Inside: - Media Communication Group

More documents

Recommendations

Info

Cyber Crime and Cyber LiabilityIs Your BankProtected?BY PATRICK R. COREY, PRESIDENT IBIS INSURANCE SERVICES, INC.COMMUNITY BANKS ARE BEING HITPARTICULARLY HARD BY THESURGE IN DATA BREACHES ANDHACKING ATTACKS THAT LEAD TOlosses involving identity theft, debitcard fraud and other technology-basedcriminal activity. The percentage offinancial institutions under $5 billionin assets reporting losses jumped from61% in 2008 to 94% just three yearslater. In addition to hacking losses,community banks watched their fraudlosses on signature-debit sales skyrocketfrom 3.5 basis points to 11.9 basispoints during the same time period,and these numbers are still on the rise.Larger and more security-sophisticatedregional and national banks are seeingtheir losses decline, however, so theperpetrators appear to be focusingtheir criminal activity on smaller bankswhich lack the defensive technologyutilized by larger banks. Large banksare not immune, however, and manyhave been targeted successfully. As weoften find in criminal schemes againstfinancial institutions, the criminals areseeking the path of least resistance, soit makes sense that they would focuson smaller banks. Following are somerecent hacking events:• In February of this year theFederal Reserve Bank wastargeted by the infamous hackerorganization, Anonymous, anddetailed information on 4,000 bankexecutives was reportedly stolen.• In late 2012 our agency receivednotice of two hacks through twoseparate bank customers’ accountsthat resulted in financial losses tothe customers in the mid-six figurerange.• Also in late 2012 and early 2013 wereceived notice of a wire transferdiversion loss of nearly $1 million;and another bank reported a nearloss of several hundred thousanddue to a similar scheme. Bothof these events appear to be theresult of spyware/malware in theelectronic communications chain.Fortunately the bulk of the largeloss was recovered and the secondwire was ultimately not sent.• In October of 2012 Barnes & NobleBooksellers reported a breachthat struck 63 of its locationsnationwide. The breach wasdetermined to have been the resultof internal device tampering atseveral stores in 9 states.• In January, Zaxby’s restaurantsdiscovered a point-of-sale breachthat involved 108 stores in theEast and Southeast. The companysubsequently revealed thatcompromising malware had beendiscovered on computer systems atseveral locations.• A large Arizona grocery chain’spayment system recently suffered abreach tied to a worldwide criminalnetwork that appears to havebeen initiated as far back as late2012. Hundreds of compromisedpayment cards were reported as aresult of this hack and the affectedcards were undoubtedly sold to theworldwide marketplace. Bankinginstitutions tracking the suspiciousactivity on these cards eventuallytraced the breach back to theBasha’s Family of Stores, a popularArizona group of grocery outlets.Basha’s management indicatedmalware was behind the attack.These events are an ominous signthat our community banking systemis vulnerable to an ever moresophisticated worldwide network oftechnology-savvy criminals. Thesecrime syndicates are well-financed,20 www.azbankers.org
Community banks should be prepared forintensified efforts on the part of these criminalsand one crucial facet of a community bank’sdefense is appropriate insurance coverage.employ highly trained computer technicians and softwareengineers, and are using new and top-of-the-line equipment,so they have a head start when they begin an attack.Obviously their activities are profitable and those that arebased in certain foreign countries have little risk of beingcaught or punished for their crimes. Community banksshould be prepared for intensified efforts on the part ofthese criminals and one crucial facet of a communitybank’s defense is appropriate insurance coverage. Followingis a list of coverage areas that respond to electroniccrime and related liability:Computer Systems Fraud AgreementThis is a critical coverage part of your bank’s FinancialInstitution Bond and is your primary crime coverage forlosses through your bank’s own computer system. Youshould load this agreement with all of the options your insurancecarrier provides. This insuring clause also extendsto transfers of property (money) through wire transfers,voice initiated transfers, fax transfers, and e-mail transfers.This