1. 9/29/2013 #bbcon Current Trends in Fraud Prevention 1
Current Trends in Fraud Prevention
PRESENTED BY MELANIE MORTON
2. 9/29/2013 #bbcon Current Trends in Fraud Prevention 2
• Title: Manager of Blackbaud Forms
• My educational background is in
philosophy. I’ve worked as an
academic, a Wall Street research
analyst, and a help desk manager.
• Hobbies: Anything artistic. I love
making things –bookbinding,
limestone sculpture, really good
bread, or quilts. My ideal vacation is a
cross-country bike trip.
• Contact me:
melanie.morton@blackbaud.com
MELANIE MORTON
Download this presentation
with the bbcon mobile app
or from the post-conference
landing page at
www.bbconference.com
3. 9/29/2013 #bbcon Current Trends in Fraud Prevention 3
• Background
• Types of Payments Fraud
• The Fraud Prevention Matrix
• Procedural Controls
• Your Bank’s Requirements
• Other Fraud Prevention Tools
• Recommendations
• Further Reading
AGENDA
4. 9/29/2013 #bbcon Current Trends in Fraud Prevention 4
This talk focuses on how to manage vulnerabilities and liabilities to
common forms of payment fraud
Primary sources:
2012 Payments Fraud Survey by The Federal Reserve Board of
Minneapolis. 246 respondents in the upper Midwest, including 92%
financial institutions
2012 Report to the Nations on Occupational Fraud and Abuse by the
Association of Certified Fraud Examiners (ACFE)
2013 AFP Payments Fraud and Control Survey, March 2013,
Association for Finance Professionals. Survey had 625 respondents
representing corporate practitioner members and non-members of
AFP with the following job titles: cash managers, analysts and
directors.
BACKGROUND
5. 9/29/2013 #bbcon Current Trends in Fraud Prevention 5
90% of respondents to the Federal Reserve Board’s latest
survey suffered dollar losses due to payments fraud
For non-FI respondents, check fraud accounted for 78% of
their dollar losses
In the AFP survey, checks accounted for 69% of the cases
with financial loss due to fraud
The median loss to an incident of payments fraud was
$20,300
FRAUD IS WIDESPREAD
6. 9/29/2013 #bbcon Current Trends in Fraud Prevention 6
Industry check-related losses amounted to an
estimated
$893 million in 2010
-- American Bankers Association
This figure doesn’t include losses to account holders,
who bear a much higher proportion of the liability for
check fraud losses.
THE COST OF FRAUD
7. 9/29/2013 #bbcon Current Trends in Fraud Prevention 7
“One of the simplest and most prevalent ways to
commit a financial crime, to steal money, is to commit
some form of check fraud.”
“While we may never know the full costs of check
fraud across the financial industry, some of the
available information shows impacts that are
staggering.”
James H. Freis, Jr.,
Director, Financial Crimes Enforcement Network
U.S. Department of the Treasury
SIMPLE, PREVALENT, & STAGGERING
8. 9/29/2013 #bbcon Current Trends in Fraud Prevention 8
Credit and Debit Card Fraud
ACH, Wire Transfer & Corporate Account Takeover
(CAT) Fraud
Check Fraud
The ACFE estimates most fraud takes 18 months to
uncover. Timely review is essential!
TYPES OF PAYMENT FRAUD
9. 9/29/2013 #bbcon Current Trends in Fraud Prevention 9
• Forged signatures or endorsements
• Altered checks – amounts, payee, MICR (to slow
down clearing process)
• Counterfeiting – fabricating or duplicating
• Holder in Due Course (HDIC) claims
CHECK FRAUD
10. 9/29/2013 #bbcon Current Trends in Fraud Prevention 10
Holder in Due Course (HDIC) claims are a powerful part of the Uniform
Commercial Code which privileges the needs of the banking system
over consumer protections. These claims create a special area of check
fraud vulnerability for account holders.
A Holder in Due Course is anyone who accepts a check for payment.
This is usually a bank, but it can also be a merchant or check cashing
business. If they cash a check in good faith that is not suspiciously
irregular, then they are entitled to be paid, even if it later turns out
that the check is fraudulent.
