SlideShare une entreprise Scribd logo

Reducing Fraud Through Agreements and Compliance

Vivastream
Vivastream
1  sur  26
Télécharger pour lire hors ligne
REDUCING FRAUD THROUGH AGREEMENTS AND COMPLIANCE Presented by: PAUL A. CARRUBBA Adams and Reese LLP Phone: (601) 292-0788 E-Mail: paul.carrubba@arlaw.com
Paul Carrubba • Paul is a partner in the law firm of Adams and Reese LLP. His primary focus is on Banking Law and legal issues dealing with payments system laws and regulations and bank operations issues. He has over 37 years of experience in the banking industry as a Bank Operations Manager, a consultant, an author, and an attorney. Mr. Carrubba is the author of five books including: Revised UCC Article 3 and 4, A Banker’s Guide to Checks and Principles of Banking. He is the co-author, with Dan Fisher, of both Remote Deposit Capture – Practical Considerations and most recently, Risk Management Series – Remote Deposit Capture. Adams and Reese LLP, 2013, All Rights Reserved 2
Presentation Content THIS PRESENTATION IS DESIGNED TO PROVIDE ACCURATE AND AUTHORITATIVE INFORMATION REGARDING ITS SUBJECT MATTER. IT IS PRESENTED WITH THE UNDERSTANDING THAT THE PRESENTER IS NOT RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF LEGAL ADVICE OR OTHER EXPERT ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. Adams and Reese LLP, 2013, All Rights Reserved 3
Know Your Customer • Follow Bank Procedures • Proper Identification • Verification of Identification • Proper Authorization • Proper Agreement Adams and Reese LLP, 2013, All Rights Reserved 4
Deposit Agreement • Consumer Agreement • Business Agreement/Resolutions • Signature Cards • ESIGN • Electronic Agreements and Disclosures Adams and Reese LLP, 2013, All Rights Reserved 5
Key Deposit Agreement Terms • Definition of Item • Authorized Signers • Automated Processing – No Sight Review • Lost, Stolen, Counterfeit or other Unauthorized Items • Sequence of Posting • Remotely Created Checks • Security Interest in Account Adams and Reese LLP, 2013, All Rights Reserved 6
Terms, continued • Deposit of Items • Right of Setoff • Return Items/Charge Back • Statement Review • Arbitration • Limitation of Liability • Business Account – Review and Report Daily – Positive Pay Adams and Reese LLP, 2013, All Rights Reserved 7
Remote Deposit Capture • FFIEC Guidance on RDC • Risk Assessment – Legal – Compliance – Reputation – Operational • Bank Secrecy Act/ USA Patriot Act • Customer Controls • Multifactor Authentication Adams and Reese LLP, 2013, All Rights Reserved 8
RDC, continued • Types of Customers • Customer Due Diligence and Suitability (Commercial/Consumer) • Deposit Limits • Monitoring and Review • Availability of Funds • Vendor Management/Disaster Recovery Adams and Reese LLP, 2013, All Rights Reserved 9
RDC, continued • Fraud Assessment • Contract Terms – Internal Controls/Audit – Deposit Limits – Endorsement – Destruction of Original – Warrants/Indemnification Adams and Reese LLP, 2013, All Rights Reserved 10
FFIEC Authentication Guidance • 2001 Original Guidance • 2005 Update • 2011 Supplement to 2005 Guidance • Summary of Requirements – Single-Factor Authentication Inadequate – Authentication should be Appropriate – Multifactor Authentication – Layered Security – Monitoring of Transactions Adams and Reese LLP, 2013, All Rights Reserved 11
UCC 4A and Unauthorized Transfers UCC ARTICLE 4A Applies to Funds Transfers • Does Not Apply to Transfers Governed by EFTA (Reg. E) • Authorized Transfers Enforceable • Unauthorized Transfers Enforceable if: – Verified Pursuant to Security Procedure – Security Procedure is Commercially Reasonable – Bank Accepted it in Good Faith and in Compliance with Security Procedure Adams and Reese LLP, 2013, All Rights Reserved 12
UCC 4A UCC ARTICLE 4A • Unauthorized Transfers Not Enforceable if: – Bank Agrees not to Enforce – No Security Procedure – Security Procedure is not Commercially Reasonable – Not Made by Authorized Person or Person Entrusted with Security Procedure – Not Made by Person who Obtained to Access to Transmitting Facility – Made by Person that Obtained Security Procedure from a Source not Controlled by the Customer Adams and Reese LLP, 2013, All Rights Reserved 13
Security Procedures Security Procedure • Procedure to Verify Authenticity • Procedure to Detect Error Commercially Reasonable Security Procedure • Question of Law Considering – Circumstances Known to Bank – Alternative Security Procedures Offered – Security Procedures in General Use Adams and Reese LLP, 2013, All Rights Reserved 14
