SlideShare a Scribd company logo

CSIHSBC

T
Thomas Zaenger
1 of 2
Download to read offline
Group One HSBC HTS US Employee Admin edit   This intranet All intranets Search... Published: 20 August 2009 CSI: HSBC It begins with a few clever phone calls and well-worded questions. It escalates into identity theft, illegal purchases and a case for the REACT Incident Management Team. The following scenario is fictitious. But the five steps are typical of schemes that plague companies of all kinds and sizes. And it illustrates how HSBC responds to remediate these problems. Step One Con Man calls HSBC Customer Care and says he’s from the Fraud department. His system is down, he claims, and he urgently needs information about Carol Cardholder — her credit card account number, expiration date, date of birth and Social Security/Insurance number. The Customer Care employee is happy to help, but he’s cautious because he can’t locate the caller in the Group Directory. For confirmation, he asks for the name and phone number of the caller’s manager. Instead, Con Man hangs up. What Con Man gained: He now knows that he’ll need a manager’s name and phone number to get information. Step Two Con Man calls Customer Care again, this time reaching a different employee. Con Man sounds angry, demanding to speak to someone in the Fraud department. When Fraud Rep answers and identifies himself, the angry Con Man says he won’t provide his account number until Fraud Rep first gives him his manager’s name and phone number in case they get disconnected. Wanting to appease him, Fraud Rep provides the information. Con Man then hangs up on the puzzled Fraud Rep. What Con Man gained: He now knows Fraud Rep’s name, as well as the name and phone number of his manager. Step Three Another call by Con Man to Customer Care. This time he says he’s Fraud Rep and his system’s down. He needs important account information about Carol Cardholder. As proof of his identity, he provides the name and phone number of Fraud Rep’s manager — and gets the account information he’s looking for. What Con Man gained: He now has Carol Cardholder’s account number, Social Security/Insurance number and other identifying information. Step Four Con Woman is Con Man’s girlfriend. She calls Customer Care, claiming to be Carol Cardholder. She wants her credit line increased. After providing all the appropriate identifying information (obtained by her boyfriend), she’s approved for an additional $2,000. What Con Woman gained: As “Carol Cardholder,” she now has spending power that the real Carol Cardholder knows nothing about. Step Five Con Woman starts charging purchases to Carol Cardholder’s account. In addition, she uses Carol’s personal information to open a new line of credit in Carol’s name at a different bank. Carol, of course, knows nothing at this point about the identity theft and fraudulent purchases. Time to REACT Our two con artists aren’t content with merely raiding Carol’s account. They’re greedy and go for more. Using Fraud Rep’s name, Con Man phones numerous Customer Care employees, pulling the same fraud over and over. But Con Man makes slip in one of his calls. Getting suspicious, the Customer Care employee asks more probing questions. Again, Con Man hangs up, but the employee isn’t finished. She talks to her fellow Customer Care employees and learns many of them have received similar calls from the phony Fraud Rep. Recognizing a dangerous pattern, the employee knows what to do. She gets in touch with REACT by calling the North American Help Desk, 1- 888-685-4357. REACT, the Rapid Emergency Action Crisis Team, is the umbrella name for Security & Fraud Risk’s disciplined approach to investigating and resolving information security problems. REACT’s Incident Management Team calls in any other HSBC units that may be needed to resolve the issue. Together, they develop a remediation plan to determine: What kind of customer data was exposed and how it happened Who was affected by the security breach How to contain the damage and fix the problem In this case, the Incident Management Team gathers key information from the Customer Care employees who were contacted by Con Man. The team learns: Who Con Man claimed to be The phone number(s) he called from The names of the customers whose accounts were targeted Armed with that information, the Fraud Investigation department handles shutting down activity in the targeted customers’ names and any fraudulent accounts that were set up for them. Of course, things don’t always go this smoothly on every case. Sometimes key information isn’t available for Fraud Investigation to work from. S ti d ’t k h th t t d t til th fi d t th l h th t d bill t t lli i Th t’ Page 1 of 2CSI: HSBC 04/10/2010http://connect.us.hsbc/topheadlines/2009/aug_20_2009.html?year=2009&printF...
when they call REACT. But however HSBC learns about the fraud, Compliance then makes sure all the appropriate reporting is done, including notifying all the targeted customers. To help address their problems, HSBC provides U.S. customers with an identity theft protection product from an approved vendor. (This is done on a case-by-case basis in Canada.) This product, which HSBC pays for, will: Give each customer a current credit report for himself Monitor the customer’s credit report for any changes caused by the identity theft Help correct any wrongful account charges that were made in the customer’s name Refer the customer to ITAC, the Identity Theft Assistance Center, an industry-supported organization that will help the customer deal with issues related to this incident The Incident Management Team also sees that other appropriate parties are notified. It could be credit reporting agencies. If the compromised credit cards came from one of our business partners, they’ll be contacted as well by the appropriate Relationship Manager. Account numbers will be changed for the targeted customers. If the situation warrants, state, provincial and federal regulators could be notified, along with law enforcement agencies. Internally, the details of this multi-person fraud case are also included in a monthly report to senior management in both North America and Group. REACT goes proactive It’s not enough to deal with the current problem. The REACT Incident Management Team will also work with its internal partners to prevent similar problems in the future. It will take steps to: Work with the Business Information Risk Officers (BIROs) and Human Resources to educate the employees who unwittingly released information to Con Man. Raise employee awareness of information security issues and identity theft through various communications. Suggest procedures that would make it more difficult for future con artists to pass themselves off as HSBC employees. When all the steps have been followed, the issues have been resolved and REACT’s tracking system has been updated with all the details of this case, the Incident Management Team can finally close the case. And stand ready to REACT the next one. Related Links: What is REACT? How Do You REACT to Security Problems? Page 2 of 2CSI: HSBC 04/10/2010http://connect.us.hsbc/topheadlines/2009/aug_20_2009.html?year=2009&printF...

