Securing Treasury. Craig Jeffery, Managing Partner, Strategic Treasurer Rosemary Lyons, Business Project Manager, Cigna. You. Are. Not. Done.
|
|
- Alannah Bates
- 5 years ago
- Views:
Transcription
1 You. Are. Not. Done. Craig Jeffery, Managing Partner, Strategic Treasurer Rosemary Lyons, Business Project Manager, Cigna
2 About the Presenter 2 Craig Jeffery, CCM, FLMI Founder & Managing Partner Strategic Treasurer Rosemary Lyons, CTP, PMP Business Project Manager, Compliance Cigna Treasury Department Craig Jeffery formed Strategic Treasurer LLC in 2004 to provide corporate, educational, and government entities direct access to comprehensive and current assistance with their treasury and financial process needs. His 20+ years of financial and treasury experience as a practitioner and as a consultant have uniquely qualified him to help organizations craft realistic goals and achieve significant benefits quickly. Rosemary Lyons has more than 25 years of treasury experience. She is currently a Compliance Manager with Cigna's Treasury Department, with responsibilities for credit card relationships, PCI-DSS, and other regulatory compliance. She earned a BS in Business Administration from Western New England University. She has obtained the Certified Treasury Professional and the Project Management Professional designations.
3 Topics of Discussion 3 The Corporate Treasury Situation o o o o Overall Situation: Challenges & Responsibilities Sample Complexity Considerations Fraud in the Spotlight The Criminal s Playbook Corporate Fraud Experience o o o Overall Fraud Experience Losses & Criminal Payouts Corporate Fraud Concerns & Investment Plans Structuring a Defense Posture o o o The Fraud Battlefield: Areas of Exposure Corporate Shortsightedness: Security Training Technology vs Human Security Components Case Studies: Successful vs Unsuccessful Security Approaches Cigna s Perspective The Four Pillars of Security Key Considerations for Treasury
4 Overall Treasury Experience 4 Treasury s Situation: Responsibilities, Challenges, & Considerations Rising Fraud Globalization Tech Investment: Reality vs. Expectation Risk Concerns Corporate Treasury Thinly Staffed Increasing Complexity Compliance Elevated Internal Expectations
5 Sample Complexity: Globalization & Staffing 5 Our business operates in this many countries: 1 Are your staffing levels where they need to be now? 2 11% 17% Unsure 14% 10% No, we are understaffed 42% 12% Yes, we are appropriately staffed 44% 50% 0% 10% 20% 30% 40% 50% 1 Country 2-20 Countries Countries Countries 81+ Countries A Struggle to Perform. When asked if their staff levels were where they needed to be, a sizeable portion of respondents to a 2017 survey saw themselves as understaffed.
6 Fraud: A Top Treasury Priority 6 Corporates: Rate the following payment initiative drivers on a scale from (1) most important to (8) least important % 100% 80% 60% 40% 20% 0% 11% 6% 3% 6% 8% 8% 8% 4% 9% 14% 7% 7% 11% 11% 23% 5% 37% 16% 6% 7% 13% 9% 18% 18% 12% 8% 11% 31% 18% 11% 12% 21% 20% 19% 32% 25% 11% 11% 13% 19% 34% 8% 8% 46% 13% 9% 6% 7% 16% 5% 16% 9% 8% 5% 5% 13% 9% 6% 9% 8% 11% 9% 5% 4% Most Important Least Important Corporate Payment Drivers. The responses clearly indicated that protection against fraud was the top priority for the majority of corporates, with payment efficiency the second highest priority, cost effectiveness third, and achieving visibility fourth. The areas of lesser importance to organizations were the scalability of payment processes and vendor/supplier management.
7 Low Control Control of Fraud High Control Securing Treasury The Criminal s Playbook 7 The Criminal s Playbook: Fraud Types & Associated Intentions High Payout Low Payout Fraud Intent Fraud Type Steal Funds Directly System Fraud ACH Fraud - Personal Payment Systems Check Forgery Get You To Send Funds Business Compromise AP Vendor Master Record Changes Take Data and Sell it Data Breach Lock up Data for Ransom Ransomware via Worm Ransomware as a Service Surveying the Field: There are a wide variety of fraudulent methods for criminals to select from. If an organization is protected at one juncture, a criminal may move on to target them through another avenue or area of exposure. Due to the ever-evolving playbook of today s criminal, organizations must be constantly monitoring their operations to locate exposures and identify suspicious activity.