Cases • Shames-Yeakle v. Citizens Financial Bank • Experi-Metal v. Comerica Bank • Patco Construction Company, Inc. v. Peoples United Bank • Bank’s Procedure Not Commercially Reasonable • Bank did not Follow the Procedure Adams and Reese LLP, 2013, All Rights Reserved 15
Shames-Yeakel v. Citizens Financial Bank • Plaintiff Operated Accounting and Bookkeeping Company • Linked HELOC to Business Account • $26,500 Unauthorized Transfer Made • Ten Days Later, Plaintiff Contacts Bank • Agreement Provides for Password and Company ID • Expert Opined Security Procedures were Commercially Reasonable • Plaintiff Claimed Bank did not Comply with 2005 FFIEC Guidance • Court Held Procedures not Commercially Reasonable for Failure to Comply with Guidance Adams and Reese LLP, 2013, All Rights Reserved 16
Experi-Metal v. Comerica Bank • EMI Employee Responded to Phishing E-Mail • Clicked on Site and Entered PIN, Password and Token Password • Over 90 Transfers Initiated • Bank Filed Motion for Summary Judgment • Court Partially Granted Holding Security Procedures were Commercially Reasonable • Did Bank Accept Transfer in Good Faith? • Court Held Failed to Provide Evidence of Good Faith Adams and Reese LLP, 2013, All Rights Reserved 17
Patco Construction Company, Inc. v. Peoples United Bank – DISTRICT COURT • Unauthorized Transfers Totaling $588,000 were made over Several Days • Ocean Bank Blocked $243,000 • Transfers Made from Unrecognized Device and IP Address • Banks Security Procedures Included: – Password and ID – Challenge Questions – Risk Profiling – Device Cookies – Dollar Amount Rule – Subscription to eFraud Network – Customer Should Review Transactions Daily • Court Held: – Agreement Provided for Security Procedures – Course of Dealing – Both Parties Relied on FFIEC 2005 Guidance – Authentication was Multifactor and Layered Security – Security Procedure was Commercially Reasonable – Security Procedure does not have to be the Best – Patco Could have Mitigated Damages – Grants Summary Judgment Motion Adams and Reese LLP, 2013, All Rights Reserved 18
Patco Construction v. Ocean Bank Court of Appeals • Court of Appeals held security procedure was commercially unreasonable – Lowering the Dollar Threshold to $1.00 increased the Risk of Fraud. – Ocean Bank did not Monitor the Transaction. – Ocean Bank did not Provide Notice to Customer. Adams and Reese LLP, 2013, All Rights Reserved 19
Court of Appeals, continued • Court Rationale: – System had risk scoring – If System detected Suspicious Transaction, additional layer of authentication was added – Challenge Question. – Since Bank did not monitor and report, Challenge Questions were asked each time and allowed Criminals to know the answers. – Ocean Bank’s Service Provider warned against usage of Challenge Question as stand alone method. – The $1.00 threshold ignored Article 4A – Customer circumstances. – Bank did not use Tokens. – Failure to implement additional procedures was especially unreasonable in light of the Bank’s knowledge of ongoing fraud. – Payment order was uncharacteristic of Patco’s ordinary transactions. – Risk scores were very high. Adams and Reese LLP, 2013, All Rights Reserved 20
AGREEMENTS – Online/Internet Banking Agreements – Wire Transfer Agreements – ACH Origination Agreements – Security Procedure – Customer Agrees is Commercially Reasonable – Customer Agrees to be Bound – Customer will Safeguard Security Procedure – Customer will Scan Personal Computer – Customer will Give Notification of Unauthorized Transfer Adams and Reese LLP, 2013, All Rights Reserved 21
Online/Internet Banking Agreement/ Master • Security Procedures/Enhanced Procedures • Appointment of Administrator • Products and Services • Limitations • Limitation of Liability/Indemnification • Mobile Banking Addendum Adams and Reese LLP, 2013, All Rights Reserved 22
Wire Transfer Agreement • Authorization to Accept Payment Orders • Method of Issuance • Security Procedures • Settlement • Errors and Duplicate Orders • Identification of Beneficiary • Cancellation or Amendment • Rejection of Payment Order • Indemnification • Draw Down/Reverse Wire Adams and Reese LLP, 2013, All Rights Reserved 23
ACH Origination Agreement • Compliance with the Rules and US Law • Types of Entries • Security Procedures • Third Party Service Providers • Settlement (Pre-funding) • Errors and Duplicate Entries • Identification of Beneficiary • Reversal of Entries • Indemnification Adams and Reese LLP, 2013, All Rights Reserved 24
Conclusions and Questions • www.adamsandreese.com • Email: paul.carrubba@arlaw.com Adams and Reese LLP, 2013, All Rights Reserved 25
REDUCING FRAUD THROUGH AGREEMENTS AND COMPLIANCE Presented by: PAUL A. CARRUBBA Adams and Reese LLP Phone: (601) 292-0788 E-Mail: paul.carrubba@arlaw.com

