SlideShare una empresa de Scribd logo

Cyber fraud in banks

Network Intelligence India
Network Intelligence India
TecnologíaEmpresariales
1 de 35
Descargar para leer sin conexión
Cyber Fraud Challenges & Solutions K. K. Mookhey Principal Consultant Network Intelligence India Pvt. Ltd.
Agenda Ground Reality – Digesting the Hard Facts Online Banking Fraud The Data Theft Epidemic Skimming & ATM Fraud Spear Phishing & APT Identifying Technology Red Flags Technology Fraud Risk Management Resources
Online Banking Fraud
Primary fix? 2-factor Or OTP User Awareness
The Data Theft Epidemic
What price India? Online examples…
Fresh record price = Rs. 75 Converted customer price = Rs. 150
Skimming – Basic & Advanced
THE TRAP ♦ The trap is made up of XRAY film, which is the preferred material by thieves; Simply because of the black color which is similar in appearance to the slot on the card reader.
Placing the TRAP ♦ The trap is then inserted into the ATM slot. Care is taken not to insert the entire film into the slot, the ends are folded and contain glue strips for better adhesion to the inner and outer surface of the slots.
INVISIBLE ♦ Once the ends are firmly glued and fixed to the slot, it is almost impossible to detect by unsuspecting clients.
How is your card confiscated? ♦ Slits are cut into both sides of the trap, This prevents your card being returned prior to completing your transaction.
Retrieval of Confiscated card. ♦ As soon as the “Customer” has gone, and they have your PIN , The thief can remove the glued trap, by grasping the folded tips, he simply pulls the trap out that has retained your card..
Advanced skimming - video
Where’s the silver lining?!
Technology Red Flags Systems crashing Audit trails not available Mysterious “system” user IDs Weak password controls Simultaneous logins Across-the-board transactions Transactions that violate trends – weekends, excessive amounts, repetitive amounts Reluctance to take leave or accept input/help Reluctance to switch over to a new system
The IIA – IT & Fraud Risks Fraudulent Financial Reporting • Unauthorized access to accounting applications — Personnel with inappropriate access to the general ledger, subsystems, or the financial reporting tool can post fraudulent entries. • Override of system controls — General computer controls include restricted system access, restricted application access, and program change controls. IT personnel may be able to access restricted data or adjust records fraudulently.
The IIA – IT & Fraud Risks Misappropriation of Assets • Theft of tangible assets — Individuals who have access to tangible assets (e.g., cash, inventory, and fixed assets) and to the accounting systems that track and record activity related to those assets can use IT to conceal their theft of assets. • Theft of intangible assets — Given the transition to a services-based, knowledge economy, more and more valuable assets of organizations are intangibles such as customer lists, business practices, patents, and copyrighted material. Corruption • Misuse of customer data — Personnel within or outside the organization can obtain employee or customer data and use such information to obtain credit or for other fraudulent purposes.
• As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy Principle 1 to convey the expectations of the board of directors and senior management regarding managing fraud risk. • Fraud risk exposure should be assessed periodically by the Principle 2 organization to identify specific potential schemes and events that the organization needs to mitigate. • Prevention techniques to avoid potential key fraud risk events Principle 3 should be established, where feasible, to mitigate possible impacts on the organization. • Detection techniques should be established to uncover fraud events Principle 4 when preventive measures fail or unmitigated risks are realized. • A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective Principle 5 action should be used to help ensure potential fraud is addressed appropriately and timely.
Leveraging Technology Data Leakage Prevention Email Gateway Filtering Security & Controls by Design Information Rights Management Identity & Access Control Management Data Encryption Business Intelligence Solutions Revenue Assurance & Fraud Management Solutions Forensic Investigation Capabilities
Chapter 6 – Cyber Frauds Special Committee of the Board to be briefed separately Independent Fraud Risk Management Group (FRMG) Fraud Review Councils to be set up Fraud Vulnerability Assessments New products to be reviewed by (FRMG) Banks to share details of fraudulent employees Transaction monitoring group/system Continuous trainings Employee awareness and rewarding whistleblowers Training institute for financial forensic investigation Sharing of fraud management experiences State-level Financial Crime Review Committee Multi-lateral arrangement amongst banks to deal with online frauds
Resources Fraud Risk Management System in Banks http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=527 3&Mode=0 IIA – Fraud Prevention and Detection in an Automated World http://www.theiia.org/guidance/technology/gtag13/
Thank you! Questions? kkmookhey@niiconsulting.com Information Security Information Security Training Consulting Services Services

