Restaurant owners charged in check-kiting scheme
A father and son that own the Chicago based burger chain, Boston Blackie’s, are charged with ripping off nearly $2 million from two banks in a check kiting scam.
Making It Simple For Investigators To Stop On-Us Fraud
In a previous post, Training + Technology = Success, I noted the following:
“Far too many fraud departments are forced to create a labyrinth of procedures to compensate for inadequate technology. The amount of time and effort spent to compensate for “bad” technology is largely a hidden cost, but certainly is a cost nonetheless.”
I have often heard bank fraud investigators tell me that they preferred to conduct an investigation using a particular system(s) or approach. From my experience, the more systems that an investigator has to access to decision an item, the higher the probability will be that the investigator will develop their own, “preferred” approach to the investigation process.
However, take note, if your bank has a fully documented investigations process, as soon as an investigator deviates from that agreed upon approach it becomes exceptionally difficult to convince anyone that any resulting losses were unavoidable. When a loss results, no one, especially senior management wants to hear that an investigator had developed their own investigation process based on “personal preference”.
Let’s take On-Us Fraud for example, the process is fairly straightforward. In addition to the image, account history etc, there should also be a risk adjusted score for each item that provides quantitative data for the investigator to consider during their review. Such scoring can include numerous elements including whether the account has experienced fraud in the past, where payments are normally sent etc. Certainly, investigators “gut” can play a role in the decision, but a minor role that does not take over and become the process over time. Investigators need not create their own, preferred approach to acquire data to make a decision if the right data is presented to them in one view or system.
Let’s make it simple for the investigator to stop fraud! Asking them to access multiple systems and piece the data together to decision an item is a recipe for disaster. In order to investigate an item, an investigator must follow a process. Technology should help facilitate the process but technology should not dictate the process. There is a right way and a wrong way to investigate a fraud suspect. Technology may help improve the process. Over time it may even replace certain elements of the process. However, technology should support and enhance the investigation process. “Bad technology” results in the tail wagging the dog!
Are your bank’s fraud investigators held hostage by “bad” technology? Are they spending too much time jumping from system to system to gather data to review suspect items?
Interested in On-Us Fraud? Sign up today for Memento’s webinar on March 25th!
Polymorphism and the case for transaction monitoring
Poly what?! While doing research for a presentation on cyber-threats in relation to ACH fraud (I highly recommend fraud professionals to bone up on this topic since the nexus between fraud and on-line security is becoming so strong – watch for a post with reading suggestions) I came across the concept of polymorphism, and it scared me. Here’s why…
Polymorphism as defined by Merriam-Webster is:
“the quality or state of existing in or assuming different forms: as a (1) : existence of a species in several forms independent of the variations of sex (2) : existence of a gene in several allelic forms; also : a variation in a specific DNA sequence (3) : existence of a molecule (as an enzyme) in several forms in a single species b : the property of crystallizing in two or more forms with distinct structure.” Merriam-Webster Online Dictionary
As you can see, it is a well known term for biologists, chemists and other scientists, but it’s the meaning related to cyber fraud that is scary. It is applied to malware, most notably trojans, and in particular for our purposes; banking trojans (see we even get our own classification). A polymorphic trojan is one that changes its “signature” every time it is generated. Why is this important? Because anti-malware software works by identifying a trojan, determining its signature, putting a detection routine in the anti-malware software, and getting all clients to update their copies.
See the problem?
Malware detection companies have always had to play a game of catch-up. Detecting malware first requires that you find it. Who knows how long it has been doing damage before you do. Then you have to do the other things I mentioned above, all of which take time, while the malware is continuing to wreak havoc. In the past malware has been static. Once it’s out there its signature stays the same. But with polymorphic trojans the rate of incidence of new trojans increases significantly.
The Zeus banking trojan is an example. Last December I went to a presentation by Laura Mather Ph.D., a well known personality in information security circles. It was called “Dissecting Zeus the #1 Banking Trojan”, and at that time she reported as I recall that there were at least 310 variations of the Zeus trojan. I shudder to think how many exist today. She also said that only 37% of anti-malware software detected the version her company was infected with (yes, her company), and they are security professionals! I didn’t understand it at the time, but this is because of polymorphism.