Recommandé

Hot Topics in Corporate Whistleblower Protections
Hot Topics in Corporate Whistleblower ProtectionsHot Topics in Corporate Whistleblower Protections
Hot Topics in Corporate Whistleblower ProtectionsZuckerman Law Whistleblower Protection Law Firm
 
Eurosurveillance Ci Romania
Eurosurveillance Ci RomaniaEurosurveillance Ci Romania
Eurosurveillance Ci RomaniaJulian Tanase
 
Milestones
MilestonesMilestones
MilestonesMalla Harikrishna
 
Chapter
ChapterChapter
ChapterMalla Harikrishna
 
Shell case study: Enabling straight-through touchless processing of 500,000 i...
Shell case study: Enabling straight-through touchless processing of 500,000 i...Shell case study: Enabling straight-through touchless processing of 500,000 i...
Shell case study: Enabling straight-through touchless processing of 500,000 i...sharedserviceslink.com
 
Straight Through Processing
Straight Through ProcessingStraight Through Processing
Straight Through ProcessingMortgageDashboard
 
What do we mean by end-to-end Straight Through Processing?
What do we mean by end-to-end Straight Through Processing?What do we mean by end-to-end Straight Through Processing?
What do we mean by end-to-end Straight Through Processing?Tony Nesterov
 
Payments Hubs: Progress in Achieving Straight-Through Processing
Payments Hubs: Progress in Achieving Straight-Through ProcessingPayments Hubs: Progress in Achieving Straight-Through Processing
Payments Hubs: Progress in Achieving Straight-Through ProcessingVivastream
 

Recommandé

Hot Topics in Corporate Whistleblower Protections
Hot Topics in Corporate Whistleblower ProtectionsHot Topics in Corporate Whistleblower Protections
Hot Topics in Corporate Whistleblower ProtectionsZuckerman Law Whistleblower Protection Law Firm
 
Eurosurveillance Ci Romania
Eurosurveillance Ci RomaniaEurosurveillance Ci Romania
Eurosurveillance Ci RomaniaJulian Tanase
 
Milestones
MilestonesMilestones
MilestonesMalla Harikrishna
 
Chapter
ChapterChapter
ChapterMalla Harikrishna
 
Shell case study: Enabling straight-through touchless processing of 500,000 i...
Shell case study: Enabling straight-through touchless processing of 500,000 i...Shell case study: Enabling straight-through touchless processing of 500,000 i...
Shell case study: Enabling straight-through touchless processing of 500,000 i...sharedserviceslink.com
 
Straight Through Processing
Straight Through ProcessingStraight Through Processing
Straight Through ProcessingMortgageDashboard
 
What do we mean by end-to-end Straight Through Processing?
What do we mean by end-to-end Straight Through Processing?What do we mean by end-to-end Straight Through Processing?
What do we mean by end-to-end Straight Through Processing?Tony Nesterov
 
Payments Hubs: Progress in Achieving Straight-Through Processing
Payments Hubs: Progress in Achieving Straight-Through ProcessingPayments Hubs: Progress in Achieving Straight-Through Processing
Payments Hubs: Progress in Achieving Straight-Through ProcessingVivastream
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceJTLeekley
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmEthisphere
 
Reinsurance commutation 0315
Reinsurance commutation 0315Reinsurance commutation 0315
Reinsurance commutation 0315Accounting_Whitepapers
 
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...PsychoTech Services
 
How to Protect Yourself Online
How to Protect Yourself OnlineHow to Protect Yourself Online
How to Protect Yourself OnlineLegal123 comau
 
15th Annual Professional Responsibility Seminar
15th Annual Professional Responsibility Seminar 15th Annual Professional Responsibility Seminar
15th Annual Professional Responsibility Seminar Kegler Brown Hill + Ritter
 