Recommended

RDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to DoRDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to DoRon Drew
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft- Mark - Fullbright
 
Identity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good NameIdentity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good NameSpringboard
 
ID Theft - When Bad Things Happen to Your Good Name
ID Theft - When Bad Things Happen to Your Good NameID Theft - When Bad Things Happen to Your Good Name
ID Theft - When Bad Things Happen to Your Good Name- Mark - Fullbright
 
All about identity_theft
All about identity_theftAll about identity_theft
All about identity_theftFlora Runyenje
 
What are the negative and lasting effects of identity theft
What are the negative and lasting effects of identity theftWhat are the negative and lasting effects of identity theft
What are the negative and lasting effects of identity theftcFirst
 
Id Theft
Id TheftId Theft
Id Theftmojo_5
 
All about identity theft
All about identity theftAll about identity theft
All about identity theftMrwilson6
 

Recommended

RDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to DoRDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to DoRon Drew
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft- Mark - Fullbright
 
Identity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good NameIdentity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good NameSpringboard
 
ID Theft - When Bad Things Happen to Your Good Name
ID Theft - When Bad Things Happen to Your Good NameID Theft - When Bad Things Happen to Your Good Name
ID Theft - When Bad Things Happen to Your Good Name- Mark - Fullbright
 
All about identity_theft
All about identity_theftAll about identity_theft
All about identity_theftFlora Runyenje
 
What are the negative and lasting effects of identity theft
What are the negative and lasting effects of identity theftWhat are the negative and lasting effects of identity theft
What are the negative and lasting effects of identity theftcFirst
 
Id Theft
Id TheftId Theft
Id Theftmojo_5
 
All about identity theft
All about identity theftAll about identity theft
All about identity theftMrwilson6
 
You Have the Power to Stop Identity Theft
You Have the Power to Stop Identity TheftYou Have the Power to Stop Identity Theft
You Have the Power to Stop Identity Theft- Mark - Fullbright
 
You Can Fight Identity Theft
You Can Fight Identity TheftYou Can Fight Identity Theft
You Can Fight Identity Theft- Mark - Fullbright
 
Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca- Mark - Fullbright
 
Identity Theft
Identity Theft Identity Theft
Identity Theft Jonathon Much, ChFC®, AIF®
 
DONCEAP - May - About Identity Theft
DONCEAP - May - About Identity TheftDONCEAP - May - About Identity Theft
DONCEAP - May - About Identity TheftNorfolk Naval Shipyard
 