So what’s the moral of this sad tale?
Do all that you can to bar the front gate, but be sure to be watching what is going out the back door.
What I discovered, or rediscovered, is that on-line security is a sophisticated and ever escalating war. It is critical that you keep up to date, because every round ups the ante, and if you don’t do everything you can, you will be more vulnerable and overwhelmed. Once a bank decides to get into the on-line banking game, and we pretty much all have, there’s no going back or getting off the on-line security train. Watching what goes out the back door, of course, refers to looking at the transactions that your “customers” are generating, such as ACH file origination and wires. Do they make sense, or do they deserve some attention from your fraud team?
Let The Chips Fall Where They May
I recently returned from the BAI Combating Payments Fraud Conference, held earlier this week in Florida. As usual, the highlight for me was the opportunity to talk to many industry professionals - bankers, vendors and consultants – about the latest trends in bank fraud and fraud prevention.
At the Bank Fraud Forum and Memento booths, we invited visitors to take part in an informal survey that we called “Which Fraud Threat Costs You the Most?”. The purpose of the survey was to gauge where banks are investing their fraud prevention resources. Each visitor was given 10 poker chips, and told to place them in any of 6 glass jars labeled by the following fraud areas – ACH, check, debit/credit, employee, online and wire. Their task was to allocate the chips according to the fraud area that costs their institution the most in terms of resources (people, technology, time, etc.).
More than 75 bankers and fraud professionals participated in the survey, and the results are shown in the photo below.
To be honest, these results were striking, but not all that surprising. Check fraud is characterized by never-ending attempts and significant losses. High false positive rates mean check fraud alerts require armies of analysts at the big banks, or take up way too much of the fraud team’s day at smaller institutions. And so check fraud continues to dominate the bank fraud landscape from a resource investment, operational expense and opportunity cost perspective.
While the outcome is admittedly unscientific, the survey results do seem to validate what we’ve been hearing from banks and credit unions for a long time now… the industry needs better approaches for solving this longstanding problem.
How would you allocate your chips? Do the results from BAI surprise you? Please share your thoughts.
If you are interested in On-Us Fraud, sign up today for Memento’s webinar on March 25th!
ACH - Rolling The Dice Or Investing In Prevention?
Most banks and fraud experts agree that Automated Clearing House fraud (ACH fraud) results in large part due to the customer’s failure to protect their data and then appropriately monitor and reconcile their account activity. Certainly, the customer can, and should do more to protect themselves against ACH fraud. Many of the steps needed to reduce a company’s exposure to ACH fraud are not all that complex. For example, ensuring that employee passwords are changed frequently, as well as reconciling accounts (ideally on a daily basis) can go a long way to reducing ACH fraud risk.
My Thoughts After Reading Insidious
Bank Fraud Forum would like to welcome guest blogger Tom Chmielewski, VP Product Management at Lexis Nexis. Tom shares Bank Fraud Forum’s belief that open discussion and collaboration ultimately lead to improved fraud detection. He recently finished reading Insidious and had these comments.
Using Kiting Systems To Improve Customer Relationships
I previously wrote an article on check kiting and promised a follow-up entitled, “How banks can use their kiting system to improve customer relationships”. Well, here goes.
Under Attack: Threats to Deposit Accounts
All fraud fighters attending the upcoming BAI conference have the opportunity to attend a great preconference session which will cover major threats to deposit accounts daily. A number of industry experts have committed to cover a wealth of information, and all BAI attendees are eligible to attend!
Check Kiting
The ABA in part defines check kiting as “the process of floating worthless checks between accounts established in two or more banks.” I personally like the FBI’s definition:
Mining Fraud News
I’d like to share a resource that I find valuable in my day to day work, and I hope you will, too. The resource is the Fraud News section of Bank Fraud Forum. I suspect that some of you are familiar with this section of the site, but not everyone. And even if you are familiar with it, there might be additional uses of the information that can give you more value. Here are some of the ways that I and others in the industry use fraud news.
Subscribe via Email
Most Popular
Most Recent
