Table Number General Information List of Tables Page 1 For which units in your banking organization are you reporting the information?... 73 2 Your total banking assets and deposits for the units included in this report... 73 3 Distribution of open transaction accounts by account source... 73 4 Open transaction account portfolio per bank, consumer and business combined... 74 5 New transaction accounts opened per bank in 2014... 74 6 Expenses per bank (internal and external) for prevention, detection, investigation, and prosecution of deposit account fraud... 74 7 Areas for which bank's fraud prevention/investigations group is directly responsible... 75 8 Please indicate which of the following fraud management functions are outsourced... 75 9 If not outsourced, which bank departments handle customer claims for the following types of fraud?... 77 10 Does your bank have a policy regarding the customer s liability on unauthorized/ fraudulent transactions?... 77 11 If Yes, are customers notified of this policy?... 77 12 If Yes, what modes of communication does your institution use to notify customers of this policy?... 78 13 How often do you communicate this policy to customers?... 78 14 Average number of full-time equivalent (FTE) bank staff responsible for prevention, detection, and investigation of deposit account fraud... 79 15 Average number of FTE analysts and management staff responsible for listed prevention systems... 79 16 What tools does your bank use to monitor for and detect cross-channel fraud?... 80 17 When your bank charges off a case of cross-channel fraud, where does your bank book the loss?... 80 18 Which tools does your bank currently use to identify and detect account takeovers for consumer and business accounts... 81 19 Expected change in transaction volume over the next 12 months for the following channels... 82 20 Deposit account-fraud threats to the industry in the next 12 months... 83 21 If your bank experienced higher losses in 2014 when compared to 2013, what were the primary drivers?... 84 22 If your bank experienced no DDA fraud loss or lower losses in 2014 when compared to 2013, what were the primary drivers?... 84 Deposit Account Fraud Prevention 23 Approaches banks use to prevent deposit fraud losses new account application review... 85 24 Approaches banks use to prevent deposit fraud losses customer verification... 87 25 Approaches banks use to prevent deposit fraud losses branch/bank control... 89 26 Approaches banks use to prevent deposit fraud losses other fraud prevention approaches... 90 27 What kind of authentication methods does your institution use for the following digital banking products... 91 28 Do you require or encourage your customers to change the access authentication password periodically (e.g., every 90 days)?... 92 29 What level of automation does your institution use to verify the identity of customers using the following digital products?... 92 30 Does your institution have a specialized team that monitors suspicious digital transactions only?... 93 American Bankers Association 67
31 What methodologies does your institution use to monitor, track, or analyze digital suspicious transactions?... 93 Check Fraud Prevention 32 In terms of high vs. low impact, please rate the effectiveness of the measures that your bank uses to reduce check fraud... 94 33 Approaches banks use to prevent check fraud losses deposit review... 95 34 Approaches banks use to prevent check fraud losses on-us/in-clearing... 96 35 Approaches banks use to prevent check fraud losses branch/bank control... 97 36 Approaches banks use to prevent check fraud losses withdrawal controls... 98 37 Approaches banks use to prevent check fraud losses exception holds... 98 38 Approaches banks use to prevent check fraud losses other fraud prevention approaches... 98 39 If you offer positive-pay service, how do you encourage your corporate customers to use this service?... 99 40 What is the timing of your deposit fraud review?... 99 Regulation CC 41 Report the most representative of your published funds availability policy for deposits to established consumer or business transactions accounts that do not qualify as exceptions under Regulation CC... 100 42 How often do you impose a safeguard exception on your consumer or business accounts to hold funds beyond the 2 business days?... 100 43 Many banks generally provide funds earlier than the law requires (e.g., the day after deposit). In these instances, banks may impose case-by-case holds: that is, holds beyond the bank s usual policy, but no later than 2 days. If you provide funds earlier than required by Regulation CC, for instance, on the day after deposit, how often do you impose case-by-case holds?... 