Recomendados

State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
Vasundhara Singh Gautam
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
Pooja Rani
 
Fraud detection
Fraud detectionFraud detection
Fraud detection
International School of Engineering
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
jagannath ojha
 
Credit Card Fraud
Credit Card Fraud Credit Card Fraud
Credit Card Fraud
Mikael Wagner
 
Anti money laundering
Anti money launderingAnti money laundering
Anti money laundering
Uttma Shukla
 

Recomendados

State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
Vasundhara Singh Gautam
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
Pooja Rani
 
Fraud detection
Fraud detectionFraud detection
Fraud detection
International School of Engineering
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
jagannath ojha
 
Credit Card Fraud
Credit Card Fraud Credit Card Fraud
Credit Card Fraud
Mikael Wagner
 
Anti money laundering
Anti money launderingAnti money laundering
Anti money laundering
Uttma Shukla
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
Cut 2 Shreds
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
Siddharth Paldhikar
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft ppt
Angela Lawson
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraud
FCA - Future Chartered Accountants
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
MOE515253
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
Ramiro Cid
 
Cyber Fraud
Cyber Fraud Cyber Fraud
Cyber Fraud
Dixita S
 
Bank frauds & its safety
Bank frauds & its safetyBank frauds & its safety
Bank frauds & its safety
BISWAJITGHORAI2
 
Frauds in banking
Frauds in banking Frauds in banking
Frauds in banking
Vinayak Halapeti
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
Mukarram Dhorajiwala
 
E commerce fraud
E commerce fraudE commerce fraud
E commerce fraud
miteshppt
 
Money laundering
Money laundering Money laundering
Money laundering
Ananya Sree Katta
 
AML presentation
AML presentationAML presentation
AML presentation
Jowhar Roshan
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
Blackbaud
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & control
Dominic Sroda Korkoryi
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Accenture
 
Financial Crimes
Financial CrimesFinancial Crimes
Financial Crimes
Animesh Shaw
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
Cyber Crime and a Case Study
Cyber Crime and a Case StudyCyber Crime and a Case Study
Cyber Crime and a Case Study
Pratham Jaiswal
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
charlesgarrett
 
What Is The Illuminati?
What Is The Illuminati?What Is The Illuminati?
What Is The Illuminati?
Slipknoo
 
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
Catherine Hislop
 

Más contenido relacionado

La actualidad más candente

Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
MOE515253
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
Blackbaud
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
charlesgarrett
 

La actualidad más candente (20)

Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft ppt
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraud
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
 
Cyber Fraud
Cyber Fraud Cyber Fraud
Cyber Fraud
 
Bank frauds & its safety
Bank frauds & its safetyBank frauds & its safety
Bank frauds & its safety
 
Frauds in banking
Frauds in banking Frauds in banking
Frauds in banking
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
 
E commerce fraud
E commerce fraudE commerce fraud
E commerce fraud
 
Money laundering
Money laundering Money laundering
Money laundering
 
AML presentation
AML presentationAML presentation
AML presentation
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & control
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Financial Crimes
Financial CrimesFinancial Crimes
Financial Crimes
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Cyber Crime and a Case Study
Cyber Crime and a Case StudyCyber Crime and a Case Study
Cyber Crime and a Case Study
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 

Destacado

The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
Catherine Hislop
 
Fraud in the Banking Sector
Fraud in the Banking Sector Fraud in the Banking Sector
Fraud in the Banking Sector
Venktesh Venke
 
The secret order of the illuminati
The secret order of the illuminatiThe secret order of the illuminati
The secret order of the illuminati
Riaz Zalil
 

Destacado (7)

What Is The Illuminati?
What Is The Illuminati?What Is The Illuminati?
What Is The Illuminati?
 
