Powerful Google developer tools for immediate impact! (2023-24 C)
ECI Conference Presentation Ray Schick.ppt
1. TOOLS AND TECHNIQUES
Fraud Prevention and Detection Tools
Facilitating Private-Public Cooperation
2008 ECI Conference
GLOBAL WARNING!
Economic Crime Home and Abroad
Raymond W. Schick, Vice President, Fraud Prevention Manager
Global Security and Investigations
For the past 25 years, the accounting firm KPMG International has surveyed the top 1,000 U.S. Companies asking them to rank the crimes that hurt their business the most, both internally and externally. Since the survey began, embezzlement has ranked first. Check fraud was ninth in the list 10 years ago… Today, it’s #2.
The American Bankers Association reports that check fraud and counterfeiting are among the fastest-growing crimes affecting the nation’s financial system at 25% annually.
Findings indicate that smaller organizations are the most vulnerable to fraud and abuse. Organizations with less than 100 employees suffered the largest median losses per capita. Generally, this is because sophisticated internal controls, designed to deter fraud, are less prevalent in smaller organizations. (Fraud Detectives Consultant Network)
Small organizations continue to say, “we don't really have a check problem." The numbers, however, say otherwise.
Organized and professional fraud rings can make bogus checks from a "good check" copy that has a valid signature and other corporate data and logo information on it. Corporate Payroll and Accounts Payable accounts are great targets. All types and sizes of companies are targets.
Some counterfeit checks are color copied, but most are created using inexpensive check printing software purchased from office supply stores or via the Internet.
The software prints checks on blank laser paper stock readily available from office supply stores, mail order catalogs, software companies and even check printers.
Almost all of the major check printers sell blank, generic laser check stock, and the forgers buy it like legitimate companies.
Regulation CC provides bank clients access to their funds in a short period of time, (e.g., local checks within two days, non-local checks within four days).
Criminals often alter a check’s routing and transit numbers creating an inconsistency regarding the true paying bank. The result is confusion in the collection process which may delay the time when notice of dishonor is given to the bank of first deposit. When the fraudulent item is returned to the right paying bank, the deposited funds have usually been withdrawn.
Fraud is on the rise ... and it is up to each company to prepare to defend itself.
Altered Check Fraud. The payee name is changed. The written amount can be increased, resulting in overpayment to the payee. Some checks had the MICR line altered with wrong information (such as routing/transit number or the account number) to slow down the clearing / return process.
Forged Signatures / Forged Endorsements are crimes often perpetrated by employees or other parties known to the client
Counterfeit checks are most prevalent and fastest growing of check fraud. Check counterfeiters use today’s sophisticated color copies to copy valid checks. Exact imitations of genuine checks can be created with readily available desktop publishing capabilities.
Third Party Bill payment services- The checks are produced by service providers and do not include the payor signature. Instead, the signature line reflects something such as “signature on file”. Unauthorized checks produced by third party payment services are usually not detected until the client reviews the monthly bank statement. By the time the client identifies the unauthorized check, it is often too late to recover the funds, since the “24 hour window” . These checks usually sail right through the check sorting operation, since they include good account information and sometimes even include good serial numbers.
Check Kiting requires multiple bank accounts and the movement of monies between accounts. The check kiter takes advantage of the time required by a bank to clear a check.
Closed Account Fraud is added by the reduced clearing time mandated by Regulation UCC
Altered Check Fraud. The payee name is changed. The written amount can be increased, resulting in overpayment to the payee. Some checks had the MICR line altered with wrong information (such as routing/transit number or the account number) to slow down the clearing / return process.
Forged Signatures / Forged Endorsements are crimes often perpetrated by employees or other parties known to the client
Counterfeit checks are most prevalent and fastest growing of check fraud. Check counterfeiters use today’s sophisticated color copies to copy valid checks. Exact imitations of genuine checks can be created with readily available desktop publishing capabilities.
Third Party Bill payment services- The checks are produced by service providers and do not include the payor signature. Instead, the signature line reflects something such as “signature on file”. Unauthorized checks produced by third party payment services are usually not detected until the client reviews the monthly bank statement. By the time the client identifies the unauthorized check, it is often too late to recover the funds, since the “24 hour window” . These checks usually sail right through the check sorting operation, since they include good account information and sometimes even include good serial numbers.
Check Kiting requires multiple bank accounts and the movement of monies between accounts. The check kiter takes advantage of the time required by a bank to clear a check.
Closed Account Fraud is added by the reduced clearing time mandated by Regulation UCC
Why does ACH Fraud occur?
Ease of ACH participation;
Industry acceptance;
Flexibility of payment applications
Recent trend - Higher dollar non-recurring activity; Shift from controlled corporate to uncontrolled consumer initiation; ARC & POP, WEB & TEL
A number of businesses have experienced some ACH fraud because they haven’t sufficiently protected themselves against it. A common misconception is that ACH transactions need to be authorized. They don’t. Any ACH may debit post to a DDA account.
