Cybersecurity & Risk Track

Cybersecurity & Risk Track

Sessions focus on emerging threats and ways to recognize risks to prevent loss, as well as provide the necessary surety for transactions.

Sponsored by  bofa

Building Effective Defenses Against Card Payments Fraud

Cyberattacks on treasury operations are on the rise. Cybercriminals are breaking into payments accounts by deploying methods like man-in-the-middle attacks, business email compromise, and fake invoice attacks, while criminal insiders are finding new ways to walk away with poorly secured data. Treasury departments can shut off opportunities for payments fraud by partnering with employees and financial institutions. Taken together, common sense measures can provide a multilayered and highly effective defense that can dramatically reduce the risk of intrusion.
 

Questions answered by this session:
1. What are some of the most destructive attacks as a result of common vulnerabilities?
2. How can an integrated, multifaceted approach, coordinated with cybersecurity programs at the corporate and financial institutions levels minimize risk and mitigate consequences?

Patrick Cassada
Chief Financial Officer, Kettler

Lou Lobosco, AAP
Director of Fraud Risk Management, Commercial Bank, Capital One

Chad Wallace
Senior Director, Product Management, Capital One


Business Email Compromise: A Collaborative Approach for Success

Business email compromise (BEC) schemes are one of the largest threats companies face. One carefully crafted email sent to the right unsuspecting person can cost companies millions of dollars. Like many frauds, BEC scams continue to grow and evolve, targeting businesses of all sizes. To reduce victimization and bring awareness to this problem, it is imperative that law enforcement and financial institutions communicate and collaborate on best practices. This panel brings together stakeholders to discuss strategies, challenges and successes for combatting this scam.
 

Questions answered by this session:
1. How can law enforcement, financial institutions, and businesses  work together to prevent victimization by business email compromise schemes?
2. How does law enforcement investigate business email compromise schemes, and what role should financial institutions, and the businesses themselves, take in order to have a successful outcome?

Ralph Gagliardi, CFE
Agent in Charge, Cybercrime Unit, Colorado Bureau of Investigation
 
Eric Huber
Vice President of International and Strategic Initiatives, National White Collar Crime Center

Business Email Compromise: The Scam That Keeps Burning

In the last 18 months, there has been a 136 percent increase in industry losses due to a fraud scheme that uses emails that look legitimate, but aren't, to get payers to send electronic payments to fraudulent endpoints. These payments, if not identified rapidly, can be difficult to unwind. The session will explore the scope of these scams, and common misconceptions of email scams that are leaving businesses vulnerable to attack and significant losses. Review the scope of the problem from an industry perspective and effective measures that should be taken to reduce and eliminate this as a threat to you and your clients.
 

Questions answered by this session:
1. How do business email compromises occur and who is vulnerable?
2. What methods can be employed to reduce cases of BEC?

Tom Lopes
Senior Vice President, Citibank, NA

Cyber Spotlight: Strategies to Recognize & Overcome Cyber Threats

Cybersecurity threats are rampant, and oftentimes the non-technical threats are just as dangerous as high-tech vulnerabilities. Attacks can sweep quickly from your organization to your clients, vendors and other stakeholders. With the number of cyber-attacks trending upwards it’s best to plan for when an attack might occur rather than if. Are you ready? This session explores the evolution of cybersecurity risks, an overview of the landscape, new regulations, sound business practices for before, during and after an attack, and industry responses and suggested strategies on ways to respond to threats.

Questions answered by this session:
1. How can organization leadership deploy new technology and implement enhanced procedures to protect payments data?
2. How can organizations build robust KYC programs and embed them into an overall cyber resiliency program?

Gene Scriven, CISSP
Chief Information Security Officer, ACI Worldwide
 
Stephanie Zee
Global Cyber Risk Head TTS Payments & Receivables, Citi


Educating Your Organization on Cybercrime

There were more than $1 billion in global reported losses for cyber-enabled crimes such as account takeover, email compromise, and ransomware, with 75 percent of U.S. businesses hit with attempted check fraud in 2017. Learn how criminals use tools to exploit vulnerabilities, where they get these tools on the dark web and what your financial institution can do to educate your customers, members and internal teams about these schemes. Live demonstrations of hacking tools and dark web sites will be part of the session.
 

Questions answered by this session:
1. How can you bring awareness to your employees and protect your customers against cyber crimes?
2. How do you remain vigilant when facing frequently emerging fraud trends?

John Meyer
Chief Product Officer, Bankers' Tool Box
 
Patty Presta, AAP
VP, Professional Development Events, WesPay

Going Beyond Visibility & Taking Action on Transactions

While online banking systems offer visibility for transactions, they do not allow account holders to take action and protect themselves against suspicious activity. Financial institutions must enhance their fraud prevention strategy by empowering customers to detect and respond to suspicious activity before the funds ever leave their account. This requires an actionable online banking system that account holders to take action via online banking or via phone using automated interactive voice response systems that authenticate the caller using voice biometric technology, financial institutions can gain a competitive edge in a digital-first world.
 

Questions answered by this session:
1. How can financial institutions leverage digital banking offerings to enable fraud prevention tools?
2. How does shifting controls for fraud prevention to account holders improve the customer experience and support more efficient growth for financial institutions?

Kim Dodson
Treasury Services Manager, Citizens Union Bank
 
Deborah Peace, AAP
Chief Executive Officer, ACH Alert
 
Don Youngberg, AAP
Assistant Vice President of Business Services, Mountain America Credit Union

How Machine Learning Can Improve Fraud Detection

We analyze and learn from large data sets in small bites. To use that learning to detect fraud and cybersecurity threats, analysis needs to be faster, better and cheaper.  In this session, attendees will learn how innovations in machine learning could have a significant impact on fraud detection, particularly in mobile bank fraud, due to greater speed, better accuracy, and lower costs.
 