• HDIC claims are superior to all other contracts, including stop
payments and Positive Pay
• HDIC rights can be sold
PRIVILEGED FRAUD:
CHECKS & HDIC CLAIMS
11. 9/29/2013 #bbcon Current Trends in Fraud Prevention 11
Robert Triffin buys “dishonored checks” and uses HDIC claims to sue for
payment. Here are three cases tried in the Superior Court of New
Jersey.
HDIC beats Stop Payments
Triffin v. Cigna Insurance Company
A check issued by Cigna was falsely claimed to be lost. Cigna issued a
stop payment and provided a new check. The first check was then
cashed at Sun’s Market, who presented it for payment through its bank.
Cigna’s bank dishonored the check. Mr. Triffin acquired the check and
filed an HDIC claim more than two years after the check was
dishonored. The court ruled in favor of Mr. Triffin.
Fraud prevention:
• Print expiration on the front of the check and don’t issue replacement
checks until after the original has expired
HDIC CLAIMS IN ACTION
12. 9/29/2013 #bbcon Current Trends in Fraud Prevention 12
Plausible Fraudulent Checks are Valid
Triffin v. Somerset Valley Bank
Mr. Triffin bought $9K worth of counterfeit, forged checks returned to a
check cashing business marked “Stolen check – Do Not Present Again.”
The payroll checks in question matched both the stock and the
signature stamp used by the account holder.
Despite the fact that they were unauthorized, the fraudulent check
documents were deemed to be valid “negotiable instruments.” The
Court reasoned that in order to preclude liability from a holder in due
course claim, “it must be apparent on the face of the instrument that it is
fraudulent.” The court ruled in favor of Mr. Triffin.
SCARIER HDIC CLAIMS IN ACTION
13. 9/29/2013 #bbcon Current Trends in Fraud Prevention 13
High Security Checks Can Beat HDIC Claims
Triffin v. Pomerantz Staffing Services, LLC
Pomerantz Staffing used high security checks with a warning banner on
the front that stated “This Check Has Heat Sensitive Ink to Confirm
Authenticity.”
Someone made copies and cashed 18 checks worth $7,000 at Friendly
Check Cashing. Pomerantz’s bank returned the checks unpaid. Mr.
Triffin bought the checks and claimed HDIC status. Since Friendly had
the means to determine authenticity, the court ruled against Mr. Triffin.
Fraud prevention:
• Use preprinted, high security check stock with features that verify
authenticity to limit HDIC claims
DEFENDING AGAINST HDIC CLAIMS
15. 9/29/2013 #bbcon Current Trends in Fraud Prevention 15
The best defense involves a combination of tactics
• Procedural controls
• Check fraud prevention
• Transaction screening
• Fraud protection services
THE FRAUD PREVENTION MATRIX
16. 9/29/2013 #bbcon Current Trends in Fraud Prevention 16
Reconcile both bank and card-related accounts daily
Segregate accounts by payment type and purpose to easier identify
exceptions & enable use of transaction filters & blocks
Report potential fraud occurrences to your bank in a timely manner
Offer Employee Support with documented procedures & training
Enforce security procedures with
Authentication/authorization controls in payment process such as
strong passwords & security token or key fob that generates one-
time-use passwords
Physical access controls to payment processing
PROCEDURAL CONTROLS 1
17. 9/29/2013 #bbcon Current Trends in Fraud Prevention 17
Enforce security procedures (cont’d)
Logical access controls to network and payment apps
Dedicated computer for financial institution transactions or
restrictions on staff use of Internet on your network
Transaction limits for payment disbursements & corporate card
purchases
Separate duties in payment process (submitting bills, approvals,
signing checks, and reconciliation)
Internal and external audits
Employee hotline to report potential fraud
Organizations with some form of hotline in place saw a much higher likelihood
that fraud would be detected by a tip (51%) than organizations without such a
hotline (35%).” - ACFE
PROCEDURAL CONTROLS 2
18. 9/29/2013 #bbcon Current Trends in Fraud Prevention 18
Maintain authorized signers documentation with your bank
For checks:
Don’t leave blank spaces in the payment or payee areas
Print expiration on front of check
Keep secure – lock up check stock & signature stamps
Use Stop Payments & close the bank account if you discover a check with a
fraudulent payable amount
Report stolen checks to check verification companies such as Telecheck and
Certegy, so other businesses will refuse the stolen checks
The most commonly used techniques are not
