Most people who have been on the good side of the Financial Crimes business know – it is easy to become cynical and suspicious of almost everyone. I guess when you are looking for criminal activity all day, you are supposed to have a 'glass half empty’ approach. To my surprise, I have found that many fraud personnel I’ve met are very optimistic…about catching fraud, that is. And, after meeting with several of them last month, I am even more aware of what a collaborative effort fighting fraud needs to be.

At the beginning of the month, Memento had our inaugural Canadian User Group meeting. Almost 30 users from our Canadian customers came together at the Toronto Board of Trade to network with their peers, discuss recent fraud events and ...

At year’s end, I like to take a step back and assess the main fraud trends I’ve seen and heard when speaking with our customers. Not only have we seen a lot of movement in the ACH area due to the FFIEC Supplement released this year, but there also have been some major events in the news this year that have driven action in fraud prevention measures overall. There are a few trends, in particular, that stand out to me more than others.

1. Internal Fraud is Here to Stay: The interest in Internal Fraud continues to be high, and without a proactive monitoring system in place, banks are at higher risk of being exposed to theft from their own employees. Some of the more common fraud strategies in Internal Fraud include ...

Earlier this week, Bank Info Security released an article on the Computershare civil suit against a former employee for stealing company information and shareholder data. The piece discusses the potential impact such a suit might have on the financial services industry, and I was able to contribute my two cents about the matter.

My opinion is, that in the case of data breaches and insider fraud, legal action against employees is historically rare. Most of the time these incidents are handled as internal matters; the exceptions have only been the worst or largest breaches and fraud schemes.

But, we do see a shift in how firms are approaching internal fraud. A handful of high profile internal data breaches and fraud cases (e.g., SocGen, UBS, Madoff ...

With the new year here, I figured it was a good time to step back and take stock of our progress – as an industry – in the ongoing battle against fraud. A frank assessment: we could be doing a lot better.

Sure, there are always improvements that can be made to the organizations, processes and technologies that must come together to solve a complex issue like fraud management. But I think the more important barriers our industry faces are more fundamental and structural in nature. Specifically, I see the following:

The Boiling Frog
Our industry’s slow reaction to the growing, morphing fraud problem makes me think of the boiling frog phenomenon. If you haven’t heard of it ...

In the July 1 column of “The Ethicist” in The New York Times, I came across this concern posed by an unnamed CFO of a financial services company:

“… I found our bookkeeper using the corporate charge card for her personal use. The misappropriation was approximately $47,000 over a six-month period. She forged a partner’s signature to acquire a card in her name. We fired her, and she paid back the funds in exchange for our not pressing charges. But I cannot get closure if she is not punished for this egregious betrayal. I recommended that we call her husband, as I think family humiliation would be punishment enough. Would this be ethical?”

What I find interesting here is that the question posed by the CFO was not about whether or not the agreement was ethical, but whether or not revenge was ethical. And it seems like the columnist was on the same page. In response to this query, the columnist first reminded the CFO that the financial services company had agreed to sweep the issue under the rug as long as the perpetrator repaid the money, and the CFO’s revenge-seeking was not only against the ‘agreement’ but also inappropriate. Then the columnist writes, “I have to wonder, meanwhile, about a financial-services company that allows someone to steal and then to just stroll off to the next company to do it again.”

Now, this point raises some serious questions. Did the financial institution ...

When most people think of data breaches, they think of the big headline grabbers like Hannaford, Heartland, and TJ Maxx (now disappearing into the distant past, but dredged up every time a big one like Heartland occurs). There are many more, but you get the point. The naïve view of breaches is that they are accidental most of the time, but that notion should have been dispelled by the overwhelming evidence that breaches are often times the result of a premeditated attack. We have seen that these data breaches do result in fraud, sometimes quickly and sometimes as much as two or more years later.

Why can the fraudsters wait so long? Because there is a ready supply of personal data to be had in the fraud underground, a veritable secondary economy with producers, brokers, and buyers.

This ready supply is fueled not just by the “biggies”, but also by a host of largely unreported breaches of various sizes. More often than we care to imagine, these breaches are ... 

I recently read an interesting article on AmericanBanker.com entitled, Defending Your Brand 2.0: Rapping w/readers, 140 characters at a time, by Sara Lepro. In her article, Sara demonstrates the need for financial institutions to insert themselves into social media conversations in order to have more control over the ‘chatter’ and ultimately to protect and defend their brand.

Historically, banks have been concerned about negative customer experiences and the impact of customer churn, especially when it comes to customers becoming victims of fraud. With the evolution of Facebook, Twitter and other social media forums, negative feedback is not only accelerated but many times exaggerated, thereby making it more of a challenge for banks to protect their brand.

Recruiting bank employees to participate in an identity theft scheme can be well worth the effort. Eleven banks in Minnesota, Arizona, and Texas, as well as 5,000 victims, learned just how damaging “flipping” bank employees can be. Over the course of five years, the ring defrauded the victims and generated more than $10 million in “revenue”.

Most banks and credit unions have policies in place that prohibit employees from accessing or performing transactions on accounts owned by themselves or family members. While such behaviors, often called “self dealing”, can be relatively minor infractions that highlight the need for re-training or better policy enforcement, they can also be part of large scale fraud schemes, as in the case at this West Virginia credit union.