Douglas Pounder

1


Fraud Prevention A Canadian Banks Perspective

• Douglas Pounder
• Royal Bank of Canada
• Presentation to Global Payments Forum
• May 6, 2004

2
Todays objective

• What I do not want to achieve today
• Provide a checklist of things for you to do
• What I do hope to do today
• Leave you with a framework to make your
  institution a fraud adverse enterprise

3
Fraud Management Evolution

• The Eighties
• Fraud threat technically unsophisticated and
  unorganized and locally focused
• Fraud threat limited to credit cards and bad
  cheques
• Prevention and detection effort decentralized to
  branch network
• Limited use of technology to detect and prevent
  fraud
• No obvious fraud focus in the organization
• Limited budgets applied to fraud effort

• The Nineties
• Fraud threat becoming more sophisticated and
  organized criminal groups emerging in Canada
• Debit cards and ATMs become increasingly
  vulnerable
• Prevention and detection effort is regionalized
  and in business silos
• Technology utilization expands in credit cards
  and is introduced in other areas
• Fraud management has growing management focus
• Budgets for fraud grow

• Year 2000
• Fraudulent activity is controlled by organized
  criminal groups using highly sophisticated
  technology.
• Fraud goes global
• All delivery channels and products subject to
  fraud
• Prevention/detection centralized in operations
  units supported by a well-trained front line
  effort
• State of the art technology to detect fraud is
  deployed
• The full fraud value chain is managed under the
  direction of a single executive supported by a
  dedicated bank wide team includes all Corporate
  Security and Anti Money functions.
• Technology spend is culturally ingrained

4
Fraud Management Major External / Environmental
Trends

• Criminal Activity ?
• Dramatic increase in organized criminal activity
  in North America fed by increasing immigration
  from high risk countries and expansion of groups
  into fraud from their traditional criminal
  activity.
• Judicial ?
• Law enforcement capacity to investigate, arrest
  and prosecute fraudster impacted by their focus
  on other crimes and compounded by light/non
  deterring penalties and sentences.
• Social ?
• Complicity and compromising of employees to
  participate in fraudulent schemes
• Theft from banks is not perceived as a serious
  offence by public
• Technological ?
• Increase in availability of technology to
  criminals to facilitate fraud (e.g. colour
  printing and replication of cheques and
  identification, skimming devices, communications,
  etc.)
• Competitive ?
• Shift in competitors focus on fraud mitigation
  will determine criminals appetite to attack your
  bank
• Industry ?
• A cohesive industry approach through our
  associations e.g. CBA, INTERAC, etc.and
  interaction/liaison with law enforcement
• Regulatory ?
• Increased laws around identity theft, liability
  and loss reimbursement

5
Fraud Management-Fraud Types

• ATM Debit Card fraud
• Skimming of numbers
• PINs not providing security
• Credit Card fraud
• Decreasing in Canada due to increase in debit
  cards but still the international risk
• Cheque fraud
• Counterfeits
• Raised and Altered
• Endorsements
• Lending fraud
• Overstated assets, revenues, and
  income/understated liabilities
• Application fraud
• Identity theft
• Use of the Internet
• Dumpster diving
• Account takeover
• Employee complicity
• Payments fraud
• Instructions from unauthorised parties

6
Fraud Value Chain
Asset Recovery
Customer Satisfaction
Intelligence
Prevention
Detection
Investigation
Prosecution
Post Fraud Root Cause Analysis

• Definitions
• Intelligence global and local perspective to
  identify risks and trends
• Prevention thorough gating of fraud risk in
  product, channel, and process development
• Detection identification and intervention of
  fraudulent transactions including the development
  of technologies and tools
• Investigation thorough investigation and root
  cause analysis of fraud incidents
• Asset Recovery use of civil litigation,
  criminal, and RBCFG processes to maximize
  recovery of lost funds
• Prosecution assisting law enforcement and the
  Crown to successfully prosecute criminals
• Root Cause Analysis review all losses for
  detection and prevention learnings and
  opportunities

7
Fraud Management Value Proposition

• Role Definition
• the end to end responsibility for fraud
  mitigation, prevention, and investigation
• Key Partnerships and Alliances
• All divisions of the enterprise
• Systems and Technology Development
• Regulators and Industry Associations
• Other Financial Institutions
• Law Enforcement
• Vendor Relationships
• Overall Contribution
• Maintains client confidence in brand
• Ensures regulators and investors are assured of
  managements commitment and capability for risk
  management
• Bottom line contribution through loss avoidance
  and loss recovery
• A Key Characteristic
• Our best clients can be adversely impacted!

8
Corporate Intelligence

• Global Perspective
• What geopolitical trends can create a fraud risk?
• What technology trends can create a fraud risk?
• Are there economic changes that will change your
  risk profile
• Local Perspective
• What is your competition doing to increase your
  vulnerability?
• What activities in your market place are
  authorities aware of?
• Do local economic conditions impact fraud risk?
• Is fraud aversion a competitive edge or a
  collaborative imperative?
• Action Plans
• How is intelligence transferred into action?
• Is intelligence a corporate security secret or
  an enterprise asset?

9
Fraud Prevention

• Fraud Risk Accountability
• What it is
• Board and executive sponsorship
• Shared responsibilities across the full executive
  and management teams
• Empower employees to make fraud decisions
• Reward and recognition to the people who make the
  501 save!
• What it is not
• An internal audit or regulator responsibility
• A single individuals job
• Risk Gating
• Make fraud risk assessment the subject of all new
  product, process, and channel development
• Use Risk and Control Self Assessment as an
  ongoing practice and identify fraud risks
• Integrate anticipated fraud losses as a part of
  all business cases
• Employee Training
• Equate fraud prevention with sales and service
  training
• Certify fraud as fraud (and Money laundering)
  trained
• It is a front line and back office issue
• Customer Engagement
• Educate clients to the risk

10
Hypothetical Loss Distribution
11
Detection Technology Platform
PROFILES DATABASES
Auto Action
Merchant and POS
12
Fraud Detection - A Philosophy

• Measure
• Track all performance metrics, e.g. volumes,
  losses, prevents, etc.
• Involve all employees across the fraud team
• Understand
• Root cause at the transactional level
• Look for trends and concentrations
• Solve with Speed
• Develop strategies and solutions daily, hourly,
  and on the fly
• Be aggressive
• Implement
• Implement new rules and strategies in real time
• Change policy and processes
• Communicate and check
• Advise fraud team of issues and new preventative
  measures
• Ensure the new process is working

13
Investigative Processes

• Capability
• Balance Law Enforcement experience with banking
  know how
• Forensic accounting
• Technology utilisation
• Outward looking to detect trends
• Strong relationships with peers in industry, law
  enforcement, and management
• Ensure sufficient budgets are in place
• Database Management
• Case linking
• Share database with business groups, e.g.
  negative databases for account opening
• Ability to store electronic evidence it is a new
  issue for investigators
• Asset recovery
• Maintain recovery strategies for deployment
• Civil suits and criminal cases are not a choice
  they can be simultaneous

14
Card Skimming
Appendices
15
A complete skimming device set
16
ATM Card Reader
17
ATM Card Reader
18
ATM Camera Disguise
19
Reader and storage disk
20
Thank you.

• .and questions ?