Transcript Chapter Fifteen

Financial Fraud in Cyberspace
Ruzbeh Tusserkani
Is Financial Crime Like an Epidemic?
Public Health



Epidemics spread
through global travel and
mutations of viruses
Individuals must take
their own precautions like
hygiene and wearing
masks
Governments implement
broad measures to
disseminate information,
monitor risks and act
quickly upon detecting
outbreaks
Financial Health



Criminals cross borders
physically and exchange data
to establish new fraud
methods
Individuals must protect their
physical wallets and bank
statements and takes sensible
electronic measures
Banks can monitor customers’
risk profiles (KYC) and
transactions for suspicious
behavior
Quarantine should be final resort
Cyber Theft
• The new computer-based technology allows criminals
to operate more efficiently and effectively.
• These thieves use cyberspace to distribute illegal
goods and services or to defraud people for quick
profit.
Computer Fraud
• These crimes include theft of information, “salami
fraud” (skimming small amounts of money from
many accounts) software theft, manipulation of
accounts/banking, corporate espionage.
• ATMs (Automatic teller machines) are especially
vulnerable.
Internet Securities Fraud
• This crime involves using the Internet to intentionally
manipulate the securities marketplace for profit. The
three major types of this fraud are:
– Market manipulation
– Fraudulent offerings of securities
– Illegal touting
Identity Theft
• This occurs when someone uses the Internet to steal
another’s identity and/or impersonate the victim to
open credit card accounts and/or other financial
transactions.
• Phishing (carding, spoofing)—some identity thieves
create false e-mails or websites designed to gain
illegal access to a victim’s personal information.
Identity Theft & Identity Fraud
• Identity theft involves acquiring key pieces of your
identifying information without the victim’s
knowledge.
• Identity fraud occurs when thieves use the victims’
personal identifying information to order
merchandise, obtain credit, or otherwise falsely
represent themselves without the victim’s express
consent.
Internet Usage And ID Theft
500
ID Theft Complaints
400
300
200
100
900
0
800
Web Users
700
600
500
400
300
2000
2001
2002
2003
2004
How Identities are Stolen
High Tech Methods
Low Tech Methods
•
•
•
•
• Automobile dealers,
retailers, restaurants
• Personnel Files
• Dumpster Diving
• Lost/Stolen Wallets and
Checkbooks
• Healthcare Records
• Mail Theft
Phishing
Spyware and Key Logging
Skimming
Trojan Horses, Viruses
and Worms
• Hacking
• Spamming
Phishing
• High-tech scam using spam or
pop-up messages from known
businesses requesting account
validation.
• Warnings of dire consequences if
the victim fails to respond.
• Directs the victim to a Web site
resembling a legitimate site where
the operators trick the victim into
divulging personal identifier
information.
Spyware and Key Logging
• Software that collects
personal information from
your computer without
your knowledge.
• Downloaded to your
computer from the
websites you visit, or
invites itself in
unannounced when you
agree to download another
program.
Skimming
• Occurs anywhere a credit card is accepted
• Rarely done at any location for more than 7 days
• A collusive employee completes a valid sale, then
captures a second (unauthorized) swipe covertly before
returning the card to the cardholder
• Fraudulent transactions frequently occur within 24-48
hours of the compromise
• Cardholders are not aware that they have been victimized
until they receive their credit card statements showing the
fraudulent charges
Skimming Devices
Can be made easily
accessible inside clothing
Hand Held Skimmer/
“Wedge”
Most Common Low Tech Schemes
• Unknown caller posing as a bank employee trying
to verify a SSN and mother’s maiden name
• Fraudster requests a victim’s credit report
• Dishonest employee with access uses or sells
personal information
• Fraudster changes the address on your account to
their address through the financial institution
• Thief who steals your information during a burglary
Other Internet Fraud Schemes
•
•
•
•
Pet (selling) scams
Secret Shoppers and Funds Transfer Scams
Adoption and Charity Frauds
Romance Fraud
Hacking
• Hackers accessed more
than 5 million Visa and
MasterCard credit card
accounts in the US. – February
2003
• Hackers accessed a U.S.
military database
containing Social Security
numbers and other personal
information for 33,000 Air
Force officers and enlisted
personnel. -August 2005
• Hackers compromised the
confidentiality of 40
million credit card holders,
and 200,000 records had
left the network at CardSystems. – June 2005
• T-Mobile notified 400
customers whose data was
accessed, but left open the
possibility of more victims
as the case progresses. –
February 2005
Fraudulent Applications
• Personal information of
a true person used to
open a new account
• Common to add an
additional fictitious
person to the
cardholder’s account
• Driven in part by the
ease of obtaining instant
credit – vehicles, loans,
department store
accounts
Credit Card Fraud
• Test purchases with small
charges before larger cash
withdrawals
• Obtain large advances
within a very short period
• Randomize banks using the
same credit card
• Exhaust credit limit as
quickly as possible
• Use bank or merchant
insiders to avoid early
detection
Money Laundering
What it is…
• To move illegally acquired cash through financial
systems so that it appears to be legally acquired
• The purpose of such transactions is to hide the
identity of the real owner of or the illegal origin of
assets.
Why do it…
•
•
•
•
•
Avoid prosecution
Increase profits
Avoid seizure of accumulated wealth
Appear legitimate
Tax evasion
How to do it…
•
•
•
•
•
•
•
Structuring – “smurfing”
Bank Complicity
Asset Purchases
Securities’ Broker
Telegraphic Transfer of Funds
Travel Agencies
Gambling in Casinos
It took 45 seconds to launder the money
by a wire transfer, and it took the police
officers 18 months to investigate the case.
Insider Fraud Typologies
• Embezzlement
– Employee performs illegal activities in order to move money out of
customer accounts
– Activity could extend for months or years
– Typical of : New employee, Employee experiencing financial pressure,
Blackmail
• Compromising Personal Information
– Employee transfers, to his associates, sensitive customer information
that can be used later for identity theft or
– account take over
– Usually involves multiple accounts
– The information can be used later to: Enroll into On-Line
– banking, Perform transfers, Order new check book etc
• Bypassing account management controls
– Employee works in collusion with a customer in order to compromise
business controls and defraud the bank
– Usually involves multiple accounts or a merchant
– Typical for application approvals, merchant fraud, bank notes, deposit
certificates, etc
Example Online Banking Fraud

