• Review anti-malware defenses and ensure the use of reputation based content and website access filters
• Ensure that workstations utilize host-based IPS technology and / or application white-listing to prevent the execution of unauthorized programs
• Monitor employee logins that occur outside of normal business hours
• Consider implementing time-of-day login restrictions for the employee accounts with access to payment systems
• Restrict access to wire transfer limit settings
• Reduce employee wire limits in automated wire systems to require a second employee to approve larger wire transfers.
• If wire transfer anomaly detection systems are used, consider changing“ rules” to detect this type of attack and, if possible, create alerts to notify bank administrators if wire transfer limits are modified
• Secure and / or store manuals offline or restrict access to the training system manuals with further security, such as enhanced access controls and / or segregation from the payment systems themselves
• Monitor for spikes in website traffic that may indicate the beginning of a DDoS and implement a plan to ensure that when potential DDoS activity is detected, the appropriate authorities handling wire transfers are notified so wire transfer requests will be more closely scrutinized
• Strongly consider implementing an out of band authorization prior to allowing wire transfers to execute
• Limit systems from which credentials used for wire authorization can be utilized
• Review intrusion detection and incident response procedures and consider conducting a mock scenario testing exercise to ensure familiarity with the plan
Incident Reporting
The FBI encourages victims of cyber crime to contact their local FBI field office, http:// www. fbi. gov / contact / fo / fo. htm, or file a complaint online at www. IC3. gov.
Cross Channel Risk Certificate Program
Overview:
Risk, fraud, potential losses and strict regulations are common to all payment channels, including Check, Wire, ACH and Card. Failure to understand the inherent risks, fraud potential and compliance requirements of each system can result in financial losses, lost customers, a tarnished reputation and violations of state and federal regulations.
Building a strong foundation for detecting and mitigating risk and fraud begins with an understanding of the payment channels and their common and unique risks. Federal guidance requires financial institutions and other organizations to understand risk categories and develop sounds business practices to minimize exposure.
The Cross-Channel Risk Certificate Program is designed for any payments professional that would benefit from an understanding of payment systems risk, fraud potential and governing rules and regulations. The ten-course program examines inherent risks, investigates common areas of exposure, identifies compliance obligations and provides sound risk mitigation practices of four key payment networks— Check, Wire, ACH and Card. To measure proficiency in risk identification and management, each course concludes with a knowledge assessment. The Cross-Channel Risk Certificate is awarded upon successful completion of the final course and exam.
Payments professionals who fully complete the Cross-Channel Risk Certificate Program will be able to:
• Discern the risks of the four major payment systems( Check, Wire, ACH and Card)
• Understand compliance obligations for each payment system
• Identify risk management techniques
• Mitigate the threat of risk and fraud losses Learning Level: Fundamental to Intermediate
Who should participate?
Anyone who requires basic payment systems risk and compliance knowledge, including financial institution staff from operations, cash / treasury management, retail / frontline and credit / lending associates, as well as business users of the payment systems.
For more information call 800-475-0585
This product was created as part of a joint effort between the Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center( FS-ISAC), and the Internet Crime Complaint Center( IC3).
9