2015 Payments Law Update
2015 Payments Law Update2015 Payments Law Update
2015 Payments Law UpdateJonathan Wegner
 
LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201Veritas Technologies LLC
 
M&A What VCs Should Know
M&A What VCs Should KnowM&A What VCs Should Know
M&A What VCs Should KnowRoger Royse
 
Executing the Deal: Compliance Requirements
Executing the Deal: Compliance RequirementsExecuting the Deal: Compliance Requirements
Executing the Deal: Compliance RequirementsCT
 
Ward Group - ISME
Ward Group - ISMEWard Group - ISME
Ward Group - ISMEKevin McLaughlin
 
Business credit for business owners - Credit Management Association
Business credit for business owners - Credit Management AssociationBusiness credit for business owners - Credit Management Association
Business credit for business owners - Credit Management AssociationCredit Management Association
 
Offering of asset backed securities managing credit risk
Offering of asset backed securities managing credit riskOffering of asset backed securities managing credit risk
Offering of asset backed securities managing credit riskArthur Mboue
 
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyInforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyDan French
 
Ethical Issues in eDiscovery - Lessons to be Learned
Ethical Issues in eDiscovery - Lessons to be LearnedEthical Issues in eDiscovery - Lessons to be Learned
Ethical Issues in eDiscovery - Lessons to be LearnedKlemchuk LLP
 
10 robert skinner debt sale
10 robert skinner debt sale10 robert skinner debt sale
10 robert skinner debt saleCCR-interactive
 
Delivering Homeownership to the Under banked: Credit Reporting and Scoring
Delivering Homeownership to the Under banked: Credit Reporting and Scoring Delivering Homeownership to the Under banked: Credit Reporting and Scoring
Delivering Homeownership to the Under banked: Credit Reporting and Scoring Mark F. Catone
 
Issues for Litigation Bankruptcy & Insolvency Basics for Lawyers
Issues for Litigation Bankruptcy & Insolvency Basics for LawyersIssues for Litigation Bankruptcy & Insolvency Basics for Lawyers
Issues for Litigation Bankruptcy & Insolvency Basics for LawyersNow Dentons
 
Exchange Solutions Datasheet_Ecommerce
Exchange Solutions Datasheet_EcommerceExchange Solutions Datasheet_Ecommerce
Exchange Solutions Datasheet_EcommerceVivastream
 
Exchange Solutions Datasheet_Customer Engagement Roadmap
Exchange Solutions Datasheet_Customer Engagement RoadmapExchange Solutions Datasheet_Customer Engagement Roadmap
Exchange Solutions Datasheet_Customer Engagement RoadmapVivastream
 

Contenu connexe

Similaire à Reducing Fraud Through Agreements and Compliance

How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceJTLeekley
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmEthisphere
 
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...PsychoTech Services
 
How to Protect Yourself Online
How to Protect Yourself OnlineHow to Protect Yourself Online
How to Protect Yourself OnlineLegal123 comau
 
15th Annual Professional Responsibility Seminar
15th Annual Professional Responsibility Seminar 15th Annual Professional Responsibility Seminar
15th Annual Professional Responsibility Seminar Kegler Brown Hill + Ritter
 
2015 Payments Law Update
2015 Payments Law Update2015 Payments Law Update
2015 Payments Law UpdateJonathan Wegner
 
LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201Veritas Technologies LLC
 
M&A What VCs Should Know
M&A What VCs Should KnowM&A What VCs Should Know
M&A What VCs Should KnowRoger Royse
 
Executing the Deal: Compliance Requirements
Executing the Deal: Compliance RequirementsExecuting the Deal: Compliance Requirements
Executing the Deal: Compliance RequirementsCT
 
Business credit for business owners - Credit Management Association
Business credit for business owners - Credit Management AssociationBusiness credit for business owners - Credit Management Association
Business credit for business owners - Credit Management AssociationCredit Management Association
 
Offering of asset backed securities managing credit risk
Offering of asset backed securities managing credit riskOffering of asset backed securities managing credit risk
Offering of asset backed securities managing credit riskArthur Mboue
 
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyInforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyDan French
 
Ethical Issues in eDiscovery - Lessons to be Learned
Ethical Issues in eDiscovery - Lessons to be LearnedEthical Issues in eDiscovery - Lessons to be Learned
Ethical Issues in eDiscovery - Lessons to be LearnedKlemchuk LLP
 
