DB Staff Briefing

Recognize it, Report it, Stop it!

Fraud Awareness Program Dated: Oct 2006

Corporate Security & Business Continuity

Corporate Security & Business Continuity

Introduction
Purpose
To raise DB staffs awareness on the recent fraud trends and provide advisory on fraud prevention measures. Stopping fraud before it happens is the ultimate goal of a successful prevention and awareness program .

Agenda
Revisiting Fraud. Impact on the Bank. Recent Fraud Scams. Countermeasures against Fraud.

CSBC date page 2

Corporate Security & Business Continuity

Revisiting Fraud
What is Fraud?
Fraud consists of any false representation of a matter of fact whether by words, or by conduct, by false or misleading allegations or by concealment of that which should have been disclosed, which deceives or is intended to deceive another so that he shall act upon that information, or attempts to do any of the above.
(Source - DB Group Anti Fraud Policy)

Fraud can be accomplished through the aid of fraud objects. Fraud Objects Forged Letters of Credit. Forged Banks Guarantee. Altered Cheque. Skimming (Credit Card / ATMs). Internet Scams. Forged Invoices / Signatures. Identity Thefts (Personal / Corporate).
CSBC date page 3

Corporate Security & Business Continuity

How does this impact the Bank?

Fraudulent schemes present a substantial risk to the bank and its customers. Millions of dollars could be lost to fraudsters. To combat fraud, programs are developed to educate staff and customers about fraudulent schemes and how to avoid them. Implementing appropriate security controls to help mitigate the risks associated with frauds, e-mails and Internet-related fraudulent schemes are necessary.

CSBC date page 4

Corporate Security & Business Continuity

Where is information available?

Information Source
Credit card applications. Loan applications. Bank statements. Employment records. Medical records. Education records. Data warehouses. Internet. Vishing - Telephony.

CSBC date page 5

Corporate Security & Business Continuity

Recent Fraud Scams

Phishing. Vishing. ATM Skimming. Fake Letters of Credits/ Banks Guarantee. Altered Cheque / Cashiers Order. Credit Card Fraud.

CSBC date page 6

Corporate Security & Business Continuity

Phishing
Artificial Word from Password Fishing. Attack on personal information for identity theft. Emails are used to direct users to spoofed websites or solicit for information. Attacks on user-ids, data, PINs, TANs etc. Not a new kind of attack but with increasing perfection.
Industry experts predict there will be

86,000 global attacks this year!!

CSBC date page 7

Corporate Security & Business Continuity

Phishing
Counter-measures
Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or the Internet if you did not initiate the contact. Never click on the link provided in an e-mail you believe is fraudulent. It may contain a virus that can contaminate your computer. Install a firewall & anti virus protection on your home computer. Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information. If you believe the contact is legitimate, go to the companys web site by typing in the site address directly or using a page you have previously bookmarked, instead of a link provided in the e-mail.
CSBC date page 8

Corporate Security & Business Continuity

Vishing
Vishing or Voice Phishing is the act of leveraging a new technology called Voice over Internet Protocol (VoIP) in using the telephone system to falsely claim to be a legitimate enterprise in an attempt to scam users into disclosing personal information. Government, financial institutions, as well as online auctions and their payment services, can be targets of Voice Phishing. Methods of transmission: Typically an incoming recorded telephone message uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organization. The message uses an urgent pretext to direct unsuspecting users to another telephone number. The victim is invited to punch their personal information on their telephone keypad. Criminals capture the key tones and convert them back to numerical format Critical information is at risk, attacks on user-ids, data, PINs etc.

CSBC date page 9

Corporate Security & Business Continuity

Vishing
Counter-measures
As a general rule, be suspicious when receiving any unsolicited incoming communication. Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone to non-validated sources. Never rely solely on your telephone caller ID function. Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information. If you believe the contact is legitimate, go to the companys web site by typing in the site address directly or using a page you have previously bookmarked, instead of a link provided in the e-mail.

CSBC date page 10

Corporate Security & Business Continuity

Credit Card Fraud

Continues to be a menace especially in developing countries. A professional, international business run by resourceful syndicates with industry insiders on their payrolls. A counterfeit card is one thats been either printed, embossed, or encoded without permission from the issuer, or one that has been validly issued and then altered or re-coded. Cards can be reprogrammed with the details of any card with a small and cheap magnetic strip reader and writer apparatus available at computer and electronic shops. Most counterfeit fraud cases involve skimming the fraudster electronically copies the genuine data on a cards magnetic stripe onto another without the legitimate cardholders knowledge. Card details can also be obtained by chipping a card reader at a legitimate point of sale.

CSBC date page 20

Corporate Security & Business Continuity

Credit Card Fraud

Counter-measures
Remain vigilant when making payment with your credit card. Be careful supplying your credit card details when making online payments. Ensure that the payment site is secured. Reduce the number of credit cards you actively used. Contact your credit card company if you suspect foul play or your details might have been skimmed.

CSBC date page 21

Corporate Security & Business Continuity

Whistleblower Program
Presently, employees of DB can submit open, confidential or anonymous complaints regarding accounting, internal accounting controls or auditing matters via the Global Compliance homepage.

CSBC date page 22

Corporate Security & Business Continuity

CSBC Strategy
The Prevention & Mitigation within CSBC aims to act as a focal point for identifying, classifying & responding to criminal activities against DB. Coordinate and conduct investigation into external frauds. Development of counter-measures. Define training standards and provide training on fraud awareness. Leverage on technology to investigate fraud more efficiently. Cooperate with the financial industry to identify and correct systemic weaknesses. Respond to business requests as required.

CSBC date page 23