ACH Fraud: Action Plan in Oct.FS-ISAC Working Group Focused on Education Campaign
These incidents, resulting from ACH and wire fraud against business accounts, have been the focus of industry experts for a year now. The Federal Bureau of Investigation says that at least one or two incidents of corporate account takeover are being reported each week, resulting in financial losses for businesses and lawsuits against banks.
Errol Weiss, an information security professional at a worldwide bank, is leading FS-ISAC's Corporate Account Takeover Working Group. This is, he says, a 45-member entity dedicated to bringing education and change.
Since the formation of the task force in May, 31 financial services companies, including banking institutions, have joined the group. Five industry associations have also joined the task force's working groups, including the American Banking Association, the Independent Community Bankers Association, the Financial Services Roundtable technology arm BITS, NACHA and SWACHA. Eight government and law enforcement agencies have also joined to help in the fight.
The working group's short term goals are a Sept. 22 presentation at an FS-ISAC meeting re: recommendations for advisories and best practices that will be presented during the National Cyber Security Alliance's cyber awareness month in October.
Weiss says the working group's four teams are covering the following areas:
Protection -- Helping to establish some best practices, working with the banking sector to develop communications that are customer-focused on these issues. These awareness campaigns won't just be for the business banking customer, but also for the retail customer, he says, because individual banking customers are also being hit by account takeover. The task force is looking to develop public awareness ads similar to the FakeChecks.org campaign used to educate the public on check fraud. "Those ads made real headway in terms of awareness of the issue, and we want to develop similar awareness ads for customers and the public for corporate account takeover and the events that can follow," says Weiss.
Detection -- This team will work with the financial institutions to determine which controls are needed internally, and which fraud detection mechanisms need to be in place to catch these fraud incidents in real time. The information-sharing portion will also include information on money mules that are cashing out these accounts and the attack signatures that are being used.
Response -- The issue for this team will be the communication between the financial institution and the customer after an account takeover has happened. Also, the financial institutions need to develop best practices when these attacks happen, restitution guidelines, and the team is charged with developing a set of best practices to augment the FS-ISAC's earlier publication.
Law Enforcement Involvement -- This team will facilitate the communication and involvement of law enforcement when prosecution in a case begins. Much of what happens after the crime has happened is dependent on law enforcement's involvement. One of the areas this team will develop is how to report these events to law enforcement and build it into their incident response plan.
For the Sept. 22 meeting, the working group is developing advisories for small and corporate customers, one for retail customers, and one for financial institutions that will be internally focused for employees' awareness of the problem and mitigation when it happens. The plan is, Weiss says, to work with the NCSA to release those advisories in October, in conjunction with the cyber awareness campaign. "Financial institutions can expect to see something to help educate their corporate customers, and retail customers, as well as their internal staff about the dangers of corporate account takeover very soon," Weiss says.