Uncovering Collusion When Fraudsters Unite
5 comment(s)
Buried deep within the sea of normal transactions a group of seemingly unrelated accounts are about to "bust out". As individual accounts, they appear normal, but taken together; there is something very wrong"
Consider the following case involving an "army of 700 fraudsters.
Let's consider the facts of the case, starting with how the money left the bank. In the case of Nadezda Nikitina, she requested 5 cash advances totaling $24,500. When the bank received a check payment for $25,000 that bounced, they increased the credit limit, presumably to accommodate additional charges and cash advances.
- Could the breaching of the credit limit so soon after opening be a red flag? May be
- Is it unusual for a new card holder to request 5 cash advances just $500 short of their limit? May be, may not
- Is it unusual for 700 new card holders to request cash advances? Now we are getting warmer
And there lies the problem; the connection between the 700 accounts needs to be made in order to understand the bust out.
In general, catching this fraud manually could be very difficult. However, if the fraudsters are all from the former Soviet Union, and open accounts in the same geographical area, bank employees may alert on the fact that individuals with the same background appear to be opening accounts and claiming the same or similar level of income.
As an aside, it is interesting to note that organized crime has policies and procedures just as banks do. It would not be unusual for the fraudsters to be provided with specific instructions on how to complete the fraud. For example, they may be told to provide a salary of $180,000. Is it potentially a red flag if a batch of new card holders claims the same salary, I think so.
Also, the fraudster's command of the English language may be limited, and therefore, their ability to earn $180,000 in the US may be something that bank employees should "trust, but verify". Since we now know that the card holders had entered the country within the last year, but claimed to have been employed for the last 5 years, it might have been prudent to request additional supporting documentation to support their claim of 5 years of earning history.
Catching the fraud using technology is just as challenging for the reasons noted above – during the first phase, accounts associated with bust out activity appear normal. Unfortunately, most banks are ill-equipped to identify accounts associated with a bust out. Typically, bank fraud detection engines focus on individual accounts, and then leave the investigator to piece together similarities in an ad-hoc manner.
I would submit that bust out activity should be much better understood by banks. The airline industry for example has been exposed to travel agency bust out activity for years (travel agency suddenly issues a large batch of tickets, yet fails to pay the airline). In response to considerable losses, the airlines implemented a number of "bust out" detection tools with great success. Why have banks not followed the airline industries lead? I suspect that banks don't really know how much bust out activity they are actually experiencing. Just like the problem I detailed regarding the classification of internal versus external fraud, I suspect that banks misclassify bust out fraud as "run of the mill†fraud.
Bust outs can bubble up, just like lava in a volcano, breach the surface and cause a considerable mess. Has your bank had any success combating bust outs?