Identity Theft
Identity TheftIdentity Theft
Identity TheftLisa Sosebee
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer AccountsAbbie Olson
 
Computer Crimes - Identity Theft
Computer Crimes - Identity TheftComputer Crimes - Identity Theft
Computer Crimes - Identity TheftJlove Minguez
 
E commerce fraud
E commerce fraudE commerce fraud
E commerce fraudmiteshppt
 
Protecting Yourself Against Identity Theft
Protecting Yourself Against Identity TheftProtecting Yourself Against Identity Theft
Protecting Yourself Against Identity TheftDolf Dunn
 
Identity Theft Test
Identity Theft TestIdentity Theft Test
Identity Theft TestLisa Sosebee
 
Identity Theft Information for Businesses
Identity Theft Information for BusinessesIdentity Theft Information for Businesses
Identity Theft Information for BusinessesTri-State Better Business Bureau
 
New Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner AssociatesNew Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner AssociatesDavid Lerner Associates
 
Internet Fraud
Internet FraudInternet Fraud
Internet FraudVasundhara Singh Gautam
 
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive Steps
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive StepsAre You Vulnerable to Credit Card Fraud? Follow These 6 Preventive Steps
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive StepsScamchargeback
 
Avoiding Online Job Scams
Avoiding Online Job ScamsAvoiding Online Job Scams
Avoiding Online Job ScamsTri-State Better Business Bureau
 
Protecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudProtecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudFraudBusters
 
Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes
Advisory to Financial Institutions on E-Mail Compromise Fraud SchemesAdvisory to Financial Institutions on E-Mail Compromise Fraud Schemes
Advisory to Financial Institutions on E-Mail Compromise Fraud SchemesRyan Renicker CFA
 
Comelit EX-320C Data Sheet
Comelit EX-320C Data SheetComelit EX-320C Data Sheet
Comelit EX-320C Data SheetJMAC Supply
 
Odigies didaskalias2013 2014
Odigies didaskalias2013 2014Odigies didaskalias2013 2014
Odigies didaskalias2013 2014kate68
 

More Related Content

What's hot

You Have the Power to Stop Identity Theft
You Have the Power to Stop Identity TheftYou Have the Power to Stop Identity Theft
You Have the Power to Stop Identity Theft- Mark - Fullbright
 
Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca- Mark - Fullbright
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer AccountsAbbie Olson
 
Computer Crimes - Identity Theft
Computer Crimes - Identity TheftComputer Crimes - Identity Theft
Computer Crimes - Identity TheftJlove Minguez
 
E commerce fraud
E commerce fraudE commerce fraud
E commerce fraudmiteshppt
 
Protecting Yourself Against Identity Theft
Protecting Yourself Against Identity TheftProtecting Yourself Against Identity Theft
Protecting Yourself Against Identity TheftDolf Dunn
 
Identity Theft Test
Identity Theft TestIdentity Theft Test
Identity Theft TestLisa Sosebee
 
New Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner AssociatesNew Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner AssociatesDavid Lerner Associates
 
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive Steps
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive StepsAre You Vulnerable to Credit Card Fraud? Follow These 6 Preventive Steps
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive StepsScamchargeback
 
Protecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudProtecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudFraudBusters
 
Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes
Advisory to Financial Institutions on E-Mail Compromise Fraud SchemesAdvisory to Financial Institutions on E-Mail Compromise Fraud Schemes
Advisory to Financial Institutions on E-Mail Compromise Fraud SchemesRyan Renicker CFA
 

What's hot (20)

You Have the Power to Stop Identity Theft
You Have the Power to Stop Identity TheftYou Have the Power to Stop Identity Theft
You Have the Power to Stop Identity Theft
 
You Can Fight Identity Theft
You Can Fight Identity TheftYou Can Fight Identity Theft
You Can Fight Identity Theft
 
Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
 
DONCEAP - May - About Identity Theft
DONCEAP - May - About Identity TheftDONCEAP - May - About Identity Theft
DONCEAP - May - About Identity Theft
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer Accounts
 
Computer Crimes - Identity Theft
Computer Crimes - Identity TheftComputer Crimes - Identity Theft
Computer Crimes - Identity Theft
 