Questions answered by this session:
1. How can machine learning  be used to detect fraud better and faster?
2. Why should an organization put its data in the cloud?

Lisa Lee
Chief Security Advisor - Global Lead for Financial Services, Microsoft

How Prepared is Your Company to Respond to a Cyberattack?

Cyberthreats are the number one concern of global CEOs, ranked higher than over-regulation, technological change, and even taxes. Today’s cyberattacks are not a matter of “If” anymore, but “when," and many companies are not prepared. In this session, speakers address the common mistakes companies make that ultimately leave them unprepared for an attack, and discuss what companies should be doing to prepare, and who should be involved. Corporate attendees will be engaged to discuss what risks they have identified and planned for in their playbooks.
 

Questions answered by this session:
1. What are some common mistakes companies are making today in the current fraud landscape?
2. What does an incident response plan entail?

Jason Manar
Supervisory FBI agent, Cyber Squad - Miami, Federal Bureau of Investigation
 
Michelle Parent
Senior Treasury Consultant, Lincoln Financial Group
 
Mary Rosendahl
Director, Digital Channels, Bank of America Merrill Lynch

How to Survive a Cyberattack that Compromises Your ACH and/or Wire Transfer System

The banking industry has created three organizations – FS-ISAC, FSARC and Sheltered Harbor – to help financial institutions detect and recover from cyberattacks. This session will focus on how these organizations are working together to assist the industry. The session will also focus on how individual FIs can take advantage of the work of these organizations and continue to process ACH and wire payments during a cyberattack.

Questions answered by this session:
1. How are FS-ISAC, FSARC and Sheltered Harbor working together to assist the industry?
2. How can individual FIs take advantage of the work of these organizations and continue to process ACH and wire payments during a cyberattack?

Elliott McEntee
President & CEO, Payment Advisory Services

Insider Threat Detection-Fueled Continuous Authentication

Attendees take a tour of the dark web and the emerging “gray web” to better understand how cybercriminals are hunting for potential points of compromise in our payments ecosystems. Learn how to leverage threat intelligence and identity insights to disconnect malicious access, elevate risk, and authenticate users in high-risk situations to reduce false positives so legitimate users have access while malicious activity is contained.
 

Questions answered by this session:
1. What are the latest techniques cybercriminals are using to find potential points of vulnerabilities in our payments ecosystem?
2. How can you use threat intelligence and identity insights to quickly disconnect malicious access to minimize insider threats?

Angel Grant
Director, Identity, Fraud & Risk Intelligence, RSA

Same Day ACH: Not Such a “Risky Business!" - Briefing

Come to this discussion to learn about which types of risks to look out for and which types of risks actually decrease when processing transactions via Same Day ACH. Learn how to manage and control your financial institution’s risk profile with the tools available to you while taking advantage of the many opportunities Same Day ACH offers to your institution and your clients.
 

Questions answered by this session:
1. What is the current state of Same Day ACH from a risk management perspective?
2. What are some control points to align Same Day ACH risk mitigation to similar risk mitigation controls in your organization?

Peter Hohenstein
Senior Director, ACH Network Administration, NACHA
 
Amy Leslie, AAP
Executive Director, J.P. Morgan

The Payments Fraud Threat is Up. Will it Ever Stop?

Payments fraud is increasing and has reached record numbers.  This session highlights the latest trends based on the new AFP Payments Fraud and Control Survey, reflecting what has happened in the past year. Speakers discuss some protective measures that can help prevent fraudsters from picking your organization as their target, and a corporate practitioner shares insights on how they deal with payments fraud, providing attendees with actionable options for their own organizations.
 

Questions answered by this session:
1. What are some of the latest trends in payments fraud?
2. How can you make your organization unattractive to fraudsters?

Magnus Carlsson
Manager, Treasury & Payments, Association for Financial Professionals
 
Sassan Parandeh
Global Treasurer, ChildFund International

 Top 10 ways to Quantify & Manage Financial Crime Risk

The financial services industry and the financial crime ecosystem continue to evolve at a record pace. While customer expectations for immediate, omnichannel engagement and direct-to-consumer strategies continue to rise, there has also been a dramatic increase in fraud. At the same time, new technologies and channels increase opportunities for customer engagement, they also drive a more critical need for cross-channel monitoring to create a single view of the customer. Speakers discuss trends, strategic considerations for managing challenges,  and how key technologies and best practices can improve your overall approach to managing risk.
 

Questions answered by this session:
1. What are some ways to help manage fraud challenges?
2. What are some solution components of a flexible, sophisticated technology strategy?

Andrew Davies
Vice President, Global Market Strategies, Fiserv
 
Dave Richardson
Senior Manager Fraud & ATM Operations, First National Bank of Omaha

Using Tokenization to Reduce Data Risk

Tokenization can help secure your processing infrastructure. Original, sensitive data are generally stored in a hardened, electronic "vault" and replaced with a benign value or "token" representing the original information while providing an extra level of security. Come hear the challenges and benefits clients have experienced through their tokenization efforts and how they have successfully reduced their overall payments and receivables risk profiles.
 

Questions answered by this session:
1. How can an organization use tokenization to process exchanging sensitive information to a substitute or proxy value?
2. How has tokenization helped reduce payments and receivables risk?

Chris Chazin
Director, Head of Emerging Payments and Receivables Products, Citi Treasury and Trade Solutions
 
John Cliff, AAP, CTP
Emerging Receivables Product Manager, Citi Treasury and Trade Solutions