FraudNet PowerPoint

626 views

Published on

FraudNet is a cutting edge fraud-detection system that identifies fraudulent bill pay activity in real time using a complex set of algorithms. This state-of-the-art fraud-detection tool also helps credit unions meet FFIEC requirements to monitor suspicious activity on high-risk accounts.

Published in: Economy & Finance
  • Be the first to comment

  • Be the first to like this

FraudNet PowerPoint

  1. 1. FraudNet can help protectyour credit union and yourmembers from potentially Credit unions using EasyPay powered by devastating loss. Fiserv can now enjoy the benefits of FraudNet. FRAUDNET ALERT TRAINING Upon completion of this training, you will be able to understand, prioritize, and respond to FraudNet alerts you receive from the SettleMINT EFT team.
  2. 2. WHAT IS FRAUDNET? FraudNet is a cutting-edge fraud-detection system that identifies fraudulent bill pay activity in real time using a complex set of algorithms. This state-of-the-art fraud-detection tool also helps credit unions meet FFIEC requirements to monitor suspicious activity on high- risk accounts.
  3. 3. HOW DOES FRAUDNET WORK?The FraudNet Detection Engine identifies unusual bill pay activity bygathering the following types of data from payments scheduled throughbill pay: Behavioral data  Predefined rules are used to target specific types of behaviors that have been associated with previous fraud. Each rule is assigned a code to help the investigator determine why an alert was triggered and how the investigation should be approached. Negative data  Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of fraud. Statistical data  This data permits FraudNet to detect and return more negative alerts.
  4. 4. COMMON TYPES OF FRAUDThe definitions below are provided to help you better understand commontypes of fraud detected by the FraudNet Detection Engine. Electronic kiting  The perpetrator uses a funding account with limited or no funds to process payments via bill pay. Phishing  This is the practice of luring unsuspecting Internet users to a fake website by using authentic-looking email with the real organization’s logo in an attempt to steal passwords and financial or personal information, or to introduce a virus attack.
  5. 5. COMMON TYPES OF FRAUD (continued)The definitions below are provided to help you better understandcommon types of fraud detected by the FraudNet DetectionEngine. Man in the browser  Related to “man in the middle,” described below, this is a Trojan horse that infects a web browser and has the ability to modify pages, change transaction content, or insert additional transactions, all in a completely covert fashion invisible to both the consumer and the host application. These types of attacks can be successful whether or not security mechanisms such as SSL/PLI and/or multi-factor authentication solutions are in place. The only way to counter these types of attacks is to use transaction verification. Man in the middle  The perpetrator funnels communication between a consumer and a legitimate organization through a fake website. In these attacks, neither the consumer nor the organization is aware that the communication is being illegally monitored. The criminal is in the middle of a transaction between the consumer and his or her bank, credit card company, or retailer.
  6. 6. COMMON TYPES OF FRAUD (continued)The definitions below are provided to help you better understand commontypes of fraud detected by the FraudNet Detection Engine. Third-party receiver of funds  A person who transfers money and reships high-value goods that have been fraudulently obtained in one country, usually via the Internet, to another country, typically where the perpetrator lives. Trojan horse  A program that installs malicious software (malware) on a consumer’s computer without their knowledge. Trojan horses often come in links or as attachments from unknown email senders. Once installed, the malicious software can detect the consumer’s access to online banking sites and record their username and password, which is then transmitted to the perpetrator.
  7. 7. WHAT IS A FRAUDNET ALERT? FraudNet harnesses the power of collaboration by offering users the ability to post instant alerts and maintain a black list shared and viewable by financial institutions across the nation. When the SettleMINT EFT team receives a FraudNet alert that pertains to a transaction relating to one of your members, they will use AnswerBook to pass this alert on to your credit union’s FraudNet contact, who will then need to use the Alert Priority List (referenced on Slides 9-14) to prioritize the alert in case there are others that also need to be researched. Once the alert is prioritized, your credit union’s FraudNet contact will then need to research the transaction referenced in the alert to determine whether or not it is fraudulent. Once the legitimacy of the transaction has been determined, your FraudNet contact will need to reply through AnswerBook to request that the transaction be processed or stopped/returned.