10 robert skinner debt sale
10 robert skinner debt sale10 robert skinner debt sale
10 robert skinner debt saleCCR-interactive
 
Delivering Homeownership to the Under banked: Credit Reporting and Scoring
Delivering Homeownership to the Under banked: Credit Reporting and Scoring Delivering Homeownership to the Under banked: Credit Reporting and Scoring
Delivering Homeownership to the Under banked: Credit Reporting and Scoring Mark F. Catone
 
Issues for Litigation Bankruptcy & Insolvency Basics for Lawyers
Issues for Litigation Bankruptcy & Insolvency Basics for LawyersIssues for Litigation Bankruptcy & Insolvency Basics for Lawyers
Issues for Litigation Bankruptcy & Insolvency Basics for LawyersNow Dentons
 

Similaire à Reducing Fraud Through Agreements and Compliance (20)

How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer Care
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer Care
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC Complaince
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
 
Reinsurance commutation 0315
Reinsurance commutation 0315Reinsurance commutation 0315
Reinsurance commutation 0315
 
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...
CAIIB Super Notes: Corporate Banking: Module A: Corporate Banking and Finance...
 
How to Protect Yourself Online
How to Protect Yourself OnlineHow to Protect Yourself Online
How to Protect Yourself Online
 
15th Annual Professional Responsibility Seminar
15th Annual Professional Responsibility Seminar 15th Annual Professional Responsibility Seminar
15th Annual Professional Responsibility Seminar
 
2015 Payments Law Update
2015 Payments Law Update2015 Payments Law Update
2015 Payments Law Update
 
LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201
 
M&A What VCs Should Know
M&A What VCs Should KnowM&A What VCs Should Know
M&A What VCs Should Know
 
Executing the Deal: Compliance Requirements
Executing the Deal: Compliance RequirementsExecuting the Deal: Compliance Requirements
Executing the Deal: Compliance Requirements
 
Ward Group - ISME
Ward Group - ISMEWard Group - ISME
Ward Group - ISME
 
Business credit for business owners - Credit Management Association
Business credit for business owners - Credit Management AssociationBusiness credit for business owners - Credit Management Association
Business credit for business owners - Credit Management Association
 
Offering of asset backed securities managing credit risk
Offering of asset backed securities managing credit riskOffering of asset backed securities managing credit risk
Offering of asset backed securities managing credit risk
 
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyInforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with Efficiency
 
Ethical Issues in eDiscovery - Lessons to be Learned
Ethical Issues in eDiscovery - Lessons to be LearnedEthical Issues in eDiscovery - Lessons to be Learned
Ethical Issues in eDiscovery - Lessons to be Learned
 
10 robert skinner debt sale
10 robert skinner debt sale10 robert skinner debt sale
10 robert skinner debt sale
 
Delivering Homeownership to the Under banked: Credit Reporting and Scoring
Delivering Homeownership to the Under banked: Credit Reporting and Scoring Delivering Homeownership to the Under banked: Credit Reporting and Scoring
Delivering Homeownership to the Under banked: Credit Reporting and Scoring
 
Issues for Litigation Bankruptcy & Insolvency Basics for Lawyers
Issues for Litigation Bankruptcy & Insolvency Basics for LawyersIssues for Litigation Bankruptcy & Insolvency Basics for Lawyers
Issues for Litigation Bankruptcy & Insolvency Basics for Lawyers
 

Plus de Vivastream

Exchange Solutions Datasheet_Ecommerce
Exchange Solutions Datasheet_EcommerceExchange Solutions Datasheet_Ecommerce
Exchange Solutions Datasheet_EcommerceVivastream
 
Exchange Solutions Datasheet_Customer Engagement Roadmap
Exchange Solutions Datasheet_Customer Engagement RoadmapExchange Solutions Datasheet_Customer Engagement Roadmap
Exchange Solutions Datasheet_Customer Engagement RoadmapVivastream
 
Vivastream Poster
Vivastream PosterVivastream Poster
Vivastream PosterVivastream
 
Vivastream Poster
Vivastream PosterVivastream Poster
Vivastream PosterVivastream
 
Breaking Up is Hard to Do: Small Businesses’ Love Affair with Checks
Breaking Up is Hard to Do: Small Businesses’ Love Affair with ChecksBreaking Up is Hard to Do: Small Businesses’ Love Affair with Checks
Breaking Up is Hard to Do: Small Businesses’ Love Affair with ChecksVivastream
 
