Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Treasury Best Practices Series: Minimizing Payments Fraud

Treasury departments are at risk for both internal and external fraud, and payments is a key vulnerability. Hear from the experts what steps you can take to minimize the risk posed to your organization by payments fraud, and how you can avoid becoming the next victim.

  • Be the first to comment

Treasury Best Practices Series: Minimizing Payments Fraud

  1. 1. April 21st, 2016 Minimizing Payments Fraud
  2. 2. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 2 Today’s Presenters Sam Pallotta VP, Treasurer Rockefeller Group International RB Erickson Director, Global Sales Enablement Kyriba Jeff Diorio Managing Director Treasury Strategies
  3. 3. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 3 Overview: Cyber risk in Treasury Real Life Business Case (Rockefeller Group) Best Practices Agenda
  4. 4. Overview: Cyber Risk and Fraud
  5. 5. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. Headlines
  6. 6. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 6 It’s not a question of “If” you will be impacted. It’s a question of how significant an impact it will be. How prevalent is this threat? “Government officials and security experts have long warned of the possibility of cyber disruptions in the financial system and other essential services and utilities.” Xoom Corp. CFO resigns after fraudsters steal $30.8M in corporate cash (“the email”) - San Francisco Business Times Bangladesh Central Bank Found $100 Million Missing After a Weekend Break Wall Street Journal
  7. 7. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. Payment Trend AFP 2016 Payment Fraud Survey
  8. 8. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. Size doesn’t matter AFP 2016 Payment Fraud Survey
  9. 9. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL.  Check fraud – Altered checks – Forgeries – Counterfeit checks – Remotely created checks – Lockbox Scam – Etc…  Electronic fraud (Unauthorized ACH/Wire) – Corporate account takeover – Check conversion counterfeits – Social engineering - Phishing/Spear Phishing – Keystroke software – Password engineering – (birthdays, Fido1234) – Etc…  Credit Card & P-card Types of Payment Fraud
  10. 10. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. Wires – Second to checks
  11. 11. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. Business Email Compromise (BEC)  FBI – Internet Crime Complaint Center (IC3) 64% of participants in 2016 AFP survey exposed to BEC
  12. 12. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 12  There are several risks and exposures – Internal threats • Theft or malicious acts • Human error – External threats • Social Engineering – hacking your process (Rock Group’s experience w/ BEC) • Technical (security exposures, remote control) – Environmental • Denial of service • Act of god (Hurricane Sandy) Framing the problem
  13. 13. Real Life Business Case (Rockefeller Group)
  14. 14. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. - In early 2015 Rockefeller Group was targeted by cyber criminals as fraudsters attempted to deceive the organization into transferring $8M for a fraudulent acquisition - Fortunately, the attempt failed - The fraud attempt was credible and sophisticated in its construction - Email appeared to be coming from CEO’s email account and was written in a style that effectively mimicked CEO - Fraudulent acquisition consistent with company’s prior history of acquiring UK subsidiaries - Email targeted Assistant Treasurer on day that Treasurer was out of the office • The fraudulent payment may have been made if it were not for the payment protocols that our organization has in place to ensure all wires are legitimate and accurate Fraud Attempt - Background
  15. 15. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. - Rockefeller Group has a system of payment protocols in place that protected the company from being a victim of fraud, including: - Segregation of duties - Physical and electronic forms - Payment authorization limits - Kyriba workstation - Bank controls (positive pay, ACH debit block, etc.) - Employee education - Written policies that are widely communicated - Hiring employees with high integrity - Internal and external audits - Senior management understanding and active support Payment Protocols
  16. 16. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. - Returning to our fraud attempt, let’s discuss specifically why it failed: - Segregation of duties: Assistant Treasurer would not have been able to input and release the wire on his own in our Kyriba workstation; would have required assistance from Cash Manager - Physical form / Payment authorization limits: Payments can not be released without a physical signature from the requestor and an approver with sufficient authorization - Kyriba workstation: Prevented the Assistant Treasurer from releasing a wire above a certain threshold; only IT department with approval from Treasurer can raise threshold - Employee education: Members of the Treasury department had recently taken part in fraud prevention seminar - Written policies that are widely communicated: Assistant Treasurer was well aware that he was unable to process wire without proper support - Hiring employees with high integrity Payment Protocols
  17. 17. Best Practice Recommendations
  18. 18. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 18  Look at all of the components, procedures, partners and communication channels • Determine all places where your data originates, is transported, and stored • Evaluate both current level of security and existing exposures • Review your payment procedures and initiation controls • Involve partners are both internal (AP, IT, Audit) and external (Banks, SWIFT, Vendor) • Evaluate potential for loss of control and inability to execute  Develop an action plan • Response team • Review each potential type of breakdown • Enhance protection where possible • Create response plan for inevitable breach • What are acceptable and unacceptable risks Action plan
  19. 19. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 19  Understand liability and insurance • Who has liability in case of an event? • Understand your vendors’ and banks’ liability coverage and your comfort • Use insurance riders and/or cyber insurance as an umbrella (could be multiple policies) • Be sure monetary and securities are covered  Leverage experts • Bank and vendor recommendations • Focused Treasury Risk Assessment (not general) as well as Corporate Payments and Cyber Risk • Expert advise and best practices • Outside perspective • Regular tune-ups Action plan
  20. 20. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 20 General Recommendations: Technical Controls Company SaaS Hosted TMS SWIFT Bureau Bank • Who has access to data? • What users have permission to initiate? • What are the physical security controls? • Are transmissions encrypted? • Are communications unreadable and unalterable? • Robustness of connectivity • Authentication of messages and sender • Alternate initiation plans Areas of vulnerability: Boxes are areas you, vendors or banks must be sure are secured. Arrows are communications channels to be protected.
  21. 21. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 21  Review policies and controls  Encrypt, encrypt, encrypt • Data at Rest must be encrypted. • Data in Flight must be encrypted.  Verification • Acknowledgements/confirmations • Central frequent monitoring of data and workflows • Digital signatures (e.g. Two Factor Authentication, SWIFT 3SKey), checksum and secondary validation to authenticate payment files  Action plan for breach or incident  Proactive vs. Reaction General Recommendations Company SaaS Hosted TMS SWIFT Bureau Bank
  22. 22. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL.  Kyriba  Treasury Strategies  Your banks  AFP  Other – FBI Internet Crime Complaint Center IC3 (http://www.ic3.gov) – Federal Reserve (http://takeonpayments.frbatlanta.org ) – NCFTA (https://www.ncfta.net) – FFEIC (https://www.ffiec.gov/cyberassessmenttool.htm) – US Secret Service Cyber Intelligence Center Resources
  23. 23. ‹#›© 2014 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL. A Matter of WHEN, not IF “When the time for decision arrives, the time for preparation has past” – Tom Monson
  24. 24. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 24 Additional Resources eBook: Six questions every treasurer should ask about their cash forecasting process http://kyri.ba/FraudQuestionsEbook White Paper: Leveraging Treasury Technology in the War Against Fraud http://kyri.ba/TMSagainstFraud
  25. 25. © 2015 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 25 Thanks for attending facebook.com/kyribacorp twitter.com/kyribacorp linkedin.com/company/kyriba-corporation youtube.com/kyribacorp slideshare.com/kyriba kyriba.com/blog

×