Fraud Flashcards

1
Q

Which type of fraud is described as a “Technologically advanced form of electronic crime involving explotation of businesses of all sizes, especially those with limited computer safeguards or disbursement controls for online business banking?”

A

Corporate Account Takeover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of fraud occurs when cyber theives gain access to a company’s computer system to steal confidential banking information to then impersonate the business and initiate fraudulent electronic transfers to unauthorized accounts?

Malicious software can automate many elements of this type of fraud by circumventing forms of multi-factor authentication.

A

Corporate Account Takeover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the types of Deposit Account Fraud?

A
  1. Check Kiting
  2. Closed Account Fraud
  3. Paper-Hanging
  4. New Account Fraud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Paper-Hanging?

A

Customer purposely writing checks on closed accounts, as well as reordering checks on closed accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is DDoS an acryonym for and what is it?

A

Distributed Denial of Service which is a type of fraud tied to an attack on a public website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This type of fraud is designed to slow website response times, preventing customers from accessing the website and/or online services, and adversely affecting back office operations. It may also serve as a diversion by criminals to commit fraud with stolen customer/employee login credentials to initiate fraudulent electronic payments (Wire, ACH).

A

Distributed Denial of Service (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What types of risk can a financial institution face as a result of a DDoS attack?

A

Operational and Reputation risk if the attack is coupled with any fraud attempts. If any of those fraud attempts result in financial losses to the bank then they could also experience Liquidity and Capital risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of fraud increases following a natural disaster?

A

Forged Checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are common characteristics of Altered checks?

A
  • Ink that smears when rubbed
  • Numeric vs. written dollar amounts are different
  • Different color pen ink
  • Inconsistent spacing where the numeric portion has been altered
  • Inconsistent font from different printers/typewriters
  • MICR line altered to delay clearing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are common characteristics of Counterfeit checks?

A
  • Poor quality paper stock
  • Absence of on serated edge or the check printer’s name/trademark
  • Misspelled printed information
  • Inconsistent or out of range check numbers
  • MICR line missing, crooked, shiny or not machine readable
  • Check number in wrong position of MICR line
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of fraud is based on the creation of demand drafts?

A

Telemarketing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the general methods for a financial institution to deter all types of payments fraud?

A
  • Know Your Customer
  • Teller Training
  • Full extent prosecution
  • Review customer ID thoroughly
  • Maintain seperation of functions
  • Maintain permanent signature cards and appropriate business documentation
  • Advise customer to destroy checks for unused or closed accounts
  • Properly close accounts
  • Be engaged with financial services industry conferences and work groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are paper security features?

A
  • Watermarks
  • Copy void/Chemical void
  • High Resolution Micro-printing
  • Three dimensional
  • Security Links
  • Bar codes
  • Optical Variable Ink (OVI)
  • Thermo-chromatic ink
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are Image-surviavable Security Features (ICSF) and what are the two primary purposes?

A

ICSF are security features through the use of cryptographic techniques and security marks that remain effective after imaging to:
1. authenticate an original document, and
2. deter fraud by thwarting different methods to alter or replicate checks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the six types of retail payments risk outlined by FFIEC?

A
  1. Strategic Risk
  2. Credit Risk
  3. Reputation Risk
  4. Operational Risk
  5. Legal (Compliance) Risk
  6. Liquidity Risk

S.C.R.O.L.L.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is FFIEC an acrynym for?

A

Federal Financial Institutions Examination Council

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the FFIEC?

A
  • Formal interagency body that perscribes uniform principles, standards, and report forms for the federal examination of financial institutions, and
  • makes recommendations to promote uniformity in the supervision of financial institutions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the various agencies that support the FFIEC?

A
  • the Board of Governors of the Federal Reserve Bank
  • the Federal Deposit Insurance Corporation (FDIC)
  • the National Credit Union Administration (NCUA)
  • the Office of the Comptroller of the Currency (OCC)
  • the Consumer Financial Protection Bureau (CFPB)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the steps of Money Laundering?

A
  1. Placement - introduce illegal funds in the the financial system without attracting attention of financial institutions or law enforcement.
  2. Layering - moving funds around the financial system through a complex series of transactions to create confusion and complicate the paper trail.
  3. Integration - create the appearance of legality through additional transactions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does USA PATRIOT Act stand for and when was it enacted?

