Frank Abagnale Jr. successfully performed cons worth millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor, and a Louisiana parish prosecutor. He did all that in the 60s and his primary crime was check fraud, as documented in the biographical movie, Catch Me If You Can. Imagine what Frank could do in today’s banking environments with all its complex cross-channels.

Today, fraudster’s schemes evolve faster than Frank Abagnales ever did. This consistent evolution of fraud schemes demands that financial institutions audit their fraud detection solutions and scenarios on a fairly regular basis.

Performing a solution audit would determine the level of effectiveness of your institution's fraud coverage. It would identify additional areas of coverage that could be achieved by fully exploiting the existing data, as well as adding new data sources to improve current detection. It would also help prioritize recommendations and ...

Most people who have been on the good side of the Financial Crimes business know – it is easy to become cynical and suspicious of almost everyone. I guess when you are looking for criminal activity all day, you are supposed to have a 'glass half empty’ approach. To my surprise, I have found that many fraud personnel I’ve met are very optimistic…about catching fraud, that is. And, after meeting with several of them last month, I am even more aware of what a collaborative effort fighting fraud needs to be.

At the beginning of the month, Memento had our inaugural Canadian User Group meeting. Almost 30 users from our Canadian customers came together at the Toronto Board of Trade to network with their peers, discuss recent fraud events and ...

Notes from Memento's Michael Wlodyka, Fraud Consultant, and Matt Doremus, Sr. Solutions Architect

 
Michael Wlodyka, Memento Fraud Consultant, on Reputational Risk

On day 2 of the BAI Payments Connect 2012 conference, I had the opportunity to attend a very interesting presentation by John Carlson, EVP for fraud prevention and cyber security at BITS, entitled ‘Hardening’ Payment Systems for the Next Generation. In his talk, John highlighted the fact that trust and reputation are two of the most valuable assets that financial institutions have in retaining existing customers and acquiring new clients.

Whether deserved or not, the persistent threats of account takeover, identity theft, check, card, ACH, wire, and mortgage fraud, along with continued insider and elder abuse can lead to a perception of insecurity. In order to effectively combat the increased risk of new channels, players, and products, there is a need for cooperation between and amongst financial institutions and their providers ...

Every year, Memento attends the BAI Payments conference to learn the latest trends in payments and fraud as well as connect with attendees, many of whom are our customers and partners. This year’s conference focused on three key areas: emerging payments, payments fraud, and check processing. Being part of the team that designs and develops the fraud detection and management software for Memento, I was very interested in learning more about the new and emerging payment channels, where FIs stand with their FFIEC/layered security strategy, and, of course, where FIs see the biggest need for innovation.

Day 1 Highlights

Payment innovation and mobile banking were central conference themes. The mobile phone is trending as a preferred channel (“top of wallet”) for small dollar payments. Banks are racing to figure out how this changes their business model and product offerings.

Some view peer-to-peer (P2P) payments as a promising new revenue stream. As a quick definition, a P2P payment uses an email address or mobile number to identify the payment beneficiary. (Examples: send a gift, settle the dinner tab, payback for a shared household expense.) Everyone agrees that P2P is emerging and malleable with flexible audiences and flexible delivery options. The offerings will most certainly also enable P2G (person to group, e.g. pay soccer team), P2B (person to business, pay small service provider), B2P etc.

Benefits for consumers:
- Convenience, convenience, convenience. Payments can be initiated anytime, anywhere.
- Timing of payments may be more immediate.

Opportunities for Financial Institutions:
- Strengthen relationship with customers and ...

I was reading an article about the Ramnit worm a few weeks back and a few things struck me about it. First of all, this worm is “old” technology – at least in the cyber war sense – that is evolving. It reminds me of a blog I wrote a while ago on polymorphism and the Zeus Trojan. At that time, I thought a common misconception was that once you find malware and take action against it you’re safe. It wasn’t so then and it isn’t so now.

Interestingly in this case, Trusteer, a provider of cybercrime prevention solutions, was the first to discover Ramnit’s merger with Zeus in August 2011. That tidbit combined with another point in the article about how Ramnit is being used to attack Facebook credentials is bad news. The article provided this quote to point out the danger: “Dave Jevans of the Anti-Phishing Working Group says stealing credentials from social-networking sites is big business. “We have seen...

In a recent Bank Info Security article, Account Takeover: Better or Worse?, Tracy Kitten interviews Doug Johnson, Vice President of Risk Management Policy for the American Bankers Association to get his expert opinion on the state of account takeovers and identity theft.

ACH fraud may be defined as many different fraud types including account takeover and payments fraud. Because there are no statistics on the total ACH losses for 2011, there may be the illusion that losses are down. In my opinion, the trend may seem that ACH fraud is decreasing due to tighter controls, but when I speak with industry colleagues, I tend to hear the opposite.

At year’s end, I like to take a step back and assess the main fraud trends I’ve seen and heard when speaking with our customers. Not only have we seen a lot of movement in the ACH area due to the FFIEC Supplement released this year, but there also have been some major events in the news this year that have driven action in fraud prevention measures overall. There are a few trends, in particular, that stand out to me more than others.

1. Internal Fraud is Here to Stay: The interest in Internal Fraud continues to be high, and without a proactive monitoring system in place, banks are at higher risk of being exposed to theft from their own employees. Some of the more common fraud strategies in Internal Fraud include ...

Depending on which news report you read, sales on “Black Friday” and “Cyber Monday” were considerably higher than last year. What does that mean for the bank fraud investigator? More transactions to wade through! Right about now, bank fraud departments around the United States are working overtime combing through billions of transactions. Unfortunately, when volume increases, so too does the volume of fraud attempts.

When transaction volumes spike, any weaknesses in a bank’s fraud detection landscape are often magnified. That’s what the fraudster wants. The more stress the bank’s fraud department is under, the more likely it will be that fraud transactions will slip through.

You can’t do that much to control the volume, but you can capture the lessons learned when you and your team are pushed to the breaking point. Consider the following questions ...

Earlier this week, Bank Info Security released an article on the Computershare civil suit against a former employee for stealing company information and shareholder data. The piece discusses the potential impact such a suit might have on the financial services industry, and I was able to contribute my two cents about the matter.

My opinion is, that in the case of data breaches and insider fraud, legal action against employees is historically rare. Most of the time these incidents are handled as internal matters; the exceptions have only been the worst or largest breaches and fraud schemes.

But, we do see a shift in how firms are approaching internal fraud. A handful of high profile internal data breaches and fraud cases (e.g., SocGen, UBS, Madoff ...

With the new year here, I figured it was a good time to step back and take stock of our progress – as an industry – in the ongoing battle against fraud. A frank assessment: we could be doing a lot better.

Sure, there are always improvements that can be made to the organizations, processes and technologies that must come together to solve a complex issue like fraud management. But I think the more important barriers our industry faces are more fundamental and structural in nature. Specifically, I see the following:

The Boiling Frog
Our industry’s slow reaction to the growing, morphing fraud problem makes me think of the boiling frog phenomenon. If you haven’t heard of it ...