onebeaconpro.com 860.773.6150 t 806.773.6095 f 09.22.2014 Cyber Liability Insurance Coverages and Trends Affecting Community Banks Craig M. Collins President, Financial Services OneBeacon Professional Insurance
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014
Cyber Liability Insurance Coverages and Trends
Affecting Community Banks
Craig M. Collins President, Financial Services
OneBeacon Professional Insurance
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014
LEGAL DISCLOSURE
The diverse views expressed are solely those of the respective presenters and are not those of OneBeacon Professional Insurance or any of its affiliates.
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 THE SCARY STUFF
The Scams:
•Malware-infected software (mainly keystroke viruses)•Tech support scams •Phishing (fake email from a trusted source)•Spear phishing (email from a trusted source)•Smishing (compromising your smart phone)•Traditional social engineering
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 THE SCARY STUFF
The Trends:
•One in seven American networks has malware•Phishing emails have a 70% “open” rate•Gas pump skimmers are now “Bluetooth enabled”•Majority of wire fraud activity comes from outside the US
• Estonia, Latvia, Russia, Ukraine, China, African Countries
•Political cyber attacks
• China, Iran, Russia, North Korea (US alleged creator of Stuxnet)
•Technological innovations in banking – New ATM machines,•Online banking, remote capture, ACH, Check 21, etc.
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 INSURANCE COVERAGES
Financial Institution Bond (1st Party)
• Electronic / Computer Systems Fraud (includes online funds transfers)
• Telefacsimile, Email and Voice Instruction Transactions Coverage
Cyber Liability
• Cyber Liability (3rd Party)
• Intellectual Property (3rd Party)
• Breach Event Expense (1st Party)
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 FINANCIAL INSTITUTION BOND
Coverages:
Electronic / Computer Systems Fraud – Protects the Bank (1st Party) for loss due to theft occurring within the Bank’s own Computer System. (A direct “hack” of funds in your care/custody/control within the bank).
Example:
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014FINANCIAL INSTITUTION
BOND
Coverages:
• Telefacsimile, Email and Voice Instruction Transactions Coverage – Protects the bank for loss due to a fraudulent Fax, Email, or Voice Instruction.
However, to have Financial Institution Bond coverage, the bank MUST:
• Have a pre-arranged written agreement with the customer, authorizing transfers
AND
•If the transfer is larger than the bank’s bond deductible, there must be a call back to the customer verifying the transfer request.
onebeaconpro.com 860.773.6150 t806.773.6095 f
FIRST COMMERCIAL STATE BANK
FRAUDULENT WIRE ATTEMPT
Wire Transfer Included:
•A written wire transfer agreement with customer
•Authorization Form
•Call Back Procedure
09.22.2014
9
onebeaconpro.com 860.773.6150 t806.773.6095 f
FIRST COMMERCIAL STATE BANK
E-MAIL EXCHANGES:
From: Johnson, James [mailto:[email protected]]Sent: Tuesday, August 26, 2014 12:24 PMTo: Hartman, Sarah
Hello,
I need to make an international wire transfer, please forward a copy of the
form I need to complete.
James
LAW OFFICE OF JAMES JOHNSONTELEPHONE- (816) [email protected]
10
09.22.2014
onebeaconpro.com 860.773.6150 t806.773.6095 f
FIRST COMMERCIAL STATE BANK
From: Hartman, Sarah Sent: Tuesday, August 26, 2014 12:33 PMTo: Johnson, James [mailto:[email protected]]
Hello,Attached is the wire transfer form. As you know since this is not an “In Person” wire transfer, Henry will
have to confirm with you by phone once the form is received. He is in a meeting right now but should be out
shortly.
SarahFirst Commercial State Bank
From: Johnson, James [mailto:[email protected]] Sent: Tuesday, August 26, 2014 12:46 PMTo: Hartman, Sarah
The completed form is attached. Are you available in the office? I am in a meeting, but I can be reached on my cell
at 816-584-2997 and I just want to know if you are available in the office.