  8. 8. ALERT TIMELINE If there is an alert that requires your attention, the SettleMINT EFT team will notify you via AnswerBook during one of the two time periods listed below. Also listed below is the time at which they’ll need your response on whether or not to process the transaction referenced in the alert.  Between 8-9 AM ET (Respond by 2 PM ET same day.)  Between 2-3 PM ET (Respond by 8 AM ET next day.)  Note: Cases will not be worked on weekends and holidays. It is extremely important that you respond to the SettleMINT EFT team via AnswerBook by the times listed above as we cannot make the decision on your behalf regarding whether to process or stop the transaction. If we do not hear from you with a decision by the times indicated above, then:  The payment will remain on hold for up to 5 business days.  After that, the payment will be cancelled, in which case the payment would not be delivered and the member could receive late fees/penalties.
  9. 9. ALERT PRIORITY LISTFIRST PRIORITY Negative List – DDA: The subscriber’s bank account number is on a list of bank accounts associated with confirmed cases of fraud. Negative List – Email: The subscriber’s email address is on a list of email addresses associated with confirmed cases of fraud. Negative List – Payee Account #: The subscriber’s account number with the payee is on a list of payee account numbers associated with confirmed cases of fraud. Negative List – SSN: The subscriber’s Social Security Number is on a list of Social Security Numbers associated with confirmed cases of fraud.  When a Social Security Number is added, all payments made by that subscriber are alerted in FraudNet.  Prior to adding a Social Security Number to the Negative List, you must obtain a “Declaration of Fraud,” which is a letter stating that the subscriber never has and never will use bill pay. Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee address zip codes linked to confirmed cases of fraud.
  10. 10. ALERT PRIORITY LISTFIRST PRIORITY (CONTINUED) Manual Alert: This is externally reported fraud that FraudNet missed or that failed to trigger an alert. It’s generated by the sponsor to notify Fiserv of the missed data. Manual Alert Search: A sponsor using FraudNet generated an alert for an item that was linked to confirmed fraud data (generally associated with email address, ZIP code, or payee account number).  It is crucial that these accounts be entered into the FraudNet system so fraud analysts can track and modify client-scoring parameters in the event their detection statistics begin to drop. Quick Hitter Rule: Multiple payments have been made to a newly added payee.
  11. 11. ALERT PRIORITY LISTSECOND PRIORITY Subscriber Info Change: The subscriber’s email address has recently changed. Personal Payments Receiver Velocity: This measures velocity of transactions and cumulative dollar amounts received by an individual. Sponsors subscribing to ZashPay should work with their fraud specialist to establish the appropriate velocity and amount thresholds. Personal Payment Sender Velocity: This measures velocity of transactions and cumulative dollar amounts sent by an individual. Sponsors subscribing to ZashPay should work with their fraud specialist to establish the appropriate velocity and amount thresholds. A2A Velocity: This monitors the velocity of account-to-account transfers being made by a specific subscriber. Variables are dependent on the specific business unit’s needs.
  12. 12. ALERT PRIORITY LISTSECOND PRIORITY (CONTINUED) Account Transfers Sleep: This monitors for previously created transactions being scheduled on a previously dormant account. Bust-Out: The subscriber is attempting to make a payment to a recently added payee, and the payee’s address is located near the subscriber’s address. Bust-Out II: The subscriber is attempting to make a payment to a recently added payee, and the payee’s address is located far from the subscriber’s address. Model: This is a statistical rule that is usually triggered by payment size. This is usually a large payment with a small chance of fraud.
  13. 13. ALERT PRIORITY LISTTHIRD PRIORITY DDA = Payee Account #: This monitors for transactions where the funding account matches the receiving or payee account number. This rule monitors both electronic and paper transactions. MOE (Merchant Online Enrollment): This rule monitors all newly established MOE merchant payments in the Fiserv system. Verify the payment with the subscriber.  MOE was a process created at Fiserv that allowed unmanaged, non-common payees to become electronically enabled. This program is no longer being used, but fraud mitigation practices still exist to monitor MOE merchants who are still electronically enabled within the Fiserv bill payment network.