EY Smart Commerce Report
EY Smart Commerce ReportEY Smart Commerce Report
EY Smart Commerce ReportVivastream
 
EY Global Consumer Banking Survey 2014
EY Global Consumer Banking Survey 2014EY Global Consumer Banking Survey 2014
EY Global Consumer Banking Survey 2014Vivastream
 
EY Global Consumer Banking Survey
EY Global Consumer Banking SurveyEY Global Consumer Banking Survey
EY Global Consumer Banking SurveyVivastream
 
Automation for RDC and Mobile
Automation for RDC and MobileAutomation for RDC and Mobile
Automation for RDC and MobileVivastream
 
Healthcare Payments Automation Center
Healthcare Payments Automation CenterHealthcare Payments Automation Center
Healthcare Payments Automation CenterVivastream
 
Next Generation Recognition Solutions
Next Generation Recognition SolutionsNext Generation Recognition Solutions
Next Generation Recognition SolutionsVivastream
 
Automation Services
Automation ServicesAutomation Services
Automation ServicesVivastream
 
Company Overview
Company OverviewCompany Overview
Company OverviewVivastream
 

Plus de Vivastream (20)

Exchange Solutions Datasheet_Ecommerce
Exchange Solutions Datasheet_EcommerceExchange Solutions Datasheet_Ecommerce
Exchange Solutions Datasheet_Ecommerce
 
Exchange Solutions Datasheet_Customer Engagement Roadmap
Exchange Solutions Datasheet_Customer Engagement RoadmapExchange Solutions Datasheet_Customer Engagement Roadmap
Exchange Solutions Datasheet_Customer Engagement Roadmap
 
Test
TestTest
Test
 
Tcap
TcapTcap
Tcap
 
SQA
SQASQA
SQA
 
Jeeva jessf
Jeeva jessfJeeva jessf
Jeeva jessf
 
Vivastream Poster
Vivastream PosterVivastream Poster
Vivastream Poster
 
Vivastream Poster
Vivastream PosterVivastream Poster
Vivastream Poster
 
APEX
APEXAPEX
APEX
 
Breaking Up is Hard to Do: Small Businesses’ Love Affair with Checks
Breaking Up is Hard to Do: Small Businesses’ Love Affair with ChecksBreaking Up is Hard to Do: Small Businesses’ Love Affair with Checks
Breaking Up is Hard to Do: Small Businesses’ Love Affair with Checks
 
EY Smart Commerce Report
EY Smart Commerce ReportEY Smart Commerce Report
EY Smart Commerce Report
 
EY Global Consumer Banking Survey 2014
EY Global Consumer Banking Survey 2014EY Global Consumer Banking Survey 2014
EY Global Consumer Banking Survey 2014
 
EY Global Consumer Banking Survey
EY Global Consumer Banking SurveyEY Global Consumer Banking Survey
EY Global Consumer Banking Survey
 
Serano
SeranoSerano
Serano
 
Accura XV
Accura XVAccura XV
Accura XV
 
Automation for RDC and Mobile
Automation for RDC and MobileAutomation for RDC and Mobile
Automation for RDC and Mobile
 
Healthcare Payments Automation Center
Healthcare Payments Automation CenterHealthcare Payments Automation Center
Healthcare Payments Automation Center
 
Next Generation Recognition Solutions
Next Generation Recognition SolutionsNext Generation Recognition Solutions
Next Generation Recognition Solutions
 