E commerce fraud
E commerce fraudE commerce fraud
E commerce fraud
 
Protecting Yourself Against Identity Theft
Protecting Yourself Against Identity TheftProtecting Yourself Against Identity Theft
Protecting Yourself Against Identity Theft
 
Identity Theft Test
Identity Theft TestIdentity Theft Test
Identity Theft Test
 
Identity Theft Information for Businesses
Identity Theft Information for BusinessesIdentity Theft Information for Businesses
Identity Theft Information for Businesses
 
New Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner AssociatesNew Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner Associates
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive Steps
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive StepsAre You Vulnerable to Credit Card Fraud? Follow These 6 Preventive Steps
Are You Vulnerable to Credit Card Fraud? Follow These 6 Preventive Steps
 
Avoiding Online Job Scams
Avoiding Online Job ScamsAvoiding Online Job Scams
Avoiding Online Job Scams
 
Protecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudProtecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH Fraud
 
Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes
Advisory to Financial Institutions on E-Mail Compromise Fraud SchemesAdvisory to Financial Institutions on E-Mail Compromise Fraud Schemes
Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes
 

Viewers also liked

Comelit EX-320C Data Sheet
Comelit EX-320C Data SheetComelit EX-320C Data Sheet
Comelit EX-320C Data SheetJMAC Supply
 
Odigies didaskalias2013 2014
Odigies didaskalias2013 2014Odigies didaskalias2013 2014
Odigies didaskalias2013 2014kate68
 
Movers and Shakers Announcement 11-1995
Movers and Shakers Announcement 11-1995Movers and Shakers Announcement 11-1995
Movers and Shakers Announcement 11-1995John Schwagerl
 
Arte barroca na Europa
Arte barroca na EuropaArte barroca na Europa
Arte barroca na Europadeasilvia
 
Recursos informaticos S-Chipantiza
Recursos informaticos S-ChipantizaRecursos informaticos S-Chipantiza
Recursos informaticos S-ChipantizaSofy Villegas
 
T2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizado
T2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizadoT2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizado
T2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizadovaleagui92
 
la verdad como correspondencia
la verdad como correspondencia la verdad como correspondencia
la verdad como correspondencia bryan0221
 
Sustainable Healthcare Report
Sustainable Healthcare ReportSustainable Healthcare Report
Sustainable Healthcare ReportMichael Hamill
 
Kurt Stiver, MD Professional Reference Letter
Kurt Stiver, MD Professional Reference LetterKurt Stiver, MD Professional Reference Letter
Kurt Stiver, MD Professional Reference LetterTawnn Hoover
 
Comelit CVC Data Sheet
Comelit CVC Data SheetComelit CVC Data Sheet
Comelit CVC Data SheetJMAC Supply
 
Epic UGM 2014 presentation
Epic UGM 2014 presentationEpic UGM 2014 presentation
Epic UGM 2014 presentationLarissa Davids
 
historia de la matematica
historia de la matematicahistoria de la matematica
historia de la matematicarixer445566
 
Photographer Mark Seliger
Photographer Mark Seliger Photographer Mark Seliger
Photographer Mark Seliger guimera
 
Scanbuy overview eli dushinsky
Scanbuy overview eli dushinskyScanbuy overview eli dushinsky
Scanbuy overview eli dushinskyEli Dushinsky
 

Viewers also liked (20)

Comelit EX-320C Data Sheet
Comelit EX-320C Data SheetComelit EX-320C Data Sheet
Comelit EX-320C Data Sheet
 
Odigies didaskalias2013 2014
Odigies didaskalias2013 2014Odigies didaskalias2013 2014
Odigies didaskalias2013 2014
 
Movers and Shakers Announcement 11-1995
Movers and Shakers Announcement 11-1995Movers and Shakers Announcement 11-1995
Movers and Shakers Announcement 11-1995
 
Arte barroca na Europa
Arte barroca na EuropaArte barroca na Europa
Arte barroca na Europa
 
Recursos informaticos S-Chipantiza
Recursos informaticos S-ChipantizaRecursos informaticos S-Chipantiza
Recursos informaticos S-Chipantiza
 