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
The Illuminati Formula To Create An Undetectable Total Mind Control Slave[1][1]
 
The Mark Of The Beast
The Mark Of The BeastThe Mark Of The Beast
The Mark Of The Beast
 
Fraud in the Banking Sector
Fraud in the Banking Sector Fraud in the Banking Sector
Fraud in the Banking Sector
 
Illuminati presentation
Illuminati presentationIlluminati presentation
Illuminati presentation
 
The secret order of the illuminati
The secret order of the illuminatiThe secret order of the illuminati
The secret order of the illuminati
 
The illuminati quiz 2009 Finals
The illuminati quiz 2009 FinalsThe illuminati quiz 2009 Finals
The illuminati quiz 2009 Finals
 

Similar a Cyber fraud in banks

E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
VidaB
 
credit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptxcredit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptx
227r1a0519
 
Fraud Detection and Risk Management in Finance.pptx
Fraud Detection and Risk Management in Finance.pptxFraud Detection and Risk Management in Finance.pptx
Fraud Detection and Risk Management in Finance.pptx
dhaval3100013
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
Ict2005 fms
Ict2005 fmsIct2005 fms
Ict2005 fms
kkvences
 
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
PascalOtieno
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
E Andrew Keeney
 
Credit Card Fraud Detection_ Mansi_Choudhary.pptx
Credit Card Fraud Detection_ Mansi_Choudhary.pptxCredit Card Fraud Detection_ Mansi_Choudhary.pptx
Credit Card Fraud Detection_ Mansi_Choudhary.pptx
Boston Institute of Analytics
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 

Similar a Cyber fraud in banks (20)

E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
 
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxCredit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptx
 
credit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptxcredit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptx
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference ExpertsEnterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
 
IRJET - Online Credit Card Fraud Detection and Prevention System
IRJET - Online Credit Card Fraud Detection and Prevention SystemIRJET - Online Credit Card Fraud Detection and Prevention System
IRJET - Online Credit Card Fraud Detection and Prevention System
 
Fraud Detection and Risk Management in Finance.pptx
Fraud Detection and Risk Management in Finance.pptxFraud Detection and Risk Management in Finance.pptx
Fraud Detection and Risk Management in Finance.pptx
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
 
Ict2005 fms
Ict2005 fmsIct2005 fms
Ict2005 fms
 
ACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk Assessment
ACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk AssessmentACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk Assessment
ACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk Assessment
 
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
 
IRJET- Survey on Credit Card Fraud Detection
IRJET- Survey on Credit Card Fraud DetectionIRJET- Survey on Credit Card Fraud Detection
IRJET- Survey on Credit Card Fraud Detection
 
Our way of fighting fraud
Our way of fighting fraudOur way of fighting fraud
Our way of fighting fraud
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
Setting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineSetting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud Hotline
 
Credit Card Fraud Detection_ Mansi_Choudhary.pptx
Credit Card Fraud Detection_ Mansi_Choudhary.pptxCredit Card Fraud Detection_ Mansi_Choudhary.pptx
Credit Card Fraud Detection_ Mansi_Choudhary.pptx
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 

Más de Network Intelligence India

RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
Network Intelligence India
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
Network Intelligence India
 

Más de Network Intelligence India (20)

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 
Application security enterprise strategies
Application security enterprise strategiesApplication security enterprise strategies
Application security enterprise strategies
 