8 Corporate Fraud Experience 8 Corporates: From which party did you experience fraud? (Select all that apply) 4 Corporates: Fraud Experience by Type of Attack (Over the last 1-2 Years ( )) 5 80% 76% 3% 70% 21% 14% 60% 62% 50% 45% 40% 81% 30% 20% 10% 7% Internal-Current Employee External- Non-employee External- Formal Employee Unknown Source 0% Ransomware Cyber Fraud Payment Fraud BEC
9 Corporate Fraud: Criminal Payouts 9 Payouts are on the Rise Organizations are under constant attack from criminals trying to steal their funds through cybercrime, fraud, and other means. Over the past several years this has become a major concern for most firms, especially as the payouts associated with certain types of fraud increase. 86% of practitioners have experienced at least one form of fraud in the past two years* SYSTEM FRAUD Typical Payout Range: $1M-10M+ WIRE (BEC) FRAUD Typical Payout Range: $130K+ CHECK FRAUD Typical Payout Range: $1K-2K *2017 Strategic Treasurer, Bottomline, Bank of America Merrill Lynch 2017 Treasury Fraud & Controls Survey The above values are taken from calculations off of FBI, Banking Data and Strategic Treasurer estimates.
10 Fraud Concerns are Elevated 10 Security Concerns Are Rising Payment Security Concerns 6 Our current payment security concerns, as compared to the prior year, are: The frequency and severity in which fraud is striking the treasury environment has caused widespread panic amongst practitioners. 50% 45% 40% 47% 39% 46% of respondents say that security concerns are higher or significantly higher than in previous years. 35% 30% Only 2% have lowered concerns. 25% 20% As security concerns rise, corporate practitioners must consider how they are going to prevent fraudulent attacks. 15% 10% 7% 5% 2% 4% 0% Lower About the same Higher Significantly higher Unsure
11 Fraud Concerns Influence Technology Spend 11 Security Concerns Influence Spending Impact of Security on Spend 7 What influence do security concerns have on your current or planned technology spend? Not surprisingly, as fraud experience 35% continues to climb so too does the level of planned investment in security 30% 29% 31% 30% controls and technology. 25% 61% of respondents say that security concerns have a strong or very strong influence on their technology spend. 20% This shows that corporations are 15% making serious investments in technology that enhance fraud detection and prevention. 10% 5% 4% 6% 0% None to limited influence on our spend level Moderate influence on our spend level Strong Influence on our spend level Very strong influence on our spend level Unsure
12 Scope of Security Investments 12 Spend Plans: Treasury Security Controls 8 What are your spending plans for treasury fraud prevention, detection, and controls? Spend Plans: Treasury Security Controls 9 Which areas do you intend to spend more or significantly more on fraud prevention, detection or controls? (check all that apply) AP payments 55% Spend significantly more. 4% Treasury payments Impostor fraud / business 41% 49% Bank transaction fraud 34% Card processing and controls 33% Spend more. 20% Bank reconciliation File controls, digital signing 30% 27% System access (ie new security 25% Transaction controls 25% Spend about the same. 71% Payroll GL reconciliation (sub-ledger to GL) 21% 20% Account level controls 18% Bank account fraud 16% Spend less than prior years. 5% Data mining Monitoring and reporting services 11% 16% Other: 5% 0% 20% 40% 60% 80% 0% 10% 20% 30% 40% 50% 60%
13 Cyber Security Cloud Security Securing Treasury The Fraud Battlefield 13 The Fraud Battlefield: Access Control Incident Response Employee Management Treasury Security Framework Access Control Banking Design Sensitive Data Desktop Network SAN Segregation of Duties Transaction & Daily Limits Employees Temp/Contractors Partners Lockdown Playbook Assessment & Benchmarking Duties & Policies Communications Liability Management
14 Exposure: Corporate Security Training 14 Corporate Security Practices Although corporates have indicated a willingness and intent to spend significantly on treasury security, there are still large areas of exposure. Corporate vs Bank Security Training 10 Do you require employees involved in payments to take security training each year? 120% 100% 97% Currently, only 39% of corporates require employees involved in 80% Banks Corporates payments to take security training every year. 60% 61% This represents a major area of weakness and vulnerability. 40% 39% 20% 3% 0% Yes No Strategic Treasurer & TD Bank Treasury Perspectives Survey
15 Bank vs. Corporate Security Testing 15 Corporate Security Practices Does this training have a reported testing component? 11 Even when looking at those firms that do require regular training, the scope of their courses fall short compared to banks. 100% 90% 80% 94% Over 1/3 rd of corporates that require regular training have not incorporated a testing component into their courses. 70% 60% 66% Testing involves either a scored 50% Corp Bank quiz/test, or may involve tests such as fake phishing s sent to employees to see how they handle 40% 30% 34% such messages. 20% Corporates must learn to combine 10% 6% technology components of security with human elements. 0% Yes No
