1. Combating Payments Fraud: How Well Are You Managing YourCompanys Risk? Peter Nash, Assistant Treasurer, CVS Caremark Nasreen Quibria, Payments Expert, Logica

2. Todays End in Mind Logica 2012. All rights reserved No. 2 3. This is Logica Leading global business and technology services company Business consulting Products Systems integration Outsourcing Nearly 41,000 employees worldwide Over $6 billion USD in revenues 2011 Creating value for clients by successfully integrating people, business and technology Logica 2012. All rights reservedNo. 3 4. About Largest pharmacy health care provider in the United States More than $107 billion in annual revenue Approximately 200,000 employees in 44 states, the District ofColumbia, and Puerto Rico Headquartered in Woonsocket, R.I. Operate more than 7,327 retail stores, 30 onsite pharmacies, 31specialty pharmacy stores, 13 specialty mail order pharmacies, fourmail order pharmacies, 657 MinuteClinic , retail health care clinics No. 1 provider of prescriptions more than 1 billion prescriptions filledor managed annually 75 percent of the U.S. population lives within three miles of aCVS/pharmacy No. 1 Retail-Based Medical Center Operator No. 1 Retail Loyalty Program more than 69 million active ExtraCarecustomers Logica 2012. All rights reserved No. 4 5. Impact of Economic DownturnGreat Recession Improvement in December 2007 June 2009US Economy80%72% 73% 71%71%71% 68% 66%70%60%55%50%40%30%24%20%6%10%0%3% -1%-3%0%-10%20042005 200620072008 2009 20102011-7%-20% Attempted or Actual Payments Fraud % GrowthSource: 2012 AFP Payments Fraud and Control Survey Growth in fraud trends reflect US economic landscape Logica 2012. All rights reserved No. 5 6. Trends in Payments Fraud $30,00020%$26,600 13%9% 8% $25,000$23,3004% 10%0% $20,000$18,400 $19,200$17,100$15,200 -10% $15,000$13,900 -12%-20% $10,000-30%$5,000-40% -40%$0-50%2004 200620072008200920102011Estimated Median Value of Payments Fraud% GrowthSource: 2012 AFP Payments Fraud and Control Survey Logica 2012. All rights reservedBusiness of fraud continues to thrive No. 6 7. Shifting Landscape in Payments Fraud Outside individual (e.g., forged check, stolen card) Internal party (e.g., malicious insider) Organized crimeThird-party or outsourcer (e.g., vendor, professional service provider,business trading partnerOtherCriminal invasion (e.g., hacked system,malicious code - spyware or malware)Lost or stolen laptop or other device2011 20102009 0% 20%40% 60%80%100% Source: 2012 AFP Payments Fraud and Control SurveyNo. 7 Logica 2012. All rights reserved Growing threats are evolving 8. Cybercrime at Center Stagetotal cost of cybercrime$388 billionTop 3 Cybercrimes: Computer viruses ormalware Online scams PhishingSource: Norton Cybercrime Report 2011 Logica 2012. All rights reservedNo. 8 9. Largest Breaches of All Time*HM Revenue Sony Corporationand Customs77m - HackedUS Dept. ofRockYou, Inc. April 26, 201125m LostT-MobileAmazonsVeterans AffairsNovember17m Lost 32m Hacked25m HackedZappos26m Stolen May May 2, 201120,2007 Oct. 6, 2008 Dec.14, 200922, 200624m HackedJan.15, 20122005 2006 2007 2008 2009 2010 20112012 TJX Companies EMCs RSA*4 gaming +CardSystems 96m Hacked 40m Hacked social network40m Hacked January 17, 2007 March2011 sites hackedJune 19, 2005Bank of NewHeartland PaymentNov DecYork Systems201112m Lost 130m records lost -SK TelecomsSept 6, 2008 Hacked January 20, Cyworld 200935m Hacked*Greater than 10m accounts impacted July 28, 2011 Logica 2012. All rights reserved No. 9 10. No Payment Type is ImmuneChecks 85% ACH Debits 23%Corporate/Commercial Cards20%Consumer/Small Business Cards 12% ACH Credits 5% Wire Transfers5% Payroll and Other Benefit Cards 5%0%20%40% 60% 80% 100%Source: 2012 AFP Payments Fraud and Control Survey Logica 2012. All rights reserved But not all fraud targets are equalNo. 10 11. Low Tech, High LossTypes of CheckFraud Use organizations MICR line data Altered payee names on checks issued by the organization Altered employee paychecks Counterfeit checks Check kiting Holder in Due Course (HIDC)Even as check volumes decline, check fraud remains rampant Logica 2012. All rights reserved No. 11 12. Check Fraud Reduced with BOC BOC + New Authorization Process = Reduced Check Fraud CVS now receives initial returns andaverage of 7 days quicker (from 10days to 3 days on average) All unknown Check writers are routedto TeleCheck Online for authorization(includes negative file and riskscoring) Check Declines roughly doubled withno up-tick in customer complaints Multiple Returned Checks (sameMICR with 2 or more returns)decreased (items down 46% anddollars down 64%) Logica 2012. All rights reserved No. 12 13. Low Tech, High LossTypes of Check Check Fraud Best PracticesFraudProtection Solutions Use organizations Use high-quality check stock with Positive pay MICR line databuilt-in security features Payee verification Altered payee names Purchase stock from known Reverse positive pay on checks issued by vendors the organization Stale dating Store check stock, deposit slips, Check cashing with Altered employeebank statements and cancelled positive pay paychecks checks securely Counterfeit checks Implement secure financial Post no checks Check kitingdocument destruction processes Holder in Due Course Establish employee order/reorder (HIDC)policy for stock Dual controls over check stock, check issuance and account reconciliationEven as check volumes decline, check fraud remains rampant Logica 2012. All rights reservedNo. 