List of ESM Anti-Fraud Use Cases

Summary:

The document appears to be a comprehensive list of potential fraudulent activities detected in electronic banking systems, now part of the Enhanced Situational Management (ESM) suite. It includes scenarios such as high-risk transactions, unusual ATM withdrawals, failed login attempts with multiple PINs or passwords, adaptive authentication alerts, and suspicious account usage patterns. The document does not evaluate the effectiveness of these fraud detection measures but serves as a checklist for banks to monitor potential fraudulent activities in real-time. Additionally, there is a reference to a software interface called ArcSight, which allows users to manage different versions of data, mark items for specific actions, and retrieve more data from connections within the system. The interface also includes instructions for downloading a plugin (Jive for Microsoft Office) that enables collaboration on documents like Word, Excel, and PowerPoint files through the Jive platform.

Details:

The document is a list of anti-fraud use cases previously known as FraudView, now part of the Enhanced Situational Management (ESM) suite. It includes various scenarios such as high-risk monetary and non-monetary transactions, unusual withdrawal patterns from ATMs, multiple declined CVV attempts, and suspicious card usage patterns. Most of these use cases are complex and would typically require extensive professional services to investigate effectively, as no specific ESM module is available for this purpose. The document does not provide a summary or conclusion about the effectiveness of these fraud detection measures; it simply lists potential scenarios that could indicate fraudulent activities. The list provided is a comprehensive summary of various alerts and failed attempts detected by the bank for potential fraudulent activities, security concerns, or suspicious behavior related to electronic banking. Some examples include:

• **Daily Failed PIN Attempts**: Indicates multiple failed login attempts using different PINs in an attempt to gain unauthorized access.

• **Access From Address of Concern, Country of Concern, Malware/Phishing Address, New Browser, IP Address, ISP, Operating System**: These are indicators of suspicious activity from locations or devices that might be associated with phishing attempts, malware infection, or unusual browsing behavior.

• **Multiple Failed Login Attempts, Challenge Question Failures and Resets, Multiple Password Resets**: All these point to potential account takeover attempts or compromised accounts.

• **Adaptive Authentication Alerts, Brute Force Login Success, Customer using IE6, Device Profiling Alert, Employee Accessing Customer Account, Geographic Disparity of Account Access, Man in the Browser - Cookie/Malformed Cookie Special Characters**: These are more specific alerts that highlight potential security weaknesses or unusual behavior.

• **Admin logins outside of extended business hours, Admin Access to Multiple FIs, Foreign login to FI Admin, Holiday admin logins**: Highlight concerning activities from internal sources as well as external unauthorized access attempts.

This list serves as a checklist for banks and financial institutions to monitor potential fraudulent activities in real-time and take appropriate action to protect customer accounts and assets. This text appears to be a log or report detailing various suspicious activities and actions related to user accounts, transactions, and security settings on a platform. The activities include multiple IP addresses being used for login attempts, password resets more than three times in a short period, unauthorized access to customer information, changes in cookie settings, unusual account activity, failed login attempts, increased transaction amounts, and abnormal behavior such as returning items without prior purchases. The report also includes mentions of specific actions like editing tags related to fraud, anti-fraud, atm (automated teller machine), financial institutions (fi), merchant services, electronic banking, debit transactions, and internet banking. These tags are used for categorizing and managing content on the platform, indicating that the activities described in this log could potentially be fraudulent or risky. Overall, this text is a detailed record of potential security threats or suspicious behavior observed within a short timeframe (20 minutes) which might warrant further investigation to protect user accounts and financial transactions from harm. This text appears to be related to a software interface or documentation page, specifically for managing and interacting with a product called ArcSight. Here's a summary of the content:

• The user has various options to manage different versions of data, including creating copies, viewing them as PDF files, removing from their profile, marking items for specific actions like reserving, finalizing, or marking as official. Some additional markings include success, outdated status, and indicating impact metrics.

• There are also features that allow users to mark certain documents or information as successful or outdated based on the project's needs.

• The interface provides links to retrieve more data (possibly related to connections within the system) and shows incoming links from other sources which could be helpful for understanding how this particular document or feature is connected to others in a broader context.

• Additionally, there are instructions provided about downloading a plugin called Jive for Microsoft Office which allows users to create, open, collaborate on, and share documents like Word, Excel, and PowerPoint files using the Jive platform. The system requirements mention that Windows and Office 2003, 2007, 2010 or 2013 are required for installation.

• Users must enter their login credentials during plugin installation to ensure successful connection with the specified URL: https://irock.jiveon.com. This is likely a signup or login page for accessing the Jive software functionalities directly from Microsoft Office applications.

• The bottom of the text provides information about the version and revision of the Jive Software being used, along with copyright details indicating that this service is managed by Jive Software.