16 Technology vs. Human Security Components 16 Technology Security Components Human Security Components Antivirus Software Security Training (Regularly) Firewall Employee Testing (Phishing s) Multifactor Authentication Whistleblower Policy User Monitoring Tools Clean Desk Policy Biometrics Dual Controls Encryption Segregation of Duties Tokenization Principle of Least Privilege SAML 2.0
17 Case Study 17 Case Study: Fraud WITH Security Training Case Study: Fraud WITHOUT Security Training Fraudulent Activity Initiated. A criminal gained access to a corporate CFO s address and initiated several payment requests via to a treasury employee. The messages were made to sound urgent. Fraudulent Activity Initiated. A treasury employee receives an from a current vendor requesting that future payments be sent to a new bank account. Suspicious Request Identified. The treasury employee noticed the unusually urgent language and did not recognize the payment details provided in the . The employee did not post the payment and instead contacted his superiors for further verification. Suspicious Details Undetected. Although there were several minor typos in the message, the address was correct and this vendor had changed their payment information before, so the employee follows through with the request. Losses Prevented. Further analysis led to the discovery that the payments were indeed fraudulent and that the CFO s credentials had been compromised. Due to the employee s training on how to identify suspicious requests, fraudulent losses were prevented. Fraudulent Losses Sustained. As a result, the next two payments to the vendor are delinquent, and further analysis discovers that both payments were delivered to a fraudulent account instead of the vendor s actual account.
18 Treasury Data Security: Cigna s Perspective 18 An Introduction to Cigna A global health service company with more than ninety-five million customer relationships worldwide. Cigna's global workforce is approximately forty-five thousand employees. The company offers a diversified portfolio of Global Healthcare, Group Disability and Life and Global Supplemental Benefits Cigna Security Initiatives: Employee Training, Testing, and Policies Cigna employees are required to complete data security and privacy training on a regular basis. Classes require a test to complete the training and/or an attestation of compliance. A course on PCI-DSS security awareness was added for all employees in Cigna s information protection group regularly tests employees with mock phishing s. Comprehensive business continuity plans exist and are regularly tested. The December 2017 test was specifically focused on a cyber attack within the Treasury Department.
19 Treasury Data Security: Cigna s Perspective 19 Cigna Security Initiatives: Treasury Specific Initiatives Created Compliance Manager role to oversee business PCI-DSS, SWIFT Customer Security Program (CSP) and other compliance requirements. Developed various policies to control cash activity and document mandated requirements, such as for disbursements, escheat, bank reconciliation and credit/debit card use. Projects undertaken to tokenize credit card data instead of storing cardholder information. Centralize disbursement processing from bank portals to Cigna s enterprise payment platform to strengthen controls and cash visibility. Participates in the Corporate Risk Steering Committee which tracks new and ongoing compliance requirements. Ensures standard controls are followed such as positive pay controls, disbursement authority limits, and segregation of duties.
20 Developing a Security Framework 20 Four Pillars of Treasury Security ASSESS & ARCHITECT Greater Awareness Assess Major Exposure Risks Understand Required Layers Regular Revision Ongoing Monitoring Market & Situations 2. PREPARE & PREVENT Stronger Defense Posture Upgrade Processes Systems Staff Knowledge 3. MANAGE PROCESSES Maintain & Reinforce Position Ongoing Training Testing 4. REMEDIATION Respond & Recover Reporting Response (Fast, Appropriate) Rework (Restore to New Model)
21 Key Security Points for Treasury 21 Although corporate treasury faces a wide array of responsibilities and challenges, fraud and security have become a top priority as attacks increase in frequency and severity. Innovations to techniques and methods by which criminals perpetrate fraud has resulted in a landscape where criminal payouts can reach millions of dollars in some circumstances. As the threat of fraud is elevated, corporates have indicated a strong intent to invest heavily in multiple areas of the technology components of their security infrastructure. Despite these technology investments, however, many firms continue to leave themselves exposed by failing to implement staff security training and testing. Treasury must learn to balance the technology components of their security infrastructure with human components failing to secure either sector can result in large and dangerous exposures.
22 Technology Cash Forecasting: Tune-Up No Longer a Bridesmaid Co-hosted with GTreasury 22 Contact Information Strategic Treasurer Craig A. Jeffery, CCM, FLMI Founder & Managing Partner Strategic Treasurer craig@strategictreasurer.com Direct: +1 (678) Rosemary Lyons, CTP, PMP Business Project Manager, Compliance Cigna rosemary.lyons@cigna.com Direct: +1 (860) Thank you for participating in this event!
