Cybersecurity & Risk Track

Cybersecurity & Risk Track

Sessions focus on emerging threats and ways to recognize risks to prevent loss, as well as provide the necessary surety for transactions.

Sponsored by  bofa

Monday, May 6, 2019


Business Email Compromise: A Collaborative Approach for Success
10:40 AM-11:30 AM | Room: Crystal G
Business email compromise (BEC) schemes are one of the largest threats companies face. One carefully crafted email sent to the right unsuspecting person can cost companies millions of dollars. Like many frauds, BEC scams continue to grow and evolve, targeting businesses of all sizes. To reduce victimization and bring awareness to this problem, it is imperative that law enforcement and financial institutions communicate and collaborate on best practices. This panel brings together stakeholders to discuss strategies, challenges and successes for combatting this scam.

Questions answered by this session:
1. How can law enforcement, financial institutions, and businesses  work together to prevent victimization by business email compromise schemes?
2. How does law enforcement investigate business email compromise schemes, and what role should financial institutions, and the businesses themselves, take in order to have a successful outcome?

Ralph Gagliardi, CFE
Agent in Charge, Cybercrime Unit, Colorado Bureau of Investigation
Eric Huber
Vice President of International and Strategic Initiatives, National White Collar Crime Center

How to Survive a Cyberattack that Compromises Your ACH and/or Wire Transfer System

10:40 AM-11:30 AM | Room: Crystal K-M
The banking industry has created three organizations – FS-ISAC, FSARC and Sheltered Harbor – to help financial institutions detect and recover from cyberattacks. This session will focus on how these organizations are working together to assist the industry. The session will also focus on how individual FIs can take advantage of the work of these organizations and continue to process ACH and wire payments during a cyberattack.

Questions answered by this session:
1. How are FS-ISAC, FSARC and Sheltered Harbor working together to assist the industry?
2. How can individual FIs take advantage of the work of these organizations and continue to process ACH and wire payments during a cyberattack?

Anne Benigsen
FVP, Bankers Bank of the West
Elliott McEntee
President & CEO, Payment Advisory Services
Russ Fitzgibbons
Director, Risk, FSARC

How Machine Learning Can Improve Fraud Detection

1:00 PM-1:50 PM | Room: Crystal D-F
We analyze and learn from large data sets in small bites. To use that learning to detect fraud and cybersecurity threats, analysis needs to be faster, better and cheaper.  In this session, attendees will learn how innovations in machine learning could have a significant impact on fraud detection, particularly in mobile bank fraud, due to greater speed, better accuracy, and lower costs.

Questions answered by this session:
1. How can machine learning  be used to detect fraud better and faster?
2. Why should an organization put its data in the cloud?

Lisa Lee
Chief Security Advisor - Global Lead for Financial Services, Microsoft

SPOTLIGHT: Strategies to Recognize & Overcome Cyber Threats

1:00 PM-1:50 PM | Room: Crystal H

Cybersecurity threats are rampant, and oftentimes the non-technical threats are just as dangerous as high-tech vulnerabilities. Attacks can sweep quickly from your organization to your clients, vendors and other stakeholders. With the number of cyber-attacks trending upwards it’s best to plan for when an attack might occur rather than if. Are you ready? This session explores the evolution of cybersecurity risks, an overview of the landscape, new regulations, sound business practices for before, during and after an attack, and industry responses and suggested strategies on ways to respond to threats.

Questions answered by this session:
1. How can organization leadership deploy new technology and implement enhanced procedures to protect payments data?
2. How can organizations build robust KYC programs and embed them into an overall cyber resiliency program?

Gene Scriven, CISSP
Chief Information Security Officer, ACI Worldwide
Stephanie Zee
Global Cyber Risk Head TTS Payments & Receivables, Citi

Tuesday, May 7, 2019

Business Email Compromise: The Scam That Keeps Burning

10:45 AM-11:35 AM | Room: Crystal N-Q
In the last 18 months, there has been a 136 percent increase in industry losses due to a fraud scheme that uses emails that look legitimate, but aren't, to get payers to send electronic payments to fraudulent endpoints. These payments, if not identified rapidly, can be difficult to unwind. The session will explore the scope of these scams, and common misconceptions of email scams that are leaving businesses vulnerable to attack and significant losses. Review the scope of the problem from an industry perspective and effective measures that should be taken to reduce and eliminate this as a threat to you and your clients.

