Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Counterfeiting Presentation 2009 Handout


Published on

January 2009 NWCA Presentation

  • Be the first to comment

  • Be the first to like this

Counterfeiting Presentation 2009 Handout

  1. 1. Counterfeiting - Detection and Prevention Fraud in the Pacific NW John Snodgrass, CAMS - Security Risk Manager Boeing Employees Credit Union
  2. 2. The History of Fraud 80’S – UIBC Fraud – PIN Based ATM Fraud – Lost/Stolen Visa 90’S – Return Deposits/New Fraud Accounts – Home Mail Theft/Chemical Washing – Introduction of Versacheck – Debit Card Fraud Today – Merchant Breaches – partial vs. full track – Verified by Visa/MasterCard Secure Code – Plastic Card Fraud (Skimming/Card Capture) – Return Deposits/New Fraud Accounts – Versacheck – Identity Theft – Internet Scams (Key loggers, Phishing, Spoofing, Nigerian, Wire Transfer, Vishing) – Counterfeiting (Money Orders, Cashier’s Checks) – Trail Heads/Gyms’s – Relationship with BSA
  3. 3. Recent Compromises Heartland Avianca Sur Le Table Chipolte Polo/Ralph Lauren Card Service Solutions (CSSI) 40 mm Designer Shoe Warehouse (DSW) 1.4mm TJX (TJ Maxx, Marshall’s) 45.7mm 146,000
  4. 4. New Account Fraud/Repeat Offenders The same fraud rings lead multiple attacks As ring leaders leave, others fill that gap Why do they continue? Fearless Sentencings Worth the price of “admission” Intelligent Awareness of your policies/procedures Organized Crime
  5. 5. Check Counterfeiting Versacheck – Routing and Transit Numbers – Magnetic Ink – Watermark – Microprinting – In-clearing items – possible merchant In- loss – Deposit items – possible FI loss – Check Stock
  6. 6. Account Takeover Address Changes Card/PIN Requests LOC/HELOC Fraud – Social Engineering – Fraudulent payments followed by – Advances into check and savings – Wire Transfers
  7. 7. MSR206 HiCo/LoCo Magstripe Card Reader / Writer Price: $750 - Now available in USB interface! Desktop Card Systems Datacard® UltraGrafix® 800 Card Personalization System Fast, affordable card personalization The MedAssure™ 295 card personalization system lets you issue high-quality ID cards—with your choice of embossed characters, bar codes, logos, text, personalized smart card chips and encoded magstripes—in a fast, single-pass operation. Retail Price: $54.00 DiscountID: $40.50 CR80 Graphic-Qual 30mil PVC Cards 500ct
  8. 8. In our first slide you see an individual who is apparently making a bank transaction at the ATM.
  9. 9. He is really placing a trap in the ATM machine to “capture” the next user’s card.
  10. 10. Lookout Warning These individuals work in teams. The lookout warns of any possible eye witnesses / or of the next potential victim.
  11. 11. The Victim Here we see the next member using the ATM after the trap has been set. He inserts his card and begins his transaction.
  12. 12. Accessing the PIN Victim is convinced he can recover the card, if he presses his PIN at the same time the suspect presses “cancel” and “enter.”
  13. 13. After several attempts the victim is convinced his card has been confiscated.
  14. 14. Recovering the CARD
  15. 15. The Trap The trap is made up of XRAY film, which is the preferred material by thieves simply because of the black color which is similar in appearance to the slot on the card reader.
  16. 16. Placing the TRAP The trap is then inserted into the ATM slot. Care is taken not to insert the entire film into the slot, the ends are folded and contain glue strips for better adhesion to the inner and outer surface of the slots.
  17. 17. Retrieval of Confiscated Card As soon as the victim is gone, and they have your PIN, the thief can remove the glued trap by grasping the folded tips. He simply pulls the trap out that has retained your card.
  18. 18. Best Practices Educate your Board and Executive Management Education of 1st and 2nd line Servicers – Routinely examine the ATM façade for traces of: Adhesive Tape residue Camera tampering Any unusual attachments Regular Review of ATM Lighting Pay attention to ATM down times – Do you have any monitoring triggers? – What are your response times?
  19. 19. Best Practices (cont.) Member/Customer Training Leverage vendor relationships – What solutions are being developed? developed? Inhibitors Jitter Software Foreign Device Recognition New Facias SHARE INFORMATION – Participate in your local fraud & robbery meetings
  20. 20. Training/Education Community Relations – Strategic Business Partners – Member/Customer Seminars – Member/Customer Newsletters – Web site enhancements – Safety tips – New trends – Rotary, Elks, Kiwanis, Senior Citizen
  21. 21. Case Monitoring Two or more “like” cases Run CPP test Identify window of exposure Define your Card Compromise Strategies – Block/reissue as needed – Member/Customer notification
  22. 22. CREDIT MASTER/CREDIT WIZARD Internet Program Created by Hackers Contains BIN Numbers and Algorithms