101 44 On average, how long does it take for a check to return to your institution? Assume that the original deposit of the check at your institution is day 0.... 101 45 Do you accept Remotely Created Checks (RCCs)?... 101 46 How many check fraud claims have a draft (RCC) associated with them?... 101 Electronic Check Processing 47 Do you capture or plan to capture check images at the following locations?... 102 48 Does your bank offer remote deposit image capture to customers?... 102 49 Rate the following fraud risks associated with electronic check processing... 103 50 Your bank s primary fraud prevention solutions for electronic check processing... 104 51 Does your bank check for duplicate check presentment using check data (check image and non-image data) and/or ACH conversion data?... 104 52 What check data/check image sources does your bank use to detect duplicate presentment via RDC?... 105 53 How far back does your bank review check data (including check images and non-image check data) to detect duplicate check presentment?... 105 54 What is the typical lag time your bank experienced for duplicate check presentment?... 105 55 Does your bank require customers to have been with the bank for a specific number of days prior to them being able to use remote deposit image capture?... 106 56 Please indicate which item(s) your bank restricts from being presented via RDC Consumer (all types)... 106 57 Please indicate which item(s) your bank restricts from being presented via RDC Business Desktop... 106 58 Please indicate which item(s) your bank restricts from being presented via RDC Business Mobile... 107 68 American Bankers Association
59 Does your bank have daily transaction dollar limits on items presented via RDC? Consumer (all types)... 107 60 Does your bank have daily transaction dollar limits on items presented via RDC? Business Desktop... 107 61 Does your bank have daily transaction dollar limits on items presented via RDC? Business Mobile... 108 62 Does your bank have item-level dollar limits on items presented via RDC? Consumer (all types)... 108 63 Does your bank have item-level dollar limits on items presented via RDC? Business Desktop... 108 64 Does your bank have item-level dollar limits on items presented via RDC? Business Mobile... 109 65 Do you have a limit on the number of items that can be presented via RDC per day? Consumer (all types)... 109 66 Do you have a limit on the number of items that can be presented via RDC per day? Business Desktop... 109 67 Do you have a limit on the number of items that can be presented via RDC per day? Business Mobile... 110 68 On an ongoing basis, do you screen customers NSF history to determine if they continue to have access to mobile RDC?... 110 69 Do you monitor returned RDC items?... 110 70 Do RDC transactions run through one or more of your existing deposit fraud tools?... 110 71 Does your bank conduct negotiability reviews for checks deposited via RDC?... 111 Telephone Banking/Call Center 72 Specify telephone banking/call center transactions your bank currently offers or plans to offer to consumer accounts... 111 73 Specify telephone banking/call center transactions your bank currently offers or plans to offer to business accounts... 113 74 In calendar year 2014, did your bank see an increase/decrease in social engineering/ information gathering attempts via your telephone banking/call centers?... 117 75 Did your bank experience the listed types of fraud attempts in 2014 that were originated through the call center?... 117 76 Do you anticipate increased fraud exposure (loss + loss avoided) in telephone banking/call centers in 2015?... 117 Online Banking 77 Specify online banking transactions your bank currently offers or plans to offer to consumers... 118 78 Specify online banking transactions your bank currently offers or plans to offer to businesses. 121 79 Do you plan to implement enhanced back-office security features like the following for your online banking customers?... 123 80 What tools are you offering DDA customers that could help prevent online fraud/account takeover?... 124 81 Do you offer the following services, discounted or free, to your DDA customers to help prevent fraud?... 126 82 When a customer's computer is compromised by a virus/malware, does your bank do the following?... 127 Online Billpay 83 In terms of high vs. low impact, please rate the effectiveness of the measures that your bank uses to reduce online billpay fraud... 128 84 Please specify what online billpay control procedures your bank has taken... 129 85 Please specify what means of disbursement of bill payments are used?... 129 86 When billpay fraud is detected, how is the loss avoidance calculated?... 129 American Bankers Association 69