23 Works Cited Strategic Treasurer, Bottomline Technologies, & Bank of America Merrill Lynch B2B & WCM Strategies Survey Strategic Treasurer Higher Ed Survey Strategic Treasurer & Fides Global Payments Survey Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey Strategic Treasurer, Bottomline Technologies, & Bank of America Merrill Lynch B2B & WCM Strategies Survey Strategic Treasurer, Bottomline Technologies, & Bank of America Merrill Lynch B2B & WCM Strategies Survey Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey 10. Strategic Treasurer & TD Bank Treasury Perspectives Survey 11. Strategic Treasurer & TD Bank Treasury Perspectives Survey
Evaluating Your Company s Data Protection & Recovery Plan
Evaluating Your Company s Data Protection & Recovery Plan CBIA Cybersecurity Webinar Series 11AM 12PM Part V. Presented by: Stewart Tosh Charles Bellingrath Date: December 7, 2017 Today s presenters Stewart
More informationA Review of Actual Fraud Cases in 2017 FRAUD REVIEW
A Review of Actual Fraud Cases in 2017 FRAUD REVIEW Contents Introduction 3 Fraud Snapshot 4 Case Studies Credit Card Fraud 5 Business Email Compromise Fraud 6 Payroll Fraud 7 Supplier Fraud 8 Outlook
More informationCYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP
CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional
More informationPRIVACY AND CYBER SECURITY
PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationProtecting Against the High Cost of Cyberfraud
Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4
More informationCrime Coverage Section Application (Large Public Company > $1B revenues)
Crime Coverage Section Application (Large Public Company > $1B revenues) BY COMPLETING THIS CRIME APPLICATION THE APPLICANT IS APPLYING FOR COVERAGE WITH CHUBB INSURANCE COMPANY OF CANADA (THE COMPANY
More information2017 Cyber Security and Data Privacy Study
RESEARCH REPORT DECEMBER 2017 2017 Cyber Security and Data Privacy Study How does your company compare? TABLE OF CONTENTS 05 How does your company compare? 06 Key findings 08 Cyber security and data privacy
More informationVaco Cyber Security Panel
Vaco Cyber Security Panel ISACA Charlotte Chapter December 5 th, 2017 Vaco is an international talent solutions firm headquartered in Nashville, Tennessee, with more than 35 locations around the globe.
More informationAdministration Policy
Administration Policy Complete Policy Title: Policy for Acceptance of Payment Cards and ecommerce Payments Approved by: Vice-President (Administration) Date of Original Approval: August 2005 Responsible
More informationmitigating Payments Fraud risk:
HigHer education banking mitigating Payments Fraud risk: Strategies and best Practices for Higher education institutions 2 Mitigating Payments Fraud Risk: Strategies and Best Practices for Higher Education
More information2014 AFP Payments Fraud and Control Survey
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll 2014 AFP Payments Fraud and Control Survey Report of Survey Results Underwritten by 2014 AFP
More informationCyber COPE. Transforming Cyber Underwriting by Russ Cohen
Cyber COPE Transforming Cyber Underwriting by Russ Cohen Business Descriptor How tall is your office building? How close is the nearest fire hydrant? Does the building have an alarm system? Insurance companies
More informationPCI Training. If your department processes credit card information, it is CRITICAL that you understand the importance of protecting this data.
PCI Training This training is to assist you in understanding the policies at Appalachian that govern credit card transactions and to meet the PCI DSS Standards for staff training to prevent identity theft.
More informationYou ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017
You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business
More informationPayment Card Industry Data Security Standards (PCI DSS) Initial Training
Payment Card Industry Data Security Standards (PCI DSS) Initial Training PCI DSS Training Content What topics will this training cover? What is PCI DSS? Objectives of PCI DSS Common Terminology Background
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements (PCI DSS) and utilizing the PAI Secure Program Welcome to PAI Secure, a unique 4-step PCI-DSS
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationFraud and Cyber Insurance Discussion. Will Carlin Ashley Bauer
Fraud and Cyber Insurance Discussion Will Carlin Ashley Bauer Why is it Important to Remain Vigilant? Fraud does not discriminate it occurs everywhere, and no organization is immune The changing business
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationYour defence toolkit. How to combat the cyber threat
Your defence toolkit How to combat the cyber threat Contents The threat of cyber crime 4 How UK businesses are targeted 6 Case studies 8 Why cyber security is so important to manufacturers now 10 The
More informationCyber Enhancement Endorsement
Cyber Enhancement Endorsement What is Cyber Risk? Why should I buy Cyber Risk insurance? What is the cost? Why should I buy Great American s product? Who do I contact to learn more about Cyber Risk Insurance?