The only pieces of information that an individual needs are Account Number and Routing Number which can be obtained from any given check. For example, from your payroll check, someone can use the account and routing number to make unauthorized payments or purchases via the internet or phone.
The best defense against counterfeit checks is Positive Pay, an automatic check-matching service offered by Chase. This service matches the check number and dollar amount of checks presented for payment against a file of issued checks transmitted to the bank by the account holder.
ACH Debit blocking enables the client to set parameters acting as a filter for ACH postings to the account. The client can define which transactions could hit the account, from originators to dollar limits.
Who is responsible for fraud losses has changes over time…
UCC 3-103 “Ordinary Care”
Ordinary Care now requires corporate customers to follow “reasonable commercial standards” prevailing in their area – for their industry or business.
UCC 3-405 “Comparative Negligence”
Asks the question – who was in the best position to prevent the fraud – and what was their negligence by what they did – or did not do…
The fraud risk would remain with the company (or employer) if the bank exercised “ordinary care” in processing the check
In short, employers are responsible for the integrity of their employees and to safeguard against outside fraud.
UCC 3-406 “Contributory Negligence”
The company could be found to have contributed to the loss if, for example, if it fails to safeguard checks from forgery or alteration by a “reasonable commercial standard”, and that failure to safeguard contributes to the forgery or alteration
Both the bank and the company could be responsible for the loss, with the court making the final decision on who bears what monetary loss.
UCC 4-406 “Reasonable Promptness”
Requires that customers exercise timeliness in reconciling bank statements and promptly notifying the bank if a payment has been made on a counterfeit or forged check.
Generally means within 30 days.
Banks may be able to establish a shorter time limit.
Our competitors indicated that other banks are requiring positive pay.
Deterrence is accomplished by using high-security checks, which discourage forgers by complicating the task of altering or replicating checks.
Some clients ask, “How many security features are enough?” Many industry experts agree that checks should have a minimum of eight safety features, and 10 or more is even better. The marginal cost of adding additional security features is insignificant compared to the stress, management time and legal expense of trying to recover money by forgers.
Check fraud is primarily a crime of opportunity. Implementing preventive measures will help you significantly decrease the number of opportunities available to forgers, thus minimizing losses from check fraud.
Review Fraud Brochure
According to a recent survey, two-thirds of consumers mistakenly believed that the scam e-mails they received had been sent by legitimate companies.(1)
In 2005, losses reported by U.S. victims of Internet fraud crimes reached a record $182 million in losses; however, the number of actual cases that get reported is very low. (2)
JPMC has seen a dramatic increase in phishing attacks against the bank in 2006. From an average of 15 attacks per year in 2004, to 50 attacks per month in late 2005, we are now experiencing approximately 300 attacks per month in 2006.
JPMC recently implemented a Sender Policy Framework on the chase.com, bankone.com, and firstusa.com domains. This framework enables us to identify "official" JPMC email and instructs the ISPs not to deliver any email purporting to come from us that does not come from our gateways.
For detailed information on what other fraudulent e-mails look like, steps you should follow in dealing with these solicitations and other information, please go to your browser and type in www.chase.com. Then click on "recognize and report fraudulent e-mail" on the left-hand side of the screen.
For detailed information on what other fraudulent e-mails look like, steps you should follow in dealing with these solicitations and other information, please go to your browser and type in www.chase.com. Then click on "recognize and report fraudulent e-mail" on the left-hand side of the screen.
For detailed information on what other fraudulent e-mails look like, steps you should follow in dealing with these solicitations and other information, please go to your browser and type in www.chase.com. Then click on "recognize and report fraudulent e-mail" on the left-hand side of the screen.
For detailed information on what other fraudulent e-mails look like, steps you should follow in dealing with these solicitations and other information, please go to your browser and type in www.chase.com. Then click on "recognize and report fraudulent e-mail" on the left-hand side of the screen.
SPECIAL NOTE: If you have responded to a phishing e-mail that appears to have originated from Chase by entering personal or account information into an e-mail or unauthorized site, we ask that you immediately call our client service team for further guidance and assistance. Please call the toll free number on the back of your Credit or ATM/ Debit Card or on your statement.
SPECIAL NOTE: If you have responded to a phishing e-mail that appears to have originated from Chase by entering personal or account information into an e-mail or unauthorized site, we ask that you immediately call our client service team for further guidance and assistance. Please call the toll free number on the back of your Credit or ATM/ Debit Card or on your statement.
SPECIAL NOTE: If you have responded to a phishing e-mail that appears to have originated from Chase by entering personal or account information into an e-mail or unauthorized site, we ask that you immediately call our client service team for further guidance and assistance. Please call the toll free number on the back of your Credit or ATM/ Debit Card or on your statement.