Most people who have been on the good side of the Financial Crimes business know – it is easy to become cynical and suspicious of almost everyone. I guess when you are looking for criminal activity all day, you are supposed to have a 'glass half empty’ approach. To my surprise, I have found that many fraud personnel I’ve met are very optimistic…about catching fraud, that is. And, after meeting with several of them last month, I am even more aware of what a collaborative effort fighting fraud needs to be.

At the beginning of the month, Memento had our inaugural Canadian User Group meeting. Almost 30 users from our Canadian customers came together at the Toronto Board of Trade to network with their peers, discuss recent fraud events and ...

I was reading an article about the Ramnit worm a few weeks back and a few things struck me about it. First of all, this worm is “old” technology – at least in the cyber war sense – that is evolving. It reminds me of a blog I wrote a while ago on polymorphism and the Zeus Trojan. At that time, I thought a common misconception was that once you find malware and take action against it you’re safe. It wasn’t so then and it isn’t so now.

Interestingly in this case, Trusteer, a provider of cybercrime prevention solutions, was the first to discover Ramnit’s merger with Zeus in August 2011. That tidbit combined with another point in the article about how Ramnit is being used to attack Facebook credentials is bad news. The article provided this quote to point out the danger: “Dave Jevans of the Anti-Phishing Working Group says stealing credentials from social-networking sites is big business. “We have seen...

Committing bank fraud is easy when you have help on the inside. That’s what the prosecutors in the UK think happened in a $2m fraud scheme involving high net worth accounts. Between July and September 2008, a gang lead by Neil Wynne targeted Barclays Bank branches throughout the middle of England. Prosecutors believe that the gang had help from a bank employee as they had an uncanny knack for picking the best accounts to target. They also had no problem overcoming the bank’s security procedures. They just can’t prove that an employee was involved – at least not yet.

Here’s the scheme… With a fake passport in hand, one member of the gang pretended to be the owner of an existing, well-funded, Barclay’s Bank account. A second member of the gang posed as the accountholder’s partner.

Once the new account was opened, the gang proceeded to ...

At year’s end, I like to take a step back and assess the main fraud trends I’ve seen and heard when speaking with our customers. Not only have we seen a lot of movement in the ACH area due to the FFIEC Supplement released this year, but there also have been some major events in the news this year that have driven action in fraud prevention measures overall. There are a few trends, in particular, that stand out to me more than others.

1. Internal Fraud is Here to Stay: The interest in Internal Fraud continues to be high, and without a proactive monitoring system in place, banks are at higher risk of being exposed to theft from their own employees. Some of the more common fraud strategies in Internal Fraud include ...

I recently attended part of the Orbograph user group meeting where I participated in a panel discussing the value in combining forces in the fight against fraud. The panel was moderated by Jodi Pratt, well known in fraud-fighting circles. Speaking with me on the panel was Carl Bortol of Data Support Systems. Both Carl and I represent companies that have partnerships with Orbograph. On the panel, we discussed two levels of working together, integration and collaboration.

Integration
This level focuses on integrating the fraud detection system into the rest of the bank’s systems in an operational sense. This includes core systems like DDA and CIS, and transaction processing systems like Exceptions...

With the new year here, I figured it was a good time to step back and take stock of our progress – as an industry – in the ongoing battle against fraud. A frank assessment: we could be doing a lot better.

Sure, there are always improvements that can be made to the organizations, processes and technologies that must come together to solve a complex issue like fraud management. But I think the more important barriers our industry faces are more fundamental and structural in nature. Specifically, I see the following:

The Boiling Frog
Our industry’s slow reaction to the growing, morphing fraud problem makes me think of the boiling frog phenomenon. If you haven’t heard of it ...

The FFIEC recently supplemented its 2005 Guidance in response to what it calls an “increasingly hostile online environment”. Regardless of the size of institution, if it provides banking products online, it is a target. On almost a weekly basis, we hear of a new online fraud case that caught one or more banks unprepared. The Guidance is timely, but it stops short of providing a “step-by-step” approach. Here’s what I believe financial institutions can do in light of the Guidance:

1) Revisit the risk assessment
Not surprisingly, risk assessments are hated by most bankers and viewed as a useless exercise. I have personally spent countless hours locked in a conference room attempting to document all the types of fraud that might happen. Unfortunately, risk assessments are a necessary part of fraud prevention. Moreover the supplement to the 2005 Guidance stresses the importance of keeping the risk assessment current. Here is a suggestion ... 

In most college towns, this is the time of year when swarms of U-Hauls and overstuffed cars bear down onto college campuses. Students will settle into their dorms and likely kick off their social lives before their classes even begin. The funds that they have for day-to-day expenses will begin to run low, and students will look for ways to supplement their income. This is prime opportunity for fraudsters to seek out and prey upon students.

Given that, we can deduce why college campuses are a ‘hang out’ for fraudsters - because students are easy targets. The sheer volume of students makes it easy to recruit vulnerable, needy, and/or naive students. I find it interesting that the scams have not changed much since I was in college. Scams relating to fraudulent grant letters, credit cards applications, work from home, check cashing and the ever so popular ATM card scams are still thriving. It is still common for fraudsters to not only pay students to pass bad checks through their accounts for nominal compensation, but also to ...

It seems like yesterday when I first saw an ATM and had to be taught how to use it. When my bank sent the piece of plastic to me called a debit card, I was ever so hesitant to use it. And forget about online banking; my fraud investigations experience would in no way enable me to use my computer to perform my banking transactions. For baby boomers like me, we have seen a dramatic shift in the way we perform our banking, especially with online and mobile banking. It appears that the face of banking is an ever changing frontier. From a consumer’s viewpoint, all of these changes make things easier. But as a fraud professional, I am very nervous about the implications.

With this evolution in the way we do banking comes new threats. Modern trojans and viruses that may infect not only our computers but our mobile devices are alive and thriving. Just as I graduated from my old flip phone to my new high tech smartphone, I heard about a variant of the ZeuS Trojan that runs on the Android phones. According to researchers ...

In a recent Bank Fraud Forum blog post, Discussing Multi-Factor Authentication, Shirley Inscoe stated that cross-channel fraud detection enables the analysts "...to see the complete picture with regards to a customer or account, and detect suspicious events that would otherwise result in losses...” Having been an investigator as well as a manager of a cross-functional fraud team for over 2 decades, I could not agree more.

However, it must be said that even if you provide a holistic picture of fraud to the analysts, it does not do them - or your customers - any good if they are not skilled in investigating and properly mitigating cross-channel fraud alerts. For those who have worked fraud over multiple channels, there are varying rules and regulations that may entail some compliance issues, including Reg E, Reg CC, UCC Articles 3 and 4, Reg J, Check 21, Clearinghouse Rules ...