agreement contains required procedures or thepolicy may not respond to losses, so make sure you read theagreement and adhere to the insurance carrier’s requirements.Bear in mind that the underwriting insurer is agreeingto cover losses through your bank’s own proprietary system, notlosses that originate through your customer’s system. When theunderwriter assesses exposure to the insurance company, itis predicated on information provided on your bank’s computersystem, not your customer’s computer system.Internet Banking Liability Insurance (CyberLiability)Notice the word “liability” – this is legal defense protectionif you are alleged to be “liable” for a number ofcomputer system wrongful acts, including privacy liability,publishing liability, negligent custody and care of sensitiveinformation, denial or impairment of access, and so on. Itis extremely important to carry this insuring instrument onyour bank regardless of the pride in which you hold yourbank’s electronic security and procedures. Notice the word“alleged.” Even if you religiously employ the highest levelof sophistication and security in your bank’s transactionalinternet activities, you can still be “alleged” to be responsiblefor a customer’s loss. Usually the eventual culpritis found to be the customer’s own carelessness with hisidentity, but the bank could incur significant legal expensesdiscovering the cause of loss. There are two exposuresinvolved in potential privacy negligence allegations: 1.)document liability; and 2.) electronic storage and transferliability. Document liability is typically included as partof Side “C” (corporate liability) of the bank’s managementliability agreement to the D&O policy. It is sometimesreferred to as “dumpster diving coverage.” Electronic storageand transfer liability is covered by the Internet BankingLiability / Cyber Liability policy.Optional Insurance ProtectionChartis Insurance Company offers two very good optionsfor the bank’s insurance portfolio. One is Debit CardFraud Insurance, a two-level form of coverage for communitybanks offering debit cards to their customers. This uniquepolicy offers fraud coverage for individual cards up to$10,000 per loss with a $1,500 deductible and then couplesindividual card exposure with coverage for multiple cardlosses, such as BIN hits, with a $10,000 maximum per occurrencedeductible and an aggregate limit up to $1 million.Multiple card losses are the biggest concern because theycan often involve hundreds of cards and many thousandsof dollars in aggregate losses. This coverage is much betterthan that offered as an option on Financial InstitutionBonds because it offers worldwide coverage, responds tolosses due to telephone purchases, skimming, phishing,voiping, white cards, a nd internet purchases, plus carries adeductible much lower than the Bond deductible. There isalso a relatively new offering from Chartis, EFT Guard, amalware protection program that safely processes commercialinternet banking activity and is backed by Chartis up to$500K per loss subject to a $5 million aggregate limit. Thisprogram only responds to commercial accounts and willnot apply to consumer accounts. Please feel free to contact our agency anyme if you have quesons or concerns aboutyour bank’s professional or property insurance porolio. We only insure communitybanks and are the largest agency of our type in the Western United States. Our insuranceadvice and our wrien coverage reviews are provided free to the membership of ArizonaBankers Associaon. www.ibisinsurance.com.ARIZONA BANKER Spring 2013 21
Page 1 and 2: SPRING 2013You’re Invited!The AzB
Page 3 and 4: FINANCIALINSTITUTIONSOur financial
Page 5 and 6: A legal partner you can trust.Jeff
Page 7 and 8: Mark your calendar now!Arizona Bank
Page 9 and 10: uilt forchangeFinancial institution
Page 11 and 12: understand risk-based analysis. In
Page 13 and 14: With changes in technology, regulat
Page 15 and 16: the door was always open for employ
Page 17 and 18: Ranch, Johnson Ranch, Verrado, Vist
Page 19: We can help unlock your potential.G
Page 23 and 24: on the effectiveness of the control
Page 25 and 26: organization and mirror the commitm
Page 27 and 28: committeenotesThe Arizona Bankers A
Page 29: Get to know theBUSINESS SIDE OF COX
Page 32: 111 West Monroe, Suite 440Phoenix,

Inside: - Media Communication Group

Create successful ePaper yourself

Delete template?

Save as template?