Southern California By John Buzzard Doubletree Hotel Ontario, CA February 20, 2013
DDoS Attacks Distributed Denial of Service Attacks spurred by YouTube video. What is it? Occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. This is the result of several compromised systems (for example a botnet) flooding the targeted system(s) with several packets. When a server is overloaded with connections, new connections can no longer be accepted. How can you prepare for them? Firewall settings, Intrusion defense systems like “Top Layer IPS products” On February 7 Anonymous filed a petition to acknowledge DDoS as a legal form of protest similar to the occupy protests.
Fraudulent PIN Changes What has been happening? Approx 13 cases 395 cards 23 FIs 1,500 trans $480k attempted withdrawals $200k successful withdrawals Best practices
Fraudulent ACH Payments Dishonest account holder. ACH Payment option is used to pay off credit card/line. Fraudster takes over an account at another FI to initiate payment or uses one that they have opened. ACH Payment clears, Customer runs balance up again. Customer often over pays balance and then utilizes cash advances to siphon off more funds. ACH Payment eventually is returned as NSF after the credit was applied. Financial institution’s corporate account takes the loss. Some losses have been as high as $100,000 Best practices
ACH Kiting Best Practices Monitoring credit card payment reports daily. Consider not allowing ACH credit card payments for new customers. Be sensitive to over limit customers who suddenly over pay, perform multi pmts, utilize ACH when they have not done so prior. (customized reports would be required) Monitor the following reports for credit card payments daily: ACH payment report ACH Large Dollar Report ACH Return Reports Return Check Adjustment Report Over Limit Report Balance Control Over Limit Report Review of Excessive Account Activity Credit card payment kiting report Use a fraud monitoring solution on credit card payments to detect potential ACH kiting. Monitor the settlement account for ACH returns.
Fraud spending a priority for some in 2013 This information was gathered from a quarterly survey of US risk managers.
POS Malware is the new face of skimming • Weak passwords at the merchant level. • Malware can penetrate at any time and requires no physical presence. • Mag and PIN capture risk is the same. • Recent arrest activity in NY as thieves performed “cash outs” at ATMs. (Suspects pictured below)
Multiple Mal Ware Attacks
Mal Ware Compromises
Basha’s Grocery Store Malware attack
Cash Out Warnings
Gathering Fraud Intelligence Know who’s on your front line - Identify the personnel best-suited to perform various types of proactive intelligence gathering. Develop a communications plan- Decide who within your company should receive various types of intelligence. For instance, you might determine that fraud investigators receive all financial crime intelligence, while corporate IT receives malware and virus intrusion intelligence. Take advantage of low-cost tactics- No-cost ideas include creating simple search engine alerts on keywords; leveraging your contacts to build a strong network of people willing to share intelligence . Socialize- Join organizations that align with your information needs. Share intelligence internally- Educate your workforce on new concepts and initiatives, such as EMV and mobile payments. “Feed” the intelligence - The same issues may have to be revisited multiple times to maintain the most current level of understanding and deter any threats. Use data to respond faster- Use tactical fraud intelligence to create rules that mitigate fraud before it disrupts your business operations. This could be as simple as understanding the geographic disposition of a fraud threat so that your team can develop an offense before the fraud losses stack up.
Interviewing an accountholder What is the name of the anti virus protection software that you use on your home pc? What is the name of the SpyWare/Malware program on your PC? How often do you log into online banking? Let me show you how to activate account alerts so that you can stay in touch with your accounts. Do you have a shared PIN or single PIN (little trick) When was the last time you changed your PIN?
2012 Card and PIN Skimming
Bookseller Case POS devices in the café section. 40 locations in 9 states. (CA, NY,NJ, CT,MA,RI,IL,PA,FL) 8700+ compromised cards identified/protected by CAS. First devices placed Oceanside, CA 6/10/12 (removed 9/9/12) and Warwick, RI 6/25/12 (removed 9/12) Dual coast testing? Placement indicates NE/MidWest then FL then CA. No more activity until 8/3 in Smithfield, RI and 8/9 Deer Park, IL. Last skimming date 9/14/12. Cards were used at ATMs in the areas where they were skimmed.
2012 Breakdown % of Card Alert Service Cases POS ATM -NonBank ATM-Bank PIN Points of Compromise 2003-2012 1 0.8 2012 vs 2011 0.6 2012 POS skimming locations decreased by 33%. 0.4 2012 Skimming via ATMs @financial centers rose 21% 0.2 2012 Skimming @white label ATMs increased 12% 0 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 Source: FICO Card Alert Service
2012 Points of Compromise (Card Alert Service) Green : Bookseller Case Pink : POS location Blue : ATM located at a financial institution Light blue : White label Non FI ATM
Gas Pump Skimmer from West Wendover, NV January 2012
Card Reader Theft February 24, 2012 Kensington, MD
Endicott, NY August 11, 2012
Gas Pump Internal Skimmer Irvine, CA 9/13/12
Queens, NY November 11, 2012
Virginia Beach, VA November 25, 2012
Vestibule Card Entry Point Skimmer Bedford Hills, NY 12/2/12
Disguises & spray paint 12/03/12 San Diego,CA
Door skimmer Bedford Hills, NY 12/5/12 Attached are photos of Skimming Device Camera setups. The Skimming device was apparently on the access door pad and the cameras on the ATM’s. The cameras also have a small antenna for wireless transmission to the thief’s laptop.
May 2012 Howard Beach, NY
Chicago, IL 1/16/13
Social Engineerings & Other Scams Social websites: Account takeovers, Imposters who trick people into sending them $ for emergencies. Games played through third party applications are not very trustworthy. Phone applications can easily inject malware. Good idea to completely remove unused apps. Social websites are the gateway for break-ins during your vacation. Criminals who are in possession of your payment card or other bits of information can SLOWLY friend you or review your postings to cull information to help them victimize your financial accounts. (Zip code collection, City/St, Family names are often answers to challenge questions online.) Be wary of what your friends post about you!
Other trends POS 90 Music download charges $99-$200 You can charge these back to iTunes. Block Non US iTunes! POS 90 Rule declining all auths b/t $49.99 and $110.00 w/ a score greater than 60. The rule has a 5:1 FPR. Healthcare & Universities deliver tons of compromises.
WWW.FraudAlertnetwork.com
Fraud discussions inside the community
Monthly Fraud Calls-Sign UP! https://www.csvep.com/FICO/FraudForum.html
Secure email portal https://secure.psmtp.com/s/welcome.jsp?b=fico
Convert to secure email delivery today • Member Profile Updates: http://www.fico.com/landing/CardAlert/CardAlertServiceForm.html • Please provide your team email address. • If you do not know your CAS ID please use eight zeroes in the field requesting your CAS ID. • Maximum of two email addresses can be accommodated otherwise. • Card Alert will assist you via phone 888-440-4227 if you prefer.
Thank You Investigations@fico.com 888-440-4227
Recommend
More recommend