Questions answered by this session:
1. How do business email compromises occur and who is vulnerable?
2. What methods can be employed to reduce cases of BEC?

Tom Lopes
Senior Vice President, Citibank, NA
Rob Rendell
Global Client Success Leader, Financial Fraud Prevention & Strategic Development, IBM

Using Tokenization to Reduce Data Risk

10:45 AM-11:35 AM | Room: Grand 11-12
Tokenization can help secure your processing infrastructure. Original, sensitive data are generally stored in a hardened, electronic "vault" and replaced with a benign value or "token" representing the original information while providing an extra level of security. Come hear the challenges and benefits clients have experienced through their tokenization efforts and how they have successfully reduced their overall payments and receivables risk profiles.

Questions answered by this session:
1. How can an organization use tokenization to process exchanging sensitive information to a substitute or proxy value?
2. How has tokenization helped reduce payments and receivables risk?

Chris Chazin
Director, Head of Emerging Payments and Receivables Products, Citi Treasury and Trade Solutions
Pamela Moreland-Doup, CTP
Director, Investments & Treasury, CNA

Top 10 ways to Quantify & Manage Financial Crime Risk

2:00 PM-2:50 PM | Room: Crystal K-M
The financial services industry and the financial crime ecosystem continue to evolve at a record pace. While customer expectations for immediate, omnichannel engagement and direct-to-consumer strategies continue to rise, there has also been a dramatic increase in fraud. At the same time, new technologies and channels increase opportunities for customer engagement, they also drive a more critical need for cross-channel monitoring to create a single view of the customer. Speakers discuss trends, strategic considerations for managing challenges,  and how key technologies and best practices can improve your overall approach to managing risk.

Questions answered by this session:
1. What are some ways to help manage fraud challenges?
2. What are some solution components of a flexible, sophisticated technology strategy?

Andrew Davies
Vice President, Global Market Strategies, Fiserv
Dave Richardson
Senior Manager Fraud & ATM Operations, First National Bank of Omaha

BRIEFING: Same Day ACH: Not Such a “Risky Business!" 
2:25 PM-2:50 PM | Room: Grand 13-14
Come to this discussion to learn about which types of risks to look out for and which types of risks actually decrease when processing transactions via Same Day ACH. Learn how to manage and control your financial institution’s risk profile with the tools available to you while taking advantage of the many opportunities Same Day ACH offers to your institution and your clients.

Questions answered by this session:
1. What is the current state of Same Day ACH from a risk management perspective?
2. What are some control points to align Same Day ACH risk mitigation to similar risk mitigation controls in your organization?

Peter Hohenstein
Senior Director, ACH Network Administration, NACHA
Amy Leslie, AAP
Executive Director, J.P. Morgan

Insider Threat Detection-Fueled Continuous Authentication

3:05 PM-3:55 PM | Room: Crystal A-C
Attendees take a tour of the dark web and the emerging “gray web” to better understand how cybercriminals are hunting for potential points of compromise in our payments ecosystems. Learn how to leverage threat intelligence and identity insights to disconnect malicious access, elevate risk, and authenticate users in high-risk situations to reduce false positives so legitimate users have access while malicious activity is contained.

Questions answered by this session:
1. What are the latest techniques cybercriminals are using to find potential points of vulnerabilities in our payments ecosystem?
2. How can you use threat intelligence and identity insights to quickly disconnect malicious access to minimize insider threats?

Angel Grant
Director, Identity, Fraud & Risk Intelligence, RSA

The Payments Fraud Threat is Up. Will it Ever Stop?

3:05 PM-3:55 PM | Room: Grand 13-14
Payments fraud is increasing and has reached record numbers.  This session highlights the latest trends based on the new AFP Payments Fraud and Control Survey, reflecting what has happened in the past year. Speakers discuss some protective measures that can help prevent fraudsters from picking your organization as their target, and a corporate practitioner shares insights on how they deal with payments fraud, providing attendees with actionable options for their own organizations.

Questions answered by this session:
1. What are some of the latest trends in payments fraud?
2. How can you make your organization unattractive to fraudsters?

