eWire/GFT Wire Fraud Module
May 24, 2017Jane Brandi, Product Line Manager
Agenda
2
• The wire fraud landscape
• Business email compromise
• Other wire fraud threats
• How can you protect your customers’ wire
transfers
– eWire/GFT Wire Fraud Module
The Fraud Landscape
3
• Payment fraud on the rise
– Check fraud is on the rise for the first time in years
– Wire fraud is on the rise
– ACH debit fraud rising - suspect new type of fraud
• In 2015, wire fraud became the second most common payment method for fraud
– Surpassed credit/debit card fraud for the first time
• In the 2017 AFP survey,
– 36% of respondents reported an increase in fraud attempts
– 74% were targets of payment fraud
– 46% of attacks were wire fraud
Up from 27% in 2014 and 14% in 2013
Down from 48% in 2015
– 75% reported no financial loss
Up from 72% in 2015
• Business email fraud is the most prevalent – 50%
Source: 2017 AFP Payments Fraud and Control Survey sponsored by J.P. Morgan
Trends in Payment Fraud ActivityPercent of Organizations that Experienced Attempted and/or Actual Payments Fraud
4
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2009 2010 2011 2013 2013 2014 2015 2016
Checks Credit/Debit Cards ACH Debits
Wire Transfers ACH Credits
Source: 2017 AFP Payments Fraud and Control Survey sponsored by J.P. Morgan,
• Increase in wire volume
– 2014 - .6%
– 2015 – 5.7%
– 2016 – 3.8%
• 2015 Increase in BEC
– 224% in number of cases
– #17 in number of internet fraud cases
reported
– #1 in total dollar losses
• 2016 Increase in BEC
– 183% in number of attempts
Source: FRB, 2014 & 2015 FBI
Internet Crime Annual Report
Business Email Compromise (BEC)
5
• Fraudsters profile their victims
• Target companies working with foreign suppliers and those with substantial wire volume
• Most of the funds go to Asian banks located in China and Hong Kong
• Scams are sometimes preceded by scareware or ransomware events
• Between 2015 and 2016, FBI issued four press releases with BEC warnings
• 1,300% increase in BEC exposed losses in 2016
• $3B in exposed losses in 2016
Source: FBI
BEC Timeline
6Source: FBI
Threat Profile
7
Business email Compromise
Overview Tactics Often compromise CEO or
CFO email, wait until execs
are traveling or on vacation
Compromise vendor/supplier
email and attempt to modify
their bank accounts
Utilize social engineering &
malware to gain access
Conduct substantial
reconnaissance after
compromise
Utilize wire transfers
Mitigation Verify changes in payment
instructions with verbal
confirmation
Limit employees that can
authorize wire transfers
Use out of band
authentication for executive
approvals (PIN, phone call)
Require dual approval of wire
transfers exceeding set
criteria
Share information with other
financial entities
BEC is payment fraud
where legitimate business
e-mail accounts are
compromised & used to
conduct an unauthorized
wire transfer.
After a business e-mail
account is compromised,
actors use the compromised
account to send wire
transfer instructions.
The funds can be sent all
over the world.