More informationBall State University
PCI Data Security Awareness Training Agenda What is PCI-DSS PCI-DDS Standards Training Definitions Compliance 6 Goals 12 Security Requirements Card Identification Basic Rules to Follow Myths 1 What is
More informationDoes the Applicant provide data processing, storage or hosting services to third parties? Yes No
BEAZLEY BREACH RESPONSE APPLICATION NOTICE: THIS POLICY S LIABILITY INSURING AGREEMENTS PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY TO CLAIMS FIRST MADE AGAINST THE INSURED DURING
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationAdministration and Department Credit Card Policy
Administration and Department Credit Card Policy Updated February 29, 2016 CONTENTS Purpose PCI DSS Scope/Applicability Authority Securing Credit Card Data Policy Glossary Page 2 of 5 PURPOSE As a department
More informationNEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the
More informationTable of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process
Overview Credit Card Processing 101 is your go-to handbook for navigating the payments industry. This document provides a quick and thorough understanding on how businesses accept electronic payments,
More informationCYBER AND INFORMATION SECURITY COVERAGE APPLICATION
NOTICE: THIS APPLICATION IS FOR CLAIMS-MADE AND REPORTED COVERAGE, WHICH APPLIES ONLY TO CLAIMS FIRST MADE AND REPORTED IN WRITING DURING THE POLICY PERIOD, OR ANY EXTENDED REPORTING PERIOD. THE LIMIT
More informationCOLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6
1. Procedure Title: PCI Compliance Program COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6 2. Procedure Purpose and Effect: All Colorado State University departments that accept credit/debit
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationMortgage Payoffs Under Siege
NOVEMBER 8, 2018 Mortgage Payoffs Under Siege Cybercriminals target mortgage payoffs in new fraud schemes Created and published by Thomas W. Cronkright II, Esq. CEO/Co-Founder CertifID LLC 1410 Plainfield
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationFraud: Detection & Prevention December 2017
Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO State Banking Operations Fraud Brandon Watson, Banking Director Unclaimed Property Fraud Brenda Williams, Deputy Treasurer,
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationBenchmarking for Treasury
Benchmarking for Treasury What Gets Measured Gets Managed Ben Haws, Senior Business Analyst, Axletree Solutions Surveys By Strategic Treasurer Friday June 1, 2018 About the Presenters 2 Benjamin Haws Senior
More informationCombined Liability Insurance for Financial Technology Companies Proposal Form
Combined Liability Insurance for Financial Technology Companies Proposal Form Important Notice 1. This is a proposal for a contract of insurance, in which the 'proposer' or 'you/your' means the individual,
More informationPort Jefferson Union Free School District. Annual Risk Assessment Update Pertaining to the Internal Controls Of District Operations.
Update Pertaining to the Internal Controls Of District Operations INDEPENDENT ACCOUNTANTS REPORT ON APPLYING AGREED UPON PROCEDURES The Board of Education Port Jefferson Union Free School District We have
More informationSAFEGUARDING CASH AND CASH EQUIVALENTS. Financial Compliance, Risk & Internal Controls
SAFEGUARDING CASH AND CASH EQUIVALENTS Financial Compliance, Risk & Internal Controls 1 Why is Financial Compliance and Internal Controls important? Strong Internal Controls reduce risk associated with
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationVisa s Approach to Card Fraud and Identity Theft
Visa s Approach to Card Fraud and Identity Theft Paul Russinoff June 7, 2007 Discussion Topics Visa s Comprehensive Security Approach Multiple Layers Commitment to Cardholders Consumer Tips Protecting
More informationGlobal Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security
Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control Protect Your Business and Your Customers with Visa s Layers of Security Millions of Visa cardholders worldwide make one or more purchases
More informationALTA Best Practices Framework: Assessment Procedures
Mr. John Baumgart Chief Executive Officer 733 Crown Industrial Court, Suite A Chesterfield, MO 63005 Dear Mr. Baumgart: PYA, P.C. (PYA) has completed the assessment procedures as defined by the American
More informationOLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE
OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE August 2017 WHO NEEDS PCI TRAINING? THE FOLLOWING TRAINING MODULE SHOULD BE COMPLETED BY ALL UNIVERSITY STAFF THAT: - PROCESS PAYMENTS
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationState of Card Fraud: 2018
State of Card Fraud: 2018 A deep dive into the evolution of card fraud + industry benchmark data for financial institutions. Stopping Fraud at the Speed of Data Continuing the trend of prior years, the
More informationCyber Risk Proposal Form
Cyber Risk Proposal Form Company or trading name Address Postcode Country Telephone Email Website Date business established Number of employees Do you have a Chief Privacy Officer (or Chief Information
More informationWhat to expect as a LifeLock member LEARN HOW TO GET THE MOST FROM YOUR MEMBERSHIP
LIFELOCK MEMBER EXPECTATIONS GUIDE 800-607-91744 LifeLock.com What to expect as a LifeLock member LEARN HOW TO GET THE MOST FROM YOUR MEMBERSHIP THE LIFELOCK MEMBER COMMUNICATION EXPERIENCE Signing up
More informationThis article has been published in PLI Current: The Journal of PLI Press, Vol. 2, No. 2, Spring 2018 ( 2018 Practising Law Institute),
This article has been published in PLI Current: The Journal of PLI Press, Vol. 2, No. 2, Spring 2018 ( 2018 Practising Law Institute), www.pli.edu/plicurrent. PLI Current The Journal of PLI Press Vol.