Magnus Carlsson
Manager, Treasury & Payments, Association for Financial Professionals
James P. Gilligan, CTP
Assistant Treasurer, Great Plains Energy

DEEP DIVE DIALOGUE: Third-Party Risk: Managing Risk Across Multiple Payments Rails

3:05 PM-3:55 PM | Room: Miami

Fintech, Third-Party Senders, third-party payment providers, payment facilitators, merchant acquirers and others are all creating new and innovative ways for consumers to move money on a multitude of payment rails. As an intermediary between the financial institution and the consumer, how do you innovate while controlling risk? As a financial institution, should you be in this profitable business and how do you find and onboard new customers while controlling risk and keep your regulators happy? Speakers define expectations of a reputable compliance and risk program that may be used by third parties and financial institutions wishing to do business with third parties.

Questions answered by this session:
1. How can an organization manage risk across multiple payments channels?
2. How should an organization develop a compliance and risk management program to monitor payments while facilitating transactions?

Jordan Bennett, AAP
Senior Director, Network Risk, NACHA

Aliki Liadis-Hall, CPP
Vice President, Global Risk Tool Leader, Elavon

Wednesday, May 8, 2019

How Prepared is Your Company to Respond to a Cyberattack?

8:00 AM-8:50 AM | Room: Grand 11-12
Cyberthreats are the number one concern of global CEOs, ranked higher than over-regulation, technological change, and even taxes. Today’s cyberattacks are not a matter of “If” anymore, but “when," and many companies are not prepared. In this session, speakers address the common mistakes companies make that ultimately leave them unprepared for an attack, and discuss what companies should be doing to prepare, and who should be involved. Corporate attendees will be engaged to discuss what risks they have identified and planned for in their playbooks.

Questions answered by this session:
1. What are some common mistakes companies are making today in the current fraud landscape?
2. What does an incident response plan entail?

Jason Manar
Supervisory FBI agent, Cyber Squad - Miami, Federal Bureau of Investigation
Michelle Parent
Senior Treasury Consultant, Lincoln Financial Group
Mary Rosendahl
Director, Digital Channels, Bank of America Merrill Lynch

Going Beyond Visibility & Taking Action on Transactions
9:05 AM-9:55 AM | Room: Crystal D-F
While online banking systems offer visibility for transactions, they do not allow account holders to take action and protect themselves against suspicious activity. Financial institutions must enhance their fraud prevention strategy by empowering customers to detect and respond to suspicious activity before the funds ever leave their account. This requires an actionable online banking system that account holders to take action via online banking or via phone using automated interactive voice response systems that authenticate the caller using voice biometric technology, financial institutions can gain a competitive edge in a digital-first world.

Questions answered by this session:
1. How can financial institutions leverage digital banking offerings to enable fraud prevention tools?
2. How does shifting controls for fraud prevention to account holders improve the customer experience and support more efficient growth for financial institutions?

Kim Dodson, CTP
Vice President, Treasury Management, Independence Bank
Deborah Peace, AAP
Chief Executive Officer, ACH Alert
Don Youngberg, AAP
Assistant Vice President of Business Services, Mountain America Credit Union

Building Effective Defenses Against Payments Fraud
10:10 AM-11:00 AM | Room: Crystal A-C
Cyberattacks on treasury operations are on the rise. Cybercriminals are breaking into payments accounts by deploying methods like man-in-the-middle attacks, business email compromise, and fake invoice attacks, while criminal insiders are finding new ways to walk away with poorly secured data. Treasury departments can shut off opportunities for payments fraud by partnering with employees and financial institutions. Taken together, common sense measures can provide a multilayered and highly effective defense that can dramatically reduce the risk of intrusion.

Questions answered by this session:
1. What are some of the most destructive attacks as a result of common vulnerabilities?
2. How can an integrated, multifaceted approach, coordinated with cybersecurity programs at the corporate and financial institutions levels minimize risk and mitigate consequences?

Phil Beck
Senior Vice President & Head of Treasury Management, Capital One

Patrick Cassada
Chief Financial Officer, Kettler

Lou Lobosco, AAP
Director of Fraud Risk Management, Commercial Bank, Capital One