Taking the Fight to Fraud: A One-Two Punch
04/01/2013
Our second of two stories on combating fraud
In the January edition of Treasury at a Glance, we discussed the growing threat of fraud on today’s business. Fraud’s impact is far reaching, compromising revenues, data security, intellectual property, and customer confidence.
How is fraud making its way into the workplace?
- IT channels, including attacks by hackers, email scams, deceptive phishing and vishing strikes, and through hidden software triggers such as trojans, keyloggers, malware, spyware, adware, bots, viruses, and worms.
- Check fraud, ranging from counterfeit checks and altered checks to forged signatures.
- Wire fraud, where unauthorized individuals initiate wire transfers to fraudulent accounts.
- ACH debit fraud, where transactions are initiated or altered to misdirect or misappropriate funds.
- Credit Card fraud, when cards are lost or stolen
While refinements to business processes and procedures are critical to reducing your exposure to fraud, there are a vast number of technologies available that also can help protect your important data. This two-pronged approach to information security can help identify and address potential gaps before attacks take place.
Understand Your Vulnerabilities
According to security expert Kroll Advisory Solutions, businesses should consider commissioning a comprehensive cyber risk assessment by a qualified security firm. This would include testing outsiders’ ability to penetrate your current security efforts, along with a thorough review of security protocols.
Additionally, Kroll suggests conducting a comprehensive network mapping exercise that shows all system connectivity and the location of your most valuable digital assets. In simple terms, this is a digital inventory process. You’ll have an accurate network map, and better understanding of where your assets are located on the network. *
* Source: Kroll Advisory Solutions Annual Fraud Report, 2012-13
Software Security Solutions
Fraudsters aren’t the only tech-savvy group focusing on the topic of business fraud. A steadily increasing number of security firms and software developers, not to mention dedicated corporate IT teams, have developed a wealth of technologies to help prevent unauthorized access to business data.
Best practices continue to evolve as the cat-and-mouse chase between fraudsters and security experts continue. The United States Federal Government, with arguably one of the world’s most aggressive security efforts under way, has provided recommendations on how businesses and government agencies of all size can help protect their valuable information assets.
Recommendations from the United States Computer Emergency Readiness Team include the followings:
- Use and maintain anti-virus software and a firewall. Protect against viruses and trojan horses that may steal or modify your data and leave you vulnerable. Make sure to keep your virus definitions up to date.
- Regularly scan your computer for spyware. Use a legitimate anti-spyware program to scan your computer and remove spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to data. Many anti-virus products have incorporated spyware detection.
- Keep software up to date. Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates.
- Evaluate your software's settings. The default settings of most software enable all available functionality, which may allow hackers to gain unauthorized access to your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
- Avoid unused software programs. Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them. In addition to consuming system resources, these programs may contain vulnerabilities that, if not patched, may allow an attacker to access your computer.
- Use passwords and encrypt sensitive files. Passwords and other security features add layers of protection if used appropriately. By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase.
Source: United States Computer Emergency Readiness Team (Homeland Security) http://www.us-cert.gov/cas/tips/ST06-008.html
Protecting Your Financial Transactions
In addition to general network security protection, there are bank’s solutions that were developed to help make your business transactions more secure, whether they are made online or through more conventional payment methods.
These technologies include:
- Out-of-band authentication. With out-of-band authentication, you can better evaluate the potential risk of wire transfers. When appropriate, a call can be made to the originator of a wire transfer to confirm the validity of a transaction request.
- Positive Pay. This solution automatically compares paid items against issue information to identify discrepancies, and then reports suspected items to you. Options include Reverse Positive Pay, Payee Name Verification, and Perfect Posting Positive Pay, all designed to verify payment information before fraudulent transactions can occur.
- Trusteer Rapport security software. Rapport helps protect communications between you, your customers, and employees by locking out browser attacks during online transmissions. It can also help deter phishing, trojan attacks, and other malware from compromising your critical data.
- Falcon Fraud Detection System. Falcon analyzes your company’s credit and debit card activities, comparing recent transactions to current fraud trends to help predict the probability of fraudulent charges.
- Check validation. Technologies exist that can analyze the paper stock on a submitted check to identify consistencies. And signature verification can compare recent signatures against historic records to protect against forgeries.
- ACH blocks and filters. You can establish pre-defined criteria for the acceptance of ACH debit or credit transactions. Any transactions not meeting your approved specifications will be blocked.
- Security Patches. Patch management software and services can automate system discovery, assessment and patch installation on workstations and servers.
Many banks now offer commercial card programs that allow your business to consolidate purchases, protect against fraud, and simplify reporting efforts. A single account can be linked to multiple card users, allowing you to better manage expenses and even apply spending restrictions on a case-by-case basis. Many security features are added into commercial card programs that can greatly reduce the likeliness of misuse, and protect against data theft.
A One-Two Punch
Combating fraud requires diligence and persistence. There is no single fix that will protect your business from internal and external security threats. It takes a one-two punch – shoring up your processes and procedures, and enlisting the latest security technologies – to more fully protect your important data and assets from malicious attacks. Every effort you make is a step in the right direction and will help keep your business and your customers safe from fraudulent activities.
For more information on how you can prevent fraud, contact your Relationship Manager or Treasury Management Representative. www.53.com/treasurymanagement
View Treasury At A Glance Archive >