• Review anti-malware defenses and ensure the use of reputation based content and website access filters
• Ensure that workstations utilize host-based IPS technology and / or application white-listing to prevent the execution of unauthorized programs
• Monitor employee logins that occur outside of normal business hours
• Consider implementing time-of-day login restrictions for the employee accounts with access to payment systems
• Restrict access to wire transfer limit settings
• Reduce employee wire limits in automated wire systems to require a second employee to approve larger wire transfers .
• If wire transfer anomaly detection systems are used , consider changing “ rules ” to detect this type of attack and , if possible , create alerts to notify bank administrators if wire transfer limits are modified
• Secure and / or store manuals offline or restrict access to the training system manuals with further security , such as enhanced access controls and / or segregation from the payment systems themselves
• Monitor for spikes in website traffic that may indicate the beginning of a DDoS and implement a plan to ensure that when potential DDoS activity is detected , the appropriate authorities handling wire transfers are notified so wire transfer requests will be more closely scrutinized
• Strongly consider implementing an out of band authorization prior to allowing wire transfers to execute
• Limit systems from which credentials used for wire authorization can be utilized
• Review intrusion detection and incident response procedures and consider conducting a mock scenario testing exercise to ensure familiarity with the plan
Incident Reporting
The FBI encourages victims of cyber crime to contact their local FBI field office , http :// www . fbi . gov / contact / fo / fo . htm , or file a complaint online at www . IC3 . gov .
Overview :
Risk , fraud , potential losses and strict regulations are common to all payment channels , including Check , Wire , ACH and Card . Failure to understand the inherent risks , fraud potential and compliance requirements of each system can result in financial losses , lost customers , a tarnished reputation and violations of state and federal regulations .
Building a strong foundation for detecting and mitigating risk and fraud begins with an understanding of the payment channels and their common and unique risks . Federal guidance requires financial institutions and other organizations to understand risk categories and develop sounds business practices to minimize exposure .
The Cross-Channel Risk Certificate Program is designed for any payments professional that would benefit from an understanding of payment systems risk , fraud potential and governing rules and regulations . The ten-course program examines inherent risks , investigates common areas of exposure , identifies compliance obligations and provides sound risk mitigation practices of four key payment networks — Check , Wire , ACH and Card . To measure proficiency in risk identification and management , each course concludes with a knowledge assessment . The Cross-Channel Risk Certificate is awarded upon successful completion of the final course and exam .
Payments professionals who fully complete the Cross-Channel Risk Certificate Program will be able to :
• Discern the risks of the four major payment systems ( Check , Wire , ACH and Card )
• Understand compliance obligations for each payment system
• Identify risk management techniques
• Mitigate the threat of risk and fraud losses Learning Level : Fundamental to Intermediate
Who should participate ?
Anyone who requires basic payment systems risk and compliance knowledge , including financial institution staff from operations , cash / treasury management , retail / frontline and credit / lending associates , as well as business users of the payment systems .
For more information call 800-475-0585
This product was created as part of a joint effort between the Federal Bureau of Investigation , the Financial Services Information Sharing and Analysis Center ( FS- ISAC ), and the Internet Crime Complaint Center ( IC3 ).
The wire transfer amounts have varied between $ 400,000 and $ 900,000 , and , in at least one case , the actor ( s ) raised the wire transfer limit on the customer ’ s account to allow for a larger transfer .
9