Mobile Banking Apps 87 Does your bank offer mobile banking apps to your DDA customers?... 130 88 Specify for which mobile operating systems your bank currently offers mobile banking apps... 130 89 In terms of high vs. low impact, please rate the effectiveness of the measures that your bank uses to reduce mobile banking apps fraud... 130 90 Specify mobile banking transactions your bank offers or plans to offer... 132 91 Please specify what mobile banking apps control procedures your bank has taken... 134 92 When fraud is detected before a loss is incurred, how is the loss avoidance calculated?... 134 93 Do you deny claims if the customer does not have updated spyware, virus, firewall or other protection?... 135 Mobile Alerts 94 Specify which types of mobile alerts your bank currently offers or plans to offer... 135 95 Which modes of delivery does your bank offer or plan to offer for alerts?... 136 96 For the alerts that your bank currently offers, are customers able to respond/reply directly to these alerts?... 137 97 Specify the methods/modalities of mobile communication your bank currently offers services to your customers... 137 Debit Cards 98 Specify debit card transactions your bank currently offers or plans to offer... 138 99 In terms of high vs. low impact, please rate the effectiveness of the measures that your bank uses to reduce debit card fraud... 139 100 Specify ATM/POS control procedures your bank has taken to prevent fraud losses... 140 101 Has your bank issued any EMV compliant debit cards?... 143 102 How do/will you perform EMV reissue?... 143 103 What form of EMV will you issue?... 144 104 What cardholder verification method (CVM) will you use for EMV debit cards?... 144 105 Has your institution implemented Apple Pay?... 144 106 In comparison with the rest of your debit card portfolio, has the Apple Pay fraud experienced by your institution been lower, higher, or the same?... 145 107 What type of fraud has your institution experienced with Apple Pay?... 145 108 What tools has your institution implemented to authenticate yellow path customers?... 145 Prepaid Cards 109 Does your bank offer prepaid cards?... 146 110 What types of prepaid cards do you offer?... 146 111 Did your bank experience attempts at prepaid card fraud in 2014?... 146 112 Did your bank experience losses due to prepaid card fraud in 2014?... 146 113 In terms of high vs. low impact, please rate the effectiveness of the measures that your institution uses to reduce prepaid card fraud... 147 ACH Transactions 114 Does your bank currently offer or plan to offer ACH origination services to your customers?... 147 115 In terms of high vs. low impact, please rate the effectiveness of the measures that your institution uses to reduce ACH fraud as an ODFI... 148 116 In terms of high vs. low impact, please rate the effectiveness of the measures that your institution uses to reduce ACH fraud as a RDFI... 149 117 Please specify if your bank uses the following ACH fraud prevention measures... 149 118 Did your financial institution experience ACH kiting in 2014?... 150 70 American Bankers Association
119 If Yes, did the kiting involve other, non-ach channels?... 150 120 If Yes, which other channels did it involve?.... 150 121 Does your institution monitor International ACH Transactions (IAT)?.... 150 122 Do your institution s ACH and check platforms communicate? For example, does a stop payment order placed on one platform apply to the other?.... 150 123 As an ODFI, specify if your financial institution uses the following prevention measures to mitigate fraudulent ACH transactions for originated debits and/or credits... 151 124 As a RDFI, specify if your financial institution uses the following prevention measures to mitigate fraudulent ACH transactions for received debits and/or credits to business accounts... 153 125 Specify the level of fraud experienced at your institution in 2014, as compared to 2013, with regards to the listed types of ACH fraud... 154 Wire Transactions 126 In terms of high vs. low impact, please rate the effectiveness of the measures that your institution uses to reduce wire fraud... 156 127 Does your institution monitor outgoing wires for specific countries outside of OFAC sanctions? 156 128 Does your institution monitor consumer accounts differently from business accounts?... 157 129 Has your institution experienced an increase in wire fraud and/or attempts in 2014 compared with the previous year?... 157 130 Do you anticipate increased exposure (loss + loss avoided) due to wire fraud in 2015?... 157 131 Do you conduct fraud detection review of branch-initiated wires?... 157 132 Do you allow wire requests origination by the following channels... 