Automation Services
Automation ServicesAutomation Services
Automation Services
 
Company Overview
Company OverviewCompany Overview
Company Overview
 

Reducing Fraud Through Agreements and Compliance

  • 1. REDUCING FRAUD THROUGH AGREEMENTS AND COMPLIANCE Presented by: PAUL A. CARRUBBA Adams and Reese LLP Phone: (601) 292-0788 E-Mail: paul.carrubba@arlaw.com
  • 2. Paul Carrubba • Paul is a partner in the law firm of Adams and Reese LLP. His primary focus is on Banking Law and legal issues dealing with payments system laws and regulations and bank operations issues. He has over 37 years of experience in the banking industry as a Bank Operations Manager, a consultant, an author, and an attorney. Mr. Carrubba is the author of five books including: Revised UCC Article 3 and 4, A Banker’s Guide to Checks and Principles of Banking. He is the co-author, with Dan Fisher, of both Remote Deposit Capture – Practical Considerations and most recently, Risk Management Series – Remote Deposit Capture. Adams and Reese LLP, 2013, All Rights Reserved 2
  • 3. Presentation Content THIS PRESENTATION IS DESIGNED TO PROVIDE ACCURATE AND AUTHORITATIVE INFORMATION REGARDING ITS SUBJECT MATTER. IT IS PRESENTED WITH THE UNDERSTANDING THAT THE PRESENTER IS NOT RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF LEGAL ADVICE OR OTHER EXPERT ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. Adams and Reese LLP, 2013, All Rights Reserved 3
  • 4. Know Your Customer • Follow Bank Procedures • Proper Identification • Verification of Identification • Proper Authorization • Proper Agreement Adams and Reese LLP, 2013, All Rights Reserved 4
  • 5. Deposit Agreement • Consumer Agreement • Business Agreement/Resolutions • Signature Cards • ESIGN • Electronic Agreements and Disclosures Adams and Reese LLP, 2013, All Rights Reserved 5
  • 6. Key Deposit Agreement Terms • Definition of Item • Authorized Signers • Automated Processing – No Sight Review • Lost, Stolen, Counterfeit or other Unauthorized Items • Sequence of Posting • Remotely Created Checks • Security Interest in Account Adams and Reese LLP, 2013, All Rights Reserved 6
  • 7. Terms, continued • Deposit of Items • Right of Setoff • Return Items/Charge Back • Statement Review • Arbitration • Limitation of Liability • Business Account – Review and Report Daily – Positive Pay Adams and Reese LLP, 2013, All Rights Reserved 7
  • 8. Remote Deposit Capture • FFIEC Guidance on RDC • Risk Assessment – Legal – Compliance – Reputation – Operational • Bank Secrecy Act/ USA Patriot Act • Customer Controls • Multifactor Authentication Adams and Reese LLP, 2013, All Rights Reserved 8
  • 9. RDC, continued • Types of Customers • Customer Due Diligence and Suitability (Commercial/Consumer) • Deposit Limits • Monitoring and Review • Availability of Funds • Vendor Management/Disaster Recovery Adams and Reese LLP, 2013, All Rights Reserved 9
  • 10. RDC, continued • Fraud Assessment • Contract Terms – Internal Controls/Audit – Deposit Limits – Endorsement – Destruction of Original – Warrants/Indemnification Adams and Reese LLP, 2013, All Rights Reserved 10
  • 11. FFIEC Authentication Guidance • 2001 Original Guidance • 2005 Update • 2011 Supplement to 2005 Guidance • Summary of Requirements – Single-Factor Authentication Inadequate – Authentication should be Appropriate – Multifactor Authentication – Layered Security – Monitoring of Transactions Adams and Reese LLP, 2013, All Rights Reserved 11
  • 12. UCC 4A and Unauthorized Transfers UCC ARTICLE 4A Applies to Funds Transfers • Does Not Apply to Transfers Governed by EFTA (Reg. E) • Authorized Transfers Enforceable • Unauthorized Transfers Enforceable if: – Verified Pursuant to Security Procedure – Security Procedure is Commercially Reasonable – Bank Accepted it in Good Faith and in Compliance with Security Procedure Adams and Reese LLP, 2013, All Rights Reserved 12
  • 13. UCC 4A UCC ARTICLE 4A • Unauthorized Transfers Not Enforceable if: – Bank Agrees not to Enforce – No Security Procedure – Security Procedure is not Commercially Reasonable – Not Made by Authorized Person or Person Entrusted with Security Procedure – Not Made by Person who Obtained to Access to Transmitting Facility – Made by Person that Obtained Security Procedure from a Source not Controlled by the Customer Adams and Reese LLP, 2013, All Rights Reserved 13
  • 14. Security Procedures Security Procedure • Procedure to Verify Authenticity • Procedure to Detect Error Commercially Reasonable Security Procedure • Question of Law Considering – Circumstances Known to Bank – Alternative Security Procedures Offered – Security Procedures in General Use Adams and Reese LLP, 2013, All Rights Reserved 14