More information2017 AFP. Payments Fraud and Control Survey. Underwritten by REPORT OF SURVEY RESULTS
2017 AFP Payments Fraud and Control Survey REPORT OF SURVEY RESULTS Underwritten by 2017 AFP Payments Fraud and Control Survey REPORT OF SURVEY RESULTS March 2017 Underwritten by Association for Financial
More informationOptimizing Global Payments: Creating Efficiencies through Foreign Exchange. April 10, 2012
Optimizing Global Payments: Creating Efficiencies through Foreign Exchange April 10, 2012 Speakers Margaret Wesson, Vice President - Global Rates and Currencies, Bank of America Merrill Lynch Leslie Wong,
More informationCyber Liability Insurance. Data Security, Privacy and Multimedia Protection
Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such
More informationCYBER RISK INSURANCE. Proposal Form
CYBER RISK INSURANCE Proposal Form 2 Cyber Risk Insurance Cyber Risk Insurance Proposal Form Broker Name of Proposer Company number Charity Registration number Business Description Registered Address Post
More informationO P C S. OPCS Overview 9/28/2017 (OPCS) The implementation of the Ohio Pooled Collateral System creates a unique partnership between:
O P C S (OPCS) opcs.ohio.gov 1 OPCS Overview The implementation of the Ohio Pooled Collateral System creates a unique partnership between: Treasurer s Office Financial Institutions Local Governments opcs.ohio.gov
More informationWhere Payments Meet Life Corporate Payments and Bank Connectivity Report Simplifying the Global Payments Journey
Where Payments Meet Life 2017 Corporate Payments and Bank Connectivity Report Simplifying the Global Payments Journey Introduction Payments are a part of the day-to-day life of a corporate treasurer or
More informationCase study. Malware mayhem. A targeted ransomware attack on a technology provider opens up a can of worms
Case study Malware mayhem A targeted ransomware attack on a technology provider opens up a can of worms Ransomware is one of the fastest growing forms of cybercrime in the world. According to our own claims
More informationProtecting against and recovering from fraud and identity theft WHAT TO DO
Protecting against and recovering from fraud and identity theft WHAT TO DO Our commitment At J.P. Morgan, protecting your information and assets is our top priority. As a client, you benefit from the controls
More informationFrequently Asked Questions
Frequently Asked Questions How do you protect my identity? We use our proprietary software to proactively monitor various sources. Through PrivacyArmor, you will also have the power to create thresholds
More informationCyber-Insurance: Fraud, Waste or Abuse?
SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major
More informationPCI Compliance and Payment Card Processing Policy
PCI Compliance and Payment Card Processing Policy Policy Number: Effective Date: Approval: Office: PURPOSE: The University of Indianapolis accepts payment cards on payment for goods and services under
More informationHEALTHCARE INDUSTRY SESSION CYBER IND 011
HEALTHCARE INDUSTRY SESSION CYBER IND 011 Speakers: Jody Westby, Chief Executive Officer, Global Cyber Risk René Siemens, Partner, Covington & Burling LLP Brent Rieth, Senior Vice President and Team Leader,
More informationTreasury Inspector General Reports December, 2015
Treasury Inspector General Reports December, 2015 Treasury Inspector General for Tax Administration Office of Audit Improved Tax Return Filing and Tax Account Access Authentication Processes and Procedures
More informationAt the Heart of Cyber Risk Mitigation
At the Heart of Cyber Risk Mitigation De-risking Cyber Threats with Insurance Vikram Singh Abstract Management of risks is an integral part of the insurance industry. Companies have succeeded in identifying
More informationSouth Carolina General Assembly 122nd Session,
South Carolina General Assembly 122nd Session, 2017-2018 R184, H4655 STATUS INFORMATION General Bill Sponsors: Reps. Sandifer and Spires Document Path: l:\council\bills\nbd\11202cz18.docx Companion/Similar
More informationCyber Risk Mitigation
Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information
More informationCybersecurity Insurance: The Catalyst We've Been Waiting For
SESSION ID: CRWD-W16 Cybersecurity Insurance: The Catalyst We've Been Waiting For Mark Weatherford Chief Cybersecurity Strategist varmour @marktw Agenda Insurance challenges in the market today 10 reasons
More informationTrends in Cyber-Insurance Coverage to Meet Insureds Needs
Trends in Cyber-Insurance Coverage to Meet Insureds Needs Linda Wendell Hsu Selman Breitman LLP 33 New Montgomery Street, Sixth Floor San Francisco, CA 94105 (415) 979-0400 lhsu@selmanlaw.com William A.
