Financial Fraud in Cyberspace

Ruzbeh Tusserkani

Is Financial Crime Like an Epidemic?

Financial Health Criminals cross borders

physically and exchange data to establish new fraud methods

Individuals must protect their physical wallets and bank statements and takes sensible electronic measures

Banks can monitor customers’ risk profiles (KYC) and transactions for suspicious behavior

Public Health Epidemics spread

through global travel and mutations of viruses

Individuals must take their own precautions like hygiene and wearing masks

Governments implement broad measures to disseminate information, monitor risks and act quickly upon detecting outbreaks

Quarantine should be final resort

Cyber Theft

• The new computer-based technology allows criminals to operate more efficiently and effectively.

• These thieves use cyberspace to distribute illegal goods and services or to defraud people for quick profit.

Computer Fraud

• These crimes include theft of information, “salami fraud” (skimming small amounts of money from many accounts) software theft, manipulation of accounts/banking, corporate espionage.

• ATMs (Automatic teller machines) are especially vulnerable.

Internet Securities Fraud

• This crime involves using the Internet to intentionally manipulate the securities marketplace for profit. The three major types of this fraud are:– Market manipulation– Fraudulent offerings of securities– Illegal touting

Identity Theft

• This occurs when someone uses the Internet to steal another’s identity and/or impersonate the victim to open credit card accounts and/or other financial transactions.

• Phishing (carding, spoofing)—some identity thieves create false e-mails or websites designed to gain illegal access to a victim’s personal information.

Identity Theft & Identity Fraud

• Identity theft involves acquiring key pieces of your identifying information without the victim’s knowledge.

• Identity fraud occurs when thieves use the victims’ personal identifying information to order merchandise, obtain credit, or otherwise falsely represent themselves without the victim’s express consent.

Internet Usage And ID Theft

300

400

500

600

700

800

900

2000 2001 2002 2003 2004

Web Users

0

100

200

300

400

500

ID Theft Complaints

How Identities are StolenHigh Tech Methods

• Phishing• Spyware and Key Logging• Skimming• Trojan Horses, Viruses

and Worms• Hacking• Spamming

Low Tech Methods

• Automobile dealers, retailers, restaurants

• Personnel Files• Dumpster Diving• Lost/Stolen Wallets and

Checkbooks• Healthcare Records• Mail Theft

Phishing• High-tech scam using spam or

pop-up messages from known businesses requesting account validation.

• Warnings of dire consequences if the victim fails to respond.

• Directs the victim to a Web site resembling a legitimate site where the operators trick the victim into divulging personal identifier information.

Spyware and Key Logging• Software that collects

personal information from your computer without your knowledge.

• Downloaded to your computer from the websites you visit, or invites itself in unannounced when you agree to download another program.

Skimming

• Occurs anywhere a credit card is accepted• Rarely done at any location for more than 7 days• A collusive employee completes a valid sale, then

captures a second (unauthorized) swipe covertly before returning the card to the cardholder

• Fraudulent transactions frequently occur within 24-48 hours of the compromise

• Cardholders are not aware that they have been victimized until they receive their credit card statements showing the fraudulent charges

Skimming Devices

Hand Held Skimmer/ “Wedge”

Can be made easily accessible inside clothing

Most Common Low Tech Schemes

• Unknown caller posing as a bank employee trying to verify a SSN and mother’s maiden name

• Fraudster requests a victim’s credit report• Dishonest employee with access uses or sells

personal information • Fraudster changes the address on your account to

their address through the financial institution• Thief who steals your information during a burglary

Other Internet Fraud Schemes

• Pet (selling) scams• Secret Shoppers and Funds Transfer Scams• Adoption and Charity Frauds• Romance Fraud

Hacking• Hackers accessed more

than 5 million Visa and MasterCard credit card accounts in the US. – February 2003

• Hackers accessed a U.S. military database containing Social Security numbers and other personal information for 33,000 Air Force officers and enlisted personnel. -August 2005

• Hackers compromised the confidentiality of 40 million credit card holders, and 200,000 records had left the network at Card-Systems. – June 2005

• T-Mobile notified 400 customers whose data was accessed, but left open the possibility of more victims as the case progresses. – February 2005

Fraudulent Applications• Personal information of

a true person used to open a new account

• Common to add an additional fictitious person to the cardholder’s account

• Driven in part by the ease of obtaining instant credit – vehicles, loans, department store accounts

Credit Card Fraud• Test purchases with small

charges before larger cash withdrawals

• Obtain large advances within a very short period

• Randomize banks using the same credit card

• Exhaust credit limit as quickly as possible

• Use bank or merchant insiders to avoid early detection

Money Laundering

What it is…

• To move illegally acquired cash through financial systems so that it appears to be legally acquired

• The purpose of such transactions is to hide the identity of the real owner of or the illegal origin of assets.