A

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism - 2001

21
Q

What is included in the BSA/AML Examination Manual?

A
  • Suspicious Activity Reporting (SAR)
  • Currency Transaction Reporting (CTR)
  • Foreign Correspondent Account Recordkeeping
  • Correspondent Accounts (Foreign)
  • Bulk shipments of Currency
  • Automated Clearing House (ACH) Transactions
  • Third-Party Payment Processors
22
Q

What are four key steps in establishing and supporting an effective operational risk management program?

A
  1. Risk Identification
  2. Risk Measurement
  3. Risk Mitigation
  4. Risk Monitoring and Reporting

FFIEC Guidance to Information Security 2016

23
Q

What is recommended as effective IT governance?

A

Governance is generally found in the IT Handbook’s Management booklet, but specific topics related to Information Security are:
* Implementation and promotion of security culture
* Assignment of responsibilities and accountability
* Effective use of resources

FFIEC Guidance to Information Security 2016

24
Q

What actions increase risk and potential adverse effects for a business?

A
  • Disclosure of information to unauthorized individuals
  • Unavailability or degradation of services
  • Misappropriation or theft of information services
  • Modification or destruction of systems or information
  • Records that are NOT timely, accurate, complete, or consistent

FFIEC Guidance to Information Security 2016

25
Q

What key provisions should be included in a strong, well-constructed RDC contract or customer agreement?

A
  • Roles an Respnsibilities of all parties
  • Governing laws, rules, & regulations
  • Allocation of liability, warranties, indemnification, & dispute resolution
  • Eligible items that may be deposited via RDC
  • Handling and record retention procedures
  • Funds availablity and collected funds requirements
  • Authority of financial institution to: (1) Mandate controls at the customer’s locations; (2) Require periodic audits of the RDC process, including the IT infastructure; (3) Terminate the RDC relationship

Supervisory Guidance for Remote Deposit Capture - Jan 2009

26
Q

What two areas of risk are considered in the RDC Risk Management Assesment step?

A
  1. Legal and compliance risk
  2. Operational risk

Supervisory Guidance for Remote Deposit Capture - Jan 2009

27
Q

Which areas does the Supervisory Guidance to RDC recommend due diligence to mitigate and control risk?

A
  1. Customer Due Diligence and Suitability
    • Establish guidlines to qualify customers for RDC.
  2. Vendor Due Diligence and Suitability
    • Ensure implementation of sound vendor management processes as described in the FFIEC IT Examination handbook.
  3. RDC training for customers
    • Ensure customers understand their role in managing risks and monitoring for errors or unauthorized activity
  4. Contracts and agreements
    • Business Continuity: Ensure FI can recover and resume RDC operations to meet customer service requirements

Supervisory Guidance for Remote Deposit Capture - Jan 2009

28
Q

Which FFIEC guidance provides risk management framework for Financial Institutions offering internet-based services?

A

Authentication and Access to Financial Institution Services and Systems*

  • This Guidance replaces the FFIEC-issued Authentication in an Internet Banking Environment (2005) and the Supplement to Authentication in an Internet Banking Environment (2011)
29
Q

What type of risk is associated with the financial institutions mission and future business plans?

A

Strategic risk

30
Q

What are examples of Strategic risk and preventative measures?

A

Examples:
* Plans for entering new business lines
* Expanding existing services through mergers & aquisitions
* Enhancing infastructure

Preventative Measures:
* Strategic planning process that addresses retail payment business goals and objectives supporting IT components
* Third-party service providers; Need comprehensive planning/vendor management

31
Q

What type of risk occurs when negative publicity regarding an institution’s business practice leads to a loss of revenue or litigation?

A

Reputational risk

32
Q

What type of risk may be associated with activities of third-party service providers, such as operational failures/system disruptions, and lack of security and privacy policies resulting in realease of customer information.

A

Reputaional risk

33
Q

What are preventative measures of reputational risk?

A
  • Carefully review all contracts
  • Ensure management oversight of third-party service providers.
34
Q

What type of risk arises when a party will not settle an obligation for full value?

A

Credit risk

Comparable to an extension of credit

35
Q

What are preventative measures to mitigate credit risk?