Source: FS-ISAC 6/16/2016
BEC Fraud Bank Example
8
• Mid-sized Belgian bank targeted in January 2016, losing over 70 million euros (around $75.8
million)
• Theft perpetrated by cybercriminals and discovered by internal audit
• CEO BEC fraud
• The BEC order usually comes with a reason why it should be executed immediately and kept
quiet from other employees in the department and organization
• Scammers are betting that employees will execute the order
• Law enforcement agencies and security companies around the world have been warning
businesses about BEC scams for over a year, but companies and some banks are still falling
for it
Source: Help Net Security, posted 1/26/2016
BEC vs Other Fraud
9Source: FBI 2015 Internet Crime Report
$42M
$43M
$49M
$51M
$57M
$119M
$121M
$203M
$246M
Credit Card Fraud
Personal Data Breach
419/Overpayment
Advanced Fee
Identity Theft
Investment
Nonpayment/Nondelivery
Confidence Fraud/Romance
Business Email Compromise
Most Vulnerable Companies to BEC
10
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
All AnnualRevenue
Less Than$1B
AnnualRevenue atLeast $1B
AnnualRevenue atLeast $1Band FewerThan 26PaymentAccounts
AnnualRevenue atLeast $1Band MoreThan 100PaymentAccounts
Source: 2016 AFP Payments Fraud and Control Survey sponsored by J.P. Morgan
• Organizations with annual revenue
less than $1B saw the largest
increase in in fraud activity over
2014
– 46% vs 41% for the rest of the groups
• Change in 2015 was even more
pronounced
– 26% vs 10%
• Financial loss to a smaller
organization has more impact
Most Targeted Employees
11Source: FBI
CEO31%
President17%
All Others52%
Email sender
CFO40%
Finance Director
10%
All Others50%
Email recipient
Other Wire Fraud Threats
12
• Employee (internal)
– Company
– Bank
– 65% of attempts are from external
sources
• Hacking/phishing/malware
– Commercial Account Takeover
• Fake vendor invoice
• Unexpected check/contact
from overseas
• Bank network compromise
– Bank of Bangladesh
Overview Tactics
Custom Malware
Obtained legitimate
credentials
Intercepted Messages
Manipulated data
Hid the evidence
Laundered the funds through
multiple routing
Mitigation
SWIFT continues to urge its
users to ensure they have
all preventative and
detective measures in place
to secure their environment
Regulation on user access
Policies on credential
requirements
Consider segmenting
SWIFT transaction functions
from regular business
functions (email, web
browsing, etc.)
SWIFT provides messaging
services that are used and
trusted by more than 11,000
financial institutions in more
than 200 countries
Allows FIs to securely transfer
funds
Bangladesh Bank Heist
Additional attacks reported
SWIFT’s Network not actually
compromised
Phishing Lures
13
Mitigate Wire Fraud with the
eWire/GFT Wire Fraud Module
If you use the FIS eWire or GFT Solution:
14
• Wire Fraud Module
– Available in eWire
– Available in GFT
– Scans wires coming from BeB/OLB/Fed file capture
– Scans incoming wires
– Scans manually entered wires
• Rules-based wire fraud detection
– System level rules
– Account level rules
• Supplements BeB Transaction Monitoring
– Another layer of security
• Six months of historical data
What your bank can do to protect your customers’ wire transfers
eWire/GFT Wire Fraud Rules
15
• Rules are easy to configure
• Streamlined implementation
• Special Fraud Review queue to aid in
review
• Flexible user entitlements for better control
– Rule set-up
– Review of suspects
• Ability to escalate the review of a suspect
to a supervisor for resolution
• Full audit trail of history, including
approvals
Benefits
eWire/GFT Wire Fraud Module
16
• System level rules
– First wire for a beneficiary
– First wire from an originator
– Account inactivity
– Maximum wires for a day
– Maximum transaction amount
– Maximum total debit for a day
– Maximum wires for the month
– Maximum debit for the month
– Payment outside the amount pattern(%)
System rules
eWire/GFT Wire Fraud Module
17
• Account level rules
– Maximum wires for a day
– Maximum transaction amount
– Maximum total debit for a day
– Maximum wires for the month
– Maximum debit for the month
– Payment outside the amount pattern(%)
– Account open date
Account rules
Final Thoughts
18
• Your bank is the last line of defense for your customers in stopping fraud
• Wires are the perfect vehicle for fraudsters
– Immediate
– High dollar
– Limited ability to retract
• Banks must have tools and layers of security to identify potential wire fraud
– Avoid financial exposure
– Mitigate reputational risk for your customers and your bank
• Bank employees must be educated on BEC and direct customers accordingly
– It’s not enough to monitor and report potential fraud
– Bank employees must be advocates for the customer with the customer
Thank youJane Brandi, Product Line Manager
phone: 617-201-8061
©2017 FIS and/or its subsidiaries. All Rights Reserved. FIS confidential and proprietary information.