necessarily the most effective
PROCEDURAL CONTROLS 3
19. 9/29/2013 #bbcon Current Trends in Fraud Prevention 19
Small organizations
Had far fewer anti-fraud controls
Were victimized by fraud more frequently
Suffered disproportionately large median loss of
$147,000
FRAUD IN SMALLER ORGANIZATIONS
20. 9/29/2013 #bbcon Current Trends in Fraud Prevention 20
The most effective general controls are:
Planned and surprise internal audits
Employee support programs
Hotlines
These three were correlated with the greatest
decreases in financial losses
Organizations lacking these controls experienced
median fraud losses approximately 45% larger than
organizations with the controls in place
BEST CONTROLS
21. 9/29/2013 #bbcon Current Trends in Fraud Prevention 21
• External audits of financial statements — the most
commonly implemented control among the victim
organizations in the ACFE study — showed the least
impact
• Nothing
When asked to describe which weakness had led to
the fraud occurrences at victim organizations, “an
outright lack of controls” was the most frequently
cited factor
WORST CONTROLS
23. 9/29/2013 #bbcon Current Trends in Fraud Prevention 23
Ordinary Care is a legal term that means the requirement to act
with the same watchfulness, attention, caution and prudence as
a reasonable person in the same circumstances. Failure to meet
this standard constitutes negligence.
Your bank legally gets to define ordinary care as it pertains to
your company and their security standards.
• Learn how your bank defines your firm’s responsibilities to
prevent fraud
• Be aware of the liability arrangements spelled out in your
banking agreement
• Review periodically for changes
YOUR BANK DEFINES “ORDINARY CARE”
25. 9/29/2013 #bbcon Current Trends in Fraud Prevention 25
The Best Defense Is A Great Defense
FIGHT CHECK FRAUD
26. 9/29/2013 #bbcon Current Trends in Fraud Prevention 26
High security checks are better than regular checks because they are more
resistant to tampering and they make evidence of tampering more apparent.
They present more difficult and numerous technical challenges to the criminal.
Because of this, high security checks are your first line of defense against check
fraud. Added benefits:
• A strong defense means fewer challenges
• Protect from some HDIC claims when they include authentication features that
survive duplication
• Demonstrate “Ordinary Care”
HIGH SECURITY CHECKS
27. 9/29/2013 #bbcon Current Trends in Fraud Prevention 27
When we made the decision to offer High Security checks, we selected
the paper supplier who offered the fullest number and range of robust
security features. While our competitors typically offer only 10 to 16
security features, Blackbaud Forms offers much more.
Guardian Plus checks have 28 security features including Controlled
Paper Stock, Foil Hologram, Thermochromic Ink, True Watermark and
other state‐of‐the‐art security measures. This check is extremely
difficult to replicate or alter without leaving evidence. The holographic
foil provides 3 different security features and is extremely difficult to
scan or copy – proving authenticity that should survive the slackest
check cashing clerk.
Guardian checks have 25 security features, which include everything
but the holographic foil used for our Guardian Plus checks
NOT ALL HIGH SECURITY CHECKS ARE
THE SAME
28. 9/29/2013 #bbcon Current Trends in Fraud Prevention 28
“Positive pay, ACH filters and daily reconciliations are among the best
methods to identify exception items that may include fraudulent
transactions or errors.” -- AFP
Highly recommended and often required by your bank, these services
are your most powerful fraud prevention tool. But there are criticisms:
• 15% of the AFP survey respondents say that managing the payments
exceptions is time-consuming, as well as costly to research and to resolve
• Execution errors can cause the bank to reject valid checks or clear check
meant to be rejected
• Not bulletproof: HDIC claims take precedence over Positive Pay
• Can miss scams where additional payee names are added above or next to the
original name
• Since banks sell these services, some complain they are paying the bank to
reduce the bank’s own liability
TRANSACTION SCREENING SERVICES
29. 9/29/2013 #bbcon Current Trends in Fraud Prevention 29
Positive Pay & ACH Positive Pay - This bank service compares check numbers
(or transaction ids) and amounts without regard to payee against check run
reports supplied by you. If discrepancies exist, you are notified so you can
authorize or reject the payment.