A
  • Require limits (deposit & transaction)
  • Require pre-funding for credit originators
  • Require adequate risk-based reserves for debit originators
  • Financial benchmarks and reporting
  • Credit checks & background checks
36
Q

What is a risk of loss resulting from inadequate of failed internal processes, people and systems, or external events?

A

Operational risk

37
Q

What are examples of operational risk and preventative measures?

A

Examples:
* Communications Failure
* Disaster
* Hardware Failure/Power Failure
* Software Failure
* Human Error
* Staffing Issues

Preventative Measures:
* Qualified/Trained Staff
* Polices and Procedures
* Monitoring and Auditing

38
Q

What type of risk arises from failure to comply with statutory or regulatory obligations?

A

Legal (Compliance) risk

39
Q

What are preventative measures of legal risk?

A
  • Be aware of changing legal and regulatory requirements, as well as new network rules thatmight create unexpected liability
  • Review processing arrangements with third-party service providers and originators to ensure all such arrangements are governed by clearly written contracts that define the outsourced responsibilities and liabilities.
40
Q

What type of risk is defined as “Current and potential risk to earnings or capital arising from a financial institution’s inability to meet its obilgations when they come due without incurring unacceptable losses?”

A

Liquidity risk

41
Q

What is BCM and its purpose?

A

Business Continuity Management - Establishes basis for financial institution to recover and resume business processes when operations are unexpectedly disrupted.

42
Q

What are the goals of a enterprise-wide BCM strategy?

A
  • Minimize financial losses to the institiution
  • Serve customers and fianancial markets with minimal disruptions
  • Mitigate negative effects of disruptions on business operations
43
Q

Components of the BCM should include guidelines for what?

A
  • Personnel
  • Communications
  • Technology Issues
  • Facilities
  • Electronic payment systems
  • Liquidity concerns
  • Financial disbursement
  • Manual operations
44
Q

What are the four main steps in developing a BCM?

A
  1. Business Impact Analysis - Identification of potential impact of uncontrolled events on business functions and processes.
  2. Risk Assessment- Analysis on threats and prioritization of potential disruptions based on severity.
  3. Risk Management - Id, assess, and reduce risk to acceptable level and develop, implement, and maintain written enterprise-wide BCM.
  4. Risk Monitoring & Testing- Regular assessment and revision and incorporate BIA & risk assessment findings into BCM.
45
Q

What are the goals of BIA?

A
  1. Determine criticality
  2. Estimate maximum downtime
  3. Evaluate resource requirements.
46
Q

What is the role of the risk assessment when developing a BCM?

A
  • Assess/analyze threats based upon business impact
  • Evaluate BIA assumptions using various threat scenarios
  • Perform gap analysis to compare existing BCM to current policies and procedures and identify what should be implemented.
47
Q

What events could invoke the BCM?

A
  • Hardware/equipment malfunctioned or destroyed
  • Critical personnel are unavailable or out of contact
  • Critical buildings, facilities, or geographic regions not accessible
  • Vital records not available
  • Third-party services not available
  • Utilities not available (power, telecommunications)
  • Liquidity needs cannot be met
48
Q

What is the Board responsible for overseeing with the BCM?

A
  • Assigning BCM responsibility and accountability
  • Allocating resources to BCM
  • Aligning BCM with the entitiy’s business strategy and risk appetite
  • Understanding business continuity risks and adopting policies and plans to manage events
  • Reviewing business continuity operating results and performance through management reporting , testing and auditing
  • Providing a credible challange to management responsible for the BCM process.
49
Q

What is Management reponsible for overseeing with the BCM?

A
  • Defining BCM roles, responsibilities, and succession plans
  • Allocating knowledgable personnel and sufficient financial resources
  • Validating that personnel understand their roles and responsibilities
  • Establishing measurable goal which the BCM performance is assessed
  • Designing and implementing a business continuity exercise strategy
  • Confirming exercises, tests and training are consistent with the strategy
  • Resolving weaknesses identified in the tests
  • Meeting regularly with designated BCM coordinator to discuss policy changes, exercises, tests, and training.
  • Assessing and updateing strategies and plans to reflect current operations
  • Coordinating plans and responses with external groups.