James
LAW OFFICE OF JAMES JOHNSONTELEPHONE- (816) [email protected]
09.22.2014
11
onebeaconpro.com 860.773.6150 t806.773.6095 f
FIRST COMMERCIAL STATE BANK
From: Johnson, James [mailto:[email protected]]Sent: Tuesday, August 26, 2014 1:15 PMTo: Hartman, Sarah.
Sarah,
Are you available in the office? I can be reached on my cell at 816-584-2997.
LAW OFFICE OF JAMES JOHNSONTELEPHONE- (816) 584-2991
From: Baker, Henry Sent: Tuesday, August 26, 2014 1:33 PMTo: Johnson, James [mailto:[email protected]]
James,
I am out of my meeting and I will give you a call to confirm the wire transfer.
HenryFirst Commercial State Bank
09.22.2014
12
onebeaconpro.com 860.773.6150 t806.773.6095 f
FIRST COMMERCIAL STATE BANK
Fraudulent Attempt:
• International wire transfer request received
• Policy and procedures were followed correctly
• The fraud was prevented!
09.22.2014
13
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 CYBER LIABILITY INSURANCE
Coverages:
• Cyber Liability is designed to protect the bank from losses/litigation coming from 3rd parties (mainly customers, suppliers, other banks, etc.) due to an error/omission/breach of duty in which the bank is legally obligated to pay.
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 CYBER LIABILITY INSURANCE
Coverages:
Parts of a Cyber Liability Policy• Basic Cyber Liability (3rd Party)
• Failure to protect private or confidential information from unauthorized access
• Libel, slander, defamation
• Denial of access and/or service
• Loss or damage to Electronic Data of a customer
Claims Example: “Electronic Statement Error”
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 CYBER LIABILITY INSURANCE
Coverages:
Parts of a Cyber Liability Policy• Intellectual Property (3rd Party)
• Protects the bank from litigation/loss involving infringement of copyright, trademark, trade name, etc.
Claims Example : “Interest rate Error”
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 CYBER LIABILITY INSURANCE
Coverages:
Parts of a Cyber Liability Policy• Breach Event Expense (1st Party Coverage) -Reimburses the
bank for certain costs incurred due to the unauthorized access to, or acquisition of, customer information that is in the care, custody, or control of the bank.
• Costs of Notification to the customers.
• Costs to change account numbers/reissue cards
• Provides credit monitoring services to impacted customers
Claim Example: “Debit Card Error – Bank responsible”
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014 WIRE TRANSFER ROOM
Some Employee “Best Practices”.
• Train, re-train employees on policies and procedures.
• Violations of policy should become a terminable offense.• Allow wire employees the ability to reasonably “upset” a
customer because of the need to follow policies and procedures to the letter.
• Test wire room by having members of Sr. Management or members of the Board of Directors call to attempt to make transfers in excess of the policies and procedures (a new approach by fraudsters).
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014
CORPORATE ACCOUNT TAKEOVERS
Corporate Account Takeovers are the fastest growing “criminal actions” being reported to bank insurers.
Issues: • Customer service is in direct conflict with proper internal
controls• Social engineering scams are much more successful in
smaller companies• Customer’s internal controls are significantly less
sophisticated than the banks.
Claims Example:
onebeaconpro.com 860.773.6150 t806.773.6095 f
09.22.2014
CORPORATE ACCOUNT TAKEOVERS
Some Customer “Best Practices”:
• Have the proper written agreement with the customer that includes “Hold Harmless” wording and specifically spells out who/what/where/when and how.
• Require customers who have higher frequency or dollar amount transactions to have a stand alone computer.
• No browsing
• No email
• No USB capabilities• Require customers who have higher frequency or dollar
amount transactions to have computer crime insurance - ask for a certificate of insurance