| Subject: | “Cybersecurity Awareness, Card Fraud and Insider Fraud tailored for Internal Auditors” |
| Date: | Monday, 5 March 2025 |
| Time: | 9:00 to 15:00 |
| Venue: | EIMF Premises |
| Language: | English |
| CPE Points (Continuous Professional Education): | 5 CPEs |
| Instructors: | Phoebus Christodoulides (BA, MBA) |
| Outline: |  Seminar Outline |
| Registration Form: | Seminar Participation |
Programme Overview
This training programme is designed to equip internal auditors with essential knowledge and skills in cybersecurity, fraud detection, and risk management. The course covers key aspects of cybersecurity awareness, card fraud detection, and insider fraud prevention, focusing on real-world scenarios, best practices, and auditing techniques.
Programme Objectives
By the end of the programme, participants will be able to:
1. Enhance Awareness of Cybersecurity Threats
2. Strengthen Fraud Detection and Prevention Skills
3. Improve Internal Auditors’ Role in Fraud Risk Management (Card Fraud, Insider Fraud, etc.)
4. Promote a Strong Cyber Security Culture
Programme Outline (Headings, Sub-Headings)
Introduction
➢ Welcome and objectives of the training.
➢ Overview of the evolving threat landscape.
1. Cybersecurity Awareness
Understanding Cybersecurity Basics
➢ Common cyber threats: phishing, ransomware, malware, malicious use of AI and social engineering techniques.
➢ Security controls: preventive, detective, and corrective measures.
➢ Role of internal auditors in identifying gaps in cybersecurity frameworks.
Threat Identification and Risk Assessment
➢ Red flags for cybersecurity breaches (social engineering) and exercising.
➢ Understanding and assessing cyber risks in audits.
➢ Overview of IT governance and cybersecurity frameworks (e.g., ISO 27001, DORA, NIS2, PCI DSS).
Best Practices for Cybersecurity
➢ Importance of a solid Cyber Security culture – employee trainings.
➢ Importance of strong passwords, multi-factor authentication, use of AI, behavioural biometrics, vulnerability checks and patch management.
➢ Auditing employee training programs, security awareness initiatives and completion of assessment review points.
2. Card Fraud Awareness
Overview of Card Fraud
➢ How the card authorisation system and payment processing works.
➢ Boarding merchants and risk assessments.
➢ Key players in the card payment ecosystem (cardholders, issuers, acquirers, processors, merchant portfolio).
➢ The main risks of Issuers/Acquirers.
➢ Types of card fraud: skimming, card-not-present (CNP) fraud, account takeover, and synthetic identity fraud, merchant fraud, counterfeits, account takeover, merchant fraud, etc.
➢ Best Practice fraud monitoring parameters, alert configurations, reports and controls – for Issuers and Processors/Acquirers.
Detecting and Preventing Card Fraud
➢ Techniques used by fraudsters and how to recognize them.
➢ Fraud monitoring systems, alert investigations, and the use of AI.
➢ Tools and technologies for fraud prevention (e.g., EMV, tokenization, 3D Secure).
➢ Auditing payment processing systems and fraud detection mechanisms.
Case Studies and Real-World Scenarios
➢ Review of card fraud incidents and lessons learned.
➢ Practical exercises on identifying fraud patterns in transaction data.
3. Insider Fraud Awareness
Understanding Insider Fraud
➢ Definition and characteristics of insider threats and the Triangle of Fraud Concept.
➢ Motives and behavioural red flags of insiders.
➢ Types of insider fraud: theft, data breaches, payroll fraud, etc.
➢ Detection and prevention methods.
4. Recap and Q&A
➢ Summary of key takeaways.
➢ Open forum for participant questions and discussion.
Training Style:
1. Instructor-Led Training (ILT): I will be delivering the content in a classroom via projector/slides.
2. Case Studies: Real or hypothetical scenarios will be analysed allowing the learners to apply theoretical knowledge to practical situations.
3. Interactive Training: Participants will be encouraged to be engaged actively, enhancing retention and motivation.
4. Video-Based Training: Videos will be utilised to demonstrate real case scenarios.
Participant Profile (Bullet-points)
This course is ideal for banking professionals, fraud analysts, risk managers, auditors, and IT security specialists looking to deepen their understanding of fraud management and enhance their organization’s defences against both external and internal fraud threats, such as:
• Fraud analysts and investigators
• Risk management and compliance officers
• Credit card operations and security managers
• Internal auditors
• IT professionals
• CFOs
• Directors
• Senior Managers
• Regulatory compliance officers
• AML Officers
• Legal advisors
Instructor:
Phoebus Christodoulides, a USA University graduate (BA and MBA), commenced his business career as an External Auditor at PWC in 1991 until 1994. Thereafter, held Managerial positions at JCC Payment Systems Ltd, mainly as Risk Manager. Over a duration of 28 years employment at JCC, he maintained Managerial positions at Operations areas, such as Fraud and Risk, Card Transactions Security, Authorisations, Premises Security, ERM, Information Security and Call Centre; hence acquired extensive hands-on experiences which developed and refined his Risk Management skills. Some peripheral duties were, Chairman of the Cyprus Banks fraud working group, ‘Expert Witness’ for criminal cases and fraud investigations at Cyprus Courts, Advisor and liaison to the local and foreign police authorities (including Europol) on card fraud cases, Lecturer at the Cyprus Police Academy for over 30 years on subjects: Bank Card Fraud and Cybersecurity Awareness and Creator of JCC’s in-house fraud monitoring system. Among his professional awards include Best Financial Crime Investigator of the Year Award in 2004 (USA), Mastercard award for his continuous efforts to reduce fraud (2005), Cyprus Police award for contributing to the deterrence of card fraud in Cyprus, and an award handed over by the President of Cyprus for his lecturing at the Police academy for decades.