More informationThe Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage
The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage James P. Bobotek james.bobotek@pillsburylaw.com (202) 663-8930 Pillsbury Winthrop Shaw Pittman LLP DOCUMENT
More informationCybersecurity Privacy and Network Security and Risk Mitigation
Ask the Experts at fi360 2016 Cybersecurity Privacy and Network Security and Risk Mitigation Gary Sutherland, NAPLIA CEO Brian Edelman, Financial Computer Inc. CEO Paul Smith, AIF NAPLIA SVP SEC s 1st
More informationCyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby
Cyberinsurance: Necessary, Expensive and Confusing as Hell Presenters: Sharon Nelson and Judy Selby Setting the stage 2018 report from PwC one-third of US businesses have some form of cyberinsurance PwC
More informationCyber & Privacy Liability and Technology E&0
Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.
More informationElectronic Commerce and Cyber Risk
Electronic Commerce and Cyber Risk Fifth Third Bank All Rights Reserved Reality and Solutions Objectives for Today What I will cover How banks are changing How the public is changing How the laws are changing
More informationAssessing the Hidden Risks of Payment Processing
Assessing the Hidden Risks of Payment Processing The complications that stem from having multiple parties involved in the insurance payment process call for a solution that is more flexible, efficient,
More informationSurprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their
When It Comes to Data Breaches, Why Are Corporations Largely Uninsured? Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017 Surprisingly, only 40 percent of small and medium-sized enterprises
More information2012 Payments Fraud Survey
2012 Payments Fraud Survey Consolidated Results Payments Information & Outreach Office Federal Reserve Bank of Minneapolis September 25, 2012 Topics Survey Methodology & Respondent Profile Fraud Attempts
More informationTempleton Municipal Light and Water Plant
Templeton Municipal Light and Water Plant RED FLAG POLICY 1. POLICY It is the policy of the Templeton Municipal Light and Water Plant (TMLWP) that information compiled on all customers and employees is
More informationA Look at the Trends in Healthcare Payments Sixth Annual Report: June 22, InstaMed. All rights reserved.
A Look at the Trends in Healthcare Payments Sixth Annual Report: 2015 June 22, 2016 1 2017 InstaMed. All rights reserved. v20160129 About the Presenter Jeff Lin Senior Vice President Product Management
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationPayment Card Industry Training 2014
Payment Card Industry Training 2014 Phone Line Terminal & Hosted Order Page/Secure Acceptance Redirect Merchants Contact * Carole Fallon * 614-292-7792 * fallon.82@osu.edu Updated May 2014 AGENDA A. Payment
More informationSTEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH
STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and data risks to your business,
More informationHIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia
HIPAA in the Digital Age Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia Virginia MGMA reminds attendees that the program is not intended to provide legal advice and advises participants
More informationKeyBank Special Report: Identifying And Mitigating Your Exposure To Fraud
KeyBank Special Report: Identifying And Mitigating Your Exposure To Fraud Inside: Fraud: A Problem That Won t Go Away How Criminals Exploit Vulnerabilities In Treasury Practices Fraud Prevention From An
More informationGood From The Inside Out. Saturday, April 8, 2017
Good From The Inside Out Saturday, April 8, 2017 What s New? Just last week Ex-CFO Accused of Embezzling $20M From Credit Union -Detroit Free Press January 9, 2016 Headlines Recent headlines Engaged CU
More informationExecutive Protection Portfolio SM Crime Coverage Renewal Application
BY COMPLETING THIS APPLICATION YOU ARE APPLYING FOR COVERAGE WITH EXECUTIVE RISK INDEMNITY INC. (THE COMPANY ) NOTICE: THE COVERAGE AFFORDED UNDER THIS COVERAGE SECTION DIFFERS IN SOME RESPECTS FROM THAT
More informationPresented by: Michael Moreau, CFE, CIA, CFSA Manager, Credit Union Group Macpage LLC