157 133 How do you validate these requests?... 158 2014 Fraud Losses/Loss Avoidance 134 Did your institution experience any fraud attempts or incur a financial loss during calendar year 2014 caused by the following types of fraud? Consumer Accounts... 158 135 Did your institution experience any fraud attempts or incur a financial loss during calendar year 2014 caused by the following types of fraud? Business Accounts... 162 136 Please report your bank s 2014 total losses from deposit accounts (before any post charge-off recoveries), including fraud and non-fraud losses due to policy violations, employee issues, etc... 165 137 Please report your bank s 2014 total fraud losses from deposit accounts (before any post charge-off recoveries)... 165 138 Report the proportion of your bank's 2014 total fraud losses from deposit accounts by funds withdrawal channel: based on number of cases... 166 139 Report the proportion of your bank's 2014 total fraud losses from deposit accounts by funds withdrawal channel: based on dollar amount... 166 Check Fraud Losses 140 Check-related losses per bank total... 166 141 Check-related losses per bank by category... 167 142 New account fraud losses per bank... 168 143 Anticipated check fraud losses in the next 12 months... 169 144 2014 actual check fraud losses from checks deposited at your bank by account age... 170 145 2014 actual check fraud losses from checks deposited at your bank using the listed channels.. 170 146 2014 actual check fraud losses by account source... 171 147 2014 actual recoveries from check-related fraud loss... 171 148 Check fraud loss avoidance that, in your opinion, was attributable to your prevention systems and procedures... 171 American Bankers Association 71
Debit Card Fraud Losses 149 2014 actual gross fraud losses per bank from POS signature debit card transactions... 172 150 Anticipated POS signature debit card losses in the next 12 months... 173 151 2014 actual gross fraud losses per bank from PIN debit card transactions... 174 152 Anticipated PIN debit card losses in the next 12 months... 175 153 Percentage of PIN Debit losses attributed to POS vs. ATM transactions... 175 154 In 2014, did your bank have confirmed incident of skimmers attached to your bank's proprietary ATMs?... 175 155 Consumer debit card fraud loss avoidance that, in your opinion, was attributable to your prevention systems and procedures... 176 Small Business Debit Card Losses 156 2014 actual gross fraud losses per bank from small business debit card transactions 176 157 Anticipated small business debit card losses in the next 12 months 176 Online Banking Losses 158 Please report the following items for your online banking transactions that include billpay, wire, and ACH... 177 159 Report the proportion of your bank's 2014 actual online banking fraud losses by account source... 178 160 Did your financial institution have customers that experienced Business (Commercial) Account Takeover by cyber-thieves in 2014 (i.e., the unauthorized use of valid online banking credentials, typically obtained via online malware such as Trojans that infect a customer s workstations, laptops or computer networks)?... 179 161 If Yes, please provide the following or estimates if available for the full year 2014... 179 162 Did your financial institution have customers that experienced Consumer Account Takeover by cyber-thieves in 2014 (i.e., the unauthorized use of valid online banking credentials, typically obtained via online malware such as Trojans that infect a customer s workstations, laptops or computer networks)?... 179 163 If Yes, please provide the following or estimates if available for the full year 2014... 179 164 Source of your 2014 ATO losses by channel (report separately for business/commercial vs. consumer ATOs)... 180 165 Online banking fraud loss avoidance that, in your opinion, was attributable to your prevention systems and procedures... 180 Wire Fraud Losses (for wire transactions that are not initiated via online banking) 166 In calendar year 2014, what was your bank's experience with wire origination/outgoing fraud (not initiated online)?... 180 167 In calendar year 2012, what was your bank's experience with wire receiving/incoming fraud (not initiated online)?... 181 168 Compared to 2013, please report changes in the source of attempted wire fraud in 2014 (not initiated online) (percentage of banks)... 181 169 Compared to 2013, please report changes in the source of attempted wire fraud in 2014 (not initiated online) (mean and median)... 183 170 Wire fraud loss avoidance that, in your opinion, was attributable to your prevention systems and procedures (for wire transactions that are not initiated via online banking)... 183 72 American Bankers Association