Eastern European network

Used internet forums to purchase account information
(credit records, account records, etc)

Opened mule accounts in each bank where performed
fraud by using false identities

Used account info to overtake accounts through multiple
channels (using call center to get online password, and
moving money through the E-banking products)

Used internet banking transfers to move money from
overtaken accounts to the mule accounts

Relationship with a US based drug-addicts network that
were shipped with the debit cards and took the money from
ATMs
Card Fraud Types
• Stolen Cards
– Focus on deviation from ordinary behavior, and on
comparison to known fraud cases
– Entities: cards, accounts, customers
• Skimming
– Differentiate between fraudulent and normal behavior at
ATM/POS
– Identify unlikely activities and behavior patterns of card
usage
– Proactively prevent mass fraud, by predicting fraudulent
cards based on previously identified skimmed cards
• Bust Out Fraud
– Evaluating the risk of new applications and first card
activity
• “Tourism Fraud”
– Smart card based fraud in exported to countries yet to
deploy smart card systems
Financial Crime Globalization Example
•
•
•
•
•
•
Team of Sri Lankan nationals caught withdrawing
cash from ATMs in Phuket Thailand
4,000 fake cards found, encoded with details of
UK cards
Genuine UK cards were chip & pin encoded, but
Thai ATMs had to rely on magnetic stripe only
Genuine card details are bought and sold on the
Internet for as little as a few dollars
Machine to encode cards can also be bought on
the internet for a few hundred dollars
Multiple groups of criminals performing different
roles in the criminal food chain
Money Laundering – AML / CFT
• “Efforts to use or conceal illicit funds such as
proceeds of drug trafficking and organized crime”
• Many known typologies such as Structuring, Flowthough, Circulation, Grouping of accounts, Dummy
loans, etc
• Countering the Financing of Terrorism (CFT)
– Avoid dealing with banned parties
• Usually Driven by Regulations
– “Know Your Customer” (Customer Due
Diligence, Screening and Risk Profiling)
– Cash transaction reporting can generate many
“false positives”
– Regulations can be “prescriptive” and inflexible,
yet bank may be held responsible if fails to
detect criminal behavior
Tighter AML regulation in the US and
Europe is pushing money laundering
activity into Asia Pacific…
Spending on anti-money laundering solutions in Asia will grow faster than
in Europe or North America as regulators in Asia finally get serious about
AML…
Summary - The Challenge
 Fraud Percentage
 Very high data volumes and small number of fraud cases, result in extremely
low (0.005%) percentage of fraudulent transactions that nevertheless can
result in significant losses
 Fraud Coverage and Complexity
 Fraud takes many forms (Takeover, Financing, Mule, …) and is not limited to a
single channel (Internet, Phone, Mail, …)
 Dynamic Environment
 Criminals constantly seek new methods, which requires the ability to be one
step ahead and dynamically add new parameters and rules.
 Simplistic Rules-Based AML approaches
 Generate many Suspicious Transaction Reports, which may involve innocent
customers while missing sophisticated criminals
 Multiple products, multiple channels
 Only monitoring all transactional activity on the enterprise level can reveal
the fraudulent scenarios
Financial Crime in 2008 and Beyond
• New era of corporate accountability and governance
requirements
• Rapid changes in regulatory and legislative compliance
• Global deployment of new client services exposes organizations
to much great risk
• Organized cross-border white collar Fraud Syndicates
• Linkages between Fraud, Money Laundering and the
Financing of Terrorism