Preventing Fraud from Top to Bottom | Information Security Summit 2014

An estimated 5% of annual corporate revenues are lost each year to fraud, represented in part by computer fraud. Protection against this threat requires a strong, proactive and comprehensive, entity-wide set of policies, procedures and controls. Anti-fraud measures should include strong manual and automated controls which are designed, implemented, tested and monitored to prevent and detect fraud on a timely basis. This presentation aims to explain how organizations can integrate anti-fraud initiatives into their daily activities to:

  • Develop a system of manual and automated, preventative and detective anti-fraud internal controls
  • Proactively monitor, identify, assess and manage fraud risks
  • Creating an anti-fraud culture and fraud awareness program
  • Respond to incidents involving fraud

Fraud techniques revealed in recent debit card case

On May 9, 2013, Federal prosecutors issued indictments against eight individuals for hacking and theft.  The case revealed the methods used by hackers to gain access to debit card numbers that were ultimately used to withdraw $45 million.

Hackers gained unauthorized access to credit card processing companies and conducted what hackers term ÔÇ£unlimited operationÔÇØ.┬á Unlimited operation is an attack where debit cards account balances and withdrawal limits are removed.┬á In this case, attackers performed unlimited operation on several prepaid MasterCard debit cards and then distributed the card numbers and pins to groups around the world.┬á These groups recoded gift cards and hotel entry cards with the stolen card numbers and then coordinated withdrawals from ATM machines.

I have spoken of the increase in coordination of cyber-attacks many times and this is an excellent example.  In a little over two hours on December 22, 2012, the criminals were able to withdraw $400,000 from 140 ATMs across New York City.  A series of thefts in February resulted in the theft of almost $2.4 million in 10 hours and the group is accused of stealing a total of $45 million by following this procedure for different card issuers and locations.

The banks involved in this case might have prevented the theft by monitoring for anomalous behavior such as the excessive use of a card number or the modifications required in unlimited operation attacks.  Anomalous behavior monitoring is valuable no matter where the next attack comes from and it is useful in other industries as well.

Chinese Computer Fraud | China Resource Network

The next conference for business in China is going to include a topic on cyber fraud and JURINNOV will be presenting the case study.

The conference is held by the organization “China Resource Network” – which has been around close to 10 years now, offering two conferences a year, seminars during the year (on technical topics – labor law, VAT calculations, incorporation, etc).

Fraud Alert: OscarÔÇÖs Exotic Fish

Last month my fish tank sprung a leak.┬á┬á I have a 75 gallon bow front aquarium so it made quite a mess.┬á I managed to save most of the fish; praise the Lord!┬á When the water settled and my floor was mopped, I began looking for a fish tank that would not break a seal like that.┬á I decided to get an acrylic aquarium without seals to break.┬á The only mistake I made was in my choice of stores.┬á OscarÔÇÖs Exotic Fish had the lowest price on the net but the worst service.┬á I ordered my aquarium on November 22 but by December 17, my aquarium still had not arrived.┬á My fish had been living in a quarantine tank for weeks and I was seriously concerned for their health.┬á In the mean time, I received my credit card bill to find that Oscar had billed me three times for an aquarium that never arrived.┬á I tried contacting Oscar right away.┬á First I emailed him and then called him.┬á I called him every day for a few days without a response.┬á I finally called my credit card and disputed the three payments.┬á I will not tolerate that kind of service.┬á Oscar, you should be ashamed of yourself.┬á

So how does the story end?  I ordered a different tank from Truly the Best and I am currently waiting for it to arrive.  I emailed them before placing the order and they verified that it will arrive in 14 to 21 days.  It is quite a beauty of a tank.  It is a 90 gallon SeaClear System 2.  It is all acrylic and it has a built in wet/dry biological filtration system built into the back of the aquarium.  The tank has a 350gph submersible pump so it is very quiet and the bio balls should keep the tank water very clean.  I will put my 200W compact lighting on top of it.  I am so excited. 

Fishtank9 Fishtank8 Fishtank7 Fishtank6 Fishtank5 Fishtank4 Fishtank3 Fishtank2 Fishtank1

[Edit]  The tank arrived last week and I got it all conditioned.  The fish were moved over yesterday.  Here are some pictures.  The tank looks great and the fish love it.