Último

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

Cyber fraud in banks

  • 1. Cyber Fraud Challenges & Solutions K. K. Mookhey Principal Consultant Network Intelligence India Pvt. Ltd.
  • 2. Agenda Ground Reality – Digesting the Hard Facts Online Banking Fraud The Data Theft Epidemic Skimming & ATM Fraud Spear Phishing & APT Identifying Technology Red Flags Technology Fraud Risk Management Resources
  • 4. Primary fix? 2-factor Or OTP User Awareness
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. The Data Theft Epidemic
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. What price India? Online examples…
  • 19. Fresh record price = Rs. 75 Converted customer price = Rs. 150
  • 20. Skimming – Basic & Advanced
  • 21. THE TRAP ♦ The trap is made up of XRAY film, which is the preferred material by thieves; Simply because of the black color which is similar in appearance to the slot on the card reader.
  • 22. Placing the TRAP ♦ The trap is then inserted into the ATM slot. Care is taken not to insert the entire film into the slot, the ends are folded and contain glue strips for better adhesion to the inner and outer surface of the slots.
  • 23. INVISIBLE ♦ Once the ends are firmly glued and fixed to the slot, it is almost impossible to detect by unsuspecting clients.
  • 24. How is your card confiscated? ♦ Slits are cut into both sides of the trap, This prevents your card being returned prior to completing your transaction.
  • 25. Retrieval of Confiscated card. ♦ As soon as the “Customer” has gone, and they have your PIN , The thief can remove the glued trap, by grasping the folded tips, he simply pulls the trap out that has retained your card..
  • 28. Technology Red Flags Systems crashing Audit trails not available Mysterious “system” user IDs Weak password controls Simultaneous logins Across-the-board transactions Transactions that violate trends – weekends, excessive amounts, repetitive amounts Reluctance to take leave or accept input/help Reluctance to switch over to a new system
  • 29. The IIA – IT & Fraud Risks Fraudulent Financial Reporting • Unauthorized access to accounting applications — Personnel with inappropriate access to the general ledger, subsystems, or the financial reporting tool can post fraudulent entries. • Override of system controls — General computer controls include restricted system access, restricted application access, and program change controls. IT personnel may be able to access restricted data or adjust records fraudulently.
  • 30. The IIA – IT & Fraud Risks Misappropriation of Assets • Theft of tangible assets — Individuals who have access to tangible assets (e.g., cash, inventory, and fixed assets) and to the accounting systems that track and record activity related to those assets can use IT to conceal their theft of assets. • Theft of intangible assets — Given the transition to a services-based, knowledge economy, more and more valuable assets of organizations are intangibles such as customer lists, business practices, patents, and copyrighted material. Corruption • Misuse of customer data — Personnel within or outside the organization can obtain employee or customer data and use such information to obtain credit or for other fraudulent purposes.
  • 31. • As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy Principle 1 to convey the expectations of the board of directors and senior management regarding managing fraud risk. • Fraud risk exposure should be assessed periodically by the Principle 2 organization to identify specific potential schemes and events that the organization needs to mitigate. • Prevention techniques to avoid potential key fraud risk events Principle 3 should be established, where feasible, to mitigate possible impacts on the organization. • Detection techniques should be established to uncover fraud events Principle 4 when preventive measures fail or unmitigated risks are realized. • A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective Principle 5 action should be used to help ensure potential fraud is addressed appropriately and timely.
  • 32. Leveraging Technology Data Leakage Prevention Email Gateway Filtering Security & Controls by Design Information Rights Management Identity & Access Control Management Data Encryption Business Intelligence Solutions Revenue Assurance & Fraud Management Solutions Forensic Investigation Capabilities
  • 33. Chapter 6 – Cyber Frauds Special Committee of the Board to be briefed separately Independent Fraud Risk Management Group (FRMG) Fraud Review Councils to be set up Fraud Vulnerability Assessments New products to be reviewed by (FRMG) Banks to share details of fraudulent employees Transaction monitoring group/system Continuous trainings Employee awareness and rewarding whistleblowers Training institute for financial forensic investigation Sharing of fraud management experiences State-level Financial Crime Review Committee Multi-lateral arrangement amongst banks to deal with online frauds
  • 34. Resources Fraud Risk Management System in Banks http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=527 3&Mode=0 IIA – Fraud Prevention and Detection in an Automated World http://www.theiia.org/guidance/technology/gtag13/
  • 35. Thank you! Questions? kkmookhey@niiconsulting.com Information Security Information Security Training Consulting Services Services