  • 15. Cases • Shames-Yeakle v. Citizens Financial Bank • Experi-Metal v. Comerica Bank • Patco Construction Company, Inc. v. Peoples United Bank • Bank’s Procedure Not Commercially Reasonable • Bank did not Follow the Procedure Adams and Reese LLP, 2013, All Rights Reserved 15
  • 16. Shames-Yeakel v. Citizens Financial Bank • Plaintiff Operated Accounting and Bookkeeping Company • Linked HELOC to Business Account • $26,500 Unauthorized Transfer Made • Ten Days Later, Plaintiff Contacts Bank • Agreement Provides for Password and Company ID • Expert Opined Security Procedures were Commercially Reasonable • Plaintiff Claimed Bank did not Comply with 2005 FFIEC Guidance • Court Held Procedures not Commercially Reasonable for Failure to Comply with Guidance Adams and Reese LLP, 2013, All Rights Reserved 16
  • 17. Experi-Metal v. Comerica Bank • EMI Employee Responded to Phishing E-Mail • Clicked on Site and Entered PIN, Password and Token Password • Over 90 Transfers Initiated • Bank Filed Motion for Summary Judgment • Court Partially Granted Holding Security Procedures were Commercially Reasonable • Did Bank Accept Transfer in Good Faith? • Court Held Failed to Provide Evidence of Good Faith Adams and Reese LLP, 2013, All Rights Reserved 17
  • 18. Patco Construction Company, Inc. v. Peoples United Bank – DISTRICT COURT • Unauthorized Transfers Totaling $588,000 were made over Several Days • Ocean Bank Blocked $243,000 • Transfers Made from Unrecognized Device and IP Address • Banks Security Procedures Included: – Password and ID – Challenge Questions – Risk Profiling – Device Cookies – Dollar Amount Rule – Subscription to eFraud Network – Customer Should Review Transactions Daily • Court Held: – Agreement Provided for Security Procedures – Course of Dealing – Both Parties Relied on FFIEC 2005 Guidance – Authentication was Multifactor and Layered Security – Security Procedure was Commercially Reasonable – Security Procedure does not have to be the Best – Patco Could have Mitigated Damages – Grants Summary Judgment Motion Adams and Reese LLP, 2013, All Rights Reserved 18
  • 19. Patco Construction v. Ocean Bank Court of Appeals • Court of Appeals held security procedure was commercially unreasonable – Lowering the Dollar Threshold to $1.00 increased the Risk of Fraud. – Ocean Bank did not Monitor the Transaction. – Ocean Bank did not Provide Notice to Customer. Adams and Reese LLP, 2013, All Rights Reserved 19
  • 20. Court of Appeals, continued • Court Rationale: – System had risk scoring – If System detected Suspicious Transaction, additional layer of authentication was added – Challenge Question. – Since Bank did not monitor and report, Challenge Questions were asked each time and allowed Criminals to know the answers. – Ocean Bank’s Service Provider warned against usage of Challenge Question as stand alone method. – The $1.00 threshold ignored Article 4A – Customer circumstances. – Bank did not use Tokens. – Failure to implement additional procedures was especially unreasonable in light of the Bank’s knowledge of ongoing fraud. – Payment order was uncharacteristic of Patco’s ordinary transactions. – Risk scores were very high. Adams and Reese LLP, 2013, All Rights Reserved 20
  • 21. AGREEMENTS – Online/Internet Banking Agreements – Wire Transfer Agreements – ACH Origination Agreements – Security Procedure – Customer Agrees is Commercially Reasonable – Customer Agrees to be Bound – Customer will Safeguard Security Procedure – Customer will Scan Personal Computer – Customer will Give Notification of Unauthorized Transfer Adams and Reese LLP, 2013, All Rights Reserved 21
  • 22. Online/Internet Banking Agreement/ Master • Security Procedures/Enhanced Procedures • Appointment of Administrator • Products and Services • Limitations • Limitation of Liability/Indemnification • Mobile Banking Addendum Adams and Reese LLP, 2013, All Rights Reserved 22
  • 23. Wire Transfer Agreement • Authorization to Accept Payment Orders • Method of Issuance • Security Procedures • Settlement • Errors and Duplicate Orders • Identification of Beneficiary • Cancellation or Amendment • Rejection of Payment Order • Indemnification • Draw Down/Reverse Wire Adams and Reese LLP, 2013, All Rights Reserved 23
  • 24. ACH Origination Agreement • Compliance with the Rules and US Law • Types of Entries • Security Procedures • Third Party Service Providers • Settlement (Pre-funding) • Errors and Duplicate Entries • Identification of Beneficiary • Reversal of Entries • Indemnification Adams and Reese LLP, 2013, All Rights Reserved 24
  • 25. Conclusions and Questions • www.adamsandreese.com • Email: paul.carrubba@arlaw.com Adams and Reese LLP, 2013, All Rights Reserved 25
  • 26. REDUCING FRAUD THROUGH AGREEMENTS AND COMPLIANCE Presented by: PAUL A. CARRUBBA Adams and Reese LLP Phone: (601) 292-0788 E-Mail: paul.carrubba@arlaw.com