECK FRAUD AGAINST BANK DEPOSIT ACCOUNTS </li></ul><ul><li>(Industry Estimates) </li></ul>Source: American Bankers Association
    19. 19. Highlights from AFP Fraud Survey (2008)– corporate perspective <ul><li>71% of organizations were victims of actual or attempted payments fraud (check, ACH, cards, or wire) in 2007. </li></ul><ul><li>37% of organizations experienced some financial loss as a result of attempted payments fraud </li></ul><ul><ul><li>median loss was only $13,900 </li></ul></ul><ul><li>Almost all organizations (94 percent) that experienced attempted or actual payments fraud in 2007 were victims of check fraud. </li></ul><ul><ul><li>17% reported a financial loss from check fraud </li></ul></ul><ul><ul><li>Organizations were much less likely to be subject to fraud from electronic payments than from checks </li></ul></ul>
    20. 20. A Closer Look at ACH Payments <ul><li>Number of ACH payments </li></ul><ul><li>billions </li></ul>8.4 8.8 2003 2.6 12.0 14.6 2006 0.1 Source: The 2007 Federal Reserve Payments Study CAGR (2003-06) Total change (billions) ACH payments 18.6% 5.8 Converted checks 98.7% 2.2 Other ACH 12.6% 3.6
    21. 21. Fraud in ACH <ul><li>Internal ACH fraud </li></ul><ul><li>Internet-based fraud </li></ul><ul><li>Telemarketing fraud </li></ul><ul><li>“Bad” checks converted to ACH </li></ul><ul><li>Reverse phishing (altering ACH RT and a/c data) </li></ul><ul><li>Keystroke logging </li></ul><ul><li>ACH kiting </li></ul>
    22. 22. “Emerging” Payments . . . <ul><li>ACH eChecks for non-recurring payments </li></ul><ul><li>Remotely created “Non-Check eChecks” </li></ul><ul><li>Remote deposit capture (even consumer level) </li></ul><ul><li>Mobile banking </li></ul><ul><li>Decoupled debit cards </li></ul><ul><li>Prepaid cards </li></ul><ul><li>Payroll cards </li></ul><ul><li>Contactless cards </li></ul><ul><li>“ PII portals” </li></ul><ul><li>Etc. etc. </li></ul>
    23. 23. Evolving Fraud Environment <ul><li>Fraudsters are well organized and structured </li></ul><ul><li>Rings are global </li></ul><ul><li>Fraud perpetrated across payment types – no longer specialized </li></ul><ul><li>Improved technology and communication </li></ul><ul><li>Active market for confidential information </li></ul>
    24. 24. So, what about the regulators and law enforcement? <ul><li>How savvy about retail payments systems? </li></ul><ul><li>Does the complexity of payments systems hinder efforts? </li></ul><ul><li>Are consumer protections adequate? </li></ul><ul><li>Are private sector/self-regulatory efforts adequate? </li></ul><ul><li>Are there sufficient market incentives, or does more need to be done by regulators and law enforcement? </li></ul><ul><li>Are adequate resources dedicated? </li></ul><ul><li>What are the gaps? </li></ul><ul><li>What collaborative mechanisms work/don’t work? </li></ul><ul><li>How do we break down the barriers among those with common interests in mitigating risk and preventing fraud? </li></ul>
    25. 25. The Environment: Opportunities? <ul><ul><li>Holistic solutions that look across all payment systems </li></ul></ul><ul><ul><li>Increased collaboration and information sharing across the industry </li></ul></ul><ul><ul><li>Enhancements to authentication techniques </li></ul></ul><ul><ul><li>Implementation of standards </li></ul></ul><ul><ul><li>National fraud-notification systems </li></ul></ul><ul><ul><li>Fed-sponsored outreach events, research and analysis </li></ul></ul><ul><ul><ul><ul><ul><li>Source: “A summary of the roundtable discussion on retail payments fraud”, Federal Reserve Payments System Policy Advisory Committee, March 2007 </li></ul></ul></ul></ul></ul>
    26. 26. Retail Payments Risk Forum <ul><li>The Retail Payments Risk Forum is a catalyst for collaboration among thought leaders in the retail payments risk management arena to: </li></ul><ul><ul><li>convene interested parties, </li></ul></ul><ul><ul><li>promote actions to mitigate risk, </li></ul></ul><ul><ul><li>conduct research and analysis, and </li></ul></ul><ul><ul><li>provide education . </li></ul></ul><ul><li>Portals and Rails blog </li></ul><ul><ul><li>portalsandrails.frbatlanta.org </li></ul></ul>
    27. 27. James Paravecchio <ul><li>Group Manager </li></ul><ul><li>Fraud Risk Management Operations, Verizon </li></ul><ul><li>Denver, CO </li></ul>
    28. 28. Tim Cranton <ul><li>Associate General Counsel Microsoft Corporation </li></ul><ul><li>Seattle, WA </li></ul>
    29. 29. <ul><li>Questions? </li></ul>
    30. 30. <ul><li>From Gateway to Gatekeeper: The Role of Private Industry Players in Detecting and Preventing Fraud </li></ul><ul><li>Moderator : </li></ul><ul><li>Tracey Thomas , Staff Attorney, Division of Marketing Practices, FTC </li></ul><ul><li>Panelists : </li></ul><ul><li>Jack Christin , Senior Regulatory Counsel, eBay/PayPal </li></ul><ul><li>Jane Larimer , General Counsel, NACHA – The Electronic Payments Association </li></ul><ul><li>Clifford Stanford , Assistant Vice President & Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta </li></ul><ul><li>James Paravecchio , Group Manager, Fraud Risk Management Operations, Verizon </li></ul><ul><li>Tim Cranton , Associate General Counsel, Microsoft Corporation </li></ul>Panel 3: 1:30 – 3:00 pm
    31. 31. 3:00 – 3:15 pm

    ×