Catch Them If You Can:
Don't Let RDC be the Con Artist's Dream that is Your Institution's Worst Nightmare
By Lori Moore, CRCM, Director of Compliance

In 1964, sixteen year old Frank Abagnale Jr., left home after his parents divorced. Not an unusual story, many teenagers run away from home. But Frank’s check cashing scams, made famous by the 2002 Stephen Spielberg film based on Frank’s biography, Catch Me if You Can, differentiate him from most other runaways. Memorably portrayed on screen by Leonardo DiCaprio, this teenage runaway managed to fool countless people into thinking that he was none other than a Pan Am pilot, a pediatrician and even an attorney. He stole $2.5 million through forged, faked and altered checks. After serving prison time, Frank turned his life around and from then until now has helped the FBI to uncover scams like the ones he ran. But imagine what Frank would have done had Remote Deposit Capture (RDC) been an option in 1964. Or worse, imagine a modern day, teenage Frank, and surely his counterpart exists today, with a slew of forged checks ready to remotely scan them for deposit at your institution.   
 




Four Surefire Ways to Boost Your Network Security

Given the widespread threat and consequences of network attacks and the increased focus on enforcing strict regulations like HIPAA, the HITECH Act and GLBA, it is imperative for all businesses to develop and maintain an Information Security Program that is sound, adaptable and fully communicated throughout their organizations. This webinar will educate all industries about the purpose and methods of external penetration and social engineering testing, and will also include an exclusive focus on compliance for health care providers. Attend this webinar and learn how you can ensure your network’s security and stay compliant with IT regulations in your business.

Speaker: 

Tyler Leet
RISC Services Manager
ATTUS Technologies

4/21/2011 3:00PM to 4:00PM ET

Question: Are there any reporting obligations if you perform a delta review of a prior transaction that passed the screening process the first time, but produced a match when the amended list was used?

Answer:  
Transactions that are conducted prior to a party being designated and added to the SDN list would not be in violation. Engaging in business that is prohibited with a party on the SDN list would be a violation as of the date that the party was designated and the SDN list updated. Therefore, if you encounter a positive match on an account or transaction that was previously screened and a potential match was not flagged, your first step would be to verify when the applicable sanction went into effect. If you determine that a transaction(s) in violation of a sanction program had been conducted, even unknowingly, you should immediately contact OFAC. The severity of the consequences is much less when violations are voluntarily disclosed. Additionally, OFAC will instruct you as to whether the transaction should be rejected or blocked.  In either case, you will be required to submit a Report of Blocked or Rejected Funds.

If you perform a delta review as updates are released, your risk of violations is much lower. Any window of time between when the SDN list is updated and when you compare your existing customer base to the updated list does pose greater risk.

Got a question on a tricky regulation? We want to hear from you.  Submit your question and an expert will answer it in a future issue.



7 Tips to Avoid e-Mail Compromise 
Post Epsilon, Experts Share Steps to Ensure Brand Equity
Tracy Kitten, BankInfoSecurity.com

The Epsilon e-mail breach has raised many questions about how organizations impacted by the breach should respond to their customers.

Epsilon announced April 1 that an outside intrusion had hacked into some of its customer files. Epsilon sends e-mail campaigns and offers to consumers who register for a company's website or who give their e-mail addresses while shopping. The company sends more than 40 billion e-mails annually and also runs loyalty programs for credit card users.

So far, more than 65 companies are confirmed or suspected of being affected by the breach. While e-mail addresses themselves are not considered sensitive information, the hacker's ability to associate those e-mail addresses with other information is a concern, says Nicolas Christin, associate director of the Information Networking Institute at Carnegie Mellon University. "The e-mail address by itself does not have that much value. But when you combine the e-mail address with other information, it's easy for fraudsters to turn that combined information into cash," Christin says.

Overdraft Compliance Still in the Spotlight
The need to focus on overdraft practices due to recent Reg E changes has not ended
Carl Pry, bai.org

Banks had just gotten used to new Regulation E rules requiring consumers to opt in to overdraft fees for ATM and debit card transactions when later events shook up the landscape. Last November, the FDIC issued “supervisory guidance” on banks’ overdraft practices, including “expectations” that banks control “the risks posed by automated overdraft payment programs … that are used by institutions to determine whether non-sufficient fund (NSF) transactions qualify for overdraft coverage based on pre-determined criteria.”

The regulatory trade winds are shifting against practices that were taken for granted just a few years ago and these winds will only blow harder once the CFPB starts up in earnest.



The Art of Admitting Failure
Rather than expend energy to avoid failure, learn how to become resilient to it
Charlene Li, HarvardBusinesReview.com

When it comes to business, we are incredibly unaccepting and fearful of making mistakes. And forget about admitting to our mistakes, as that may be construed as a sign of weakness.

But business and leadership is all about relationships. And in any relationship, things go wrong, mistakes are made, ups are followed by downs. The strength of a relationship is not how perfect it is, but how resiliently it deals with the inevitable failures.