Payee Verification/Payee Positive Pay - An enhancement to traditional Positive
Pay & ACH Positive Pay– this add-on service reports payee name exceptions
Reverse Positive Pay - A pared down version of Positive Pay, the account
holder reviews the list of checks presented for payment to self-identify
discrepancies
Post No Checks - prevents check debits from selected accounts dedicated to
electronic payments or depository
ACH Blocks - prevent all ACH credit and/or debit activity from posting to an
account and returns all those transactions to the originating bank
ACH Debit Filter - allows only authorized ACH transactions
TYPES OF TRANSACTION SCREENING
SERVICES
30. 9/29/2013 #bbcon Current Trends in Fraud Prevention 30
Thanks to HDIC claims and scams that manage to defeat transaction screening,
some vulnerability remains. Fraud protection services have emerged recently to
fill this gap or provide an alternative to the other prevention tools. The value,
scope & costs of these different plans vary widely.
If fraud gets through your defenses, you need expert help to deal with it
effectively. We like FraudArmor’s protection service for the scope & value of
services they provide. They work on your behalf to aggressively defend your
interests.
FraudArmor protection provides a remediation and recovery service for financial
and non-financial fraud affecting your checks and associated accounts, as well
as monitoring for identity theft, and more.
• Sold with a specific run of checks
• Provides coverage for 12 months from shipment date
• Costs 3¢ per check
• Not a form of insurance - FraudArmor does not reimburse for fraud
FRAUD PROTECTION SERVICES
31. 9/29/2013 #bbcon Current Trends in Fraud Prevention 31
FraudArmor responds to different types of fraud
• Forged, altered or counterfeit checks
• Credit or debit card fraud
• ACH fraud
• All other identity theft, including financial and non-financial fraud such
as employment fraud, medical fraud, Internet fraud, etc.
FraudArmor service includes:
• A number of professional services to assist in recovering from identity
fraud, including making claims to financial institutions and other
entities for reimbursement of funds lost due to fraud
• Free replacement checks
• FraudArmor logo printed on check for deterrence and to signify
eligibility
HOW IT WORKS
32. 9/29/2013 #bbcon Current Trends in Fraud Prevention 32
FraudArmor specialists are the most highly credentialed in the industry.
They have:
• FCRA/FACTA – Fair Credit Reporting Act /Fair and Accurate Credit Transactions Act
Certified allows them to work directly with credit bureau data
• CITRMS – Certified Identity Theft Risk Management Specialist by the Institute of
Consumer Financial Education
• Licensed Private Investigators – Equips the Fraud Specialist to better spot clues that
may lead to the identification and arrest of the perpetrator. The Fraud Specialist also
maintains a detailed case file which helps with the prosecution of the perpetrators.
• Members of AMCRIN’s CrimeDex – Provides access to a national database of criminal
information, including identity theft rings and scams, which is shared and regularly updated
among law enforcement
• Crisis Counseling Trained
• Limited Power of Attorney – Work with for the victim, utilizing a LPOA, to do most of the
legwork for the victim
SPECIALIST CREDENTIALS
34. 9/29/2013 #bbcon Current Trends in Fraud Prevention 34
• Implement strong internal controls which incorporate
your bank’s requirements
• Use high security check stock
• Limit risk with an appropriate mix of transaction
screening services
• Manage fraud claims effectively with FraudArmor
FRAUD PREVENTION BEST PRACTICES
35. 9/29/2013 #bbcon Current Trends in Fraud Prevention 41
Download this presentation through the
bbcon 2013 mobile app
or
visit www.bbconference.com to download
from the post-conference landing page
• Contact me:
melanie.morton@blackbaud.com
THANK YOU!