13 14. ACH Fraud Gains MomentumTypes of ACH Fraud Account Hijacking Identity Fraud ACH Kiting Reverse Phishing Insider Origination Fraud Counterfeiting Logica 2012. All rights reserved No. 14 15. Corporate Refund Check Fraud Associates/friendsA few attempts gotCorporate refund of check recipients through as ACHchecks were attempted to commit blocks/filters weregenerated and ACH fraud against not in place on allmailed to several different accountsconsumers corporate accountsFraud attempts were Most attempts were detected and stopped as a resultreversed as a result of ACH blocksof detailed accountreconciliations Logica 2012. All rights reserved No. 15 16. ACH Fraud Gains MomentumTypes of ACH ACH Fraud Best Practices Fraud Protection Solutions Account Hijacking Know who youre dealing with ACH Transaction Identity Fraud Segregate accounts for better Review ACH Kitingcontrol ACH Debit Blocking Reverse Phishing Mask account numbers and Tax ID ACH Debit Filters Insider Origination numbers in correspondence ACH Positive Pay Fraud Use encryption email for Late ACH Return Block Counterfeitingconfidential information Return Item Validation Monitor and reconcile your Universal Payment accounts dailyIdentification Code Ensure secure ID tokens are (UPIC) collected and passwords are changed when an employee leaves Devise strong passwords Logica 2012. All rights reserved No. 16 17. NACHA "ACH Transaction" Virus Scam Logica 2012. All rights reserved No. 17 18. Focus on Phishing Types of PhishingPhishing Protection Best Practices Solutions Deceptive Phishing Ensure that browser and security Implement anti-virus, Malware-Based Phishingsoftware information is continuallycontent filtering and updatedspam blocker solutions Keyloggers and Spam blocking filters and surfingat the Internet gateway Screenloggers Session Hijacking block controls are maintained Consider subscribing to companywidecyber-intelligence Web Trojans Privacy locks should be utilized toservices which may be Hosts File Poisoningrestrict access to sensitive dataused to identify on-linethreats, System Reconfiguration Establish corporate policies formisrepresentations, or Attacks email contentonline frauds targeting Data Theft Provide a way for email recipient to brand(s) DNS-Based Phishingvalidate legitimate email Content Injection Stronger authentication at websites Man-in-the-Middle Search Engine Phishing Monitor for potential phishing sites Logica 2012. All rights reservedNo. 18 to name a few 19. Credit Where No Credit is Due (B-to-B) Types of CardCredit Card Fraud Best Practices Fraud Protection Solutions Employee misuse Protective controls, such as setting PCI Compliance Embezzlementtransaction limits and monthly limits solutions False fraud for all cardholders Fraud detection Lost or stolen card Cancel and destroy unused cards solutions including alerts Card- Not Present Track receipts orders Review card statements for Web-based payments tools that provide Counterfeit unexplained charges enhanced reporting Order a copy of your firms creditand real-time visibility report annually to look for into spending unauthorized applications, unfamiliar credit accounts Authenticate cardholder Not delay chargeback response Adhere to PCI Compliance Standards Card fraud is typically committed by an unknown external party Logica 2012. All rights reserved No. 19 20. Corporate ToolboxDeter (& Detect DefendPrevent) Audit & monitor Report unauthorized Control access of internal procedures transactions tochecks, cards, and Rigorously monitorfinancial institutionelectronic payments financial positionimmediately Screen new hires Utilize financial Enforce a policy of zero Train staff on fraud institution electronictoleranceawareness solution & services Segregate duties Reconcile daily Protect sensitive data,systems, documents,passwords, and PINs KYC (+suppliers &referral sources) Logica 2012. All rights reservedNo. 20 21. Control and Monitoring of Bank Account Signers Currently control 735 corporate/retail accounts with twosegregated signers on each account over 290 banks. Signers have the ultimate control of the account, features andreporting. Audit account signers periodically to ensure both accuracyand active employment. The signer database and applicable controls is a weakness insome of the larger banks, particularly as it relates to corporateversus branch accounts. Ensure that bank branches cannot accept instructions fromlocal field or store management. Bank and corporate employees can and will make errors. Logica 2012. All rights reservedNo. 21 22. Key Takeways & Best Practices Organizations need to remain vigilant to threats, especially emerging cross-channel fraud. Build a culture of risk awareness. Communicate and collaborate with employees to educate and work with them to combat fraud. Reduce exposure to fraud attempts and losses by migrating more transactions to electronic payments (i.e., ACH and cards). Leverage the tools and techniques available to you. Utilize best practices and solutions offered by financial institutions and solution providers. Logica 2012. All rights reservedNo. 22 23. Questions Peter D. Nash | Assistant TreasurerNasreen Quibria | Payments ExpertOne CVS Drive Woonsocket | RI 02895 (o) 781.373.8554 | (m) 617.390.4649nasreen.quibria@logica.com(o) 401.770.2853peter.nash@cvscaremark.comNasreen Quibria(nasreen.quibria@gmail.com)nquibria Logica 2012. All rights reservedNo. 23