T2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizado
T2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizadoT2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizado
T2 tema 2 el crecimiento economico. mercadotecnia 6 a semiescolarizado
 
NIEL Placement Report
NIEL Placement ReportNIEL Placement Report
NIEL Placement Report
 
Ppp himalayan salt
Ppp himalayan saltPpp himalayan salt
Ppp himalayan salt
 
la verdad como correspondencia
la verdad como correspondencia la verdad como correspondencia
la verdad como correspondencia
 
Espilon electronics inc. presentation
Espilon electronics inc. presentationEspilon electronics inc. presentation
Espilon electronics inc. presentation
 
4 letra-t
4 letra-t4 letra-t
4 letra-t
 
Sustainable Healthcare Report
Sustainable Healthcare ReportSustainable Healthcare Report
Sustainable Healthcare Report
 
Kurt Stiver, MD Professional Reference Letter
Kurt Stiver, MD Professional Reference LetterKurt Stiver, MD Professional Reference Letter
Kurt Stiver, MD Professional Reference Letter
 
Comelit CVC Data Sheet
Comelit CVC Data SheetComelit CVC Data Sheet
Comelit CVC Data Sheet
 
Epic UGM 2014 presentation
Epic UGM 2014 presentationEpic UGM 2014 presentation
Epic UGM 2014 presentation
 
Trabajo danny
Trabajo dannyTrabajo danny
Trabajo danny
 
historia de la matematica
historia de la matematicahistoria de la matematica
historia de la matematica
 
Redes sociales
Redes socialesRedes sociales
Redes sociales
 
Photographer Mark Seliger
Photographer Mark Seliger Photographer Mark Seliger
Photographer Mark Seliger
 
Scanbuy overview eli dushinsky
Scanbuy overview eli dushinskyScanbuy overview eli dushinsky
Scanbuy overview eli dushinsky
 

Similar to CSIHSBC

How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfBhekumuzi Xaba
 
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)Louise Hunt
 
How to identify potential customers for bad debts?
How to identify potential customers for bad debts?How to identify potential customers for bad debts?
How to identify potential customers for bad debts?Debt Nirvana
 
Be prepared to deal with fraud for web
Be prepared to deal with fraud for webBe prepared to deal with fraud for web
Be prepared to deal with fraud for webKatie Farrow
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
 
Chapter 4, Fundamentals of Accounting I (2).pptx
Chapter 4, Fundamentals of Accounting I (2).pptxChapter 4, Fundamentals of Accounting I (2).pptx
Chapter 4, Fundamentals of Accounting I (2).pptxKalkaye
 
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...Mahmoud Elmekawy
 
Wp 1st Party Fraud(9 8 10)
Wp 1st Party Fraud(9 8 10)Wp 1st Party Fraud(9 8 10)
Wp 1st Party Fraud(9 8 10)Carolyn Kopf
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationbethljohnson
 
IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.
IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.
IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.Miranda Anderson
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Infographic: Sales Channel Incentive Fraud Trends For 2014
Infographic: Sales Channel Incentive Fraud Trends For 2014Infographic: Sales Channel Incentive Fraud Trends For 2014
Infographic: Sales Channel Incentive Fraud Trends For 2014360insights
 
Reclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To RecoveryReclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To Recoveryjonmcdowall
 

Similar to CSIHSBC (19)

How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
 
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
 
How to identify potential customers for bad debts?
How to identify potential customers for bad debts?How to identify potential customers for bad debts?
How to identify potential customers for bad debts?
 
Be prepared to deal with fraud for web
Be prepared to deal with fraud for webBe prepared to deal with fraud for web
Be prepared to deal with fraud for web
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
 
Fraud Prevention Guide
Fraud Prevention GuideFraud Prevention Guide
Fraud Prevention Guide
 
Chapter 4, Fundamentals of Accounting I (2).pptx
Chapter 4, Fundamentals of Accounting I (2).pptxChapter 4, Fundamentals of Accounting I (2).pptx
Chapter 4, Fundamentals of Accounting I (2).pptx
 
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
 
Wp 1st Party Fraud(9 8 10)
Wp 1st Party Fraud(9 8 10)Wp 1st Party Fraud(9 8 10)
Wp 1st Party Fraud(9 8 10)
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
 
IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.
IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.
IELTS BAND SCORES - Mr. Einstein Pare. Online assignment writing service.
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
 
IdentIty Theft - ConsumerCents
IdentIty Theft - ConsumerCentsIdentIty Theft - ConsumerCents
IdentIty Theft - ConsumerCents
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business
 
Trade program FAQ's
Trade program FAQ'sTrade program FAQ's
Trade program FAQ's
 
Infographic: Sales Channel Incentive Fraud Trends For 2014
Infographic: Sales Channel Incentive Fraud Trends For 2014Infographic: Sales Channel Incentive Fraud Trends For 2014
Infographic: Sales Channel Incentive Fraud Trends For 2014
 
Reclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To RecoveryReclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To Recovery
 
BBB Market Monitor: October 2019
BBB Market Monitor: October 2019 BBB Market Monitor: October 2019
BBB Market Monitor: October 2019
 

More from Thomas Zaenger

Simply Stated Marketing Plan
Simply Stated Marketing PlanSimply Stated Marketing Plan
Simply Stated Marketing PlanThomas Zaenger
 
Easy Stated PC RT 1-23-06
Easy Stated PC RT 1-23-06Easy Stated PC RT 1-23-06
Easy Stated PC RT 1-23-06Thomas Zaenger
 
Workplace Violence Comm Materials
Workplace Violence Comm MaterialsWorkplace Violence Comm Materials
Workplace Violence Comm MaterialsThomas Zaenger
 

More from Thomas Zaenger (11)

Drew1
Drew1Drew1
Drew1
 
Simply Stated Marketing Plan
Simply Stated Marketing PlanSimply Stated Marketing Plan
Simply Stated Marketing Plan
 
Diversity Video
Diversity VideoDiversity Video
Diversity Video
 
Rolland
RollandRolland
Rolland
 
Marketing_Bios
Marketing_BiosMarketing_Bios
Marketing_Bios
 
Easy Stated PC RT 1-23-06
Easy Stated PC RT 1-23-06Easy Stated PC RT 1-23-06
Easy Stated PC RT 1-23-06
 
Pathfinder
PathfinderPathfinder
Pathfinder
 
Alliance Education
Alliance EducationAlliance Education
Alliance Education
 
Workplace Violence Comm Materials
Workplace Violence Comm MaterialsWorkplace Violence Comm Materials
Workplace Violence Comm Materials
 