  14. 14. ALERT PRIORITY LISTTHIRD PRIORITY (CONTINUED) Managed Velocity Payment: This is an optional rule used to monitor velocity of payments within a particular industry or set of industries. Contact your assigned fraud specialist to establish the thresholds for this velocity rule. For example, this rule helps detect multiple payments being transmitted to various credit card numbers, not just the same number. Transfer Monitor: This monitors newly created account-to-account transfers, timeframes, and amount thresholds per business unit specifications. Bank by Mail: This monitors transactions being remitted directly to financial-institution branches for deposit into a checking account.  Effective fall 2011
  15. 15. ALERT RESEARCH TIPSThe tips below are guidelines for researching a transaction flagged in aFraudNet alert. Please note that these are just recommendations and theremay be additional research required to determine whether or not atransaction is fraudulent. When researching or making a decision on atransaction referenced in a FraudNet alert, please follow your credit union’sfraud/identity theft procedures.1. Evaluate the transaction against normal member activity for the past three months.  Why? If the transaction is out of the member’s norms, this could be a sign of fraud.  How? From Member Inquiry, click the Transaction Activity button.2. Review the open date of the membership or sub-account.  Why? If the membership/sub-account was recently opened or if it was opened a long time ago with no activity until recently, this could be a sign of fraud.  How? Within Member Inquiry, the membership open date will be listed in the top right corner of the Contact Information tab. The sub-account open date will be listed in the top right corner of the Member Account Inquiry screen, accessed by clicking the sub-account and then Select.
  16. 16. ALERT RESEARCH TIPS (CONTINUED)The tips below are guidelines for researching a transaction flagged in aFraudNet alert. Please note that these are just recommendations and theremay be additional research required to determine whether or not atransaction is fraudulent.3. Review documents used at account opening (i.e. copy of driver’s license).  Why? If the member’s ID looks fake or suspicious, this could be a sign of fraud.  How? Follow your specific credit union procedures for where these documents are stored.4. Review the member’s credit report.  Why? If the credit score has suddenly plunged, this could be a sign of fraud.  How? From MNLOAN #1-Process Member Applications, enter the account base and press Enter. Then type in action code VC and press Enter. Select the report and click View Report.
  17. 17. ALERT RESEARCH TIPS (CONTINUED)The tips below are guidelines for researching a transaction flagged in aFraudNet alert. Please note that these are just recommendations and theremay be additional research required to determine whether or not atransaction is fraudulent.5. Review any changes in contact information and by whom the changes were made.  Why? Identity thieves often change contact information to reroute mail to themselves.  How? Go to MNAUDT #24-Audit File Maintenance.6. If, after performing the above research, you determine it’s likely that the transaction is fraudulent, contact the member to verify the legitimacy of the transaction.  Tip: Use any previous contact information that may exist for the member to reduce the chances of contacting the identity thief.
  18. 18. ALERT RESEARCH TIPS (CONTINUED)The tips below are guidelines for researching a transaction flagged in aFraudNet alert. Please note that these are just recommendations and theremay be additional research required to determine whether or not atransaction is fraudulent.  XIf you determine that the If you determine that thetransaction is legitimate and transaction is fraudulent andyou want the SettleMINT EFT you want the SettleMINT EFTteam to proceed with the team to deny thetransaction, respond via transaction, respond viaAnswerBook with instructions AnswerBook with instructionsto process the transaction. to stop or return the transaction. For response deadlines, refer to timeline on Slide 8.
  19. 19. THANK YOU FOR ATTENDING THIS WEB CONFERENCE. REMINDER Please contact us no later than Friday, March 1 with the names and contact information of three FraudNet contacts from your credit union so that we always havesomeone to speak with regarding transactions referencedin FraudNet alerts and so that your timely response to our alerts is ensured.

×