Why do it…

• Avoid prosecution• Increase profits• Avoid seizure of accumulated wealth• Appear legitimate• Tax evasion

How to do it…

• Structuring – “smurfing”• Bank Complicity• Asset Purchases• Securities’ Broker• Telegraphic Transfer of Funds• Travel Agencies• Gambling in Casinos

It took 45 seconds to launder the money by a wire transfer, and it took the police

officers 18 months to investigate the case.

Insider Fraud Typologies

• Embezzlement– Employee performs illegal activities in order to move money out of customer

accounts – Activity could extend for months or years– Typical of : New employee, Employee experiencing financial pressure, Blackmail

• Compromising Personal Information– Employee transfers, to his associates, sensitive customer information that can be

used later for identity theft or – account take over– Usually involves multiple accounts– The information can be used later to: Enroll into On-Line – banking, Perform transfers, Order new check book etc

• Bypassing account management controls– Employee works in collusion with a customer in order to compromise business

controls and defraud the bank– Usually involves multiple accounts or a merchant– Typical for application approvals, merchant fraud, bank notes, deposit certificates,

etc

Example Online Banking Fraud Eastern European network

Used internet forums to purchase account information (credit records, account records, etc)

Opened mule accounts in each bank where performed fraud by using false identities

Used account info to overtake accounts through multiple channels (using call center to get online password, and moving money through the E-banking products)

Used internet banking transfers to move money from overtaken accounts to the mule accounts

Relationship with a US based drug-addicts network that were shipped with the debit cards and took the money from ATMs

Card Fraud Types• Stolen Cards

– Focus on deviation from ordinary behavior, and on comparison to known fraud cases

– Entities: cards, accounts, customers• Skimming

– Differentiate between fraudulent and normal behavior at ATM/POS

– Identify unlikely activities and behavior patterns of card usage

– Proactively prevent mass fraud, by predicting fraudulent cards based on previously identified skimmed cards

• Bust Out Fraud – Evaluating the risk of new applications and first card

activity• “Tourism Fraud”

– Smart card based fraud in exported to countries yet to deploy smart card systems

Financial Crime Globalization Example

• Team of Sri Lankan nationals caught withdrawing cash from ATMs in Phuket Thailand

• 4,000 fake cards found, encoded with details of UK cards

• Genuine UK cards were chip & pin encoded, but Thai ATMs had to rely on magnetic stripe only

• Genuine card details are bought and sold on the Internet for as little as a few dollars

• Machine to encode cards can also be bought on the internet for a few hundred dollars

• Multiple groups of criminals performing different roles in the criminal food chain

Money Laundering – AML / CFT

• “Efforts to use or conceal illicit funds such as proceeds of drug trafficking and organized crime”

• Many known typologies such as Structuring, Flow-though, Circulation, Grouping of accounts, Dummy loans, etc

• Countering the Financing of Terrorism (CFT)– Avoid dealing with banned parties

• Usually Driven by Regulations– “Know Your Customer” (Customer Due

Diligence, Screening and Risk Profiling)– Cash transaction reporting can generate many

“false positives”– Regulations can be “prescriptive” and inflexible,

yet bank may be held responsible if fails to detect criminal behavior

Tighter AML regulation in the US and Europe is pushing money laundering

activity into Asia Pacific…

Spending on anti-money laundering solutions in Asia will grow faster than in Europe or North America as regulators in Asia finally get serious about AML…

Fraud Percentage Very high data volumes and small number of fraud cases, result in extremely

low (0.005%) percentage of fraudulent transactions that nevertheless can result in significant losses

Fraud Coverage and Complexity Fraud takes many forms (Takeover, Financing, Mule, …) and is not limited to a

single channel (Internet, Phone, Mail, …)

Dynamic Environment Criminals constantly seek new methods, which requires the ability to be one

step ahead and dynamically add new parameters and rules. Simplistic Rules-Based AML approaches

Generate many Suspicious Transaction Reports, which may involve innocent customers while missing sophisticated criminals

Multiple products, multiple channels Only monitoring all transactional activity on the enterprise level can reveal the

fraudulent scenarios

Summary - The Challenge

Financial Crime in 2008 and Beyond

• New era of corporate accountability and governance requirements

• Rapid changes in regulatory and legislative compliance • Global deployment of new client services exposes organizations

to much great risk• Organized cross-border white collar Fraud Syndicates• Linkages between Fraud, Money Laundering and the

Financing of Terrorism