Facebook
FacebookFacebook
Facebook
 
MedPro
MedProMedPro
MedPro
 

CSIHSBC

  • 1. Group One HSBC HTS US Employee Admin edit   This intranet All intranets Search... Published: 20 August 2009 CSI: HSBC It begins with a few clever phone calls and well-worded questions. It escalates into identity theft, illegal purchases and a case for the REACT Incident Management Team. The following scenario is fictitious. But the five steps are typical of schemes that plague companies of all kinds and sizes. And it illustrates how HSBC responds to remediate these problems. Step One Con Man calls HSBC Customer Care and says he’s from the Fraud department. His system is down, he claims, and he urgently needs information about Carol Cardholder — her credit card account number, expiration date, date of birth and Social Security/Insurance number. The Customer Care employee is happy to help, but he’s cautious because he can’t locate the caller in the Group Directory. For confirmation, he asks for the name and phone number of the caller’s manager. Instead, Con Man hangs up. What Con Man gained: He now knows that he’ll need a manager’s name and phone number to get information. Step Two Con Man calls Customer Care again, this time reaching a different employee. Con Man sounds angry, demanding to speak to someone in the Fraud department. When Fraud Rep answers and identifies himself, the angry Con Man says he won’t provide his account number until Fraud Rep first gives him his manager’s name and phone number in case they get disconnected. Wanting to appease him, Fraud Rep provides the information. Con Man then hangs up on the puzzled Fraud Rep. What Con Man gained: He now knows Fraud Rep’s name, as well as the name and phone number of his manager. Step Three Another call by Con Man to Customer Care. This time he says he’s Fraud Rep and his system’s down. He needs important account information about Carol Cardholder. As proof of his identity, he provides the name and phone number of Fraud Rep’s manager — and gets the account information he’s looking for. What Con Man gained: He now has Carol Cardholder’s account number, Social Security/Insurance number and other identifying information. Step Four Con Woman is Con Man’s girlfriend. She calls Customer Care, claiming to be Carol Cardholder. She wants her credit line increased. After providing all the appropriate identifying information (obtained by her boyfriend), she’s approved for an additional $2,000. What Con Woman gained: As “Carol Cardholder,” she now has spending power that the real Carol Cardholder knows nothing about. Step Five Con Woman starts charging purchases to Carol Cardholder’s account. In addition, she uses Carol’s personal information to open a new line of credit in Carol’s name at a different bank. Carol, of course, knows nothing at this point about the identity theft and fraudulent purchases. Time to REACT Our two con artists aren’t content with merely raiding Carol’s account. They’re greedy and go for more. Using Fraud Rep’s name, Con Man phones numerous Customer Care employees, pulling the same fraud over and over. But Con Man makes slip in one of his calls. Getting suspicious, the Customer Care employee asks more probing questions. Again, Con Man hangs up, but the employee isn’t finished. She talks to her fellow Customer Care employees and learns many of them have received similar calls from the phony Fraud Rep. Recognizing a dangerous pattern, the employee knows what to do. She gets in touch with REACT by calling the North American Help Desk, 1- 888-685-4357. REACT, the Rapid Emergency Action Crisis Team, is the umbrella name for Security & Fraud Risk’s disciplined approach to investigating and resolving information security problems. REACT’s Incident Management Team calls in any other HSBC units that may be needed to resolve the issue. Together, they develop a remediation plan to determine: What kind of customer data was exposed and how it happened Who was affected by the security breach How to contain the damage and fix the problem In this case, the Incident Management Team gathers key information from the Customer Care employees who were contacted by Con Man. The team learns: Who Con Man claimed to be The phone number(s) he called from The names of the customers whose accounts were targeted Armed with that information, the Fraud Investigation department handles shutting down activity in the targeted customers’ names and any fraudulent accounts that were set up for them. Of course, things don’t always go this smoothly on every case. Sometimes key information isn’t available for Fraud Investigation to work from. S ti d ’t k h th t t d t til th fi d t th l h th t d bill t t lli i Th t’ Page 1 of 2CSI: HSBC 04/10/2010http://connect.us.hsbc/topheadlines/2009/aug_20_2009.html?year=2009&printF...
  • 2. when they call REACT. But however HSBC learns about the fraud, Compliance then makes sure all the appropriate reporting is done, including notifying all the targeted customers. To help address their problems, HSBC provides U.S. customers with an identity theft protection product from an approved vendor. (This is done on a case-by-case basis in Canada.) This product, which HSBC pays for, will: Give each customer a current credit report for himself Monitor the customer’s credit report for any changes caused by the identity theft Help correct any wrongful account charges that were made in the customer’s name Refer the customer to ITAC, the Identity Theft Assistance Center, an industry-supported organization that will help the customer deal with issues related to this incident The Incident Management Team also sees that other appropriate parties are notified. It could be credit reporting agencies. If the compromised credit cards came from one of our business partners, they’ll be contacted as well by the appropriate Relationship Manager. Account numbers will be changed for the targeted customers. If the situation warrants, state, provincial and federal regulators could be notified, along with law enforcement agencies. Internally, the details of this multi-person fraud case are also included in a monthly report to senior management in both North America and Group. REACT goes proactive It’s not enough to deal with the current problem. The REACT Incident Management Team will also work with its internal partners to prevent similar problems in the future. It will take steps to: Work with the Business Information Risk Officers (BIROs) and Human Resources to educate the employees who unwittingly released information to Con Man. Raise employee awareness of information security issues and identity theft through various communications. Suggest procedures that would make it more difficult for future con artists to pass themselves off as HSBC employees. When all the steps have been followed, the issues have been resolved and REACT’s tracking system has been updated with all the details of this case, the Incident Management Team can finally close the case. And stand ready to REACT the next one. Related Links: What is REACT? How Do You REACT to Security Problems? Page 2 of 2CSI: HSBC 04/10/2010http://connect.us.hsbc/topheadlines/2009/aug_20_2009.html?year=2009&printF...