Date post: | 20-Jan-2016 |
Category: |
Documents |
Upload: | janis-parrish |
View: | 215 times |
Download: | 0 times |
© 2010 Paychex, Inc. All rights reserved
Facts and Figures Crime Pays (retail pricing)Cost of Being a VictimKnow Your EnemyMechanisms and MethodsReal-world ExamplesBasic Self-defenseCorporate Compensating Controls ProcessDefinition of Fraud Types of Fraud Experienced by Payroll CompaniesCost of White Collar CrimePayroll Fraud SchemesVictim, Now what do you do?
Paychex, Inc.Payroll, Human Resource and Employee Benefit ServicesPayroll, Human Resource and Employee Benefit Services
13,000 employees13,000 employees~$2.0 B in annual revenue~$2.0 B in annual revenue100+ locations across the U.S. and Germany100+ locations across the U.S. and Germany540,000 clients540,000 clients>9 million individual records>9 million individual records
Awards and Accolades:Awards and Accolades:2009 Fortune100 Best Companies to Work For2009 Fortune100 Best Companies to Work For
2010 Computerworld 100 Best Places to Work in IT 2010 Computerworld 100 Best Places to Work in IT (6 straight years)(6 straight years)
2009 Training Top 125 (21st)2009 Training Top 125 (21st)2009 World’s Most Ethical Companies2009 World’s Most Ethical CompaniesAlexander Hamilton – Excellence in Treasury and Alexander Hamilton – Excellence in Treasury and
Financial MgmtFinancial Mgmt
Certifications:– ASIS Certified Protection Professional (CPP)– ISC2 Certified Information Systems Security Professional (CISSP)– ISACA Certified Information Systems Auditor (CISA)– ISACA Certified Information Security Manager (CISM)– SANS GIAC Systems and Network Auditor (GSNA – GOLD)
Member of: – FBI InfraGard– ISACA West New York Chapter– ASIS – ISSA
Former:NSTAC participantResident representative to NCC / Telecom ISACNS/EP liaison to the Department of Homeland Security for a national telecommunications service provider
New York City ~ 8.4 million 1
Tokyo ~ 13 million 1
Internet ~ 1.7 billion 2
Mariposa botnet infection >12 million 3
New York City ~ 16,500 per month 4
Tokyo ~ 15,500 per month 5
Internet ~ 4 million websites per month 6
Malicious web pages ~ 228,000 per month
Every three and a half minutes a crime is committed on the streets of New York City.Every two and a half minutes a crime is committed on the streets of Tokyo.Every three seconds, an identity is stolen online — that’s nearly 10,512,000 identities each year.Cyber crime has surpassed illegal drug trafficking as a criminal moneymaker; 1 in 5 will become a victim. 7
Black Market Prices (January 2010):Date of Birth (DOB)Drivers License Number (DL)Mother’s Maiden Name (MMN)Social Security Number (SSN)Bank Account Numbers (BA)Credit Card Numbers (CC)
$ 10.00 $ 10.00 $ 10.00
$ 4.00 $ 0.30
$ 4.00
Victims of identity theft can expect:Lost wages - $ 2k to $ 15kLost time - 9 monthsLegal Expenses - $ 850 to $ 1,400Funds withdrawn - $ 6,000
Bottom line > $ 10k out-of-pocket
PhDs on the payroll Computer ScientistsBehavioral Scientists Psychologists
Marketing and Sales ManagersWork weekdays 9 to 5Mostly taking weekends off
Who are they…
Who are they…
Blackhat SEOMalicious websitesE-mail and Snail Mail (attachments and hyperlinks)Social MediaInstant MessagingRemovable Media (CD/DVD, USB drives, flash cards, etc.)Fax MachinesCopiers and multi-function devicesMobile Phones and TextingMedia PlayersGame Consoles (e.g., Xbox, PlayStation)Parking tickets and more…
Free goods and servicesPurchasing goods and servicesFake job offerCheck cashingCharity scamsAdvanced FeeInternet Auctions / ClassifiedsFake Malware ScamsLottery scamArrested out of countryHitmanFraud recovery scamsPet scamsBabysitting and Au-Pair scamsRental scamsAny social engineering technique that will garner a response…
Social engineeringSpear phishingMalware infectionsMaster plan = $$$
Payroll fraudHealth care fraudInsurance fraudRetirement account fraud (401(k))Account takeovers (ACH fraud)Cyber-extortionAnd the list goes on…
Don’t click on links or open attachments…from anyone!Trust but verifyUse defensive layers (firewalls, AV, AM, etc.)Use separate web browsersUse separate computersShare personal information sparingly
Perpetual security training and awarenessIdentify and inventory your information assetsRisk rank assetsIdentify the asymmetrical use cases (think like a criminal)Research potential security measures for information assetsAssign a responsible individualDevelop an information security policy defining how you will protect information assetsDevelop a roadmapForm an information security governance committee (dependent on organizational size)Budget for security measuresImplement, manage, monitor, and test controlsWash, rinse, and repeat the process!
Certifications:– ACFE Certified Fraud Examiner (CFE)– IAFCI Certified Financial Crimes Investigator (CFCI)
Member of: – ACFE– IAFCI Western New York Chapter– Infragard – FBI Citizens Academy Graduate
Former:Police OfficerUndercover NarcoticsWhite Collar CrimeViceTactical Unit
Someone who knowingly deceives, by usingstolen or fictitious information (i.e., names, addresses, dates of birth, social security numbers, invalid bank account information, etc.) to gain a benefit or an advantage. If there is no deception, there may be abuse, but it is not fraud.
Payroll Fraud/ACH FraudMoney LaunderingIdentity Theft (false Soc. Sec. numbers lack of identity)High-jacking legitimate business info and business bank accountsCheck FraudHealthcare FraudStolen Paychex PropertyInternal Fraud
The typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this figure translates to a potential total fraud loss of more than $2.9 trillion worldwide. 8
Enrolling fraudulent companies as payroll clientsHijacking legitimate business informationIdentity theftProducing fraudulent checksAdding fraudulent employeesKeeping terminated employees on payrollMoney laundering
Identify the situationCentralize the lead of the investigation to one person;Investigate matter completely before jumping to conclusionsBegin collecting evidenceDocument only the facts using the KISS modelContact the proper Law Enforcement Agency (remember thresholds, severity of crime, don’t contact FBI when local law enforcement will serve you as well)Cooperate with all facets of the investigation, supply evidence as needed, remember you are the victim of the crime, law enforcement does not need a subpoena from the victim
© 2010 Paychex, Inc. All rights reserved
1. Fact Source Wikipedia – Population of Tokyo depends on definition of prefecture boundaries and ranges from 8 mil for special wards to 39 mil for entire prefecture.
2. Internet 2009 in numbers - http://royal.pingdom.com/2010/01/22/internet-2009-in-numbers/
3. Spanish police shut down 'world's largest' botnet - http://news.techworld.com/security/3214049/spanish-police-shut-down-worlds-largest-botnet/
4. http://norris.blogs.nytimes.com/ “Buying Old New Homes” – estimates peak of 199,000 unsold in January 2008
5. Housing Starts : New Constrution Starts of Dwellings by Owner Occupant Relation - http://www.e-stat.go.jp/SG1/estat/XlsdlE.do?sinfid=000008188791
6. Internet 2009 in numbers - http://royal.pingdom.com/2010/01/22/internet-2009-in-numbers/
7. http://www.symantec.com/about/news/release/article.jsp?prid=20090910_018. Fact Source ACFE 2010 report to the Nation; http://www.acfe.com/rttn/2010-rttn.asp