Presented by: Michael Moreau, CFE, CIA, CFSA Manager, Credit Union Group Macpage LLC mpm@macpage.com 978-760-0195 Capability Diamond Capability can they do it? Necessary position and authority Sufficient
More informationTrial by fire* Protected. But under pressure to perform
Key findings from the 2010 Global State of Information Security Survey Financial Services Trial by fire* Protected. But under pressure to perform What global executives expect of information security In
More informationThe Hidden Costs of Paper-Based Payments. How Electronic Payments Save You Time, Cut Your Costs and Improve Your Customer Relationships
The Hidden Costs of Paper-Based Payments How Electronic Payments Save You Time, Cut Your Costs and Improve Your Customer Relationships The Hidden Costs of a Simple Check B2B payment methods are slow and
More informationEquifax Data Breach: Your Vital Next Steps
Equifax Data Breach: Your Vital Next Steps David A. Reed Partner, Ann Davidson Vice President Risk Consulting/ Bond Division Allied Solutions, LLC Do You Remember When this Was the Biggest Threat to Data
More informationROCHESTER INSTITUTE OF TECHNOLOGY
ROCHESTER INSTITUTE OF TECHNOLOGY Identity Theft Protection Table of Contents Introduction...2 Important Note About Passwords...2 General Information...2 Who is Covered and When...2 You Need to Enroll...3
More informationBank of America Merrill Lynch Future of Financials Conference 2018
Bank of America Merrill Lynch Future of Financials Conference 2018 Jason Witty EVP, Chief Information Security Officer November 5, 2018 U.S. BANCORP Forward-looking Statements and Additional Information
More informationNovember 28, Morten Linnemann Bech CPMI Secretariat Bank for International Settlements Centralbahnplatz Basel Switzerland
November 28, 2017 Morten Linnemann Bech CPMI Secretariat Bank for International Settlements Centralbahnplatz 2 4051 Basel Switzerland Via Email (cpmi@bis.org) Re: Proposed Strategy to Address Wholesale
More informationCYBER CRIME and MONEY LAUNDERING where do we stand? 16/11/2018 Bucharest
CYBER CRIME and MONEY LAUNDERING where do we stand? 16/11/2018 Bucharest cc frauds intrusion malicious applications data stealing ransomware 2 cybercrime is money online transfer services bank accounts
More informationLifeLock Product Features LIFELOCK BENEFIT ELITE FACT SHEET LIFELOCK ULTIMATE PLUS FACT SHEET LIFELOCK JUNIOR FACT SHEET
LifeLock Product Features LIFELOCK BENEFIT ELITE FACT SHEET LIFELOCK ULTIMATE PLUS FACT SHEET LIFELOCK JUNIOR FACT SHEET 1-877-511-7906 LifeLock.com/Business FACT SHEET LifeLock Benefit Elite LifeLock
More informationPayment Card Industry Compliance Policy
PURPOSE and BACKGROUND The purpose of this policy is to ensure that Massachusetts Maritime Academy (MMA) maintains compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is
More informationCampus Administrative Policy
Campus Administrative Policy Policy Title: Credit Card Acceptance Policy Number: 2019 Functional Area: Finance Effective: February 1, 2011 Date Last Amended/Reviewed: February 1, 2011 Date Scheduled for
More information2.1.3 CARDHOLDER DATA SECURITY
University of Oxford Finance Division FINANCIAL POLICY 2.1.3 CARDHOLDER DATA SECURITY Date: 27 June 2017 Version: 1.0 Status: Draft Author: Bridget Midwinter TABLE OF CONTENTS Page Purpose... 3 Objectives...
More informationUI ID Theft in Texas UI Director s Conference. Paul Carmona Director, Regulatory Integrity Division
UI ID Theft in Texas 2014 UI Director s Conference Paul Carmona Director, Regulatory Integrity Division Overview Desired End State What We Know What We re Experiencing What We re Doing About It Near-Term
More informationCyber Insurance I don t think it means what you think it means
SESSION ID: GRC-T10 Cyber Insurance I don t think it means what you think it means John Loveland Global Head of Cyber Security Strategy & Marketing Verizon Enterprise Solutions Plot A brief history of
More informationDesigning Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016
Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions June 2016 Program Overview Regulatory Environment Who Needs a Privacy Program and Common Questions Components of a Comprehensive
More information